Abstract:
Technologies for dynamically allocating acceleration units of a network device include a network device configured to determine a present compute usage value associated with a workload of the virtual machine, determine whether to accelerate the virtual machine as a function of the present compute usage and a compute capability usage limit, and select, in response to a determination to accelerate the virtual machine, an acceleration unit from one or more acceleration units, as a function of a type of the workload. Additionally, the network device is configured to allocate the identified acceleration unit. Other embodiments are described and claimed.
Abstract:
Technologies for securing a virtualization network function (VNF) image includes a security server to generate a wrapping cryptographic key to wrap a private key of the VNF image and replace the private key with the wrapped private key to secure the private key. During operation, the VNF image may be authenticated by a network function virtualization (NFV) server as needed. Additionally, the signature of the VNF image may be updated each time the VNF image is shutdown to ensure the continued authenticity of the VNF image.
Abstract:
Technologies for dynamically allocating acceleration units of a network device include a network device configured to determine a present compute usage value associated with a workload of the virtual machine, determine whether to accelerate the virtual machine as a function of the present compute usage and a compute capability usage limit, and select, in response to a determination to accelerate the virtual machine, an acceleration unit from one or more acceleration units, as a function of a type of the workload. Additionally, the network device is configured to allocate the identified acceleration unit. Other embodiments are described and claimed.
Abstract:
Technologies for enforcing virtual machine network access control include a network computing device that includes a plurality of virtual machines. The network computing device is configured to receive an access request from a virtual function assigned to a requesting virtual machine of the network computing device. The network computing device is additionally configured to determine a first privilege level assigned to the requesting machine and a second privilege level assigned to the destination virtual machine, and determine whether the requesting virtual machine is authorized to access the destination virtual machine based on a comparison of the first and second privilege levels. Upon determining the requesting virtual machine is authorized to access the destination virtual machine, the network computing device is additionally configured to allow the requesting virtual machine access to the destination virtual machine. Other embodiments are described herein.
Abstract:
Technologies for secure inter-virtual-machine shared memory communication include a computing device with hardware virtualization support. A virtual machine monitor (VMM) authenticates a view switch component of a target virtual machine. The VMM adds configures a secure memory view to access a shared memory segment. The shared memory segment may include memory pages of a source virtual machine or the VMM. The view switch component switches to the secure memory view without generating a virtual machine exit event, using the hardware virtualization support. The view switch component may switch to the secure memory view by modifying an extended page table (EPT) pointer. The target virtual machine accesses the shared memory segment via the secure memory view. The target virtual machine and the source virtual machine may coordinate ownership of memory pages using a secure view control structure stored in the shared memory segment. Other embodiments are described and claimed.