Click here for full text:
A Comparative Study on Secure Network Virtualization
Cabuk, Serdar; Dalton, Chris I.; Edwards, Aled; Fischer, Anna
Keyword(s): virtualization, security, networking
Abstract: Secure and efficient network virtualization is a key building block for virtualized environments such as data centers or enterprise networks. While machine virtualization alone provides immediate isolation of computing resources such as memory and CPU between guest domains, the network remains to be a shared resource as all traffic from guests eventually pass through a shared network resource and end up on the shared physical medium. As a result, we need mechanisms to (1) control the information flow between virtual machines (e.g., who can communicate with whom), (2) configure virtual and physical network resources, and (3) separate network resources used by each networking domain. Within HP Labs we have successfully developed and deployed technologies that enable secure networking within virtualized infrastructures. In this report, we present the findings of a comparative study that we conducted to evaluate the security, performance, and manageability of these approaches. We further report our experiences with prototype implementations on Xen platforms.
Back to Index