Application-transparent live migration for virtual machine on network security enhanced hypervisor

As the number of Virtual Machines (VMs) consolidated on single physical server increases with the rapid advance of server hardware, virtual network turns complex and frangible. Modern Network Security Engines (NSE) are introduced to eradicate the intrusions occurring in the virtual network. In this paper, we point out the inadequacy of the present live migration implementation, which hinders itself from providing transparent VM relocation between hypervisors equipped with Network Security Engines (NSE-H). This occurs because the current implementation ignores VM-related Security Context (SC) required by NSEs embedded in NSE-H. We present the CoM, a comprehensive live migration framework, for NSE-H-based virtualization computing environment. We built a prototype system on Xen hypervisors to evaluate our framework, and conduct experiments under various realistic application environments. The results demonstrate that our solution successfully fixes the inadequacy of the present live migration implementation, and the performance overhead is negligible.