The present invention relates broadly to computer networks. Specifically, the present invention relates to a virtual network environment to be used by a set of applications for the express purpose of isolating the applications from other applications on the same node or network.
Global computer networks such as the Internet have allowed electronic commerce (xe2x80x9ce-commercexe2x80x9d) to flourish to a point where a large number of customers purchase goods and services over Websites operated by online merchants. Because the Internet provides an effective medium to reach this large customer base, online merchants who are new to the e-commerce marketplace are often flooded with high customer traffic from the moment their websites are rolled out. In order to effectively serve customers, online merchants are charged with the same responsibility as conventional merchants: they must provide quality service to customers in a timely manner. Often, insufficient computing resources are the cause of a processing bottleneck that results in customer frustration and loss of sales. This phenomena has resulted in the need for a new utility: leasable online computing infrastructure. Previous attempts at providing computing resources have entailed leasing large blocks of storage and processing power. However, for a new online merchant having no baseline from which to judge customer traffic upon rollout, this approach is inefficient. Either too much computing resources are leased, depriving a start up merchant of financial resources that are needed elsewhere in the operation, or not enough resources are leased, and a bottleneck occurs.
Security is one of the major impediments to an on-demand leasable computer infrastructure. In hosted environment, one or more applications may be running on a shared computer or network at any given time. These applications may belong to the same customer/user or they may belong to different even competing customers/users. If on-demand leasable computer infrastructure is to be made possible, security measures are necessary to ensure that applications do not interfere with each other, either intentionally or unintentionally. Previous approaches have focused on physical isolation using a firewall. A firewall is useful in separating a computer or group of computers in a network setting from computers beyond the firewall, but cannot separate or insulate computers behind the firewall from each other. Thus, there remains a heartfelt need to isolate groups of applications such that they may be located as needed on a computer network without risk of interference with other applications.
The present invention provides a system, method, and computer program product for grouping a set of applications into a virtual network environment and isolating the application from other applications in other virtual network environments. The present invention provides isolation at the application level, rather than at the host level. As a result, applications residing on the same computer or network can be kept isolated from one another, allowing for secure shared resources.