CN103685250A - Virtual machine security policy migration system and method based on SDN - Google Patents
Virtual machine security policy migration system and method based on SDN Download PDFInfo
- Publication number
- CN103685250A CN103685250A CN201310646449.0A CN201310646449A CN103685250A CN 103685250 A CN103685250 A CN 103685250A CN 201310646449 A CN201310646449 A CN 201310646449A CN 103685250 A CN103685250 A CN 103685250A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- security
- module
- migration
- security policy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0894—Policy-based network configuration management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0895—Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0896—Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities
- H04L41/0897—Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities by horizontal or vertical scaling of resources, or by migrating entities, e.g. virtual resources or entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a virtual machine security policy migration system based on an SDN. The virtual machine security policy migration system is composed of a security policy management module, a controller cluster control module and a virtual machine migration monitoring module. The invention further discloses a virtual machine security policy migration method based on the SDN. By the adoption of the virtual machine security policy migration system and method based on the SDN, a great number of resources are saved in the whole migration process, and synchronous and flexible transferring of a security policy of a virtual machine is guaranteed automatically, rapidly, easily and conveniently along with the migration of the virtual machine.
Description
Technical field
The present invention relates to technical field of virtualization, relate in particular to a kind of system and method for the secure virtual machine strategy migration based on SDN.
Background technology
Virtual machine (vm) migration technology provides method easily for server virtualization.At present popular virtual instrument is as VMware, Xen, and HyperV, KVM provides migration component separately.Migration server can be saved managed fund, maintenance cost and upgrade cost for user.The advantage of migration is to simplify system maintenance management, improves system load balancing, strengthens system mistake tolerance and optimization system power management.
But the problem that migration has also brought some security strategies to implement, once as VM virtual machine (vm) migration, the network layer information that this VM virtual machine is corresponding can be followed VM virtual machine (vm) migration to new position automatically by the management platform of rear end, but in the network at VM main frame place for the security strategy of this VM as fire compartment wall, IPS, IDS, can only, by the manual independent configure and maintenance again of network manager, can not migrate to automatically new network and go from legacy network.
Application number is that 201210121457.9 patent of invention discloses a kind of secure virtual machine strategy moving apparatus, be applied on the security administration server of data center, comprise: migration perception unit, for receiving the virtual machine (vm) migration report from Virtual Machine Manager device, this report comprises the location parameter of virtual machine; Positioning unit, for the new safety means of determining that according to the location parameter of described virtual machine this virtual machine belongs to after this virtual machine belongs to before migration former safety means and virtual machine (vm) migration; Security policy manager unit, for obtaining the security strategy that is configured in this virtual machine on former safety means, and is issued to described security strategy on new safety means.The present invention has realized the security strategy of virtual machine on safety means and has automatically followed virtual machine (vm) migration and seamless migration, exempted the safety means manual configuration operation that keeper carries out because of virtual machine (vm) migration, this is meaning highly significant concerning the more large-scale data center of virtual machine (vm) migration event.
This technology is to attach most importance to obtain security strategy with virtual machine, in objective network, need subsequently security strategy to read out from the safety means at the original place of virtual machine of migration, and more a little security strategies are issued to new safety means, and then remove the strategy on former safety means.
In this process, also need to find relevant safety means and extract the security strategy of VM from source network, and then in objective network, find out corresponding safety means and add strategy, this needs to operate various safety means and different operating platforms, and can consume larger resource; In addition this process also needs to identify virtual machine according to modes such as IP address and MAC Address, need to use extra resource in order to the identification of virtual machine, has also affected the performance of entire system.
In addition, some virtual platform manufacturers have also released the function of strategy with virtual machine (vm) migration, as VMware releases vMotion function etc.It is upper that security strategy is deployed in vswitch in server, is convenient to accomplish to control meticulous, and in the transition process of VM, the shift function that corresponding control strategy also can be followed virtualization system software is corresponding vswitch along with VM arrives.
Another kind of centralized control strategy is deployed on the network equipment scheme in conjunction with the 802.1Qbg of RG-S6200.The network that VSU is built, if the flow of external reference VM is carried out to policy control, can set into the ACL control strategy of direction at the gateway layer of all VM, as shown below, controls and concentrates, is convenient to strategy maintenance.
For too much having certain influence for vswitch performance in vswitch deploy, in addition for large double layer network, strategy too disperses to be unfavorable for operation maintenance.Vswitch, across a plurality of server hosts, carries out maintenance management by which main frame in addition, and this has also brought certain problem.For the gateway layer at all VM, carry out centralized control strategy and dispose, this has brought extra burden to network boundary server.
Most importantly on the virtual platform that these technology all require to support in manufacturer, just can implement, can not implement across virtual platform, this has objectively retrained the applicability of scheme.
