Software Archive
Read-only legacy content
17060 Discussions

Higher level of network protection for virtual appliances

Steven_T_Intel
Employee
‎10-03-2007 10:00 AM
526 Views

Referring to a posting on Intel website (http://software.intel.com/en-us/articles/intel-virtualization-technology-for-directed-io-vt-d-enhancing-intel-platforms-for-efficient-virtualization-of-io-devices) titled

"Intel Virtualization Technology for Directed I/O (VT-d): Enhancing Intel platform"

How do products utilizing VT-d in network security applications for virtual appliances get a higher level of network protection?

0 Kudos

Link Copied

1 Reply
Steven_T_Intel
Employee
‎10-03-2007 10:13 AM
526 Views
The networking architecture provided by VT-d gives a higher level of protection from malicious network traffic by creating the ability to isolate malicious attacks to a single VM and it's associated resources assigned through the use of VT and VT-d. Using this VT-d allows gives a foundation for a new class of applications based on Virtual Appliance architecture. Because of the isolation of the NIC device, all VM accesses to the NIC device are intercepted and emulated to protect proliferation of malicious code, an attack on a VM does not affect the VMM.

For instance use of NAT (Network Address Translation) is discourtaged from some "hosted" VMMs because an attack on the "guest" VM can affect the host.
0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.