A virtual appliance is a pre-installed, pre-configured operating system and software solution delivered inside a virtual machine (VM), running on a VM server machine. A VM “Snap Shot” is a copy of the state of a VM at a particular point in time. VM Snap Shots can be instantiated to create a new VM from the state when the VM Snap Shot was created. Multiple VMs can be created on the same physical server by starting multiple instances of the same VM Snap Shot. The VMs thus created would be clones of one another, starting out from the same state. The virtualizing operating system alters the clones slightly, assigning each a different IP address and other parameters to ensure the VMs can interoperate. In some environments, a large number of VMs run on a cluster of VM servers, connected by a network. In some virtualizing operating systems, resource schedulers exist which automatically detect the load on a VM server. If the load is too great, the resource scheduler can be configured to cause a new VM server to boot up to spread the load among a greater number of VM servers.
When a new VM server starts up, it should, without intervention, be able to automatically configure itself. It should also be able to detect other VM servers which it needs to communicate with, as well as other entities within the cluster.
In some systems, each VM server in the cluster has an encrypted transport layer security (TLS) connection to each other VM server within the cluster, forming a mesh of TLS connections. In some arrangements, the TLS connections utilize elliptic curve cryptography (ECC) for the encryption. Thus, when a new VM server is activated, it establishes a new mutually authenticated TLS connection with each server already operating within the cluster.
In other systems, each server in the cluster communicates with other servers via a central message bus. Each server in the cluster has a separate encrypted TLS connection to the message bus. Thus, when a new VM server is activated, it establishes a new mutually authenticated TLS connection with the message bus.