Summary of the invention
Its security strategy can not be with its synchronous migration to shortcoming or the deficiency of new main frame place network with the seamless migration of implementation strategy when solving virtual machine (vm) migration in prior art in the present invention, adopted a kind of system and method for secure virtual machine strategy based on SDN migration, thus realized security strategy as fire compartment wall, traffic management etc. with virtual machine (vm) migration the object to objective network.
A system for secure virtual machine strategy migration based on SDN, it consists of security policy manager module, controller cluster control module and virtual machine (vm) migration monitoring module.
Security policy manager module is most important module in system, comprises security strategy Executive Module, policy synchronization module, security strategy acquisition module, security strategy encrypted transmission module and Security Policy Database.
Security strategy Executive Module is responsible for the relevant security strategy of the virtual machine of moving into add in Security Policy Database, and by the interface of the safety means relevant to security strategy, the security strategy of the virtual machine of moving into is added on relevant safety means.
The security strategy of policy synchronization module renewal designated virtual machine is to relevant safety means and upgrade Security Policy Database, maybe the security strategy on the relevant safety means of the virtual machine of moving out is removed and after migration completes, the security strategy of this virtual machine is left out from local Security Policy Database.
Security strategy acquisition module extracts the relevant all security strategies of migration virtual machine from Security Policy Database.
Security strategy encrypted transmission module is encrypted secure virtual machine strategy to be migrated, and selects safe mode to be transferred to the Security Policy Server in objective network, or receives secure virtual machine strategy to be moved into and be decrypted.
Controller cluster control module is coordinated and managed the multi-controller in data center, comprises state distribution/synchronization module, minute territory administration module, and distributed storage management module, switch is shared control module, exchange interface communication module.
Virtual machine (vm) migration monitoring module is monitored the migration situation of virtual machine.
A method for secure virtual machine strategy migration based on SDN, its concrete step is as follows:
1) when virtual machine is prepared migration, support the switch of SDN to match the correlative flow of virtual machine (vm) migration, the stream table issuing according to SDN controller rule, passes through southbound interface protocol report immediately to SDN controller;
2) SDN controller is received after the message of being sent by switch, and information is directly transmitted to security policy manager server;
3) security policy manager server is received in controller cluster the wherein information that SDN controller sends, and discovers and has virtual machine to be migrated;
4) security policy manager server goes out the destination network addresses of virtual machine (vm) migration by information analysis, searches Security Policy Database to find out the security policy manager server address of objective network;
5) security policy manager server calls security strategy acquisition module is searched Security Policy Database to extract the security strategy that this virtual machine is relevant;
6) security policy manager server calls security strategy encrypted transmission module arrives the security policy manager server of objective network by the outer safe transmission of band;
7) security policy information of the security policy manager server calls security strategy encrypted transmission module decrypts virtual machine to be moved into of objective network, notice security strategy Executive Module;
8) security strategy Executive Module adds the relevant security strategy of the virtual machine of moving in Security Policy Database to, and by the interface of the safety means relevant to security strategy, the security strategy of the virtual machine of moving into is added on relevant safety means, notify the security policy manager server of the network of moving out;
9) the move out security policy manager server calls policy synchronization module of network, removes the security strategy on the relevant safety means of the virtual machine of moving out the security strategy of this virtual machine is left out from local Security Policy Database.
The beneficial effect that technical solution of the present invention is brought:
The system and method for the secure virtual machine strategy migration based on SDN can not be subject to an impact for virtual platform, the cross-platform work that completes security strategy migration.And this security strategy moving method only depends on this hardware device of switch of supporting SDN, migration energy to various virtual machines responds fast, and from the security strategy of the whole network, select the security strategy that virtual machine to be migrated is relevant rapidly, transfer to the security policy manager server of objective network to be issued to fast associated safety equipment, to realize the deployment of security strategy.Whole process has been saved a large amount of resources, and there is a unification clearly to manage to each virtual machine, safety means in network, to keeper, bring great convenience, and along with automatic, quick, easy its security policy synchronization of assurance of the migration of virtual machine, transfer flexibly.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the system function module figure of a kind of secure virtual machine strategy migration based on SDN of the present invention;
Fig. 2 is the method network topological diagram of a kind of secure virtual machine strategy migration based on SDN of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
A kind of system function module figure of secure virtual machine strategy based on SDN migration is as shown in Figure 1:
It consists of security policy manager module, controller cluster control module and virtual machine (vm) migration monitoring module.
Security policy manager module is most important module in system, comprises security strategy Executive Module, policy synchronization module, security strategy acquisition module, security strategy encrypted transmission module and Security Policy Database.Security strategy Executive Module is responsible for the relevant security strategy of the virtual machine of moving into add in Security Policy Database, and by the interface of the safety means relevant to security strategy, the security strategy of the virtual machine of moving into is added on relevant safety means.The security strategy of the renewable designated virtual machine of policy synchronization module is to relevant safety means and upgrade Security Policy Database, maybe the security strategy on the relevant safety means of the virtual machine of moving out is removed and after migration completes, the security strategy of this virtual machine is left out from local Security Policy Database.Security strategy acquisition module extracts the relevant all security strategies of migration virtual machine from Security Policy Database.Security strategy encrypted transmission module is encrypted secure virtual machine strategy to be migrated, and selects safe mode to be transferred to the Security Policy Server in objective network; Or receive secure virtual machine strategy to be moved into and be decrypted.
