关键词: 云平台, 虚拟服务器, 网络端口, 交换机, 虚拟局域网, 访问控制

Abstract: Cloud platform has been widely used because of its fast application release, convenient management, and efficient use of hardware resources. The widespread use of private clouds raises two problems: 1）Access control between virtual hosts in the cloud. 2)the security resources utilization in the original entity network. To solve the above two problems, according to the characteristics that the services provided by the virtual host are completed through the network，assign a separate vlan to the network interface card(NIC) of the virtual machine, so the virtual machine is isolated from each other in the cloud platform.The physical machine and physical switch are connected by trunk, other ports of physical switch are configured to access mode,bind the same vlan as the NIC of a specific virtual machine, Make the NIC (NIC Group) of VM and the port of physical switch correspond one by one through vlan, and substantialize the NIC (NIC Group) of VM. When the VM’s NIC is substantialized, the data exchange between VMs can only be carried out through the physical switch, so the access control can be done in physical network，And the protection scheme in the physical network can be extended, the network security resources can be fully utilized, and the cost can be saved while the security is improved．

Key words: cloud platform, virtual server, NIC, switch, vlan, access control