Enforcing per-application VPN policies for applications delivered in virtualized computing environments

Assignee

• VMware LLC · US

Inventors

• Sam Zhao · Nanhu, CN
• Nan Wang · Redwood City, US
• Shengbo Teng · Beijing, CN
• Jingtao Zhang · Lo Wu, CN
• Jinrong Wu · Beijing, CN
• Wen Wang · Beijing, CN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/20
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A VPN tunnel policy is defined on a per-application basis. The VPN tunnel policy may specify that a particular application is permitted to transmit data on a specific VPN tunnel. Subsequently, the specified application is delivered to one or more virtual machines and an application tunnel manager creates a new virtual network interface card (NIC) on the VM, corresponding to the delivered application. The newly created virtual NIC is attached to a specified subnet. The subnet may be a VPN transition network with a connection to a VPN gateway device. The subnet may have been previously defined or generated at the time of assigning the application to the VPN tunnel. Once the virtual NIC has been created on the VM, an OS script is executed to force the delivered application to use the newly created virtual NIC and to prevent users from changing the application and virtual NIC linkage.