Device for realizing network security management based on virtualization and management method

Abstract

The invention discloses a device for realizing network security management based on virtualization and a management method. The device comprises a firewall function module, a routing function module and a redundancy-supporting switch module; the device further comprises an LAN virtual network security management platform control and ESX hosts; and the LAN virtual network security management platform control is composed of virtual machine management ends, virtual firewall modules, virtual routing modules and virtual intrusion monitoring modules. According to the device and the method provided by the invention, virtual firewalls are built based on VMware vShield Zones, and therefore, isolation of virtual machines can be realized through security and gateway services, and functions such as control area, extranet and parameter protection functions are provided, so that support for a multi-user application environment can be realized; based on a VMware vSphere platform, a virtual routing function can be realized, and the virtual machines in the ESX hosts can be controlled; and a network intrusion detection function is realized in a virtual machine environment through adopting an Xen-based para-virtualization, so that network security can be enhanced.

Description

technical field [0001] The invention relates to network security management. Background technique [0002] Virtualization refers to a method of encapsulating physical resources and is one of the basic technologies for building cloud computing. Configuring resources from a logical point of view is a logical abstraction of physical reality, allowing all resources to run transparently on various physical platforms, and resource management is carried out in a logical manner, fully realizing the automatic allocation of resources. According to different attributes, virtualization can be classified differently. According to the implementation level, it can be divided into hardware virtualization, operating system virtualization, and application virtualization. According to the application field, it can be divided into server virtualization, firewall virtualization, storage virtualization, network virtualization, desktop virtualization, etc. [0003] Existing hosting virtualizati...

AI Technical Summary

Problems solved by technology

The shortcomings of this technology to achieve network security management are: (1) The utilization rate and cost of hardware resources are high, and the performance is often low. It cannot effectively reduce the number of concurrency and cannot meet the access control of a large number of users.

(2) Hardware virtualization technology is not clearly supported, and network functions need to be loaded with services, which can easily lead to confusion in the network equipment of the host machine, high system resource usage, and low network security protection capabilities

(3) The mainstream product currently used in hosting virtualization technology is VMware Workstation, which is installed on the operating system of the host host. Once the host host has a security problem, the host host cannot work, resulting in the failure of the virtual server to run. The network security and stability are relatively poor

The disadvantages are: (1) Its hardware driver is concentrated on the Hypervisor layer and is used by all virtual machines on the Hypervisor. When the OS of a virtual machine needs to access the hardware, it uses the drivermodel in the Hypervisor. Access, some drivers and some third-party code are in a very sensitive area, which has flaws in security and compatibility

(2) 24-hour uninterrupted monitoring and protection of network intrusions cannot be performed, which reduces the ability of virtual machine network security access and management

Images