JP2012078985A - Two-system client system - Google Patents

Two-system client system Download PDF

Info

Publication number
JP2012078985A
JP2012078985A JP2010222178A JP2010222178A JP2012078985A JP 2012078985 A JP2012078985 A JP 2012078985A JP 2010222178 A JP2010222178 A JP 2010222178A JP 2010222178 A JP2010222178 A JP 2010222178A JP 2012078985 A JP2012078985 A JP 2012078985A
Authority
JP
Japan
Prior art keywords
virtual machine
environment
memory
state
physical memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP2010222178A
Other languages
Japanese (ja)
Other versions
JP5514063B2 (en
Inventor
Koji Araki
幸治 荒木
Yuzo Oshida
勇三 押田
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Solutions Ltd
Original Assignee
Hitachi Solutions Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi Solutions Ltd filed Critical Hitachi Solutions Ltd
Priority to JP2010222178A priority Critical patent/JP5514063B2/en
Publication of JP2012078985A publication Critical patent/JP2012078985A/en
Application granted granted Critical
Publication of JP5514063B2 publication Critical patent/JP5514063B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

PROBLEM TO BE SOLVED: To enable easy switching of environments of two systems, a general operation environment and a confidential operation environment, on one client machine.SOLUTION: A two-system client system includes means for storing and restoring a state of a virtual machine 102 on a physical memory 105, and means for redirecting write of data from the virtual machine onto a hard disk 106 to the physical memory. When an environment to be executed by the virtual machine is switched from a general operation environment to a confidential operation environment, processing of the virtual machine is frozen, and a state of the virtual machine at the time of the freezing is stored on the physical memory. Then, memory redirection is set to valid so that data write destination is the physical memory, and the virtual machine is restarted. When the environment is switched from the confidential operation environment to the general operation environment, the virtual machine is frozen, and a state of the virtual machine and data that is a target of the memory redirection is deleted. Then, the virtual machine is restored to a state right before the freezing, the memory redirection is set to invalid, and the virtual machine is restarted.

Description

本発明は、1つのOS(オペレーティングシステム)で一般業務用アプリケーションと機密業務用アプリケーションとを切り替え可能とする2系統のクライアントシステムに関するものである。   The present invention relates to a two-system client system that enables switching between a general business application and a confidential business application with one OS (operating system).

従来、コンピュータの仮想化技術で使用されているハイパーバイザを用い、このハイパーバイザ上で動作する仮想マシンを利用することで、1台の物理マシン上で2つのOSを同時に起動し、OSの切り替えによってそれぞれのOSの下で動作する一般業務環境用アプリケーションと機密業務用アプリケーションを切り替えて使用するようにした2系統クライアントシステムがある。
この発明に関する先行技術として下記の特許文献1に開示されたものがある。 Conventionally, using a hypervisor used in computer virtualization technology and using a virtual machine running on this hypervisor, two OSs can be started simultaneously on one physical machine, and OS switching There is a two-system client system that switches between a general business environment application and a confidential business application that operate under each OS.
As a prior art relating to the present invention, there is one disclosed in Patent Document 1 below.

特開2007−233704号公報JP 2007-233704 A

しかしながら、上記の2系統クライアントシステムにおいては、1台の物理マシンに2つのOSが同時に存在するため、OSのライセンスおよびOSの更新プログラムの適用など、2つのOSに対してそれぞれメンテナンスコストが発生するという問題があった。 However, in the above two-system client system, since two OSs exist simultaneously on one physical machine, maintenance costs are incurred for each of the two OSs such as application of OS licenses and OS update programs. There was a problem.

本発明の目的は、1つのOSのみで一般業務用アプリケーションと機密業務用アプリケーションを簡便に切り替ることができ、OSのメンテナンスコストを1つ分のOSのみにすることが可能な2系統クライアントシステムを提供することにある。 An object of the present invention is to provide a dual-system client system that can easily switch between a general business application and a confidential business application with only one OS and can reduce the OS maintenance cost to only one OS. Is to provide.

上記目的を達成するために、本発明に係る2系統クライアントシステムは、ハイパーバイザによって物理マシン上に構成された仮想マシンと、前記ハイパーバイザに予め実装され、仮想マシンの状態を物理メモリ上に保存、復元する手段と、前記ハイパーバイザに予め実装され、仮想マシンからのハードディスクへのデータの書き込みを物理メモリへリダイレクトする手段とを備え、さらに仮想マシンが実行する環境を一般業務用環境から機密業務用環境に切り替える場合には、仮想マシンの処理を凍結し、凍結時の仮想マシンの状態を物理メモリ上に保存した後、データの書き込み先が物理メモリになるようにメモリリダイレクトを有効にしたうえで、仮想マシンを再開することで機密業務用環境へと遷移させ、仮想マシンの実行環境を機密業務用環境から一般業務用環境へと切り替える場合には、仮想マシンを凍結し、仮想マシンの状態およびメモリリダイレクトしたデータを破棄した後、仮想マシンを凍結直前の状態に復元させると共に、メモリリダイレクトを無効とし、仮想マシンを再開することで一般業務用環境へと遷移させる手段とを備えることを特徴とする。 In order to achieve the above object, a dual-system client system according to the present invention includes a virtual machine configured on a physical machine by a hypervisor, and is mounted in advance on the hypervisor and stores the state of the virtual machine on physical memory. A means for restoring and means for redirecting writing of data from the virtual machine to the hard disk to the physical memory, which is pre-installed in the hypervisor, and further, the environment executed by the virtual machine is changed from the general business environment to the confidential work. When switching to a production environment, freeze the virtual machine processing, save the virtual machine state at the time of freezing in physical memory, and then enable memory redirection so that the data write destination is physical memory. Then, restart the virtual machine to transition to the confidential business environment and When switching from the business environment to the general business environment, freeze the virtual machine, discard the virtual machine state and memory redirected data, restore the virtual machine to the state just before freezing, and perform memory redirection. And a means for transitioning to a general business environment by disabling and restarting the virtual machine.

本発明によれば、1つのOSで一般業務用アプリケーションと機密業務用アプリケーションの2系統のアプリケーションを切り替えながら使用するクライアントシステムを実現することが可能になる。このため、OSのライセンス、およびOSの更新プログラムの適用など、OSのメンテナンスコストを1つ分のOSのみに限定することが可能となる。 According to the present invention, it is possible to realize a client system that is used while switching between two systems of a general business application and a confidential business application with one OS. Therefore, it is possible to limit the OS maintenance cost to only one OS, such as the OS license and the application of the OS update program.

本発明のシステム構成図である。It is a system configuration diagram of the present invention. 物理マシン起動時の初期状態を示す図である。It is a figure which shows the initial state at the time of physical machine starting. 一般業務用OSのスナップショットの取得を示す図である。It is a figure which shows acquisition of the snapshot of OS for general business. 一般業務用OSから機密業務用OSへの遷移を示す図である。It is a figure which shows the transition from OS for general business to OS for confidential business. 一般業務用OSのスナップショットの復元を示す図である。It is a figure which shows restoration | restoration of the snapshot of OS for general business. 機密業務用OSから一般業務OSへの遷移を示す図である。It is a figure which shows the transition from confidential business OS to general business OS. 本発明のクライアントシステムのフローを示す図である。It is a figure which shows the flow of the client system of this invention.

以下、本発明に係る2系統クライアントシステムの実施の形態について説明する。
図1は本発明のシステム構成を示す。本システムは、単一の物理マシン104にハイパーバイザ103を導入している。ハイパーバイザ103は仮想マシン102を構成し、仮想マシン102には、OS101を導入する。 Hereinafter, an embodiment of a two-system client system according to the present invention will be described.
FIG. 1 shows the system configuration of the present invention. In this system, a hypervisor 103 is installed in a single physical machine 104. The hypervisor 103 constitutes a virtual machine 102, and the OS 101 is installed in the virtual machine 102.

図2は、物理マシン104起動時の初期状態を示す。
初期状態ではOS101が動作する。OS201からのハードディスク205へのデータの書き込みは、ハイパーバイザ203を経由してハードディスク205へ直接書き込むようにする。ハイパーバイザ203での制限がないため、一般業務用アプリケーションが使用可能となる。 FIG. 2 shows an initial state when the physical machine 104 is activated.
In the initial state, the OS 101 operates. Data is written from the OS 201 to the hard disk 205 directly to the hard disk 205 via the hypervisor 203. Since there is no restriction in the hypervisor 203, a general business application can be used.