Controller cluster control module is coordinated and managed the multi-controller in data center, comprises state distribution/synchronization module, minute territory administration module, and distributed storage management module, switch is shared control module, exchange interface communication module.Controller cluster control module is used southbound interface agreement to communicate with supporting the switch of SDN by exchange interface communication module, uses other modules to realize the synchronous of stream table between multi-controller.
Virtual machine (vm) migration monitoring module is monitored the migration situation of virtual machine.By SDN controller definition " virtual migration discovery ", flow list item, and be issued to the switch of the support SDN in data center.When virtual machine starts to move, support the switch of SDN to receive immediately the related data packets of virtual machine (vm) migration and match " virtual migration discovery " stream list item, and according to the action executing of this stream list item, virtual migration information notice is sent to SDN controller, and then notice is to security policy manager module.
The method of secure virtual machine strategy based on SDN migration during for virtual machine (vm) migration security strategy need the problem in company with migration, based on SDN technology, security strategy migration is separated with virtual machine (vm) migration.In this method, security strategy migration no longer relies on virtual machine and completes, but depends on the switch of supporting SDN.
As shown in Figure 2, its concrete implementing procedure is as follows for a kind of network topological diagram of method of the secure virtual machine strategy migration based on SDN:
1) when virtual machine is prepared migration, support the switch of SDN to match the correlative flow of virtual machine (vm) migration, the stream table issuing according to SDN controller rule, passes through southbound interface protocol report immediately to SDN controller;
2) SDN controller is received after the message of being sent by switch, and information is directly transmitted to security policy manager server;
3) security policy manager server is received in controller cluster the wherein information that SDN controller sends, and discovers and has virtual machine to be migrated;
4) security policy manager server goes out the destination network addresses of virtual machine (vm) migration by information analysis, searches Security Policy Database to find out the security policy manager server address of objective network;
5) security policy manager server calls security strategy acquisition module is searched Security Policy Database to extract the security strategy that this virtual machine is relevant;
6) security policy manager server calls security strategy encrypted transmission module arrives safe information transmission by out-band method the security policy manager server of objective network;
7) security policy information of the security policy manager server calls security strategy encrypted transmission module decrypts virtual machine to be moved into of objective network, notice security strategy Executive Module;
8) security strategy Executive Module adds the relevant security strategy of the virtual machine of moving in Security Policy Database to, and by the interface of the safety means relevant to security strategy, the security strategy of the virtual machine of moving into is added on relevant safety means, notify the security policy manager server of the network of moving out;
9) the move out security policy manager server calls policy synchronization module of network, removes the security strategy on the relevant safety means of the virtual machine of moving out the security strategy of this virtual machine is left out from local Security Policy Database.
In addition, the present invention also can on the basis of existing technology, by identifying virtual machine by dedicated algorithms and record its corresponding security strategy in virtual machine, finally use special function to extract its security strategy and dispose to each safety means in the network of moving into.This need to use the extra recognition capability higher to virtual machine, and security strategy is extracted, cross-platform ability, and arrival objective network arrives security policy distribution the ability of corresponding safety means etc.
The present invention also can Direct Transfer virtual machine, afterwards by manually designing, configure in the network of moving into according to the different security strategies of each virtual machine, and leave out the security strategy that this virtual machine is relevant from the network of moving out.This method wastes time and energy, and coordinates virtual machine and have difficulties in the use of targeted environment and the related security policies deployment event of this virtual machine at objective network.
The system and method for a kind of secure virtual machine strategy migration based on the SDN above embodiment of the present invention being provided is described in detail, applied specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment is just for helping to understand method of the present invention and core concept thereof; , for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention meanwhile.
Claims (6)
1. a system for the migration of the secure virtual machine strategy based on SDN, is characterized in that, this system consists of security policy manager module, controller cluster control module and virtual machine (vm) migration monitoring module;
Security policy manager module is most important module in this system, comprises security strategy Executive Module, policy synchronization module, security strategy acquisition module, security strategy encrypted transmission module and Security Policy Database;
Security strategy Executive Module is responsible for the relevant security strategy of the virtual machine of moving into add in Security Policy Database, and by the interface of the safety means relevant to security strategy, the security strategy of the virtual machine of moving into is added on relevant safety means;
The security strategy of policy synchronization module renewal designated virtual machine is to relevant safety means and upgrade Security Policy Database, maybe the security strategy on the relevant safety means of the virtual machine of moving out is removed and after migration completes, the security strategy of this virtual machine is left out from local Security Policy Database;
Security strategy acquisition module extracts the relevant all security strategies of migration virtual machine from Security Policy Database;
Security strategy encrypted transmission module is encrypted secure virtual machine strategy to be migrated, and selects safe mode to be transferred to the Security Policy Server in objective network, or receives secure virtual machine strategy to be moved into and be decrypted;
Controller cluster control module is coordinated and managed the multi-controller in data center, comprises state distribution/synchronization module, minute territory administration module, and distributed storage management module, switch is shared control module, exchange interface communication module;
Virtual machine (vm) migration monitoring module is monitored the migration situation of virtual machine.
