Abstract: Some embodiments of the invention provide a method of performing services on a host computer on which a machine executes. The method sends, to a file inspector, a first set of data associated with an event detected on the machine that is associated with a file stored on the machine. The method receives, from the file inspector, indication that the file stores confidential information. The method sends, to a context engine executing on the host computer separately from the machine, a second set of data associated with the file, the context engine storing the second set of data for subsequent access by a service engine that executes on the host computer separately from the machine, the service engine using the second set of data to perform a service operation on data messages associated with the machine.

Abstract: Some embodiments of the invention provide a method of performing services on a host computer on which a machine executes. At a service engine executing on the host computer separately than the machine, the method receives a data message from the machine. The method determines that the data message is associated with a file (1) that is stored on the machine and (2) that stores confidential information. The method performs a service operation on the data message based on said determination.

Abstract: A method to selectively encrypting packets includes filtering calls, at a virtual machine on a host, to connect sockets to server applications. When a call by a client application to connect a socket to a server application is detected, the method includes determining if the socket between the client and the server applications is to be encrypted based on identities of the client application, a user logged in on the virtual machine, or the client application and the user logged in on the virtual machine. The method includes filtering outbound packets in a protocol stack of the virtual machine. When the socket is to be encrypted and an outbound packet for the socket is detected, the method includes tagging the outbound packet for encryption by a hypervisor on the host and sending the outbound packet to a virtual network interface card (vNIC) emulated by the hypervisor.

Abstract: Example methods are provided for a host to maintain security system information in a virtualized computing environment, in which the host supporting a security system to secure a source virtualized computing instance. The method may include, based on an operation associated with the source virtualized computing instance, determining to maintain security system information associated with the security system. The method may further include obtaining the security system information that includes first information from the source virtualized computing instance, or second information from a source security virtualized computing instance, or both. The source virtualized computing instance may implement a first component of the security system and the source security virtualized computing instance a second component of the security system.

Abstract: Exemplary methods, apparatuses, and systems perform a secure socket layer (SSL) protocol initialization and maintenance on behalf of a virtual machine (VM). When a secure virtual machine (SVM) receives a data packet sent by an application running on a VM, the SVM transmits a request message to the VM to enable the VM to perform a handshake with a destination computer to initiate an encrypted session between the VM and the computer. Once the encrypted session is active, the SVM encrypts the data packet, and transmits the encrypted data packet to the VM to perform the transmission of the encrypted data packet to the destination server.

Abstract: Exemplary methods, apparatuses, and systems perform a secure socket layer (SSL) protocol initialization and maintenance on behalf of a virtual machine (VM). When a secure virtual machine (SVM) receives a data packet sent by an application running on a VM, the SVM transmits a request message to the VM to enable the VM to perform a handshake with a destination computer to initiate an encrypted session between the VM and the computer. Once the encrypted session is active, the SVM encrypts the data packet, and transmits the encrypted data packet to the VM to perform the transmission of the encrypted data packet to the destination server.

Abstract: A method to selectively encrypting packets includes filtering calls, at a virtual machine on a host, to connect sockets to server applications. When a call by a client application to connect a socket to a server application is detected, the method includes determining if the socket between the client and the server applications is to be encrypted based on identities of the client application, a user logged in on the virtual machine, or the client application and the user logged in on the virtual machine. The method includes filtering outbound packets in a protocol stack of the virtual machine. When the socket is to be encrypted and an outbound packet for the socket is detected, the method includes tagging the outbound packet for encryption by a hypervisor on the host and sending the outbound packet to a virtual network interface card (vNIC) emulated by the hypervisor.

Abstract: Example methods are provided for a host to maintain security system information in a virtualized computing environment, in which the host supporting a security system to secure a source virtualized computing instance. The method may include, based on an operation associated with the source virtualized computing instance, determining to maintain security system information associated with the security system. The method may further include obtaining the security system information that includes first information from the source virtualized computing instance, or second information from a source security virtualized computing instance, or both. The source virtualized computing instance may implement a first component of the security system and the source security virtualized computing instance a second component of the security system.