With recent advances in virtual computing and the revelation that compute-intensive tasks run well on system virtual machines (VMs), the ability to develop, deploy, and manage distributed systems has been ameliorated. This paper explores the design space of VM-based sandboxes where the following techniques that facilitate the deployment of secure nodes in Wide-area Overlays of virtual Workstations (WOWs) are employed: DHCP-based virtual IP address allocation, self-configuring virtual networks supporting peer-to-peer NAT traversal, stacked file systems, and IPsec-based host authentication and end-to-end encryption of communication channels. Experiments with implementations of single-image VM sandboxes, which incorporate the above features and are easily deployable on hosted I/O VMMs, show execution time overheads of 10.6% or less for a batch-oriented CPU-intensive benchmark.
展开▼
机译:随着虚拟计算的最新进展以及有关计算密集型任务在系统虚拟机(VM)上运行良好的启示,开发,部署和管理分布式系统的能力得到了改善。本文探讨了基于VM的沙箱的设计空间,其中采用了以下技术来促进在虚拟工作站(WOW)的广域网覆盖中部署安全节点:基于DHCP的虚拟IP地址分配,自配置虚拟网络支持对等NAT遍历,堆叠文件系统以及基于IPsec的主机身份验证和通信通道的端到端加密。单映像VM沙箱实现的实验具有上述功能,可以轻松部署在托管的I / O VMM上,对于面向批处理的CPU密集型基准,执行时间开销为10.6%或更少。
展开▼