2. system according to claim 1, it is characterized in that, controller cluster control module is used southbound interface agreement to communicate with supporting the switch of SDN by exchange interface communication module, uses other modules to realize the synchronous of stream table between multi-controller.
3. system according to claim 1, is characterized in that, virtual machine (vm) migration monitoring module flows list item by SDN controller definition " virtual migration discovery ", and is issued to the switch of the support SDN in data center; When virtual machine starts to move, support the switch of SDN to receive immediately the related data packets of virtual machine (vm) migration and match " virtual migration discovery " stream list item, and according to the action executing of this stream list item, virtual migration information notice is sent to SDN controller, and then notice is to security policy manager module.
4. a method for the migration of the secure virtual machine strategy based on SDN, is characterized in that, the step of the method is as follows:
1) when virtual machine is prepared migration, support the switch of SDN to match the correlative flow of virtual machine (vm) migration, the stream table issuing according to SDN controller rule, passes through southbound interface protocol report immediately to SDN controller;
2) SDN controller is received after the message of being sent by switch, and information is directly transmitted to security policy manager server;
3) security policy manager server is received in controller cluster the wherein information that SDN controller sends, and discovers and has virtual machine to be migrated;
4) security policy manager server goes out the destination network addresses of virtual machine (vm) migration by information analysis, searches Security Policy Database to find out the security policy manager server address of objective network;
5) security policy manager server calls security strategy acquisition module is searched Security Policy Database to extract the security strategy that this virtual machine is relevant;
6) security policy manager server calls security strategy encrypted transmission module arrives safe information transmission by out-band method the security policy manager server of objective network;
7) security policy information of the security policy manager server calls security strategy encrypted transmission module decrypts virtual machine to be moved into of objective network, notice security strategy Executive Module;
8) security strategy Executive Module adds the relevant security strategy of the virtual machine of moving in Security Policy Database to, and by the interface of the safety means relevant to security strategy, the security strategy of the virtual machine of moving into is added on relevant safety means, notify the security policy manager server of the network of moving out;
9) the move out security policy manager server calls policy synchronization module of network, removes the security strategy on the relevant safety means of the virtual machine of moving out the security strategy of this virtual machine is left out from local Security Policy Database.
5. method according to claim 4, it is characterized in that, the present invention also can be on the basis of existing technology, by identifying virtual machine by dedicated algorithms and record its corresponding security strategy in virtual machine, finally in the network of moving into, use special function to extract its security strategy and dispose to each safety means.
6. method according to claim 4, it is characterized in that, the present invention also can Direct Transfer virtual machine, afterwards by manually designing, configure in the network of moving into according to the different security strategies of each virtual machine, and leave out the security strategy that this virtual machine is relevant from the network of moving out.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310646449.0A CN103685250A (en) | 2013-12-04 | 2013-12-04 | Virtual machine security policy migration system and method based on SDN |
| PCT/CN2014/089291 WO2015081766A1 (en) | 2013-12-04 | 2014-10-23 | Sdn based virtual machine security policy migration system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310646449.0A CN103685250A (en) | 2013-12-04 | 2013-12-04 | Virtual machine security policy migration system and method based on SDN |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103685250A true CN103685250A (en) | 2014-03-26 |
