Higher level of network protection for virtual appliances

Higher level of network protection for virtual appliances

Referring to a posting on Intel website (http://software.intel.com/en-us/articles/intel-virtualization-technology...) titled

"Intel Virtualization Technology for Directed I/O
(VT-d): Enhancing Intel platform"

How do products utilizing VT-d in network security applications for virtual appliances get a higher level of network protection?

2 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

The networking architecture provided by VT-d gives a higher level of protection from
malicious network traffic by creating the ability to isolate malicious
attacks to a single VM and it's associated resources assigned through the use of VT
and VT-d. Using this VT-d allows gives a foundation for a new class of applications based on
Virtual Appliance architecture. Because of the isolation of the NIC device, all VM accesses to the NIC device are intercepted and emulated to
protect proliferation of malicious code, an attack on a VM does not affect the VMM.

For instance use of NAT (Network Address Translation) is discourtaged from some "hosted" VMMs because an attack on the "guest" VM can affect the host.

Leave a Comment

Please sign in to add a comment. Not a member? Join today