title: Key concepts
Splits logical connectivity from physical disposition
Vserver and hosts do not connect anywhere
  -Uniform/restrictive firewall on every hosts
  -Vservers on same host can't talk directly
Rendezvous protocol
  -A vserver never connects outside of his server
  -Servers only receive outside connection from a
   limited set of servers (blackholes and wormholes)
A completly tight network
  -A compromised vserver can't escape in the network.
  -Access rules are easily generated/audited.