図3は、一般業務用アプリケーションのスナップショットの取得の様子を示す説明図である。ハイパーバイザ103に実装したスナップショット機能により一般業務用環境である時の仮想マシン102の状態(CPU、メモリの状態)を物理メモリ105上に保存するため(すなわちスナップショットを取得するため)、ハイパーバイザ103で仮想マシン102を凍結させる。凍結後、仮想マシン102上のCPU、メモリなどの凍結直前の状態を物理メモリ306に保存する。 FIG. 3 is an explanatory diagram showing how a general business application snapshot is acquired. In order to save the state (CPU and memory state) of the virtual machine 102 in the general business environment on the physical memory 105 (that is, to obtain a snapshot) by the snapshot function implemented in the hypervisor 103, the hyper The virtual machine 102 is frozen by the visor 103. After freezing, the state immediately before freezing such as the CPU and memory on the virtual machine 102 is stored in the physical memory 306.

図4は、一般業務用環境から機密業務用環境へ遷移させる過程を示す説明図である。ハイパーバイザ103によるスナップショットの取得後、OS101からのハードディスク106へのデータの書き込みを物理メモリ406にリダイレクトするようにハイパーバイザ103の動作を変更する。変更後、仮想マシン102の凍結を解除し、仮想マシン102を再開する。メモリリダイレクトが有効であり、データの書き込みが物理メモリ105に対してのみなされるため、電源をオフにした場合は物理メモリ105上のデータが消去される。従って、機密業務用環境として使用可能となる。 FIG. 4 is an explanatory diagram showing a process of transition from the general business environment to the confidential business environment. After the snapshot is acquired by the hypervisor 103, the operation of the hypervisor 103 is changed so that the writing of data from the OS 101 to the hard disk 106 is redirected to the physical memory 406. After the change, the virtual machine 102 is released from freezing and the virtual machine 102 is restarted. Since memory redirection is effective and data is written only to the physical memory 105, the data on the physical memory 105 is erased when the power is turned off. Therefore, it can be used as a confidential business environment.

図5は、一般業務用環境のスナップショットの復元を示す説明図である。
スナップショットを復元するため、ハイパーバイザ103で仮想マシン102を凍結させる。凍結後、物理メモリ105にリダイレクトしたデータを破棄する。この後、仮想マシン102の状態を物理メモリ105に保存していた仮想マシン102の凍結状態直前の状態に復元する。 FIG. 5 is an explanatory diagram showing restoration of a snapshot of a general business environment.
In order to restore the snapshot, the virtual machine 102 is frozen by the hypervisor 103. After freezing, the data redirected to the physical memory 105 is discarded. Thereafter, the state of the virtual machine 102 is restored to the state immediately before the frozen state of the virtual machine 102 stored in the physical memory 105.

図6は機密業務用環境から一般業務用環境への遷移させる過程を示す説明図である。スナップショットの復元後、一般業務用環境からのデータの書き込みは、ハイパーバイザ103を経由して直接ハードディスク605へ書き込むように動作を変更する。動作変更後、仮想マシン102の凍結を解除し、仮想マシン102を再開する。
ハイパーバイザ103での制限がないため、再び一般業務用環境として使用可能となる。 FIG. 6 is an explanatory diagram showing a process of transition from the confidential business environment to the general business environment. After restoring the snapshot, the operation of writing data from the general business environment is changed to write directly to the hard disk 605 via the hypervisor 103. After the operation change, the virtual machine 102 is released from freezing and the virtual machine 102 is restarted.
Since there is no restriction in the hypervisor 103, it can be used again as a general business environment.

