In-the-flow security services for guested virtual machines
First Claim
1. In a computing system environment, a method of providing security to a plurality of guest virtual machines configured on a hardware platform, comprising:
- configuring a plurality of I/O domains on the hardware platform including configuring one of the I/O domains between each of the plurality of guest virtual machines and a network connected to the hardware platform and configuring another of the I/O domains between said each of the plurality of guest virtual machines and storage available to the hardware platform.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus provide security to guest virtual machines configured on a hardware platform. A plurality of I/O domains are also configured on the hardware platform and connect between each of the guest virtual machines and a network connected to the hardware platform or remote or local storage available to the hardware platform. In this manner, the I/O domains are configured in the flow of the guest virtual machines as they utilize available resources, for instance, and are able to filter network or block level traffic, respectively. Representatively, one filter analyzes packets exchanged to and from the network, while the other filter analyzes internal traffic and may be a block-tap, stackable driver, virus scanning application, etc. Also, the guested virtual machines communicate with the I/O domains by way of a shared memory transport. Still other features contemplate drivers, operating systems, and computer program products, to name a few.
52 Citations
30 Claims
-
1. In a computing system environment, a method of providing security to a plurality of guest virtual machines configured on a hardware platform, comprising:
configuring a plurality of I/O domains on the hardware platform including configuring one of the I/O domains between each of the plurality of guest virtual machines and a network connected to the hardware platform and configuring another of the I/O domains between said each of the plurality of guest virtual machines and storage available to the hardware platform. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. In a computing system environment, a method of providing security to a plurality of guest virtual machines configured on a hardware platform having a hypervisor, comprising:
-
configuring a plurality of I/O domains on the hardware platform including configuring one of the I/O domains as a filter between each of the plurality of guest virtual machines and a network connected to the hardware platform and configuring another of the I/O domains as a filter between said each of the plurality of guest virtual machines and storage available to the hardware platform; and configuring by way of the hypervisor said each of the plurality of guest virtual machines to communicate with the network or storage through the plurality of I/O domains. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computing server, comprising:
-
a hardware platform including a processor, memory, the hardware platform able to be connected to a computing network and having access to remote or local storage; a hypervisor layer on the hardware platform; a plurality of guest virtual machines each operating as an independent guest computing device on the processor and memory by way of scheduling control from the hypervisor layer; and a plurality of I/O domains wherein one of the I/O domains serves as a filter between each of the plurality of guest virtual machines and the computing network and another of the I/O domains serves as a second filter between said each of the plurality of guest virtual machines and the remote or local storage. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A computing server, comprising:
-
a hardware platform including a processor, memory, the hardware platform able to be connected to a computing network and having access to remote or local storage; a hypervisor layer on the hardware platform; a plurality of guest virtual machines each operating as an independent guest computing device on the processor and memory by way of scheduling control from the hypervisor layer; one I/O domain connected between each of the plurality of guest virtual machines and the computing network; and another I/O domain connected between said each of the plurality of guest virtual machines and the remote or local storage. - View Dependent Claims (21, 22, 23, 24)
-
-
25. A computing server, comprising:
-
a hardware platform including a processor, memory, the hardware platform able to be connected to a computing network and having access to remote or local storage; a hypervisor layer on the hardware platform; a plurality of guest virtual machines each operating as an independent guest computing device on the processor and memory by way of scheduling control from the hypervisor layer; a plurality of I/O domains wherein one of the I/O domains filters traffic between each of the plurality of guest virtual machines and the computing network and another of the I/O domains filters traffic between said each of the plurality of guest virtual machines and the remote or local storage; and a common I/O path between the plurality of I/O domains and said each of the plurality of guest virtual machines. - View Dependent Claims (26)
-
- 27. A computer program product available as a download or on a computer readable medium for loading on a computing server in a computing system environment to provide security to a plurality of guest virtual machines configured on the computing server, the computer program product having executable instructions to enable configuring a plurality of I/O domains on the computing server including configuring one of the I/O domains between each of the plurality of guest virtual machines and a network connectable to the computing server and configuring another of the I/O domains between said each of the plurality of guest virtual machines and storage available to the computing server.
Specification