Virtual firewall load balancer
First Claim
1. A computer system for load balancing between a virtual component within a virtual environment and a Host Intrusion Prevention System (HIPS), comprising:
- one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage medium, and program instructions stored on at least one of the one or more tangible storage medium for execution by at least one of the one or more processors via at least one of the one or more memories, wherein the computer system is capable of performing a method comprising;
receiving a trusted connection table from the HIPS, wherein the trusted connection table contains a plurality of trusted connection information;
receiving a network packet from a virtual switch, wherein the network packet has a plurality of connection information;
determining if the plurality of connection information matches the plurality of trusted connection information;
sending the network packet to a destination based on determining that the plurality of connection information matches the plurality of trusted connection information; and
sending the network packet to the HIPS based on determining that the plurality of connection information does not match the plurality of trusted connection information.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one exemplary embodiment, a method for load balancing between a virtual component within a virtual environment and a Host Intrusion Prevention System (HIPS) is provided. The method may include receiving a trusted connection table from the HIPS, wherein the trusted connection table contains a plurality of trusted connection information. The method may also include receiving a network packet from a virtual switch, wherein the network packet has a plurality of connection information. The method may then include determining if the plurality of connection information matches the plurality of trusted connection information. The method may further include sending the network packet to a destination based on determining that the plurality of connection information matches the plurality of trusted connection information. The method may include sending the network packet to the HIPS based on determining that the plurality of connection information does not match the plurality of trusted connection information.
27 Citations
11 Claims
-
1. A computer system for load balancing between a virtual component within a virtual environment and a Host Intrusion Prevention System (HIPS), comprising:
-
one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage medium, and program instructions stored on at least one of the one or more tangible storage medium for execution by at least one of the one or more processors via at least one of the one or more memories, wherein the computer system is capable of performing a method comprising; receiving a trusted connection table from the HIPS, wherein the trusted connection table contains a plurality of trusted connection information; receiving a network packet from a virtual switch, wherein the network packet has a plurality of connection information; determining if the plurality of connection information matches the plurality of trusted connection information; sending the network packet to a destination based on determining that the plurality of connection information matches the plurality of trusted connection information; and sending the network packet to the HIPS based on determining that the plurality of connection information does not match the plurality of trusted connection information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product for load balancing between a virtual component within a virtual environment and a Host Intrusion Prevention System (HIPS), comprising:
-
one or more non-transitory computer-readable storage medium and program instructions stored on at least one of the one or more non-transitory computer-readable storage medium, the program instructions executable by a processor, the program instructions comprising; program instructions to receive a trusted connection table from the HIPS, wherein the trusted connection table contains a plurality of trusted connection information; program instructions to receive a network packet from a virtual switch, wherein the network packet has a plurality of connection information; program instructions to determine if the plurality of connection information matches the plurality of trusted connection information; program instructions to send the network packet to a destination based on determining that the plurality of connection information matches the plurality of trusted connection information; and program instructions to send the network packet to the HIPS based on determining that the plurality of connection information does not match the plurality of trusted connection information. - View Dependent Claims (11)
-
Specification