網路 virtual 加密Virtual Network Encryption

適用於:Windows ServerApplies To: Windows Server

Virtual 網路加密提供 virtual 網路流量加密子網路標示為「加密支援」在彼此的虛擬電腦之間的能力。Virtual Network Encryption provides the ability for the virtual network traffic to be encrypted between Virtual Machines that communicate with each other within subnets that are marked as "Encryption Enabled".

這項功能會利用加密封包 virtual 子網路上資料流傳輸層級的安全性 (DTLS)。This feature utilizes Datagram Transport Layer Security (DTLS) on the virtual subnet to encrypt the packets. DTLS 提供的防護功能竊取、竄改和冒名存取實體網路的任何人。DTLS provides protection against eavesdropping, tampering and forgery by anyone with access to the physical network.

Virtual 網路加密 requries 在每個 SDN 上安裝的加密憑證支援 HYPER-V 主機時,在參考該憑證,並在每個 Virtual 網路設定的指紋 Network Controller 的認證物件這包含子網路需加密。Virtual Network encryption requries an encryption certificate to be installed on each of the SDN enabled Hyper-V hosts, a credential object in the Network Controller referencing the thumbprint of that certificate, and configuration on each of the Virtual Networks that contain subnets requiring encryption.

子網路上已支援加密之後, 子網路中的所有網路流量是會自動都加密。Once encryption is enabled on a subnet, all network traffic within that subnet is encrypted automatically. 這將會除了任何應用程式等級加密,也可能會才會生效。This will be in addition to any application level encryption that may also take place. 會自動傳送加密資料傳輸與之間子網路,即使這兩個子網路標示為加密。Traffic that crosses between subnets, even if both of the subnets are marked as encrypted is automatically sent unencrypted. 資料傳輸置於 virtual 網路邊界也會傳送加密。Any traffic that crosses the virtual network boundary is also sent unencrypted.

適用於設定 Virtual 網路加密的詳細資訊,請查看設定加密 Virtual 網路的For information on configuring Virtual Network Encryption, see Configure Encryption for a Virtual Network.

如果您必須要限制只有通訊加密子網路上的應用程式。If you must restrict applications to only communicate on the encrypted subnet. 您可以使用存取控制清單 (Acl) 只允許通訊目前子網路中。You can use Access Control Lists (ACLs) to only allow communication within the current subnet.

適用於設定存取控制清單的詳細資訊,請查看使用存取控制清單 (Acl) 來管理 Datacenter 網路流量 FlowFor information on configuring Access Control Lists, see Use Access Control Lists (ACLs) to Manage Datacenter Network Traffic Flow.