In many virtualization environments, virtual machine networking policies are explicitly configured by an administrator that indicates what networks can be used by the virtual machine, what interfaces can be used by the virtual machine to establish a network, and networking security policies for the virtual machine. Hard coding networking policies into a virtualization system often can be easily done when the virtualization system includes a minimum number of virtual machine, e.g. a single virtual machine.
When a virtualization environment includes multiple virtual machines, it can be difficult to explicitly and predictably configure each virtual machine in the virtualization environment. The time required to configure each virtual machine and manage the networking configurations can be great. Furthermore, it can be tedious to manage each networking configuration and ensure that the proper security measures are enforced.
Some systems include a virtualization environment where virtual machines on a single computer can communicate with other virtual machines on that computer using a local network. In these systems, the local network exists on the computer and does not extend to other virtual machines executing on a different computer. Both computers, in some instances, can be connected through a local network, thus there exists a need for virtual machines executing on these computers to be able to communicate with each other via a local network. While some systems support local networks between virtual machines executing on different computers, these systems often require that the network for each machine be individually configured. In these systems, an administrator must determine the security policy requirements for each virtual machine, and then must configure each virtual machine using the security policy requirements.
A system and method is therefore needed to address network configurations in a multi-virtual machine environment. Such a system and method can non-explicitly configure networks and can use multiple, different network topologies to implement network connectivity for one or more of the virtual machines in a virtual environment. Further, such a system can specify security requirements for a particular appliance or virtual machine using a network policy rather than explicitly configure the security policy for each virtual machine or appliance in a virtualization environment.