図7は本発明のクライアントシステムの動作を示すフローチャートである。
上記により、1つのOSで一般業務用環境と機密業務用環境の2系統の環境を実現することが可能となり、OSのメンテナンスコストを1つ分のOSのみとすることが可能となる。
図7において、物理マシン104を起動した後、ハイパーバイザ103を起動する(ステップ701)。この後、メモリリダイレクトを無効とし(ステップ702)、仮想マシン102を起動(ステップ703)し、一般業務用環境における一般業務用アプリケーションの処理を開始する(ステップ704)。
この状態で環境を切り替えるどうかを判定し(ステップ705)、環境切り替えの指示があった場合には仮想マシン102を凍結し(ステップ706)、凍結直前のスナップショットを取得し(ステップ707)、メモリリダイレクトを有効にし(ステップ708)、データの書き込み先が物理メモリ105になるように切り替える。そして、仮想マシン102の処理を再開させ(ステップ709)、機密業務用アプリケーションによる機密業務用環境に切り替える(ステップ710)。 FIG. 7 is a flowchart showing the operation of the client system of the present invention.
As described above, it is possible to realize two systems, a general business environment and a confidential business environment, with one OS, and it is possible to reduce the OS maintenance cost to only one OS.
In FIG. 7, after starting the physical machine 104, the hypervisor 103 is started (step 701). Thereafter, the memory redirection is invalidated (step 702), the virtual machine 102 is activated (step 703), and the processing of the general business application in the general business environment is started (step 704).
In this state, it is determined whether or not the environment is switched (step 705). When there is an instruction to switch the environment, the virtual machine 102 is frozen (step 706), a snapshot immediately before freezing is acquired (step 707), and the memory The redirect is enabled (step 708), and the data write destination is switched to the physical memory 105. Then, the processing of the virtual machine 102 is resumed (step 709), and switched to the confidential business environment by the confidential business application (step 710).

機密業務用環境に切り替えた状態で、環境を切り替えるどうかを判定し(ステップ711)、環境切り替えの指示があった場合には仮想マシン102を凍結し(ステップ712)、凍結直前のスナップショットを復元し(ステップ713)、メモリリダイレクトを無効にし(ステップ714)、データの書き込み先がハードディスク106になるように切り替える。そして、仮想マシン102の処理を再開させ(ステップ715)、一般業務用アプリケーションによる一般業務用環境に切り替える。   It is determined whether or not to switch the environment in the state of switching to the confidential business environment (step 711), and when there is an instruction to switch the environment, the virtual machine 102 is frozen (step 712) and the snapshot immediately before freezing is restored (Step 713), the memory redirection is invalidated (Step 714), and the data write destination is switched to the hard disk 106. Then, the processing of the virtual machine 102 is resumed (step 715), and the virtual machine 102 is switched to the general business environment by the general business application.

101 OS(オペレーティングシステム)
102 仮想マシン
103 ハイパーバイザ
104 物理マシン
105 物理メモリ
106 ハードディスク 101 OS (Operating System)
102 virtual machine 103 hypervisor 104 physical machine 105 physical memory 106 hard disk

Claims (1)

ハイパーバイザによって物理マシン上に構成された仮想マシンと、前記ハイパーバイザに予め実装され、仮想マシンの状態を物理メモリ上に保存、復元する手段と、前記ハイパーバイザに予め実装され、仮想マシンからのハードディスクへのデータの書き込みを物理メモリへリダイレクトする手段とを備え、さらに仮想マシンが実行する環境を一般業務用環境から機密業務用環境に切り替える場合には、仮想マシンの処理を凍結し、凍結時の仮想マシンの状態を物理メモリ上に保存した後、データの書き込み先が物理メモリになるようにメモリリダイレクトを有効にしたうえで、仮想マシンを再開することで機密業務用環境へと遷移させ、仮想マシンの実行環境を機密業務用環境から一般業務用環境へと切り替える場合には、仮想マシンを凍結し、仮想マシンの状態およびメモリリダイレクトしたデータを破棄した後、仮想マシンを凍結直前の状態に復元させると共に、メモリリダイレクトを無効とし、仮想マシンを再開することで一般業務用環境へと遷移させる手段とを備えることを特徴とする2系統クライアントシステム。   A virtual machine configured on a physical machine by a hypervisor, means mounted in advance on the hypervisor, and means for saving and restoring the state of the virtual machine on physical memory; and mounted in advance on the hypervisor from the virtual machine And a means for redirecting the writing of data to the hard disk to physical memory, and when switching the environment that the virtual machine executes from the general business environment to the confidential business environment, freeze the virtual machine processing and After saving the virtual machine state in physical memory, enable memory redirection so that the data write destination is physical memory, and restart the virtual machine to transition to the confidential business environment. When switching the virtual machine execution environment from the confidential business environment to the general business environment, freeze the virtual machine. After the virtual machine state and the memory redirected data are discarded, the virtual machine is restored to the state immediately before freezing, the memory redirection is disabled, and the virtual machine is restarted to transition to the general business environment. A two-system client system comprising:
JP2010222178A 2010-09-30 2010-09-30 2 client system Active JP5514063B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2010222178A JP5514063B2 (en) 2010-09-30 2010-09-30 2 client system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2010222178A JP5514063B2 (en) 2010-09-30 2010-09-30 2 client system

