VIRTUAL SECURITY BOUNDARY FOR PHYSICAL OR VIRTUAL NETWORK DEVICES
First Claim
1. A method for use by a security gateway in a network topology in which the security gateway interfaces one or more virtual machines running on one or more network devices to a network, the method comprising:
- receiving, by the security gateway, information from a virtual machine after the virtual machine has been moved from a first physical location in a network to a second physical location in the network, the information identifying the virtual machine as one previously assigned to a security boundary;
determining, by the security gateway, that access to the virtual machine at the first physical location was permitted by the security gateway;
assigning the virtual machine at the second physical location to the security boundary; and
applying, by the security gateway, a security policy associated with the security boundary to communications between the network and the virtual machine at the second physical location.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus is disclosed herein for using a virtual security boundary. In one embodiment, the method comprises receiving information from a virtual machine after the virtual machine has been moved from a first physical location in a network to a second physical location in the network, where the information identifies the virtual machine as one previously assigned to a security boundary; determining that access to the virtual machine at the first physical location was permitted by the security gateway; assigning the virtual machine at the second physical location to the security boundary, and applying a security policy associated with the security boundary to communications between the network and the virtual machine at the second physical location.
42 Citations
18 Claims
-
1. A method for use by a security gateway in a network topology in which the security gateway interfaces one or more virtual machines running on one or more network devices to a network, the method comprising:
-
receiving, by the security gateway, information from a virtual machine after the virtual machine has been moved from a first physical location in a network to a second physical location in the network, the information identifying the virtual machine as one previously assigned to a security boundary; determining, by the security gateway, that access to the virtual machine at the first physical location was permitted by the security gateway; assigning the virtual machine at the second physical location to the security boundary; and applying, by the security gateway, a security policy associated with the security boundary to communications between the network and the virtual machine at the second physical location. - View Dependent Claims (2, 3, 4, 5, 6, 12)
-
-
7. A security gateway for using a network, the security gateway to be located between the network and one or more systems, at least one of the one or more systems having one or more virtual machines running thereon, the security gateway comprising:
-
a memory; a network interface to receive network traffic; a processor operable to receive information from a virtual machine after the virtual machine has been moved from a first physical location in a network to a second physical location in the network, the information identifying the virtual machine as one previously assigned to a security boundary; determine that access to the virtual machine at the first physical location was permitted by the security gateway; assign the virtual machine at the second physical location to the security boundary; and apply a security policy associated with the security boundary to communications between the network and the virtual machine at the second physical location. - View Dependent Claims (8, 9, 10, 11)
-
-
13. An article of manufacture having one or more non-transitory computer readable media storing instructions thereon which, when executed by a device in a network that is located between the network and one or more systems which have at least one or more virtual machines running thereon, causes the device to perform a method comprising:
-
receiving, by the device, information from a virtual machine after the virtual machine has been moved from a first physical location in a network to a second physical location in the network, the information identifying the virtual machine as one previously assigned to a security boundary; determining, by the device, that access to the virtual machine at the first physical location was permitted by the device; assigning the virtual machine at the second physical location to the security boundary; and applying, by the device, a security policy associated with the security boundary to communications between the network and the virtual machine at the second physical location. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification