System and method for dynamically configuring virtual machine migration security policy

Abstract

The invention relates to a system and method for dynamically configuring a virtual machine migration security policy. A source host node and a target host node are both provided with strategy agent modules; a security policy database and a policy coordination module are respectively connected with a security management center; the policy coordination module is further connected with all the strategy agent modules; the security management center is used for inquiring the security policy database to judge whether a local security policy intermediate value violates a global security policy or not; if yes, the local security policy intermediate value is adjusted to be a security policy final value; if not, the local security policy intermediate value is set to be the security policy final value. Due to the fact that the global security policy is introduced in the process of generating the security policy final value, the security policy final value can violate the global security policy under no circumstances; after a virtual machine is migrated, a local security policy on the target host node is adjusted and brought into global security policy planning, and therefore the virtual machine is effectively prevented from lowering in security before and after migration.

Description

technical field [0001] The invention relates to an information security system and method, in particular to a virtual machine migration security policy dynamic configuration system and method. Background technique [0002] Cloud computing is an Internet-oriented distributed computing service. As a delivery model for IT resources and services, it can obtain the required resources from a shared pool of configurable computing resources anytime, anywhere, conveniently, and on demand. (such as networks, servers, storage, applications, services, etc.), these resources can be quickly provisioned and released, while minimizing management costs or service provider intervention. In the cloud computing environment, the implementation of security policies faces many difficulties due to the virtualization of the network. Virtualization makes the boundaries of traditional networks blurred. Different networks divided according to virtual machines are no longer restricted by physical networ...

AI Technical Summary

Problems solved by technology

[0006] Aiming at the problem that the overall security of the system cannot be guaranteed when the virtual machine is migrated in the prior art, the present invention proposes a method that can automatically discover the address of the source host node and the address of the target host node for migration, and compare the addresses of the virtual machine before and after migration. The security policy corresponding to the security status of the operating environment is comparatively analyzed, unified coordinated and correspondingly modified to ensure that the security of the whole system remains consistent before and after the migration of the virtual machine; a virtual machine migration security policy dynamic configuration system; and a method for realizing the system

Images