System and method for isolated virtual image and appliance communication within a cloud environment
First Claim
1. A method to provide isolated virtual image communication in a virtual computing environment, the method executed by a processor configured to perform a plurality of operations comprising:
- isolating a guest virtual machine within a virtual network in a virtual computing environment such that the guest virtual machine is unreachable from outside the virtual network;
formulating, on the guest virtual machine, a service request addressed to a predetermined address that comprises a non-existent address for the service;
attempting to send the service request to the predetermined address, whereupon the service request is transmitted to a resource shared with a security appliance machine in the virtual computing environment, wherein the resource is not located at the predetermined address;
forwarding the service request from the resource to the security appliance machine;
formulating a reply to the service request at the security appliance machine;
transmitting the reply from the security appliance machine to the resource; and
transmitting the reply from the resource to the guest virtual machine.
2 Assignments
0 Petitions
Accused Products
Abstract
Provided herein are systems and methods for providing isolated virtual image communication in a virtual computing environment. Initially, a guest virtual machine that is activated in a virtual computing environment may be isolated into a private network. A service request may then be formulated at the guest virtual machine and addressed to a predetermined non-existent address. The request is then ostensibly sent to the predetermined address, whereupon the service request is actually transmitted to a shared resource with a security appliance machine in the virtual computing environment. The request is then forwarded to the security appliance machine and a reply formulated. The reply is sent back to the guest virtual machine via the shared resource.
-
Citations
33 Claims
-
1. A method to provide isolated virtual image communication in a virtual computing environment, the method executed by a processor configured to perform a plurality of operations comprising:
-
isolating a guest virtual machine within a virtual network in a virtual computing environment such that the guest virtual machine is unreachable from outside the virtual network; formulating, on the guest virtual machine, a service request addressed to a predetermined address that comprises a non-existent address for the service; attempting to send the service request to the predetermined address, whereupon the service request is transmitted to a resource shared with a security appliance machine in the virtual computing environment, wherein the resource is not located at the predetermined address; forwarding the service request from the resource to the security appliance machine; formulating a reply to the service request at the security appliance machine; transmitting the reply from the security appliance machine to the resource; and transmitting the reply from the resource to the guest virtual machine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system to provide isolated virtual image communication in a virtual computing environment, the system comprising:
a processor configured to; isolate a guest virtual machine within a virtual network in a virtual computing environment such that the guest virtual machine is unreachable from outside the virtual network, formulate, on the guest virtual machine, a service request addressed to a predetermined address that comprises a non-existent address for the service, attempt to send the service request to the predetermined address, whereupon the service request is transmitted to a resource shared with a security appliance machine in the virtual computing environment, wherein the resource is not located at the predetermined address, forward the service request from the resource to the security appliance machine, formulate a reply to the service request at the security appliance machine, transmit the reply from the security appliance machine to the resource, and transmit the reply from the resource to the guest virtual machine. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
23. A non-transitory computer-readable medium having computer-executable instructions thereon, to provide isolated virtual image communication in a virtual computing environment, the computer-executable instructions, when executed by a processor cause the processor to perform a plurality of operations comprising:
-
isolate a guest virtual machine within a virtual network in a virtual computing environment such that the guest virtual machine is unreachable from outside the virtual network; formulate, on the guest virtual machine, a service request addressed to a predetermined address that comprises a non-existent address for the service; attempt to send the service request to the predetermined address, whereupon the service request is transmitted to a resource shared with a security appliance machine in the virtual computing environment, wherein the resource is not located at the predetermined address; forward the service request from the resource to the security appliance machine; formulate a reply to the service request at the security appliance machine; transmit the reply from the security appliance machine to the resource; and transmit the reply from the resource to the guest virtual machine. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification