×

METHODS FOR EFFECTIVE NETWORK-SECURITY INSPECTION IN VIRTUALIZED ENVIRONMENTS

  • US 20100269171A1
  • Filed: 07/23/2009
  • Published: 10/21/2010
  • Est. Priority Date: 04/20/2009
  • Status: Active Grant
First Claim
Patent Images

1. A method for effective network-security inspection in virtualized environments, the method comprising the steps of:

  • (a) providing a data packet, embodied in machine-readable signals, being sent from a sending virtual machine to a receiving virtual machine via a virtual switch;

    (b) intercepting said data packet by a sending security agent associated with said sending virtual machine;

    (c) injecting said data packet into an inspecting security agent associated with a security virtual machine via a direct transmission channel which bypasses said virtual switch;

    (d) forwarding said data packet to said security virtual machine by employing a packet-forwarding mechanism;

    (e) determining, by said security virtual machine, whether said data packet is allowed for transmission;

    (f) upon determining said data packet is allowed, injecting said data packet back into said sending security agent via said direct transmission channel; and

    (g) forwarding said data packet to said receiving virtual machine via said virtual switch.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×