Enforcing per-application VPN policies for applications delivered in virtualized computing environments

摘要

A VPN tunnel policy is defined on a per-application basis. The VPN tunnel policy may specify that a particular application is permitted to transmit data on a specific VPN tunnel. Subsequently, the specified application is delivered to one or more virtual machines and an application tunnel manager creates a new virtual network interface card (NIC) on the VM, corresponding to the delivered application. The newly created virtual NIC is attached to a specified subnet. The subnet may be a VPN transition network with a connection to a VPN gateway device. The subnet may have been previously defined or generated at the time of assigning the application to the VPN tunnel. Once the virtual NIC has been created on the VM, an OS script is executed to force the delivered application to use the newly created virtual NIC and to prevent users from changing the application and virtual NIC linkage.