In most physical IT infrastructure, resource utilization is very low: 15% is not an uncommon utilization for a server, 5% for a desktop. It is known to try to address this by sharing a physical machine between different users. Typically in a utility data center there may be hundreds of machines networked and shared by many enterprises. Each enterprise may be running many applications to serve their own customers. Known operating systems can be used to time share the physical processing resources of the machines between the different enterprises. Various ways are known to abstract or hide the underlying physical resources from the applications run by the enterprises.
Overlay networks are known and make it easy to change the network configuration, abstracting devices from the configuration of the real network.
Storage virtualisation is also known. There are many commercial storage virtualization products on the market from HP, IBM, EMC and others. These products are focused on managing the storage available to physical machines and increasing the utilization of storage.
Virtual machine technology is a known mechanism to run operating system instances on one physical machine independently of other operating system instances. It is known to have a single physical hosting machine running two or more virtual machines connected by a virtual network on this machine.
A virtual machine (VM) is a self-contained operating environment that emulates a hardware platform. It can run a “guest” operating system. A real operating system called a virtual machine manager (VMM) is run on the physical hardware platform. The VMM runs one or more VMs and can contain multiple virtual devices, one of which can be a virtual network interface card (VNIC). VMware is a known example of virtual machine technology, and can provide isolated environments for different operating system instances running on the same physical machine.
An example of a virtual network interface is described in “SoftUDC: A Software-Based Data Center for Utility Computing”, Kallahalla et al, Computer, November 2004, p38-46. Virtual machines access networking via a virtual network interface (VIF), which mimics an Ethernet device. A virtual machine manager (VMM) forwards outbound network packets to its physical network interface and dispatches incoming network packets to appropriate VIFs. The VMM encapsulates the packet and sends it to another VMM or a virtual router on the same VNET. The receiving VMM unwraps the packet and delivers it to the target VM.
In “Towards Automated Provisioning of Secure Virtualized Networks”, by Cabuk et al, November 2007, it is explained that a VMM can be hosted directly on the computer hardware (e.g., Xen) or within a host operating system (e.g., VMware). Today's virtual network implementations for VMMs are usually virtual switches or bridges that connect the virtual network cards of all VMs to the actual physical network card of the physical machine. All VMs can potentially see all traffic; hence, no isolation or other security guarantees can be given. While that level of security may be sufficient for individual and small enterprise purposes, it is certainly not sufficient for larger-scale, security-critical operations. This document proposes security-enhanced network virtualization, which (1) allows groups of related VMs running on separate physical machines to be connected together as though they were on their own separate network fabric, and (2) enforces cross-group security requirements such as isolation, confidentiality, integrity, and information flow control.
Related VMs (e.g., VMs belonging to the same customer in a data center) distributed across several physical machines, are grouped into virtual enclave networks, so that each group of VMs has the same protection as if the VMs were hosted on a separate physical LAN. If some VMs in a group are co-hosted on the same hardware; it is not necessary to involve the physical network during information flow between two such VMs.
A secure network virtualization framework helps realize the abstraction of Trusted Virtual Domains (TVDs) by guaranteeing reliable isolation and flow control between domain boundaries. The framework is based on existing and well-established network virtualization technologies such as Ethernet encapsulation, VLAN tagging, and virtual private networks (VPNs).
It is known to provide isolation between a secure “internal” network and insecure “external” machines or networks such as the internet, by providing filters in the form of firewalls. These typically allow packets through if their source and destination addresses (such as IP source and destination addresses) are within given ranges. The ranges can be set by a site or enterprise operator or administrator according to an external security policy.
It is known from “Distributed Firewalls” by Steven Bellovin, November 1999 issue of ;login: p37-39, to provide a distributed firewall in which policy is centrally defined, but enforcement takes place at each endpoint in a network rather than at a boundary or gateway to the network. This can reduce dependency on network topology, compared to conventional firewalls, but relies on three notions: a policy language indicating what sort of connections are permitted, a distribution mechanism for distributing a policy file to all endpoints such as host machines to be protected, and at each of the host machines accepting or rejecting packets according to the policy. The sender identity may be securely verified using for example IPSEC.