Method and program for generating application rules for information processing systems and update programs.
The information processing system addresses the challenge of applying update programs by using an acquisition and creation unit to generate application rules, ensuring precise and efficient update application based on the start date of a specific day of the week.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- FUJITSU LTD
- Filing Date
- 2024-12-16
- Publication Date
- 2026-06-26
AI Technical Summary
Existing systems face challenges in accurately and efficiently applying update programs to information processing terminals due to varying start dates of updates based on specific days of the week, which complicates the creation of policy information for update application.
An information processing system that includes an acquisition unit to gather information about the application start week, start day, and duration for update programs, and a creation unit to generate application rules based on this information, ensuring precise and timely application of updates.
The system enables accurate and efficient application of update programs to information processing terminals based on the start date of a specific day of the week, overcoming the challenges of varying start dates across months.
Smart Images

Figure 2026105688000001_ABST
Abstract
Description
Technical Field
[0001] The present invention relates to a method for generating application rules and a generation program for an information processing system and an update program.
Background Art
[0002] When applying a newly provided update program, such as a patch file of an OS (Operating System), to an information processing terminal, a technique for setting an application period since the start of the provision is known (Patent Document 1). Further, a technique is known in which a patch management server creates an application schedule for an update program by collecting information on devices to be patched (Patent Document 2).
Prior Art Documents
Patent Documents
[0003]
Patent Document 1
Patent Document 2
Summary of the Invention
Problems to be Solved by the Invention
[0004] There may be a case where it is operated so that a new update program is started to be provided on the Nth (N is selected from natural numbers 1 to 4) specific day of the week (for example, the second Tuesday of each month) counted from the beginning of each month. In this case, the start date of the provision changes depending on the month, and the day of the week at the beginning of the month also changes depending on the month. Therefore, it is difficult to create policy information (policy file), that is, update application rules, for applying the update program to a specific information processing terminal according to the start date of the provision.
[0005] In an operation where the application period of an update program is set manually according to the start date of the monthly update program, it is difficult to accurately and efficiently apply the update program to a specific information processing terminal.
[0006] In one aspect, an object of the present invention is to accurately and efficiently apply an update program to a specific information processing terminal according to the start date of the Nth specific day of the week counted from the beginning of the month.
Means for Solving the Problems
[0007] This information processing system includes an acquisition unit that acquires first information about the application start week in the month when an update program for updating software incorporated in an information processing terminal is applied to the information processing terminal, second information about the start day of the week to be applied, and third information about the number of days for which the update program can be applied, and a creation unit that creates an application rule for determining whether to apply the update program to the information processing terminal based on the first information, the second information, and the third information acquired through the acquisition unit.
Effects of the Invention
[0008] According to the present invention, an update program can be accurately and efficiently applied to a specific information processing terminal according to the start date of the Nth specific day of the week counted from the beginning of the month.
Brief Description of the Drawings
[0009] [Figure 1] It is a diagram for explaining the new patch publication date. [Figure 2] It is a diagram for explaining the schematic configuration of an information processing system as an example of an embodiment. [Figure 3] It is a diagram illustrating the hardware (HW) configuration of the management server shown in FIG. 2. [Figure 4] It is a diagram illustrating the HW configuration of the information processing terminal shown in FIG. 2. [Figure 5] It is a diagram for explaining the processing of an information processing system as an example of an embodiment. [Figure 6] This figure shows an example of a policy settings screen. [Figure 7] This figure shows an example of the schedule setting section in the policy settings screen. [Figure 8] This figure shows an example of a policy database and a terminal management database. [Figure 9] This figure shows an example of a policy file. [Figure 10] This is a flowchart illustrating the overview of processing in an information processing system as an example of an embodiment. [Figure 11] This is a flowchart illustrating the policy setting process in a management server as an example of an embodiment. [Figure 12] This is a flowchart illustrating the processing details of patch application in an information processing terminal as an example of an embodiment. [Figure 13] Figure 12 is a flowchart illustrating the process of the subsequent patch application procedure. [Figure 14] This figure shows an update schedule set as an example of an embodiment. [Modes for carrying out the invention]
[0010] The following describes embodiments of this information processing system, the method for generating application rules for update programs, and the generation program with reference to the drawings. However, the embodiments shown below are merely examples, and there is no intention to exclude various modifications or applications of technologies not explicitly shown in the embodiments. In other words, these embodiments can be implemented with various modifications without departing from their spirit. Furthermore, each figure is not intended to represent only the components shown in the figure, but may include other functions, etc.
[0011] (A) Overview of new patch release dates FIG. 1 is a diagram for explaining the new patch release date. A "patch" is an example of an update program for updating software incorporated in an information processing terminal. The update program may be a file including code for correcting or updating software bugs or vulnerabilities, or may be a file for update including addition of functions and overall improvement. The update program may be an update program for an OS. In one example, the update program may be an update program for Windows (registered trademark) of Microsoft (registered trademark), and may be provided on the Windows Update website.
[0012] An operation may be performed in which the provision of the update program is started on the Nth (N may be selected from natural numbers of 1 or more and 4 or less) specific day of the week counted from the beginning of each month. In this example, the case where the provision of the update program is started on the second Tuesday of each month is shown. In the case of Windows Update, as of November 2024, the provision of new update programs is started on the second Tuesday of each month. The start of the provision of the update program may be referred to as "new patch release", and the start date of the provision may be referred to as "new patch release date".
[0013] In FIG. 1, since the second Tuesday of August 2024 is August 13, August 13 is the new patch release date. As indicated by reference numeral T1, it is difficult to create policy information (policy file), that is, update application rules, for applying the update program to a specific information processing terminal corresponding to the new patch release date.
[0014] (1) Since the date (d p ) of the second Tuesday differs from month to month, the new patch release date differs from month to month. Therefore, it is difficult to generate policy information, that is, update application rules, for the update program corresponding to the patch release date in all months by specifying the date (specifying from d1 day to d2 day: d1 < d2, d1 and d2 are natural numbers indicating dates).
[0015] (2) Because the first day of each month differs from month to month, it is difficult to form policy information about updates by specifying a date from the first day of the first week of the month (e.g., Tuesday) to the second day of the first week of the month (e.g., Friday). For example, in the case of August 2024 shown in Figure 1, the second Tuesday is August 13th and the second Friday is August 9th. Therefore, the latter may be earlier than the former. In this case, it may be determined that the update application period is from August 13th to the second Friday of the following month, September 13th.
