Methods for effective network-security inspection in virtualized environments
US9672189B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 23, 2009 |
| Grant date | Jun 6, 2017 |
| Priority date | — |
| Expiry date | Jan 9, 2032 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2209/76
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
The present invention discloses methods for effective network-security inspection in virtualized environments, the methods including the steps of: providing a data packet, embodied in machine-readable signals, being sent from a sending virtual machine to a receiving virtual machine via a virtual switch; intercepting the data packet by a sending security agent associated with the sending virtual machine; injecting the data packet into an inspecting security agent associated with a security virtual machine via a direct transmission channel which bypasses the virtual switch; forwarding the data packet to the security virtual machine by employing a packet-forwarding mechanism; determining, by the security virtual machine, whether the data packet is allowed for transmission; upon determining the data packet is allowed, injecting the data packet back into the sending security agent via the direct transmission channel; and forwarding the data packet to the receiving virtual machine via the virtual switch.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.