1. Technical Field
The subject matter described herein generally relates to the field of managing computer servers (physical or virtual) of an administrative domain and, in particular, to enforcing security policies on network traffic relayed through a traffic midpoint device.
2. Background Information
Servers (physical or virtual) of an administrative domain are managed according to a policy. For example, a security policy might specify access control and/or secure connectivity, while a resource-usage policy might specify usage of the administrative domain's computing resources (e.g., disks and/or peripherals). Conventional policies reference physical devices and are expressed in terms of low-level constructs such as Internet Protocol (IP) addresses, IP address ranges, subnetworks, and network interfaces. These low-level constructs make it difficult to write a fine-grained policy in an abstract and natural way. Moreover, conventional policies tied to physical devices and low-level constructs do not adapt to changing configurations of routers, switches, server load balancers, and other devices that direct traffic between servers.