| 摘要 |
PROBLEM TO BE SOLVED: To optimize resources of a security apparatus so as to optimize network communication when the security apparatus is shared in an SDN environment.SOLUTION: A generation unit 651 of an OFC 6 instructs an IPS 5 to generate an instance of an IPS 5A on a virtual machine operating on the IPS 5. A first rule setting unit 652 refers to a signature table 61, and sets a copy of a signature stored in the IPS 5 to the IPS 5A. In addition, it deletes a signature for a tenant of a company B NW7B from the IPS 5. It also deletes a signature for a tenant of a company A NW7A among copies of signatures set to the IPS 5A. A first update unit 653 updates the flow entry of an OFS 4A so that a packet destined to the tenant of the company A NW7A is transferred to the IPS 5 and a packet destined to the tenant of the company B NW7B is transferred to the IPS 5A.SELECTED DRAWING: Figure 2 |