[0016] (3) Furthermore, when policy information for updates is formed by specifying a period from the XXth day of the second week of the week to the △th day of the third week of the week, the application period may span across months in some cases. Therefore, it is necessary to consider cases that span across months.
[0017] In this information processing system of this embodiment, update application rules are set taking these problems into consideration.
[0018] (B) Configuration Figure 2 is a diagram illustrating the schematic configuration of an information processing system 1 as an example of an embodiment. The information processing system 1 includes a management server 10 and information processing terminals 20-1 to 20-4 (sometimes collectively referred to as information processing terminals 20). The information processing terminals 20 may be client computers (CTs). The information processing terminals 20 have software such as an OS installed, and update programs are applied to update the software. The management server 10 and the information processing terminals 20 are connected via a communication network 2 so as to be able to communicate.
[0019] The management server 10 is a computer that creates policy information, which is the rule for applying updates to the information processing terminal 20. The management server 10 may be connected to an administrator terminal 11 for communication. Information is entered into the management server 10 by an administrator operating the administrator terminal 11. However, the administrator terminal 11 may be omitted. In this case, information may be entered into the management server 10 by an administrator operating the management server 10.
[0020] The information processing terminals 20 are broadly divided into a verification terminal group 21 (20-1 to 20-2) and a production terminal group 22 (20-3 to 20-4). Production terminal group 22 is an example of the first group of terminals to which the update program is applied. The verification terminal group 21 receives the update program before production terminal group 22. Verification terminal group 21 is an example of the second group of terminals to which the update program is applied before the first group of terminals.
[0021] The production terminal group 22 consists of terminals actually used for business operations. The verification terminal group 21 may consist of verification terminals that are not used for actual business operations. For example, the patch may be applied to the verification terminal group 21 within the first predetermined period from the patch release date. If it is confirmed that there are no problems with the information processing terminals 20 (20-1, 20-2) to which the patch has been applied in the verification terminal group 21, the patch may be applied to the production terminal group 22 between the first predetermined period from the patch release date and the second predetermined period from the patch release date.
[0022] External server 30 is a server that provides update programs, and may be operated by, for example, a company that provides update programs. For example, external server 30 starts providing update programs on a specific day of the week, the Nth time from the beginning of each month. Information processing terminal 20 communicates with external server 30 via communication network 2. Information processing terminal 20 refers to policy information received from management server 10, and if the date obtained by information processing terminal 20 (current date) satisfies the policy information, it obtains and applies the update program from external server 30. The date obtained by information processing terminal 20 may be terminal time including year, month, day, and time within information processing terminal 20, or it may be the year, month, and day information from the terminal time. Information processing terminal 20 may also obtain the date from an external source via communication network 2.
[0023] (B-1) Hardware configuration example Figure 3 is a diagram illustrating the hardware (HW) configuration of a management server 10 as an example of an embodiment. If multiple computers are used as HW resources to realize the functions of the management server 10, each computer may have the HW configuration illustrated in Figure 3.
[0024] As shown in Figure 3, the management server 10 is an information processing device, and its hardware configuration may include, for example, one or more processors 10a, memory 10b, storage unit 10c, IF (Interface) unit 10d, IO (Input / Output) unit 10e, and read unit 10f.
[0025] The processor 10a is an example of an arithmetic processing unit that performs various controls and calculations, and is a control unit that executes various processes. The processor 10a may be connected to each block in the management server 10 via a bus 10g so that they can communicate with each other. The bus 10g may be a PCIe (Peripheral Component Interconnect-Express) bus. The processor 10a may be a multiprocessor containing multiple processors, a multicore processor having multiple processor cores, or a configuration having multiple multicore processors.
[0026] The processor 10a may be, for example, one of the following: CPU, GPU, MPU, DSP, ASIC, PLD, or FPGA. Alternatively, the processor 10a may be a combination of two or more of the following: CPU, GPU, MPU, DSP, ASIC, PLD, and FPGA. Note that CPU is an abbreviation for Central Processing Unit, GPU is an abbreviation for Graphics Processing Unit, MPU is an abbreviation for Micro Processing Unit, and DSP is an abbreviation for Digital Signal Processor. ASIC is an abbreviation for Application Specific Integrated Circuit, PLD is an abbreviation for Programmable Logic Device, and FPGA is an abbreviation for Field Programmable Gate Array.
[0027] Memory 10b is an example of hardware that stores various data and program information. Examples of memory 10b include volatile memory such as DRAM (Dynamic Random Access Memory) and non-volatile memory such as PM (Persistent Memory), or both.
[0028] The storage unit 10c is an example of hardware that stores various data and program information. Examples of storage units 10c include magnetic disk devices such as HDDs (Hard Disk Drives), semiconductor drive devices such as SSDs (Solid State Drives), and various storage devices such as non-volatile memory. Examples of non-volatile memory include flash memory, SCM (Storage Class Memory), and ROM (Read Only Memory).
[0029] The storage unit 10c may store a program 10h (a program for generating policy information (application rules) regarding update programs) that implements all or part of the various functions of the management server 10.
[0030] For example, the processor 10a of the management server 10 expands the program 10h stored in the memory unit 10c into memory 10b and executes it, thereby realizing the function of generating update application rules (policy information) described later.
[0031] The IF unit 10d is an example of a communication interface that controls the connection and communication between the management server 10 and other computers. For example, the IF unit 10d may include an adapter compliant with LAN (Local Area Network) such as Ethernet®, or optical communication such as FC (Fibre Channel). The adapter may support wireless, wired, or both communication methods. The program 10h may be downloaded from the network to the management server 10 via the communication interface and stored in the storage unit 10c.
[0032] The I / O unit 10e may include either or both an input device and / or an output device. Examples of input devices include keyboards, mice, and touch panels. Examples of output devices include monitors, projectors, and printers. The I / O unit 10e may also include a touch panel or the like that integrates the input and output devices.
