1. Field of the Invention
The present invention relates generally to a data processing system. Specifically, the present invention provides a computer implemented method, a data processing system, and a computer program product for protecting policy state information during the lifetime of a virtual machine.
2. Description of the Related Art
The interest in support for computing on virtualizeable systems is growing as hardware virtualization becomes available for common, off the shelf hardware. Being able to run multiple operating systems on one machine will not remain an area only for high-end servers but will become widely available. To support a distributed computing base, individual systems need to be able to determine if they are running compatible security policies without intervention from a third party.
Virtualization is enabled through the support of an additional software layer underneath operating systems or on top of an operating system. Usually operating systems run directly on the hardware. However, in a virtualized system, a layer called a ‘hypervisor’ or ‘virtual machine monitor’ provides isolated run-time environments called virtual machines that have operating systems running inside. If the hypervisor runs directly on the hardware, it becomes the lowest layer in the system.
Modern virtualization technologies enable the migration of a virtual machine from one physical platform to another physical platform. If the operating system inside the virtual machine is associated with a particular security policy, then that virtual machine should only be migrated to a new physical platform that supports the same security policy.
Due to the limited availability of hardware resources, such as network adapters and hard drives, for example, virtualized systems rely on service virtual machines to multiplex access to hardware resources. Service virtual machines that provide network access to operating systems running on the same physical platform can restrict communication to external systems that enforce compatible policies.