The networking architecture provided by VT-d gives a higher level of protection from
malicious network traffic by creating the ability to isolate malicious
attacks to a single VM and it's associated resources assigned through the use of VT
and VT-d. Using this VT-d allows gives a foundation for a new class of applications based on
Virtual Appliance architecture. Because of the isolation of the NIC device, all VM accesses to the NIC device are intercepted and emulated to
protect proliferation of malicious code, an attack on a VM does not affect the VMM.
For instance use of NAT (Network Address Translation) is discourtaged from some "hosted" VMMs because an attack on the "guest" VM can affect the host.
Higher level of network protection for virtual appliances
如需更全面地了解编译器优化,请参阅优化注意事项.
- 登录以发表评论
星期三, 03/10/2007 - 10:13
Higher level of network protection for virtual appliances
Referring to a posting on Intel website (http://software.intel.com/en-us/articles/intel-virtualization-technology...) titled
"Intel Virtualization Technology for Directed I/O
(VT-d): Enhancing Intel platform"
How do products utilizing VT-d in network security applications for virtual appliances get a higher level of network protection?