首页>
外国专利>
PERFORMING APPID BASED FIREWALL SERVICES ON A HOST
PERFORMING APPID BASED FIREWALL SERVICES ON A HOST
展开▼
机译:在主机上执行基于APPID的防火墙服务
展开▼
页面导航
摘要
著录项
相似文献
摘要
Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines, and for consuming the captured contextual attributes to perform services on the host computers. The machines are virtual machines (VMs) in some embodiments, containers in other embodiments, or a mix of VMs and containers in still other embodiments. Some embodiments execute a guest-introspection (GI) agent on each machine from which contextual attributes need to be captured. In addition to executing one or more machines on each host computer, these embodiments also execute a context engine and one or more attribute-based service engines on each host computer. One of these service engines is a firewall engine. Through the GI agents of the machines on a host, the context engine of that host in some embodiments collects contextual attributes associated with network events and/or process events on the machines. The context engine then provides the contextual attributes to the firewall engine, which, in turn, use these contextual attributes to identify firewall rules to enforce.
展开▼