Family
ID=50321565
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310646449.0A Pending CN103685250A (en) | 2013-12-04 | 2013-12-04 | Virtual machine security policy migration system and method based on SDN |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103685250A (en) |
| WO (1) | WO2015081766A1 (en) |
Cited By (36)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103973676A (en) * | 2014-04-21 | 2014-08-06 | 蓝盾信息安全技术股份有限公司 | Cloud computing safety protection system and method based on SDN |
| CN104243265A (en) * | 2014-09-05 | 2014-12-24 | 华为技术有限公司 | Gateway control method, device and system based on virtual machine migration |
| CN104407911A (en) * | 2014-10-31 | 2015-03-11 | 杭州华三通信技术有限公司 | Virtual machine migration method and device |
| CN104468397A (en) * | 2014-11-06 | 2015-03-25 | 杭州华三通信技术有限公司 | Method and device for preventing package loss in thermal transferring and forwarding process of virtual machine |
| WO2015081766A1 (en) * | 2013-12-04 | 2015-06-11 | 蓝盾信息安全技术有限公司 | Sdn based virtual machine security policy migration system and method |
| CN104836846A (en) * | 2015-04-02 | 2015-08-12 | 国家电网公司 | Energy interconnection communication network architecture system based on SDN technology |
| CN104935593A (en) * | 2015-06-16 | 2015-09-23 | 杭州华三通信技术有限公司 | Data message transmitting method and device |
| CN105207856A (en) * | 2015-10-28 | 2015-12-30 | 广州西麦科技股份有限公司 | Load balancing system and method based on SDN virtual switch |
| CN105204906A (en) * | 2015-09-29 | 2015-12-30 | 北京元心科技有限公司 | Operating system starting method and intelligent terminal |
| CN105227357A (en) * | 2015-09-15 | 2016-01-06 | 清华大学 | Virtual machine policy migration collocation method and device |
| CN105227541A (en) * | 2015-08-21 | 2016-01-06 | 华为技术有限公司 | A kind of security strategy dynamic migration method and device |
| CN105262611A (en) * | 2015-09-07 | 2016-01-20 | 中国电子科技网络信息安全有限公司 | Virtual machine policy management device and management method based on open-stack |
| CN105376246A (en) * | 2015-11-30 | 2016-03-02 | 中国电子科技网络信息安全有限公司 | Adaptive generation management system and method of security strategy based on SDN |
| WO2016041367A1 (en) * | 2014-09-15 | 2016-03-24 | 中兴通讯股份有限公司 | Sdn architecture, sdn architecture-based message forwarding method |
| CN105553746A (en) * | 2016-01-08 | 2016-05-04 | 广州西麦科技股份有限公司 | Automatic configuration migration system and method based on SDN (Software Defined Network) |
| CN105591802A (en) * | 2015-08-24 | 2016-05-18 | 杭州华三通信技术有限公司 | Switch upgrading method and device |
| CN105656797A (en) * | 2015-12-26 | 2016-06-08 | 中国人民解放军信息工程大学 | Switch migration method and device |
| CN105867999A (en) * | 2016-04-18 | 2016-08-17 | 浪潮集团有限公司 | Virtual machine migration implementing method for migrating multiple virtual machines at same time based on SDN |
| WO2017031920A1 (en) * | 2015-08-26 | 2017-03-02 | 浪潮集团有限公司 | Hybrid sdn switch utilizing dynamic migration technology |
| CN106663022A (en) * | 2014-07-27 | 2017-05-10 | 斯特拉托斯卡莱有限公司 | Live migration of virtual machines that use externalized memory pages |
| CN106844004A (en) * | 2016-12-29 | 2017-06-13 | 北京瑞星信息技术股份有限公司 | Based on safety protecting method and system under virtualized environment |
| WO2017166936A1 (en) * | 2016-03-29 | 2017-10-05 | 中兴通讯股份有限公司 | Method and device for implementing address management, and aaa server and sdn controller |
| CN107733746A (en) * | 2016-08-11 | 2018-02-23 | 中兴通讯股份有限公司 | A kind of network-building method and mixed cloud plateform system for mixing cloud platform |
| CN107896191A (en) * | 2017-11-27 | 2018-04-10 | 深信服科技股份有限公司 | A kind of virtual secure component based on container is across cloud system and method |
| CN107918732A (en) * | 2017-11-12 | 2018-04-17 | 长沙曙通信息科技有限公司 | A kind of desktop virtualization virtual machine (vm) migration security policy manager method |
| CN108011893A (en) * | 2017-12-26 | 2018-05-08 | 广东电网有限责任公司信息中心 | A kind of asset management system based on networked asset information gathering |
| CN108092810A (en) * | 2017-12-13 | 2018-05-29 | 锐捷网络股份有限公司 | A kind of virtual machine management method, VTEP equipment and management equipment |
| CN108363611A (en) * | 2017-11-02 | 2018-08-03 | 北京紫光恒越网络科技有限公司 | Method for managing security, device and the omnidirectional system of virtual machine |
| CN108471394A (en) * | 2017-02-23 | 2018-08-31 | 蓝盾信息安全技术有限公司 | A kind of method for security protection for the virtual machine (vm) migration realized using block chain |
| CN108768698A (en) * | 2018-05-02 | 2018-11-06 | 长沙学院 | A kind of multi-controller dynamic deployment method and system based on SDN |
