Virtualized computing is a technique for creating multiple virtual machines on a single physical computing device. This is often achieved by dividing the software and memory of the computing device into multiple logical partitions, each of which can host an operating system for a virtual machine. One of the partitions is often designated as a parent, or root, partition that delegates access to physical hardware and services to the virtual machines.
In some scenarios, virtual networks may be established between virtual machines residing in computing devices on a physical network. For example, data centers consisting of multiple physical servers can provide virtual local area networks (VLANs) to enterprises, such as corporations and other organizations. Such VLANs are often designed to provide a secure and isolated (with respect to reachability) environment in which to interconnect computers and share resources within an enterprise.
A virtual machine can communicate with other virtual machines or physical devices by accessing the host computer's hardware components, at the discretion of the parent partition. Network interface controllers (NICs) are components that allow a computing device to interface and communicate with a physical network. The NIC includes basic circuitry for implementing a communication protocol, such as Ethernet or Internet Protocol, and also includes limited memory for storing a network address associated with the communication protocol, such as a Medium Access Control (MAC) or IP address.
Each virtual machine can be assigned a network address, which can be a virtual address corresponding to a virtual network associated with the virtual machine. Routing data can be achieved by translating a virtual address, recognized by virtual machines communicating over a virtual network, to a physical address, recognized by hardware components that communicate over a physical network. This address translation can be performed by the parent partition, which is responsible for routing data traffic to and from the appropriate virtual machine within the host computing device. In addition, the parent partition can be responsible for implementing other network policies, such as access control and authorization, for the virtual machines on a host device.
Security is often a concern in virtualized computing environments. A host computing device often restricts access to hardware and networking information to only the parent partition. This centralized authority prevents virtual machines from potentially interfering with each other, whether accidentally or maliciously. As such, a tenant that has virtual machine hosted by a computing device can be granted a certain level of security and isolation from other tenants using the same hosting device.