1. Field of the Invention
The present invention relates to a virtual network controlling system, and more particularly, to a virtual network controlling system including security function.
2. Background Art
Recently, an SDDC (Software-Defined DataCenter) attracts attention in the cloud computing environment, and enhances management efficiency and utilization rate of a cloud datacenter through virtualization of the whole resources including servers and networks. Particularly, in order to reduce the bottleneck of the cloud datacenter and efficiently construct and utilize the networks, a network virtualization through application of SDN (Software-Defined Network) is in progress.
The cloud environment can minimize IT resource expenses by increasing the utilization rate and easiness in management of IT resources through application of the virtualization. The server virtualization in the cloud environment was previously in a stable stage, but the network virtualization is not yet steady. Recently, in order to improve the network virtualization, efforts to reduce the bottleneck in the cloud infrastructure by applying the SDN technology to the network virtualization are actively underway.
In general, virtualization refers to the act of creating and running a plurality of operating systems in one system by dividing a single physical hardware into a plurality of virtual hardware devices. Such software capable of virtualization is a hypervisor. The hypervisor is to provide how to access different operating systems from one physical computer resource, such as a processor or a memory existing in one host, namely, is a piece of computer software that makes one computer run a number of operating systems.
Recently, with the appearance of high-performance CPUs, multi core CPUs, and high-capacity memories, it became possible to construct various virtual machines in one host and install and run a plurality of operating systems in each of the virtual machines in an allowable range of a memory.
A conventional physical server, for instance, a host, generally leases one host to just one subscriber, but when the virtualization technology is applied, one virtualized system can run various subscriber services, for instance, file servers, mail servers, web servers, and so on, so as to lease one physical server, for instance, one host, to several subscribers.
However, such a physical server to which the virtualization technology is applied has several problems, such as attack and hacking into each of the virtual machines of the subscribers and information spill from the virtual machine, because many operating systems to the number of logical servers to be installed must be installed in one host. Additionally, the virtualized system in the cloud environment which is composed of hundreds of or thousands of virtual machines is difficult to establish and apply security policies to every virtual machine. In the cloud environment, when one virtual machine is infected, other virtual machines in the system are also infected, and finally, the entire cloud systems are infected.
Conventionally, a hardware-based network security system, for instance, an IPS (Intrusion Prevention System), is an independent device which is physically installed on the outside and is very expensive.
Moreover, if the conventional hardware-based network security system, for instance, the IPS, is installed in the virtualized system of the cloud environment which softwarely distributes and allocates resources through virtualization of the entire resources including servers and networks, it is difficult to construct a security system which ideally comes into contact with the system structure, and cannot be effectively connected with the virtualized system of the cloud environment which has to frequently carry out variable distribution and allocation of resources in order to diffuse a system load.