[0033] The reading unit 10f is an example of a reader that reads data and program information recorded on the recording medium 10i. The reading unit 10f may include a connection terminal or device to which the recording medium 10i can be connected or inserted. Examples of the reading unit 10f include an adapter compliant with USB (Universal Serial Bus), a drive device that accesses a recording disk, and a card reader that accesses flash memory such as an SD card. The recording medium 10i may store a program 10h, and the reading unit 10f may read the program 10h from the recording medium 10i and store it in the storage unit 10c.
[0034] Examples of recording media 10i include non-temporary computer-readable recording media such as magnetic / optical discs and flash memory. Examples of magnetic / optical discs include flexible discs, CDs (Compact Discs), DVDs (Digital Versatile Discs), Blu-ray discs, and HVDs (Holographic Versatile Discs). Examples of flash memory include semiconductor memory such as USB memory and SD cards.
[0035] The hardware configuration of the management server 10 described above is an example. Therefore, the hardware can be increased or decreased within the management server 10 (for example, by adding or deleting arbitrary blocks), divided, merged in any combination, or by adding or deleting buses, etc., as appropriate.
[0036] Figure 4 is a diagram illustrating the hardware configuration of an information processing terminal 20 as an example of an embodiment. If multiple computers are used as hardware resources to realize the functions of the information processing terminal 20, each computer may have the hardware configuration illustrated in Figure 4.
[0037] The processor 20a, memory 20b, storage unit 20c, IF unit 20d, I / O unit 2e, read unit 20f, and bus 20g in Figure 4 are the same as the processor 10a, memory 10b, storage unit 10c, IF unit 10d, I / O unit 1e, read unit 10f, and bus 10g in Figure 3. Therefore, repeated explanations are omitted.
[0038] The memory unit 20c may store a program 20h (a program for applying update programs (patch application)) that implements all or part of the various functions of the information processing terminal 20.
[0039] For example, the processor 20a of the information processing terminal 20 implements the update program application processing function described later by expanding the program 20h stored in the storage unit 20c into the memory 20b and executing it. The recording medium 20i may store the program 20h, or the reading unit 20f may read the program 20h from the recording medium 20i and store it in the storage unit 20c.
[0040] (B-2) Example of Functional Configuration Figure 5 is a diagram illustrating the processing of the information processing system 1 as an example of an embodiment. For example, the administrator terminal 11 displays the policy setting screen 110, and administrator 3 inputs information including the first information 121, the second information 122, and the third information 123. The IF unit 10d of the management server 10 acquires this input information.
[0041] Information 121 is information about the week in which the update program for updating the software embedded in the information processing terminal 20 will be applied to the information processing terminal 20. Information 22 is information about the day of the week on which the application will begin (i.e., the application start day). Information 323 is information about the number of days on which the update program can be applied (i.e., the application days). Normally, the update program may be applied on the application start date (i.e., the patch release date), but depending on the status of the information processing terminal 20, the update may be applied on or after the day following the patch release date, within the application days indicated in Information 323.
[0042] The management server 10 may obtain the first information 121, second information 122, and third information 123 entered by the administrator 3 using the policy setting screen (similar to the policy setting screen 110) displayed on the management server 10. In this case, the I / O unit 10e of the management server 10 obtains these entered first information 121, second information 122, and third information 123. The IF unit 10d or I / O unit 10e of the management server 10 is an example of an acquisition unit that acquires the first information 121, second information 122, and third information 123.
[0043] As shown in Figure 5, the management server 10 includes a policy setting unit 101 and a policy transmission unit 102. The policy setting unit 101 and the policy transmission unit 102 may be implemented by a processor 10a.
[0044] Figure 6 shows an example of the policy settings screen 110. The policy settings screen 110 may be a graphical user interface (GUI) where the user, i.e., administrator 3, inputs various information related to policy information.
[0045] The policy setting screen 110 may include an application instruction unit 111a for instructing that the entered information be applied as a policy, and a cancellation instruction unit 111b for instructing that the entered information be canceled.
[0046] The policy setting screen 110 may include a policy name instruction unit 112a for specifying a policy name, and save instruction units 112b and 112c for saving the entered information. When the save instruction units 112b and 112c are operated, the information entered on the policy setting screen 110 (in particular, the information entered in the schedule setting unit 115, which will be described later) is stored in the policy DB 103 as first information 121, second information 122, and third information 123.
[0047] The policy settings screen 110 includes an application condition instruction unit 113 for specifying the conditions for automatic application of update programs. For example, the application condition instruction unit 113 accepts instructions from administrator 3, which include checking one of the following: apply updates periodically when the terminal is powered on, apply updates automatically when the user is logged in, apply updates automatically only immediately after login, or do not apply updates automatically. The policy settings screen 110 may also include a time period instruction unit 114 for specifying the time period during which the information processing terminal 20 will update the update program.
[0048] The policy setting screen 110 includes a schedule setting unit 115 for specifying the period during which the information processing terminal 20 will update the update program, i.e., the update schedule. The schedule setting unit 115 may include a GUI for inputting first information 121, second information 122, and third information 123 to specify the update schedule.
[0049] The schedule setting unit 115 may have an enable instruction unit 115b for receiving instructions from administrator 3 to enable the setting to apply the update program during a specified period. When administrator 3 places a check mark on the enable instruction unit 115b, an instruction to enable the application of the update program during the specified period is input. When the schedule setting unit 115 receives the instruction to enable, the enable flag described later becomes enabled (ON). As a result, the update program will be applied during the specified period. If there is no check mark on the enable instruction unit 115b, the instruction to enable the application of the update program during the specified period is invalid, and the enable flag described later becomes disabled (OFF). As a result, the update program will not be applied during the specified period.
[0050] Figure 7 shows an example of the schedule setting unit 115 in the policy setting screen 110. In this example, the schedule setting unit 115 includes a first input unit 116 for inputting first information 121, a second input unit 117 for inputting second information 122, and a third input unit 118 for inputting third information 123.
[0051] The first input section 116 is a GUI for administrator 3 (i.e., the user responsible for management) to select the start week for application from weeks 1 to 4. For example, when the input section is clicked by a pointing device (not shown) operated by administrator 3, the numbers 1, 2, 3, and 4 are displayed. From these displayed numbers, one number may be selected by the pointing device operated by administrator 3 to determine the start week for application.
[0052] The second input section 117 is a GUI for administrator 3 to select the starting day of the week from Sunday to Saturday. In the second input section 117, if the input is blank, as shown by symbol T4, the first day of the month, i.e., the day of the week for the first day of that month, may be assigned.
[0053] The third input section 118 is a GUI for administrator 3 to select the number of days to apply from, for example, one or more natural numbers. In the third input section 118, if the input is blank, such as the symbol T5, the number of days until the end of the month may be assigned.
[0054] The policy settings screen 110 is not limited to the examples shown in Figures 6 and 7. The policy settings screen 110 only needs to allow input of the first information 121, the second information 122, and the third information 123, and may be modified as appropriate.
[0055] Returning to Figure 5, the policy setting unit 101 stores the first information 121, the second information 122, and the third information 123 in the policy DB 103. Based on the values of the first information 121, the second information 122, and the third information 123 stored in the policy DB 103, the policy setting unit 101 creates a policy file 104. The policy file 104 is an example of an application rule for determining whether or not to apply the update program to the information processing terminal 20, and may be referred to as policy information. The policy file 104 may be stored in the policy storage folder 105.
[0056] The policy setting unit 101 is an example of a creation unit that creates application rules for determining whether or not to apply an update program to an information processing terminal, based on the first information 121, the second information 122, and the third information 123.
[0057] Figure 8 shows an example of the policy DB 103 and terminal management DB 140. The terminal management DB 140 is a database for managing information about each of the multiple information processing terminals 20. The terminal management DB 140 includes terminal management information 141. The terminal management information 141 includes terminal information 142 that identifies the information processing terminal 20, and a policy group number (No.) 143 that identifies the group to which the information processing terminal 20 identified by the terminal information 142 belongs. Note that the terminal management information 141 may include the address of each terminal, i.e., the information processing terminal 20. Different policy files (i.e., update application rules) are applied to each group identified by the policy group number. If there is only one group, the same policy file is applied to all information processing terminals 20.
[0058] In Figure 8, #M1 and #M2 may represent, for example, information processing terminals 20-1 and 20-2 in Figure 2, and #M3 and #M4 may represent, for example, information processing terminals 20-3 and 20-4 in Figure 2. Policy group number 143's #1 may represent verification terminal group 21 in Figure 2, and #2 may represent production terminal group 22.
[0059] If there are multiple groups to which different policy files 104 apply, as shown in Figure 8, the acquisition unit, i.e., the IF unit 10d or the IO unit 10e, acquires the first information 121, the second information 122, and the third information 123 for each group.
[0060] The policy DB 103 may include a policy group number 124 and an enable flag 125, in addition to the first information 121, second information 122, and third information 123. The policy group number 124 may be linked to the policy group number 143 in the terminal management DB 140. The enable flag 125 may be information indicating whether the policy file 104 is enabled or disabled. The value of the enable flag 125 may be switched between enabled (1) and disabled (0) by the enable indicator unit 115b in Figure 6.
[0061] Figure 9 shows an example of a policy file 104. In this example shown in Figure 9, the policy file 104 consists of a first policy file 104b to be sent to the first terminal group (production terminal group 22) and a second policy file 104a to be sent to the second terminal group (verification terminal group 21). The first policy file 104b is an example of a first application rule for determining whether or not to apply the update program to the first terminal group (production terminal group 22). The second policy file 104a is an example of a second application rule for determining whether or not to apply the update program to the second terminal group (verification terminal group 21).
[0062] In Figure 5, the policy transmission unit 102 is an example of a transmission unit that sends the created policy file 104 to each information processing terminal 20. The policy transmission unit 102 sends the policy file 104 that applies to each policy group. For example, the policy transmission unit 102 sends the first policy file 104b to the first group of terminals (production terminal group 22). The policy transmission unit 102 also sends the second policy file 104a to the second group of terminals (verification terminal group 21).
[0063] The information processing terminal 20 includes a patch application processing unit 201 (patch application call unit). The patch application processing unit 201 may be implemented by a processor 20a.
[0064] The patch application processing unit 201 checks whether or not it has received the policy file 104. This confirmation of receipt may be performed at predetermined intervals (for example, every 3 hours), i.e., periodically. If the patch application processing unit 201 has received the policy file 104, it may store the policy file 104 in the policy storage folder 205. The patch application processing unit 201 includes a receiving unit 202 that receives the application rules from the management server 10.
[0065] The patch application processing unit 201 checks the content of the received policy file 104. The patch application processing unit 201 acquires the date information within the terminal of the information processing terminal 20 (which may be referred to as the self-information processing terminal 20) where it functions. The patch application processing unit 201 compares the date information with the policy file 104 to determine whether the acquired date is within the applicable period indicated by the received policy file 104. The patch application processing unit 201 includes a determination unit 203 that determines whether the acquired date satisfies the received application rules.
[0066] In one example, the patch application processing unit 201 uses the first information 121, the second information 122, and the day of the week on the first day of this month (obtained from general calendar information) to calculate the application start date D of this month n1 "This month" refers to the month to which the current date (which may also be a time) obtained from the time information (for example, date information) acquired by the current terminal belongs. This month may be referred to as the current month. The patch application processing unit 201 calculates the application start date (the first application start date) D in this month n1 and the day (the first application end date) D obtained by adding the number of application days (the third information 123) to the application start date D in this month n1 in this month and then subtracting 1. That is, n2 The first application end date D = the first application start date D n2 + the number of application days - 1 n1 is obtained.
[0067] The patch application processing unit 201 determines whether the condition D n1 ≦ the date information of the current terminal ≦ D n2 is satisfied, and applies the patch according to the determination result. Specifically, the patch application processing unit 201 applies the patch when the date information of the current terminal satisfies the condition.
[0068] The patch application processing unit 201 uses the first information 121, the second information 122, and the day of the week on the first day of the previous month to calculate the application start date in the previous month (which may be referred to as the second application start date) D b1 The patch application processing unit 201 calculates the application start date (second application start date) D in the previous month. b1 The date obtained by adding the number of days of application (3rd information 123) and subtracting 1 (sometimes referred to as the 2nd application end date) D b2 Calculate the following: Second End Date D b2 =Second application start date D b1 +Number of days of application - 1 That is the case.
