Distributed identity-based firewalls

Assignee

• Nicira, Inc. · US

Inventors

• Anirban Sengupta · Saratoga, US
• Subrahmanyam Manuguri · San Jose, US
• Mitchell T. Christensen · Grass Valley, US
• Azeem Feroz · San Jose, US
• Todd Sabin · Morganville, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2009/45595
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Systems and techniques are described for monitoring network communications using a distributed firewall. One of the techniques includes receiving, at a driver executing in a guest operating system of a virtual machine, a request to open a network connection from a process associated with a user, wherein the driver performs operations comprising: obtaining identity information for the user; providing the identity information and data identifying the network connection to an identity module external to the driver; and receiving, by a distributed firewall, data associating the identity information with the data identifying the network connection from the identity module, wherein the distributed firewall performs operations comprising: receiving an outgoing packet from the virtual machine; determining that the identity information corresponds to the outgoing packet; and evaluating one or more routing rules based at least in part on the identity information.