Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method and apparatus realizing virtual machine network access control

A technology of network access control and network access, which is applied in the field of virtual machine network access control, can solve problems such as inflexibility, large granularity, and large granularity, and achieve the effect of flexible network access control

Active Publication Date: 2016-11-23
ALIBABA GRP HLDG LTD
View PDF5 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] 1) If the virtual machine accesses the network through Network Address Translation (NAT) on the host machine, the ip of the virtual machine cannot be obtained, and the network access control can only be completed by restricting the ip of the host machine. the granularity will become larger
[0010] 2) If restrictions are made on the gateway and the ip of the virtual machine can be obtained, in this case, network access control can only be performed on the entire virtual machine, and network access control cannot be implemented for one of the applications
[0011] 3) Access control is performed according to the source ip at the application entrance, and the application needs to be modified, which is very inflexible
[0013] This method divides the network for the virtual machine and performs network access control through network isolation. Since this method is aimed at the network where the virtual machine is located, the granularity is too large and inflexible
[0014] Therefore, in the prior art, it is impossible to accurately implement the network access control of an application in the virtual machine, and avoid users from bypassing the

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and apparatus realizing virtual machine network access control
  • A method and apparatus realizing virtual machine network access control
  • A method and apparatus realizing virtual machine network access control

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] In order to realize the network access control of any application in the virtual machine and avoid user bypass, the present application provides a method and device for realizing network access control of the virtual machine. Analyze the data packet sent by the network card; determine the application program in the virtual machine that needs to initiate network access according to the analysis result of the data packet; judge whether the application program is allowed to access the network according to the network access policy set, and if so, continue to send data Otherwise, the data packet is discarded, wherein a network access policy represents permission configuration information for an application program in a virtual machine to perform network access through a corresponding virtual network card.

[0048] Preferred embodiments of the present application will be described in detail below in conjunction with the accompanying drawings.

[0049] refer to figure 1 Show...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The application relates to the field of computers, and especially relates to a method and apparatus realizing virtual machine network access control in order to realize network access control of any application in a virtual machine. The method comprises the steps of intercepting data packets sent by a local virtual machine through a local virtual Ethernet adapter and analyzing the data packets; determining an application program, which needs to initiate network access, of the virtual machine according to the analysis result of the data packets; according to a network access strategy collection, determining whether to allow the application program to access the network; if the application program is allowed to access the network, continuing to send data packets; otherwise, discarding the data packets. As a result, the method and apparatus have characteristics of fine grains and bypassing preventing, thereby enabling the network access control of the virtual machine to be more flexible and more reliable.

Description

technical field [0001] The present application relates to the field of computers, in particular to a method and device for realizing virtual machine network access control. Background technique [0002] With the advent of the big data era, how to protect data has become more and more important. At the same time, with the development of cloud computing technology, in more and more application scenarios, it is necessary to use a virtual machine to access an application. [0003] Therefore, how to implement flexible and reliable network access control for virtual machines is becoming more and more important for data protection. [0004] In the prior art, there are mainly three methods for network access control of virtual machines: [0005] First, network access control is performed by adding some network access control software to the virtual machine. [0006] Although this method can achieve very fine-grained network access control for virtual machines, for example, for app...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
Inventor 朱波
Owner ALIBABA GRP HLDG LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com