Abstract: A tag-based policy architecture enforces information technology (IT) policy in a virtualized computing environment using cryptographically-verifiable metadata to authenticate compute resources coupled to a computer network and to authorize access to protected resources of the network. The compute resources are illustratively virtual machine instances (VMIs) provided by a virtual data center (VDC) of the environment, whereas the protected resources are illustratively virtualized storage, network and/or other compute resources of the VDC. Each VMI includes an intermediary manager, e.g., metavisor. The tag-based policy architecture includes an infrastructure having a centralized policy decision end point (e.g., a control plane of the VDC) and distributed policy enforcement endpoints (e.g.

Abstract: A technique transparently deploys an operating entity (OE) into a network data path of a virtualized computing environment that includes a guest operating system (OS) running in a virtual machine instance (VMI) of a virtual data center (VDC). The OE is embodied as an intermediary manager, e.g., a meta-hypervisor (metavisor), of a computing cell within the VMI that includes the guest OS and associated applications. The computing cell is layered over a hypervisor which manages system resources of the VDC in an arrangement such that the metavisor is disposed between the hypervisor and guest OS, and operates transparent to the guest OS. The transparent deployment technique involves a set of conditional tests and actions embodied as modules of the metavisor that is applied to examine network packet traffic exchanged over the network data path and that operates to make the presence of the metavisor within the network data path “invisible” (i.e., transparent) to the guest OS, i.e.

Abstract: A technique implements network policy deployed in a tag-based policy architecture of a virtualized computing environment. One or more virtual machine instances (VMIs) may be provided by a virtual data center (VDC) of the environment, wherein each VMI includes an intermediary manager of a computing cell that also includes a guest operating system (OS) and associated applications. The tag-based policy architecture may be configured to enforce the network policy in the virtualized computing environment using cryptographically-verifiable metadata to authenticate compute resources, such as the VMIs, coupled to a computer network and to authorize access to protected resources, such as virtualized network resources of the VDC.

Abstract: A tag-based policy architecture enforces information technology (IT) policy in a virtualized computing environment using cryptographically-verifiable metadata to authenticate compute resources coupled to a computer network and to authorize access to protected resources of the network. The compute resources are illustratively virtual machine instances (VMIs) provided by a virtual data center (VDC) of the environment, whereas the protected resources are illustratively virtualized storage, network and/or other compute resources of the VDC. Each VMI includes an intermediary manager, e.g., metavisor. The tag-based policy architecture includes an infrastructure having a centralized policy decision end point (e.g., a control plane of the VDC) and distributed policy enforcement endpoints (e.g.

Abstract: A tag-based policy architecture enforces information technology (IT) policy in a virtualized computing environment using cryptographically-verifiable metadata to authenticate compute resources coupled to a computer network and to authorize access to protected resources of the network. The compute resources are illustratively virtual machine instances (VMIs) provided by a virtual data center (VDC) of the environment, whereas the protected resources are illustratively virtualized storage, network and/or other compute resources of the VDC. Each VMI includes an intermediary manager, e.g., metavisor. The tag-based policy architecture includes an infrastructure having a centralized policy decision end point (e.g., a control plane of the VDC) and distributed policy enforcement endpoints (e.g.

Abstract: A technique transparently deploys an operating entity (OE) into a network data path of a virtualized computing environment that includes a guest operating system (OS) running in a virtual machine instance (VMI) of a virtual data center (VDC). The OE is embodied as an intermediary manager, e.g., a meta-hypervisor (metavisor), of a computing cell within the VMI that includes the guest OS and associated applications. The computing cell is layered over a hypervisor which manages system resources of the VDC in an arrangement such that the metavisor is disposed between the hypervisor and guest OS, and operates transparent to the guest OS. The transparent deployment technique involves a set of conditional tests and actions embodied as modules of the metavisor that is applied to examine network packet traffic exchanged over the network data path and that operates to make the presence of the metavisor within the network data path “invisible” (i.e., transparent) to the guest OS, i.e.

Abstract: A technique transparently deploys an operating entity (OE) into a network data path of a virtualized computing environment that includes a guest operating system (OS) running in a virtual machine instance (VMI) of a virtual data center (VDC). The OE is embodied as an intermediary manager, e.g., a meta-hypervisor (metavisor), of a computing cell within the VMI that includes the guest OS and associated applications. The computing cell is layered over a hypervisor which manages system resources of the VDC in an arrangement such that the metavisor is disposed between the hypervisor and guest OS, and operates transparent to the guest OS. The transparent deployment technique involves a set of conditional tests and actions embodied as modules of the metavisor that is applied to examine network packet traffic exchanged over the network data path and that operates to make the presence of the metavisor within the network data path “invisible” (i.e., transparent) to the guest OS, i.e.

Abstract: A technique transparently deploys an operating entity (OE) into a network data path of a virtualized computing environment that includes a guest operating system (OS) running in a virtual machine instance (VMI) of a virtual data center (VDC). The OE is embodied as an intermediary manager, e.g., a meta-hypervisor (metavisor), of a computing cell within the VMI that includes the guest OS and associated applications. The computing cell is layered over a hypervisor which manages system resources of the VDC in an arrangement such that the metavisor is disposed between the hypervisor and guest OS, and operates transparent to the guest OS. The transparent deployment technique involves a set of conditional tests and actions embodied as modules of the metavisor that is applied to examine network packet traffic exchanged over the network data path and that operates to make the presence of the metavisor within the network data path “invisible” (i.e., transparent) to the guest OS, i.e.