| CN109471759A (en) * | 2018-11-21 | 2019-03-15 | 北京谷数科技有限公司 | A kind of database failure switching method and equipment based on SAS dual control equipment |
| CN109857332A (en) * | 2017-11-30 | 2019-06-07 | 北京京穗蓝盾信息安全技术有限公司 | A kind of method and device of magnetic disk of virtual machine file security inspection |
| CN110958227A (en) * | 2015-02-04 | 2020-04-03 | 英特尔公司 | Techniques for scalable security architecture for virtualized networks |
| CN112187523A (en) * | 2020-09-10 | 2021-01-05 | 华云数据控股集团有限公司 | Network high-availability implementation method and super-convergence system |
| US11573815B2 (en) | 2020-04-29 | 2023-02-07 | Red Hat, Inc. | Dynamic power management states for virtual machine migration |
| CN117478438A (en) * | 2023-12-28 | 2024-01-30 | 苏州元脑智能科技有限公司 | Network micro-isolation method, system and virtualized cloud host |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9967257B2 (en) | 2016-03-16 | 2018-05-08 | Sprint Communications Company L.P. | Software defined network (SDN) application integrity |
| US11233778B2 (en) * | 2018-08-15 | 2022-01-25 | Juniper Networks, Inc. | Secure forwarding of tenant workloads in virtual networks |
| US11329966B2 (en) | 2018-08-15 | 2022-05-10 | Juniper Networks, Inc. | System and method for transferring packets between kernel modules in different network stacks |
| CN109587168B (en) * | 2018-12-29 | 2020-12-15 | 河南信大网御科技有限公司 | Network function deployment method based on mimicry defense in software defined network |
| CN111078366B (en) * | 2019-12-20 | 2024-05-24 | 深信服科技股份有限公司 | Virtual machine migration method, system, equipment and computer readable storage medium |
| CN111510435B (en) * | 2020-03-25 | 2022-02-22 | 新华三大数据技术有限公司 | Network security policy migration method and device |
| CN111752679B (en) * | 2020-06-22 | 2022-03-22 | 中国电子科技集团公司第五十四研究所 | Dynamic arranging device for safety service chain |
| CN112579255B (en) * | 2020-12-10 | 2023-03-24 | 海光信息技术股份有限公司 | Compression protection method for virtual machine migration, migration-in migration-out accelerator module and SOC chip |
| CN114143209B (en) * | 2021-11-08 | 2022-10-21 | 浙江大学 | System and method for controlling elastic expansion of channel in network measurement |
| CN114143087B (en) * | 2021-11-30 | 2023-09-26 | 北京天融信网络安全技术有限公司 | Virtual machine migration system and method |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8813169B2 (en) * | 2011-11-03 | 2014-08-19 | Varmour Networks, Inc. | Virtual security boundary for physical or virtual network devices |
| CN102413041B (en) * | 2011-11-08 | 2015-04-15 | 华为技术有限公司 | Method, device and system for moving security policy |
| CN102739645B (en) * | 2012-04-23 | 2016-03-16 | 杭州华三通信技术有限公司 | The moving method of secure virtual machine strategy and device |
| CN102946325B (en) * | 2012-11-14 | 2015-06-03 | 中兴通讯股份有限公司 | Network diagnosis method, system and equipment based on software defined network |
| CN103685250A (en) * | 2013-12-04 | 2014-03-26 | 蓝盾信息安全技术股份有限公司 | Virtual machine security policy migration system and method based on SDN |
-
2013
- 2013-12-04 CN CN201310646449.0A patent/CN103685250A/en active Pending
-
2014
- 2014-10-23 WO PCT/CN2014/089291 patent/WO2015081766A1/en active Application Filing
Cited By (54)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015081766A1 (en) * | 2013-12-04 | 2015-06-11 | 蓝盾信息安全技术有限公司 | Sdn based virtual machine security policy migration system and method |
| CN103973676A (en) * | 2014-04-21 | 2014-08-06 | 蓝盾信息安全技术股份有限公司 | Cloud computing safety protection system and method based on SDN |
| CN103973676B (en) * | 2014-04-21 | 2017-05-24 | 蓝盾信息安全技术股份有限公司 | Cloud computing safety protection system and method based on SDN |
| CN106663022A (en) * | 2014-07-27 | 2017-05-10 | 斯特拉托斯卡莱有限公司 | Live migration of virtual machines that use externalized memory pages |
| CN104243265B (en) * | 2014-09-05 | 2018-01-05 | 华为技术有限公司 | A kind of gateway control method, apparatus and system based on virtual machine (vm) migration |
| CN104243265A (en) * | 2014-09-05 | 2014-12-24 | 华为技术有限公司 | Gateway control method, device and system based on virtual machine migration |
| US10432501B2 (en) | 2014-09-15 | 2019-10-01 | Xi'an Zhongxing New Software Co., Ltd. | SDN architecture and method for forwarding message based on SDN architecture |
| WO2016041367A1 (en) * | 2014-09-15 | 2016-03-24 | 中兴通讯股份有限公司 | Sdn architecture, sdn architecture-based message forwarding method |
| CN104407911A (en) * | 2014-10-31 | 2015-03-11 | 杭州华三通信技术有限公司 | Virtual machine migration method and device |
