×

Providing a virtual security appliance architecture to a virtual cloud infrastructure

  • US 9,571,507 B2
  • Filed: 10/21/2012
  • Issued: 02/14/2017
  • Est. Priority Date: 10/21/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method for providing a virtual security appliance (VSA) architecture in a virtual network infrastructure, the method comprising:

  • detecting a change for a guest virtual machine (VM) in the virtual network infrastructure, wherein the change comprises moving the guest VM from a first virtual server to a second virtual server of the virtual network infrastructure;

    determining a policy of one or more security policies requires a security control for the guest VM;

    determining whether there is an already present VSA configured as a VM capable of applying the required security control to the guest VM running in the second virtual server, wherein the applying comprises performing security inspections on network packets of a packet stream associated with the guest VM;

    upon determining there is not the already present VSA running in the second virtual server, performing a process comprising;

    initiating the guest VM in the second virtual server and sending a request to create a new VSA capable of applying the required security control in the second virtual server, wherein the initiating comprises running the quest VM in the second virtual server and routing the packet stream associated with the quest VM through an existing VSA capable of applying the required security control running on another virtual server of the virtual network infrastructure;

    creating the new VSA on the second virtual server and running the new VSA, wherein the creating is based at least in part on the request and is performed at least partially concurrently with the running of the quest VM; and

    routing, when the new VSA is running on the second server, the packet stream through the new VSA instead of the existing VSA; and

    upon determining there is the already present VSA running in the second virtual server, running the guest VM in the second virtual server and routing the packet stream associated with the guest VM through the already present VSA.

View all claims
  • 13 Assignments
Timeline View
Assignment View
    ×
    ×