[0069] The patch application processing unit 201 is under condition D b1 ≤Current device date information≦D b2 Determine whether the condition is met, and if so, apply the patch. In other words, the determination unit 203 determines, based on the first information 121 and the second information 122, the application start date (first application start date D) for applying the update program to the information processing terminal 20 in the month and the month immediately preceding that month. n1 , second application start date D b1 The determination unit 203 may calculate each application start date (D n1 , D b1 Based on the above and the third piece of information 123, it may be determined whether the date acquired by the information processing terminal (20) satisfies the above-mentioned applicable rule.
[0070] The patch application processing unit 201 may include an application unit 204 that obtains update programs from an external server 30 and applies them.
[0071] The information processing terminal 20 may also display various information on the monitor of the I / O unit 20e. For example, the I / O unit 20e may show the results of patches that have been applied to date, and may also show the schedule for the next patch application.
[0072] The monitor of the IO unit 20e may display an environment setting screen for user 4 of the information processing terminal 20 to configure its environment. The monitor of the IO unit 20e may also display the operating status log and the current operating status of the information processing terminal 20. In addition, the monitor of the IO unit 20e may display check commands and accept instructions from user 4.
[0073] (C) Operation Figure 10 is a flowchart illustrating the overview of processing in an information processing system 1 as an example of an embodiment. Steps S1 and S2 are processes performed by the management server 10, and steps S3, S4, and S5 are processes performed by each information processing terminal 20.
[0074] In the management server 10, the policy setting unit 101 sets the policy. In one example, the policy setting unit 101 creates a policy file 104 (step S1).
[0075] The policy transmission unit 102 transmits the corresponding policy file 104 to the information processing terminal 20 of each group identified by the policy group number 124 (step S2).
[0076] In each information processing terminal 20, the patch application processing unit 201 periodically checks, for example, by polling whether the policy file 104 has been received, and receives the policy file 104 (step S3).
[0077] The patch application processing unit 201 performs a determination of the application timing (step S4). Specifically, the patch application processing unit 201 determines whether the date obtained by the information processing terminal 20 satisfies the application rule indicated in the received policy file 104.
[0078] The patch application processing unit 201 retrieves and applies the patch from the external server 30 according to the determination result (step S5).
[0079] Figure 11 is a flowchart illustrating the policy setting process in the management server 10 as an example of an embodiment. Figure 11 shows an example of how to generate a policy file 104, which is the application rule for update programs.
[0080] The policy setting unit 101 displays the policy setting screen 110 on the monitor of the administrator terminal 11 or the monitor of the management server 10 (step S10). The GUI of the policy setting screen 110 becomes ready for administrator 3 to input information.
[0081] The IF unit 10d or IO unit 10e obtains information about the application start week, i.e., the first information 121, from the policy setting screen 110 where administrator 3 has entered information (step S11). The IF unit 10d or IO unit 10e obtains information about the application start day of the week, i.e., the second information 122, from the policy setting screen 110 where administrator 3 has entered information (step S12). The IF unit 10d or IO unit 10e obtains information about the application days, i.e., the third information 123, from the policy setting screen 110 where administrator 3 has entered information (step S13). Note that the order of steps S11, S12, and S13 is not limited to the case in Figure 11, and the order of at least some of the processes may be changed, and at least some of the processes may be performed in parallel.
[0082] The policy setting unit 101 stores the first information 121, the second information 122, and the third information, namely the application start week, application start day of the week, and application number of days, obtained via the IF unit 10d or the IO unit 10e, in the policy DB 103 (step S14).
[0083] The policy setting unit 101 creates a policy file 104 for each group of information processing terminals 20 identified by policy group number 124 (i.e., verification terminal group 21, production terminal group 22) (step S15). For example, the policy setting unit 101 creates a first policy file 104b for information processing terminals 20-3 to 20-4 belonging to production terminal group 22 (first terminal group). The policy setting unit 101 creates a second policy file 104a for information processing terminals 20-1 to 20-2 belonging to verification terminal group 21 (second terminal group).
[0084] The policy transmission unit 102 transmits the policy file 104 to each information processing terminal 20 (step S16). For example, the policy transmission unit 102 transmits the first policy file 104b to information processing terminals 20-3 to 20-4 belonging to the production terminal group 22 (first terminal group). The policy transmission unit 102 transmits the second policy file 104a to information processing terminals 20-1 to 20-2 belonging to the verification terminal group 21 (second terminal group). If there are three or more policy groups, a separate policy file 104 may be created and transmitted for each policy group.
[0085] Figures 12 and 13 are flowcharts illustrating the processing content of the patch application process in the information processing terminal 20 as an example of an embodiment. Figure 12 shows the processing in steps S21 to S26, and Figure 13 shows the processing in steps S27 to S30.
[0086] The patch application processing unit 201 checks whether or not it has received the policy file 104, i.e., the policy information (step S21). If the policy file 104 has not been received (see the No route in step S21), the process proceeds to step S22. The patch application processing unit 201 waits until a predetermined time has elapsed (see the No route in step S22), and once the predetermined time has elapsed (see the Yes route in step S22), it returns to step S21. In other words, the patch application processing unit 201 checks whether or not it has received the policy file 104 at predetermined intervals.
[0087] If policy file 104 is received (see Yes route in step S21), the patch application processing unit 201 retrieves policy file 104 (step S23).
[0088] The patch application processing unit 201 checks the validity flag 125 of the acquired policy file 104 and determines whether the validity flag 125 is ON or OFF (step S24). In the example shown in Figure 9, the validity flag 125 is ON when it is 1 and OFF when it is 0. However, the validity flag 125 is not limited to this case.
[0089] If the valid flag 125 is OFF (see No route in step S24), the process may be terminated, or the process may return to step S21.
[0090] If the valid flag 125 is ON (see the Yes route in step S24), the patch application processing unit 201 obtains the current terminal time (terminal date and time) of the local information processing terminal 20 (step S25).
[0091] Patch application processing unit 201 will start application on date D this month. n1 This is calculated based on the first information 121 and the second information 122, namely the information on the week in which the application begins and the day of the week in which the application begins (step S26).
[0092] The process in step S26 may include the processes in steps S201, S202, and S203. The patch application processing unit 201 calculates the day of the week for the first day of the month, i.e., the 1st (step S201). The patch application processing unit 201 quantifies the day of the week for application start and the first day of the month (1st), and calculates the number of days D for the difference in days of the week. def Calculate (Step S202).
