Secured logical component for security in a virtual environment
First Claim
Patent Images
1. A system for providing security in a virtualization environment, the system comprising:
- a link module that links a first secured logical component to a first logical entity including a first set of virtual machines, wherein the first secured logical component includes a network interface, and the link module links a logical network associated with the first logical entity to the network interface, links the first secured logical component to a second logical entity including a second set of virtual machines, and links the logical network associated with the second logical entity to the network interface, wherein the second logical entity is associated with a first set of host machines running the second set of virtual machines, wherein the first set of host machines includes a first set of physical network interfaces, and each virtual machine of the second set of virtual machines includes one or more first virtual network interfaces associated with the first set of physical network interfaces, and wherein the link module links the one or more first virtual network interfaces of the second set of virtual machines to the logical network, wherein the first logical entity is associated with a second set of host machines running the first set of virtual machines, wherein the second set of host machines includes a second set of physical network interfaces, and each virtual machine of the first set of virtual machines includes one or more second virtual network interfaces associated with the second set of physical network interfaces, wherein the link module links the one or more second virtual network interfaces of the first set of virtual machines to the logical network;
a security module that identifies a set of security policies for one or more communications to the first logical entity or one or more communications from the first logical entity and that identifies a set of security policies for one or more communications between the first logical entity and the second logical entity; and
a control module that controls, based on the set of security policies, the one or more communications to the first logical entity or the one or more communications from the first logical entity and that controls, based on the set of security the one or more communications between the first logical entity and the second logical entity, wherein the first secured logical component includes the link module, security module, and control module, wherein the first secured logical component runs on a virtual machine running on a host machine of the first set of host machines and receives communications via a physical network interface of the first set of physical network interfaces, wherein the virtual machine is migrated to a host machine of the second set of host machines, and after migration, the virtual machine receives communications via a physical network interface of the second set of physical network interfaces.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for providing security in a virtual environment are provided. An example system includes a link module that links a secured logical component to a logical entity including a set of virtual machines. The example system also includes a security module that identifies a set of security policies for one or more communications to the logical entity or one or more communications from the logical entity. The example system further includes a control module that controls, based on the set of security policies, the one or more communications to the logical entity or the one or more communications from the logical entity.
-
Citations
17 Claims
-
1. A system for providing security in a virtualization environment, the system comprising:
- a link module that links a first secured logical component to a first logical entity including a first set of virtual machines, wherein the first secured logical component includes a network interface, and the link module links a logical network associated with the first logical entity to the network interface, links the first secured logical component to a second logical entity including a second set of virtual machines, and links the logical network associated with the second logical entity to the network interface, wherein the second logical entity is associated with a first set of host machines running the second set of virtual machines, wherein the first set of host machines includes a first set of physical network interfaces, and each virtual machine of the second set of virtual machines includes one or more first virtual network interfaces associated with the first set of physical network interfaces, and wherein the link module links the one or more first virtual network interfaces of the second set of virtual machines to the logical network, wherein the first logical entity is associated with a second set of host machines running the first set of virtual machines, wherein the second set of host machines includes a second set of physical network interfaces, and each virtual machine of the first set of virtual machines includes one or more second virtual network interfaces associated with the second set of physical network interfaces, wherein the link module links the one or more second virtual network interfaces of the first set of virtual machines to the logical network;
a security module that identifies a set of security policies for one or more communications to the first logical entity or one or more communications from the first logical entity and that identifies a set of security policies for one or more communications between the first logical entity and the second logical entity; and
a control module that controls, based on the set of security policies, the one or more communications to the first logical entity or the one or more communications from the first logical entity and that controls, based on the set of security the one or more communications between the first logical entity and the second logical entity, wherein the first secured logical component includes the link module, security module, and control module, wherein the first secured logical component runs on a virtual machine running on a host machine of the first set of host machines and receives communications via a physical network interface of the first set of physical network interfaces, wherein the virtual machine is migrated to a host machine of the second set of host machines, and after migration, the virtual machine receives communications via a physical network interface of the second set of physical network interfaces. