基于虚拟化环境下的网络安全监控技术应用

在某大型国企的数据中心虚拟化环境背景下,分析虚拟化与云计算安全在网络接入层的"虚拟以太网交换机"(Virtual Ethernet Bridge,VEB)技术在目前的实现方式中的优缺点,研究业界为解决其不足之处所提出的相关方案,阐述采用基于新型网络架构"软件定义网络"(Software Defined Network,SDN)中OpenFlow框架的可行性,提出采用该框架下的Open vSwitch开源技术来实现虚拟网络隔离、QoS配置、流量监控以及数据包分析等虚拟化网络安全监控工作的应用思路。本研究在虚拟网络交换的数据转发与安全控制的解耦、网络安全服务的独立和虚拟网络的安全控制等方面具有创新性,为采用虚拟化和云计算技术的信息系统在接入安全方面提供了参考价值。

Based on the Application of Network Security Monitoring Technology in a Virtualized Environment

Base on virtualized environment of a large state-owned data center, this paper anlayzes the advantages and disadvantages of Virtual Ethernet Bridge technology which is in the network access layer in current implement, studies the related solution to solve the shortages, elaborates the feasibility of OpenFlow framework which is under the new network architecture SDN and proposes the application ideas of utilizing the Open vSwitch open-source technology to achieve the goal of virtualization network isolation, QoS configuration, flow monitoring and packets analysis. This research is innovative in aspect of data forwarding and security control decoupling of virtualization network exchange, independence of network security service, security control of virtualization network, providing a reference value for information system which is using virtualization and cloud computing technology in access security field.