[0093] For example, the patch application processing unit 201 may use 0: Monday, 1: Tuesday, ···, 5: Saturday, 6: Sunday, or 0: Sunday, 1: Monday, 2: Tuesday, ···, 6: Saturday. Note that the patch application processing unit 201 may digitize the days of the week such that the numerical value increases (or decreases by 1) when the day of the week advances to the next day of the week.
[0094] The patch application processing unit 201 calculates the number of days D of the day - of - week difference between the digitized start day of the week (X S ) and the digitized day of the week of the 1st day of this month (X1). def The patch application processing unit 201 calculates the number of days D of the day - of - week difference. def For example, when X S ≥X1, the patch application processing unit 201 may calculate it using the following formula (1), and when X S <X1, it may calculate it using the following formula (2). The number of days D of the day - of - week difference def =X S -X1 ···(1) The number of days D of the day - of - week difference def =X S -X1 + 7 ···(2)
[0095] Subsequently, the patch application processing unit 201 calculates the application start date in this month, that is, the first application start date D1] n1 (step S203). The patch application processing unit 201 may calculate the first application start date D n1 using, for example, the following formula (3). In the following formula (3), the application start week may be the value of the first information 121. The first application start date D n1 =1+(application start week - 1)×7+the number of days D of the day - of - week difference def 0] ···(3)
[0096] For example, the update schedule shown in FIG. 14 will be used as an example for explanation. FIG. 14 is a diagram showing the update schedule set as an example of an embodiment. In the example shown in FIG. 14, for the terminals (20-1 to 20-2) of the verification terminal group 21, [the second] week, [Tuesday], and
[14] days are specified as the first information 121, the second information 122, and the third information 123. For the terminals (20-3 to 20-4) of the production terminal group 22, [the fourth] week, [Tuesday], and
[14] days are specified as the first information 121, the second information 122, and the third information 123.
[0097] Taking the case of the verification terminal group 21 (displayed as "verification" in the figure) in June 2024 shown in FIG. 14 as an example, if X S is 1 (Tuesday) and X1 is 5 (Saturday), then X S corresponds to the case of <X1, so the number of days D of the day-of-week difference def = X S - X1 + 7 = 1 - 5 + 7 = 3 (days) is obtained. Also, since the application start week (the first information 121) = 2, from the above formula (3), the first application start date D n1 = 1 + (2 - 1) × 7 + 3 = 11 (days) is obtained.
[0098] Therefore, using the first information 121, the second information 122, the third information 123, and the information on the day of the week at the beginning of the current month included in the policy file 104, the application start date can be set according to the patch release date.
[0099] The patch application processing unit 201 calculates the day obtained by adding the number of application days (the third information 123) to the application start date D n1 in the current month and then subtracting 1, that is, the first application end date D n2 The patch application processing unit 201 checks the condition D n1 ≦ the current end date and time ≦ D n2The patch application processing unit 201 determines whether the condition is met (step S27). If the date obtained from the terminal satisfies the condition (see the Yes route in step S27), the process proceeds to step S28. In step S28, the patch application processing unit 201 obtains the patch, i.e., the update program, from the external server 30 and applies the update. Therefore, the update application period can be set dynamically in accordance with the dynamically set start date of application.
[0100] On the other hand, if the current date and time of the terminal does not meet the conditions (see No route in step S27), the patch application processing unit 201 proceeds to step S29.
[0101] The patch application processing unit 201 determines the application start date in the previous month, i.e., the second application start date D b1 This is calculated based on the first information 121 and the second information 122, namely the information on the week in which the application begins and the day of the week in which the application begins (step S29).
[0102] The process in step S29 may include the processes in steps S301, S302, and S303. The patch application processing unit 201 calculates the day of the week for the first day of the previous month, i.e., the 1st (step S301). The patch application processing unit 201 quantifies the day of the week for application start and the first day (1st) of the previous month, and calculates the number of days D for the difference in days of the week. def Calculate the number of days D for the difference in days of the week. def Since this is the same process as in step S202, its explanation will be omitted.
[0103] The patch application processing unit 201 calculates the numerical start day of the week (X S The number of days D is the difference between the day of the week (X1) and the numerical day of the week on the 1st of the previous month. def The patch application processing unit 201 calculates the number of days D of the day of the week difference. def The above formulas (1) and (2) may be used to calculate this.
[0104] Next, the patch application processing unit 201 determines the application start date in the previous month, i.e., the second application start date D b1The patch application processing unit 201 calculates the second application start date D. b1 The same formula as formula (3) above may be used to calculate this.
[0105] The patch application processing unit 201 determines the application start date in the previous month, i.e., the second application start date D b1 The day obtained by adding the number of application days (3rd information 123) and subtracting 1, i.e., the second application end date D. b2 The patch application processing unit 201 calculates the following: b1 ≤Current device date and time≦D b2 The patch application processing unit 201 determines whether the condition is met (step S30). If the patch application processing unit 201 determines that the date and time obtained from the current terminal meets the condition (see the Yes route in step S30), the process proceeds to step S28. On the other hand, if the patch application processing unit 201 determines that the date and time of the current terminal does not meet the condition (see the No route in step S30), the process ends without applying the patch. The process returns to step S21.
[0106] For example, taking the case of production terminal group 22 (indicated as "production application" in the figure) in July 2024, as shown in Figure 14, the D in the previous month, June b1 This is June 25th. The patch application processing unit 201 determines the application start date in the previous month, i.e., the second application start date D b1 The second end date of application D is obtained by adding the number of application days (third information 123) and subtracting 1. b2 Calculate D b2 This is calculated by adding 14 days to June 25th and subtracting 1, resulting in July 8th. Therefore, the update program will be applied to production terminal group 22 from June 25th to July 8th.
