By Topic

Seamless virtual machine live migration on network security enhanced hypervisor

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Chen Xianqin ; State Key Lab. of Virtual Reality Technol. & Syst., Beijing Univ. of Aeronaut. & Astronaut., Beijing, China ; Wan Han ; Wang Sumei ; Long Xiang

Since the virtual network traffic is invisible outside the hypervisor, it is impossible for traditional network-base security devices to harness the attacks happened in virtual computing environment. Industry and academies adopt the network security enabled hypervisor (NSE-H) to protect virtual machines (VM) residing in the virtual network. In this paper, we identified the insufficiency of the existing live migration implementation, which prevents itself from providing transparent VM relocation between NSE-Hs. This occurs because the contemporary migration implementation only takes VM encapsulated states into account, but ignores VM related security context(SC) needed by NSE-H embedded security engines (SE). We presented a comprehensive live migration framework for the NSE-H, considering both the execution context encapsulated in VM instance and the VM related security context within the SEs. We built a prototype system of the framework based on stateful firewall enabled Xen hypervisor. Our experiment was performed with realistic applications and the results demonstrate that the solution complements the insufficiency without introducing significant performance downgrade. Even in the worst case, the downtime that occurs during migration increases no more than 15%, comparing to existing implementation.

Published in:

Broadband Network & Multimedia Technology, 2009. IC-BNMT '09. 2nd IEEE International Conference on

Date of Conference:

18-20 Oct. 2009