VMware, Inc.
Per-application VPN in container based environments

Abstract:

One or more VPN tunnels are established in a site-to-site configuration. A VPN transition subnet is defined and associated with each VPN tunnel. Once the VPN tunnel(s) and the LAN(s) have been configured, a per-application VPN policy can be specified for any applications that require site-to-site VPN access. Whenever a new application is launched, a container is created for executing the VM. The VPN management system reads the VPN policy to determine whether the application is permitted to access any VPN tunnels. If the application is permitted to access a VPN tunnel, a vNIC is generated on the VM for the container of the application and/or a new IP address on the vNIC is assigned to the container. The new IP address and/or the new vNIC are then added to the VPN transition subnet associated with the VPN tunnel to enable the application to access the VPN tunnel.