[0107] Therefore, even when the application period spans across months, the application period can be appropriately and dynamically set. (D) Effects
[0108] As described above, according to the information processing system 1 as an example of an embodiment, the management server 10 creates application rules for determining whether or not to apply the update program to the information processing terminal based on the acquired first information 121, second information 122, and third information 123. The first information 121 includes the week in which the application will begin, the second information 122 includes the day of the week in which the application will begin, and the third information 123 includes the number of days for which the application will be performed. Therefore, according to one embodiment, in each month, the application schedule for the update program can be set according to the start date of a specific day of the week that occurs N times (N is any natural number from 1 to 4) from the beginning of the month. As a result, the processing burden on administrators 3 and users 4 who manually set the application schedule for the update program is reduced, and the update program can be applied accurately and efficiently.
[0109] The policy set on the management server 10 includes the application start week (first information 121), the application start day of the week (Xs: second information 122), and the number of application days (third information 123). In addition, the patch application processing unit 201 on the information processing terminal 20 calculates the application start date based on the application start week (first information 121) and the application start day of the week (Xs: second information 122).
[0110] These features allow for the determination of application start dates that correspond to monthly variations in the start date of provision and monthly variations in the day of the week at the beginning of the month. Therefore, there is no need to manually set the application period for updates according to the start date of monthly update provision (patch release), and the risk of applying updates to the production environment due to operational errors (human errors) can be suppressed.
[0111] In the information processing terminal 20, the patch application processing unit 201 determines whether it is within the period in which patch application should be performed, based on the number of application days (third information 123) (step S30 in Figure 13). This allows for the patch to be applied appropriately if it is within the set number of application days. Furthermore, even if the application period spans across months, the patch can be applied appropriately.
[0112] For example, in the case of Windows Update, where the patch release date is the second Tuesday of each month, even if the date of new patch releases varies from month to month, the start date and duration of the update application can be set according to the patch release date.
[0113] The information processing system 1 includes a management server 10 and a plurality of information processing terminals 20. Each information processing terminal 20 includes a receiving unit 202 that receives application rules from the management server, a determination unit 203 that determines whether the date acquired by the terminal satisfies the received application rule, and an application unit 204 that acquires and applies an update program according to the determination result. Therefore, if the application rule is met, each information processing terminal 20 can acquire and apply the update program itself. As a result, the burden on administrators 3 and users 4 to perform processing manually can be reduced.
[0114] The multiple information processing terminals 20 include a production terminal group 22 and a verification terminal group 21. The update program is applied to the verification terminal group 21 before the production terminal group 22. The application rule includes a first policy file 104b for determining whether or not to apply the update program to the production terminal group 22, and a second policy file 104a for determining whether or not to apply the update program to the verification terminal group 21. The management server 10 sends the first policy file 104b to the production terminal group 22 and the second policy file 104a to the verification terminal group 21.
[0115] Therefore, updates can be applied to test terminals before applying them to production terminals. Consequently, updates can be applied to production terminals after verifying the software stability of the updates. This allows for accurate and efficient application of updates, such as Windows Update, to terminals that require stable operation, including those in medical settings. In particular, it facilitates the application of appropriate updates in accordance with the Guidelines for the Secure Management of Medical Information Systems, Version 6.0.
[0116] In particular, compared to setting update application schedules for test terminals and production terminals on a monthly basis, this method allows for more accurate and efficient dynamic application of the application schedule according to the patch release date.
[0117] (E) Others The disclosed technology is not limited to the embodiments described above and can be implemented in various modified forms without departing from the spirit of this embodiment. For example, each component and process of this embodiment can be selected or omitted as needed, or combined as appropriate.
[0118] Furthermore, although the above-described embodiment explains the case in which each information processing terminal 20 performs the processing shown in Figures 12 and 13, for example, the management server 10 or another device may determine whether the current date and time is the time to apply the patch. If the current date and time is the time to apply the patch, each information processing terminal 20 receives an instruction to apply the patch, that is, an instruction to apply the update program.
[0119] (F) Note The following additional information is disclosed regarding the embodiments described above. (Note 1) An acquisition unit that acquires first information regarding the week in which an update program for updating the software embedded in an information processing terminal is applied to the information processing terminal, second information regarding the day of the week on which the application will begin, and third information regarding the number of days on which the update program can be applied. The system includes a creation unit that creates application rules for determining whether or not to apply the update program to the information processing terminal based on the first information, the second information, and the third information acquired through the acquisition unit. An information processing system characterized by the following features.
[0120] (Note 2) The information processing system includes the management server having the acquisition unit and the creation unit, and a plurality of information processing terminals, Each of the aforementioned plurality of information processing terminals is A receiving unit that receives the aforementioned application rules from the management server, A determination unit that determines whether the date obtained by the information processing terminal satisfies the received application rule, The system includes an application unit that acquires and applies the update program according to the result of the aforementioned determination. The information processing system described in Appendix 1, characterized in that it is the same as described in Appendix 1.
[0121] (Note 3) The unit that makes the determination said, Based on the first and second pieces of information, the start dates for applying the update program to the information processing terminal in the aforementioned month and the month immediately preceding it are calculated. Based on the respective start dates of application and the third information, it is determined whether the date obtained by the information processing terminal satisfies the application rules. The information processing system described in Appendix 2, characterized by the features described herein.
[0122] (Note 4) The plurality of information processing terminals include a first group of terminals to which the update program is applied, and a second group of terminals to which the update program is applied before the first group of terminals. The application rule created by the creation unit includes a first application rule for determining whether or not to apply the update program to the first group of terminals, and a second application rule for determining whether or not to apply the update program to the second group of terminals. The management server includes a transmission unit that transmits the first application rule to the first group of terminals and the second application rule to the second group of terminals. The information processing system described in Appendix 2, characterized by the features described herein.
[0123] (Note 5) Obtain the first information regarding the week in which the update program for updating the software embedded in the information processing terminal is applied to the information processing terminal, the second information regarding the day of the week on which the application begins, and the third information regarding the number of days on which the update program can be applied. Based on the acquired first information, second information, and third information, an application rule is created to determine whether or not to apply the update program to the information processing terminal. A method for generating application rules for update programs, characterized in that the processing is performed by a computer.
[0124] (Note 6) The plurality of information processing terminals include a first group of terminals to which the update program is applied, and a second group of terminals to which the update program is applied before the first group of terminals, A first application rule is generated for determining whether or not to apply the update program to the first group of terminals, and a second application rule is generated for determining whether or not to apply the update program to the second group of terminals. The first application rule is transmitted to the first group of terminals, and the second application rule is transmitted to the second group of terminals. A method for generating application rules for the update program described in Appendix 5, characterized in that the processing is performed by a computer.
