| 发明名称 | Network adapter based zoning enforcement | ||
| 摘要 | Embodiments of the present invention are directed to enforcing zoning at a network adapter of an end point device. Thus, a network adapter can monitor the communications that are sent and/or received by the adapter and discard communications that are prohibited based on the zoning rules applicable to the adapter. In some embodiments, zoning configuration information can be defined and stored at a central entity and sent to the various network adapters. Alternatively, or in addition, each network adapter can also check outgoing communications to ensure that they include a proper source address. More specifically, outgoing communications may be checked to ensure that their source address is the address (or one of the addresses) that are associated with the network adapter. This can be used to detect and/or prevent malfunctions and/or intentional tampering or hacking. | ||
| 申请公布号 | US8892733(B2) | 申请公布日期 | 2014.11.18 |
| 申请号 | US201414206262 | 申请日期 | 2014.03.12 |
| 申请人 | Emulex Corporation | 发明人 | Hirata Kenneth Hiroshi;Nixon Robert Harvey |
| 分类号 | G06F15/173;H04L29/06;H04L12/26 | 主分类号 | G06F15/173 |
| 代理机构 | McAndrews, Held & Malloy, Ltd. | 代理人 | McAndrews, Held & Malloy, Ltd. |
| 主权项 | 1. A method comprising: receiving a first set of addresses, each address in the first set of addresses corresponding to a network device in a first network zone to which a first virtual device has access, wherein an end point device comprises the first virtual device; receiving a second set of addresses, each address in the second set of addresses corresponding to a network device in a second network zone to which a second virtual device has access, wherein the end point device comprises the second virtual device; enforcing network zoning at the first virtual device by monitoring communications of the first virtual device and discarding communications of the first virtual device that do not include an address from the first set of address; and enforcing network zoning at the second virtual device by monitoring communications of the second virtual device and discarding communications that do not include an address from the second set of addresses; wherein the endpoint device, the network device in the first network zone, and the network device in the second network zone are communicatively coupled by a network; wherein the first set of addresses and the second set of addresses are generated by a zoning database module that is communicatively coupled to the end point device through the network. | ||
| 地址 | Costa Mesa CA US | ||