Conventional computers or network systems have discrete computer machines or network machines installed with required software for defining hardware's functions. They have such hardware and software resources in combination to constitute a so-called silo type system, as shown in FIG. 1.
This method, however, poses a problem that some resources executing certain applications are highly loaded, whereas many other resources have a very low utilization rate, resulting in poor resource utilization efficiency as a whole relative to the total amount of committed resources. Thus, there has been proposed a virtualization technique with which resources are logically virtualized and apparently possessed resources are put into a pool so that a system that needs the resources can use them as much as needed.
Examples of the virtualization technique include: Xen as disclosed in Non-patent Document 1, UML as disclosed in Non-patent Document 2, VMware as disclosed in Non-patent Document 3, Bochs as disclosed in Non-patent Document 4, and virtual PC as disclosed in Non-patent Document 5; those techniques provide computers required in a system as logical computer machines connected virtual networks to thereby create the same operation environment as that in which discrete computer machines are connected via network machines.
These conventional systems are implemented by a technique of giving one hardware resource an appearance of a plurality of independent apparatuses as if they were actually present as viewed from user processes. Taking the Xen architecture as disclosed in Non-patent Document 1 as a representative example, it is comprised of hardware resources 11, virtualization means 12, virtual apparatuses 13, virtual networks 14, guest operating systems 15, and applications 16, as shown in FIG. 2.
The conventional computer system having such a configuration operates as follows:
The virtualization means 12 pertains to a VMM (Virtual Machine Monitor) that is a technique developed for the purpose of allowing a plurality of users to individually use a large-size computer such as, formerly, a mainframe, and has become increasingly applicable to general-purpose computers with recent performance improvement thereof. A conventional mainstream scheme involved running one OS on one computer resource to manage several kinds of devices, and it was difficult to simultaneously run a plurality of OSes.
In contrast, the virtualization means 12 is laid at a layer between the operating systems 15 and hardware resources 11 for virtualizing the hardware resources to give them an appearance of logical resources as viewed from the operating systems 15, thereby achieving the virtualization technique capable of running a plurality of operating systems 15 with one hardware resource. A logical computer machine installed with an operating system 15 running on the virtualization means 12 is referred to as virtual apparatus 13, and the virtualization means 12 has a function of intermediating use of actual hardware resources 11 in response to the requests from the virtual apparatuses 13 to use resources. Thus, it is possible to share one hardware resource among a plurality of operating systems 15, thus improving resource utilization efficiency. Moreover, since it is possible to prescribe the allocation proportion of resources, a prescribed amount of resources can be effectively allocated to the virtual apparatuses. Furthermore, the virtual apparatuses 13 can be mutually connected via the virtualization means 12 using the virtual networks 14 provided by the virtualization means 12.
In a virtual apparatus 13, the application 16 runs on the operating system 15 and issues a request to use resources as in calculation to the operating system 15, which is the same as an ordinary case where the operating system 15 is directly run on the hardware resource 11. The operating system 15 is run so that resources (logical resources) that it manages are shared among a plurality of the applications 16.
The operating system generally has a privileged mode for resource management, and resources that the operating system 15 can manage are logical resources given to it. The privilege for controlling hardware resources is used by the virtualization means 12. Thus, even when codes that are problematic from the security viewpoint are executed in a certain virtual apparatus 13, for example, its effect is confined within the virtual apparatus 13 and does not extend to other virtual apparatuses, thus providing an advantage that protection is secured among the virtual apparatuses. Thus, it is possible to keep a protection level while sharing resources.
By using such a virtualization technique, a plurality of virtual apparatuses can be configured on one physical apparatus and assigned to a plurality of systems, whereby resources can be shared among several departments in one organization, for example, while securing a protection level.
Non-patent Document 1: P. Barham et al., “Xen and the art of virtualization,” Proc. SOSP 2003, Bolton Landing, N.Y., U.S.A., Oct. 19-22, 2003.
Non-patent Document 2: User Mode Linux, (see user mode linux web site
Non-patent Document 3: VMware's web site
Non-Patent Document 4: Bochs (see Bochs web site)
Non-patent Document 5: Virtual PC (see Microsoft web site)