| CN104407911B (en) * | 2014-10-31 | 2018-03-20 | 新华三技术有限公司 | Virtual machine migration method and device |
| CN104468397B (en) * | 2014-11-06 | 2018-06-12 | 新华三技术有限公司 | The method and apparatus that a kind of live migration of virtual machine forwards not packet loss |
| CN104468397A (en) * | 2014-11-06 | 2015-03-25 | 杭州华三通信技术有限公司 | Method and device for preventing package loss in thermal transferring and forwarding process of virtual machine |
| CN110958227B (en) * | 2015-02-04 | 2023-07-11 | 英特尔公司 | Method and computing platform for performing network function virtualized NFV security services agent NFV SSA |
| CN110958227A (en) * | 2015-02-04 | 2020-04-03 | 英特尔公司 | Techniques for scalable security architecture for virtualized networks |
| CN104836846A (en) * | 2015-04-02 | 2015-08-12 | 国家电网公司 | Energy interconnection communication network architecture system based on SDN technology |
| CN104935593B (en) * | 2015-06-16 | 2018-11-27 | 新华三技术有限公司 | The transmission method and device of data message |
| CN104935593A (en) * | 2015-06-16 | 2015-09-23 | 杭州华三通信技术有限公司 | Data message transmitting method and device |
| CN105227541A (en) * | 2015-08-21 | 2016-01-06 | 华为技术有限公司 | A kind of security strategy dynamic migration method and device |
| CN105227541B (en) * | 2015-08-21 | 2018-12-07 | 华为技术有限公司 | A kind of security strategy dynamic migration method and device |
| CN105591802B (en) * | 2015-08-24 | 2019-06-04 | 新华三技术有限公司 | Switching equipment upgrade method and device |
| CN105591802A (en) * | 2015-08-24 | 2016-05-18 | 杭州华三通信技术有限公司 | Switch upgrading method and device |
| WO2017031920A1 (en) * | 2015-08-26 | 2017-03-02 | 浪潮集团有限公司 | Hybrid sdn switch utilizing dynamic migration technology |
| CN105262611B (en) * | 2015-09-07 | 2018-12-21 | 中国电子科技网络信息安全有限公司 | Virtual machine tactical management device and management method based on open-stack |
| CN105262611A (en) * | 2015-09-07 | 2016-01-20 | 中国电子科技网络信息安全有限公司 | Virtual machine policy management device and management method based on open-stack |
| CN105227357A (en) * | 2015-09-15 | 2016-01-06 | 清华大学 | Virtual machine policy migration collocation method and device |
| CN105227357B (en) * | 2015-09-15 | 2018-10-16 | 清华大学 | Virtual machine policy migration configuration method and device |
| CN105204906A (en) * | 2015-09-29 | 2015-12-30 | 北京元心科技有限公司 | Operating system starting method and intelligent terminal |
| CN105207856A (en) * | 2015-10-28 | 2015-12-30 | 广州西麦科技股份有限公司 | Load balancing system and method based on SDN virtual switch |
| CN105376246A (en) * | 2015-11-30 | 2016-03-02 | 中国电子科技网络信息安全有限公司 | Adaptive generation management system and method of security strategy based on SDN |
| CN105376246B (en) * | 2015-11-30 | 2018-08-03 | 中国电子科技网络信息安全有限公司 | A kind of security strategy adaptive generation management system and method based on SDN |
| CN105656797A (en) * | 2015-12-26 | 2016-06-08 | 中国人民解放军信息工程大学 | Switch migration method and device |
| CN105553746A (en) * | 2016-01-08 | 2016-05-04 | 广州西麦科技股份有限公司 | Automatic configuration migration system and method based on SDN (Software Defined Network) |
| WO2017166936A1 (en) * | 2016-03-29 | 2017-10-05 | 中兴通讯股份有限公司 | Method and device for implementing address management, and aaa server and sdn controller |
| CN105867999A (en) * | 2016-04-18 | 2016-08-17 | 浪潮集团有限公司 | Virtual machine migration implementing method for migrating multiple virtual machines at same time based on SDN |
| CN107733746B (en) * | 2016-08-11 | 2021-06-15 | 中兴通讯股份有限公司 | Networking method of hybrid cloud platform and hybrid cloud platform system |
| CN107733746A (en) * | 2016-08-11 | 2018-02-23 | 中兴通讯股份有限公司 | A kind of network-building method and mixed cloud plateform system for mixing cloud platform |
| CN106844004B (en) * | 2016-12-29 | 2020-02-14 | 北京瑞星网安技术股份有限公司 | Security protection method and system based on virtualization environment |
| CN106844004A (en) * | 2016-12-29 | 2017-06-13 | 北京瑞星信息技术股份有限公司 | Based on safety protecting method and system under virtualized environment |
| CN108471394A (en) * | 2017-02-23 | 2018-08-31 | 蓝盾信息安全技术有限公司 | A kind of method for security protection for the virtual machine (vm) migration realized using block chain |
| CN108363611A (en) * | 2017-11-02 | 2018-08-03 | 北京紫光恒越网络科技有限公司 | Method for managing security, device and the omnidirectional system of virtual machine |
| CN107918732A (en) * | 2017-11-12 | 2018-04-17 | 长沙曙通信息科技有限公司 | A kind of desktop virtualization virtual machine (vm) migration security policy manager method |