[0125] (Note 7) An application method for applying updates based on the application rules described in Appendix 5, Each of the multiple information processing terminals receives information about the applicable rules from the computer, The date obtained by the information processing terminal is used to determine whether or not it satisfies the received applicable rule. Depending on the result of the above determination, obtain and apply the above update program. An application method characterized in that the processing is performed by the information processing terminal.
[0126] (Note 8) In the process of making the above determination, Based on the first and second pieces of information, the start dates for applying the update program to the information processing terminal in the aforementioned month and the month immediately preceding it are calculated. Based on the respective start dates of application and the third information, it is determined whether the date obtained by the information processing terminal satisfies the application rules. The application method described in Appendix 7, characterized in that the processing is performed by the information processing terminal.
[0127] (Note 9) The system obtains the following information: first, information regarding the week in which an update program for updating the software embedded in the information processing terminal is applied to the information processing terminal; second, information regarding the day of the week on which the update program is applied; and third, information regarding the number of days on which the update program can be applied. Based on the acquired first information, second information, and third information, an application rule is created to determine whether or not to apply the update program to the information processing terminal. A program for generating application rules for update programs, characterized by having a computer perform the processing.
[0128] (Note 10) The plurality of information processing terminals include a first group of terminals to which the update program is applied, and a second group of terminals to which the update program is applied before the first group of terminals, A first application rule is generated for determining whether or not to apply the update program to the first group of terminals, and a second application rule is generated for determining whether or not to apply the update program to the second group of terminals. The first application rule is transmitted to the first group of terminals, and the second application rule is transmitted to the second group of terminals. A program for generating application rules for the update program described in Appendix 9, characterized by causing a computer to perform the processing.
[0129] (Note 11) An application processing program that applies updates based on the application rules described in Appendix 9, Each of the multiple information processing terminals receives information about the applicable rules from the computer, The date obtained by the information processing terminal is used to determine whether or not it satisfies the received applicable rule. Depending on the result of the above determination, obtain and apply the above update program. An application processing program characterized by causing the information processing terminal to perform the processing.
[0130] (Note 12) In the process of making the above determination, Based on the first and second pieces of information, the start dates for applying the update program to the information processing terminal in the aforementioned month and the month immediately preceding it are calculated. Based on the respective start dates of application and the third information, it is determined whether the date obtained by the information processing terminal satisfies the application rules. The application processing program described in Appendix 11, characterized in that it causes the information processing terminal to perform the processing. [Explanation of Symbols]
[0131] 1. Information Processing System 2 Network 3 Administrator 4 User 10 Management Server 10a, 20a processors 10b, 20b memory 10c,20c storage section 10d,20d IF part 10e,20e IO section 10f, 20f reading section 10g, 20g bus 10h, 20g program 10i, 20i recording media 11 Administrator terminal 20, 20-1~20-4 Information Processing Terminals 21 Verification Terminal Group 22 Production Terminal Groups 30 External Servers 101 Policy Settings Section 102 Policy Transmission Section 103 Policy DB 104 Policy File 104b First policy file 104a Second policy file 105,205 policy storage folders 110 Policy Settings Screen 111a Application instructions 111b Cancel instruction section 112a Policy Name Indicator 112b, 112c Storage instruction section 113 Applicable conditions instructions 114 Time zone indicator 115 Schedule Setting Section 115b Effective indicator section 116 First Input Section 117 Second Input Section 118 Third Input Section 121 1st information 122 Second information 123 Third information 124,143 Policy Group Number 125 Enabled Flag 140 Terminal Management DB 141 Terminal Management Information 142 Device Information 124,143 201 Patch Application Processing Unit 202 Receiving Unit 203 Judgment Department 204 Application section
Claims
1. An acquisition unit that acquires first information regarding the week in which an update program for updating the software embedded in an information processing terminal is applied to the information processing terminal, second information regarding the day of the week on which the application will begin, and third information regarding the number of days on which the update program can be applied. The system includes a creation unit that creates application rules for determining whether or not to apply the update program to the information processing terminal based on the first information, the second information, and the third information acquired through the acquisition unit. An information processing system characterized by the following features.
2. The information processing system includes the management server having the acquisition unit and the creation unit, and a plurality of information processing terminals, Each of the aforementioned plurality of information processing terminals is A receiving unit that receives the aforementioned application rules from the management server, A determination unit that determines whether the date obtained by the information processing terminal satisfies the received application rule, The system includes an application unit that acquires and applies the update program according to the result of the aforementioned determination. Characterized by, The information processing system according to claim 1.
3. The unit that makes the determination said, Based on the first information and the second information, the start dates for applying the update program to the information processing terminal in the aforementioned month and the month immediately preceding the aforementioned month are calculated. Based on the respective application start dates and the third information, it is determined whether the date acquired by the information processing terminal satisfies the received application rule. Characterized by The information processing system according to claim 2.
4. The plurality of information processing terminals include a first group of terminals to which the update program is applied, and a second group of terminals to which the update program is applied before the first group of terminals. The application rule created by the creation unit includes a first application rule for determining whether or not to apply the update program to the first group of terminals, and a second application rule for determining whether or not to apply the update program to the second group of terminals. The management server includes a transmission unit that transmits the first application rule to the first group of terminals and the second application rule to the second group of terminals. Characterized by The information processing system according to claim 2.
5. The system obtains the following information: first, information regarding the week in which an update program for updating the software embedded in the information processing terminal is applied to the information processing terminal; second, information regarding the day of the week on which the update program is applied; and third, information regarding the number of days on which the update program can be applied. Based on the acquired first information, second information, and third information, application rules are created to determine whether or not to apply the update program to the information processing terminal. The process is characterized by being executed by a computer. How to generate application rules for updates.
6. The system obtains the following information: first, information regarding the week in which an update program for updating the software embedded in the information processing terminal is applied to the information processing terminal; second, information regarding the day of the week on which the update program is applied; and third, information regarding the number of days on which the update program can be applied. Based on the acquired first information, second information, and third information, application rules are created to determine whether or not to apply the update program to the information processing terminal. The process is characterized by having a computer perform the processing. A program that generates application rules for updates.