Publications (2)

Publication Number Publication Date
JP2012078985A true JP2012078985A (en) 2012-04-19
JP5514063B2 JP5514063B2 (en) 2014-06-04

Family

ID=46239187

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2010222178A Active JP5514063B2 (en) 2010-09-30 2010-09-30 2 client system

Country Status (1)

Country Link
JP (1) JP5514063B2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013157124A1 (en) * 2012-04-19 2013-10-24 株式会社日立製作所 License management system, management server and management method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002055868A (en) * 2000-08-07 2002-02-20 Ricoh Co Ltd System and method for information processing
JP2009043133A (en) * 2007-08-10 2009-02-26 Hitachi Software Eng Co Ltd Information processor
KR100945476B1 (en) * 2009-09-10 2010-03-05 주식회사 파수닷컴 Apparatus and method for digital rights management using virtualization technique

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002055868A (en) * 2000-08-07 2002-02-20 Ricoh Co Ltd System and method for information processing
JP2009043133A (en) * 2007-08-10 2009-02-26 Hitachi Software Eng Co Ltd Information processor
KR100945476B1 (en) * 2009-09-10 2010-03-05 주식회사 파수닷컴 Apparatus and method for digital rights management using virtualization technique
JP2013502664A (en) * 2009-09-10 2013-01-24 ファソー.コム カンパニー リミテッド Digital copyright management apparatus and method using virtualization technology

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013157124A1 (en) * 2012-04-19 2013-10-24 株式会社日立製作所 License management system, management server and management method

Also Published As

Publication number Publication date
JP5514063B2 (en) 2014-06-04

Similar Documents

Publication Publication Date Title
US8694828B2 (en) Using virtual machine cloning to create a backup virtual machine in a fault tolerant system
US9183099B2 (en) Replication of a write-back cache using a placeholder virtual machine for resource management
JP4839841B2 (en) How to restart snapshot
JP5655677B2 (en) Hypervisor replacement method and information processing apparatus
JP5724477B2 (en) Migration program, information processing apparatus, migration method, and information processing system
JP5413515B2 (en) Virtual machine data replication method, information processing apparatus, and program
Kadav et al. Live migration of direct-access devices
WO2015109804A1 (en) Dual-server hot-backup disaster recovery system for network service in virtualization environment and method therefor
US20120297180A1 (en) Method of switching between multiple operating systems of computer system
KR101673299B1 (en) Operating system recovery method and apparatus, and terminal device
US20180081674A1 (en) Updating Machine Emulator
WO2014000497A1 (en) Graceful shutdown method and system for virtual system
KR20130026739A (en) Partial rebooting recovery apparatus and method
JP6123626B2 (en) Process resumption method, process resumption program, and information processing system
GB2506177A (en) Method of migrating an operating system executing an application
US11573815B2 (en) Dynamic power management states for virtual machine migration
WO2022135429A1 (en) Rapid start-up method
WO2012163275A1 (en) Control method, control device and computer system
WO2015027732A1 (en) Method, apparatus and storage medium for dynamically patching function
JP2004234114A (en) Computer system, computer device, and method and program for migrating operating system
JP2011170528A (en) Distributed information processing system and distributed storage system
US9910677B2 (en) Operating environment switching between a primary and a secondary operating system
JP5514063B2 (en) 2 client system
KR100994723B1 (en) selective suspend resume method of reducing initial driving time in system, and computer readable medium thereof
US20210342172A1 (en) Asynchronous management of unencrypted memory page list of a virtual machine

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20130131

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20131216

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20140106

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20140307

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20140325

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20140328

R150 Certificate of patent or registration of utility model

Ref document number: 5514063

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250