Abstract: Cloud platform has been widely used because of its fast application release, convenient management, and efficient use of hardware resources. The widespread use of private clouds raises two problems: 1）Access control between virtual hosts in the cloud. 2)the security resources utilization in the original entity network. To solve the above two problems, according to the characteristics that the services provided by the virtual host are completed through the network，assign a separate vlan to the network interface card(NIC) of the virtual machine, so the virtual machine is isolated from each other in the cloud platform.The physical machine and physical switch are connected by trunk, other ports of physical switch are configured to access mode,bind the same vlan as the NIC of a specific virtual machine, Make the NIC (NIC Group) of VM and the port of physical switch correspond one by one through vlan, and substantialize the NIC (NIC Group) of VM. When the VM’s NIC is substantialized, the data exchange between VMs can only be carried out through the physical switch, so the access control can be done in physical network，And the protection scheme in the physical network can be extended, the network security resources can be fully utilized, and the cost can be saved while the security is improved．

Key words: cloud platform, virtual server, NIC, switch, vlan, access control

摘要： 云平台因其发布应用的快速性，管理的便利性，硬件资源的高效利用等特点，而获得了广泛的使用．私有云的充分发展，由此带来了2个问题：1）云内部虚拟服务器之间的访问控制问题．2）实施虚拟化之后，原先实体网络中的安全资源利用问题．针对上述2个问题，根据虚拟服务器提供的服务都通过网络接口完成的特点，通过给虚拟服务器的网卡分配单独的VLAN，使得虚拟服务器在云平台中处于相互隔离的状态，虚拟化的实体主机和实体交换机之间使用TRUNK网络相连，配置实体交换机的指定端口，使用ACCESS端口功能，绑定与特定虚拟服务器相同的VLAN，使得虚拟服务器的网络端口（端口组）和实体交换机的网络端口通过VLAN一一对应，通过以上步骤将虚拟服务器的网络端口实体化，网络端口实体化后虚拟服务器之间的数据交换只能通过实体交换机进行，因此虚拟服务器访问控制问题，可转移到实体网络中解决．虚拟服务器网络端口实体化之后，可以延用实体网络中的防护方案，可充分利用原有的网络安全资源，在提升安全性的同时节约了开支．

关键词: 云平台, 虚拟服务器, 网络端口, 交换机, 虚拟局域网, 访问控制