An access control system for a computing environment in which a number of
processing nodes are interconnected to one another via an interconnection
system. Multiple program applications, each made up of a number of
application components, are installed in the environment, such that their
components may be distributed among the various processing nodes of the
platform. A set of rules is established, indicating allowed inter-node
communications between the application components, and those rules are
mapped onto a set of logic in the platform. The logic may be embodied in
various forms, such as packet-filtering logic in a network interconnect
switch, or firewall logic in a processing node. In turn, when an
application component on one node attempts to communication with another
application component on another node, a determination can be made
whether the communication is allowed and, if the communication is not
allowed, the communication can be blocked.