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- a link module that links a first secured logical component to a first logical entity including a first set of virtual machines, wherein the first secured logical component includes a network interface, and the link module links a logical network associated with the first logical entity to the network interface, links the first secured logical component to a second logical entity including a second set of virtual machines, and links the logical network associated with the second logical entity to the network interface, wherein the second logical entity is associated with a first set of host machines running the second set of virtual machines, wherein the first set of host machines includes a first set of physical network interfaces, and each virtual machine of the second set of virtual machines includes one or more first virtual network interfaces associated with the first set of physical network interfaces, and wherein the link module links the one or more first virtual network interfaces of the second set of virtual machines to the logical network, wherein the first logical entity is associated with a second set of host machines running the first set of virtual machines, wherein the second set of host machines includes a second set of physical network interfaces, and each virtual machine of the first set of virtual machines includes one or more second virtual network interfaces associated with the second set of physical network interfaces, wherein the link module links the one or more second virtual network interfaces of the first set of virtual machines to the logical network;
-
9. A method of providing security in a virtualization environment, the method comprising:
-
linking, at a virtual machine running on a host machine, a first secured logical component to a first logical entity including a first set of virtual machines; identifying a network interface of the first secured logical component; linking a logical network associated with the first logical entity to the network interface; linking the first secured logical component to a second logical entity including a second set of virtual machines; linking the logical network associated with the second logical entity to the network interface; identifying, at the virtual machine, a set of security policies for one or more communications between the first logical entity and the second logical entity; identifying a first set of host machines associated with the second logical entity, the first set of host machines running the second set of virtual machines and including a first set of physical network interfaces; identifying one or more virtual network interfaces associated with the second set of virtual machines and the first set of physical network interfaces; linking the one or more virtual network interfaces of the second set of virtual machines to the logical network; identifying a second set of host machines associated with the first logical entity, the second set of host machines running the first set of virtual machines and including a second set of physical network interfaces; identifying one or more virtual network interfaces associated with the first set of virtual machines and the second set of physical network interfaces; and linking the one or more virtual network interfaces of the first set of virtual machines to the logical network; and controlling, based on the set of security policies, the one or more communications between the first logical entity and the second logical entity, wherein the first secured logical component runs on a virtual machine running on a host machine of the first set of host machines and receives communications via a physical network interface of the first set of physical network interfaces, wherein the virtual machine is migrated to a host machine of the second set of host machines, and after migration, the virtual machine receives communications via a physical network interface of the second set of physical network interfaces. - View Dependent Claims (10, 11, 12)
-
-
13. A non-transitory machine-readable medium comprising a plurality of machine-readable instructions that when executed by one or more processors is adapted to cause the one or more processors to perform a method comprising:
-
linking a secured logical component to a logical entity including a first set of virtual machines, the secured logical component running on a virtual machine running on a first host machine; identifying a set of security policies for one or more communications to the logical entity or one or more communications from the logical entity; controlling, based on the set of security policies, the one or more communications to the logical entity or the one or more communications from the logical entity linking, at a virtual machine running on a host machine, a first secured logical component to a first logical entity including a first set of virtual machines; identifying a network interface of the first secured logical component; linking a logical network associated with the first logical entity to the network interface; linking the first secured logical component to a second logical entity including a second set of virtual machines; linking the logical network associated with the second logical entity to the network interface; identifying, at the virtual machine, a set of security policies for one or more communications between the first logical entity and the second logical entity; identifying a first set of host machines associated with the second logical entity, the first set of host machines running the second set of virtual machines and including a first set of physical network interfaces; identifying one or more virtual network interfaces associated with the second set of virtual machines and the first set of physical network interfaces; linking the one or more virtual network interfaces of the second set of virtual machines to the logical network; identifying a second set of host machines associated with the first logical entity, the second set of host machines running the first set of virtual machines and including a second set of physical network interfaces; identifying one or more virtual network interfaces associated with the first set of virtual machines and the second set of physical network interfaces; and linking the one or more virtual network interfaces of the first set of virtual machines to the logical network; and controlling, based on the set of security policies, the one or more communications between the first logical entity and the second logical entity, wherein the secured logical component runs on a virtual machine running on a host machine of the first set of host machines and receives communications via a physical network interface of the first set of physical network interfaces, wherein the virtual machine is migrated to a host machine of the second set of host machines, and after migration, the virtual machine receives communications via a physical network interface of the second set of physical network interfaces. - View Dependent Claims (14, 15, 16, 17)
-
Specification