Higher level of network protection for virtual appliances

Higher level of network protection for virtual appliances

Referring to a posting on Intel website (http://software.intel.com/en-us/articles/intel-virtualization-technology...) titled

"Intel Virtualization Technology for Directed I/O
(VT-d): Enhancing Intel platform"

How do products utilizing VT-d in network security applications for virtual appliances get a higher level of network protection?

2 posts / 0 nouveau(x)
Dernière contribution
Reportez-vous à notre Notice d'optimisation pour plus d'informations sur les choix et l'optimisation des performances dans les produits logiciels Intel.

The networking architecture provided by VT-d gives a higher level of protection from
malicious network traffic by creating the ability to isolate malicious
attacks to a single VM and it's associated resources assigned through the use of VT
and VT-d. Using this VT-d allows gives a foundation for a new class of applications based on
Virtual Appliance architecture. Because of the isolation of the NIC device, all VM accesses to the NIC device are intercepted and emulated to
protect proliferation of malicious code, an attack on a VM does not affect the VMM.

For instance use of NAT (Network Address Translation) is discourtaged from some "hosted" VMMs because an attack on the "guest" VM can affect the host.

Laisser un commentaire

Veuillez ouvrir une session pour ajouter un commentaire. Pas encore membre ? Rejoignez-nous dès aujourd’hui