Virtual machines

VMs don't run on hardware (although system_image requires hardware_id to be non-null). It's neither strictly true that a domU runs on xenhost4-a - it might be on xenhost4-b.

Perhaps introduce the concept of a resource-cluster: xenhost4-a and xenhost4-b are members of the resource-cluster xenhost4. (chfs10-a, chfs10-b and chfs10-c are likewise members of the resource-cluster chfs10.) Permit a system_image to have null hardware_id iff resource_cluster_id is non-null, and vice versa.