Network Resources

Similar to a shared resource, a network resource is a passive entity used for communication and information sharing between domains. But (as the name implies) it is used for data transfer over a network device. Graphically, network resources are circles with arrows through the bounding circle to distinguish it from a shared resource.

The network resource supports secure network communication using either Labeled Networking (ipsec) or IPTables (secmark). With Labeled Networking, packets are labeled with the type of the domain sending data over the network. With IPTables, packets matching the rule specified for a particular network resource are labeled with the type of that network resource, and different types can be used for different source/target pairs.

Use Labeled Networking when the communication endpoints are predefined for the network communication, for example, when creating policies for multiple systems and data is transfered between systems over a network. You must specify the IP address (or DNS) for each machine.

Use IPTables when designing a server type system where many remote machines will be connecting over a network to the system.

Like base domains and base resources network resources can not be created as a child of a domain.