| CN107896191A (en) * | 2017-11-27 | 2018-04-10 | 深信服科技股份有限公司 | A kind of virtual secure component based on container is across cloud system and method |
| CN107896191B (en) * | 2017-11-27 | 2020-11-27 | 深信服科技股份有限公司 | Container-based virtual security component cross-cloud system and method |
| CN109857332A (en) * | 2017-11-30 | 2019-06-07 | 北京京穗蓝盾信息安全技术有限公司 | A kind of method and device of magnetic disk of virtual machine file security inspection |
| CN108092810A (en) * | 2017-12-13 | 2018-05-29 | 锐捷网络股份有限公司 | A kind of virtual machine management method, VTEP equipment and management equipment |
| CN108011893A (en) * | 2017-12-26 | 2018-05-08 | 广东电网有限责任公司信息中心 | A kind of asset management system based on networked asset information gathering |
| CN108768698A (en) * | 2018-05-02 | 2018-11-06 | 长沙学院 | A kind of multi-controller dynamic deployment method and system based on SDN |
| CN108768698B (en) * | 2018-05-02 | 2021-04-20 | 长沙学院 | SDN-based multi-controller dynamic deployment method and system |
| CN109471759B (en) * | 2018-11-21 | 2019-08-02 | 北京谷数科技有限公司 | A kind of database failure switching method and equipment based on SAS dual control equipment |
| CN109471759A (en) * | 2018-11-21 | 2019-03-15 | 北京谷数科技有限公司 | A kind of database failure switching method and equipment based on SAS dual control equipment |
| US11573815B2 (en) | 2020-04-29 | 2023-02-07 | Red Hat, Inc. | Dynamic power management states for virtual machine migration |
| CN112187523A (en) * | 2020-09-10 | 2021-01-05 | 华云数据控股集团有限公司 | Network high-availability implementation method and super-convergence system |
| CN117478438A (en) * | 2023-12-28 | 2024-01-30 | 苏州元脑智能科技有限公司 | Network micro-isolation method, system and virtualized cloud host |
| CN117478438B (en) * | 2023-12-28 | 2024-03-22 | 苏州元脑智能科技有限公司 | Network micro-isolation method, system and virtualized cloud host |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2015081766A1 (en) | 2015-06-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103685250A (en) | Virtual machine security policy migration system and method based on SDN | |
| EP3125117B1 (en) | Update management system and update management method | |
| EP3300298B1 (en) | Method and apparatus for switching vnf | |
| CN107733746B (en) | Networking method of hybrid cloud platform and hybrid cloud platform system | |
| EP3376738A1 (en) | Resource configuration method and network device thereof | |
| CN106034052B (en) | The system and method that two laminar flow amounts are monitored a kind of between of virtual machine | |
| CN102316001B (en) | Virtual network connection configuration realizing method and network equipment | |
| CN106293934B (en) | A kind of cluster system management optimization method and platform | |
| CN104348873A (en) | Virtual network element automatic loading method and system and virtual machine IP (Internet Protocol) address acquisition method and system | |
| CN103475722A (en) | Implement system for business collaboration platform | |
| CN104104572A (en) | Automatic deploying method and device for switch in SDN network | |
| US20180034709A1 (en) | Method and Device for Asset Information Management | |
| CN103368768A (en) | Automatically scaled network overlay with heuristic monitoring in hybrid cloud environment | |
| CN104601482A (en) | Traffic cleaning method and device | |
| CN105376133A (en) | Network experiment system based on virtualization technology and construction method | |
| CN105429811B (en) | network management system and method | |
| CN105024990A (en) | Deployment method and device for network security attack and defense exercise environment | |
| CN104468633B (en) | A kind of SDN south orientations TSM Security Agent product | |
| CN102821023A (en) | Method and device for dynamically migrating VLAN (virtual local area network) configuration | |
| CN106027287A (en) | Unified management and control platform for power distribution communication networks | |
| CN103067356A (en) | System and method for business virtual machine safety guaranteeing | |
| CN106161171A (en) | A kind of method and apparatus setting up Network example | |
| CN103051502A (en) | System and method of self-organized networking and flexible accessing of intelligent power equipment in electricity utilization community | |
| CN106851644B (en) | A kind of base station access method and system based on cloud framework | |
| CN105849699A (en) | Method for controlling data center configuration device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140326 |
|
| WD01 | Invention patent application deemed withdrawn after publication |