Since 2009 the concept of cloud computing has been proposed, a variety of Internet services have emerged. The concept of cloud computing, is simply through a virtual network resources provided by providers, users can quickly build a huge network of virtual computing in the cloud environments, users can quickly build a huge network of virtual computing in the cloud environments to replace the physical equipments to save the huge cost and the complex settings, and to achieve offsite backup and without service interruption and so on. So the major companies all working to find a more convenient and quickly and cost-saving methods within virtual environments. However, the network security for virtual environments has no uniform specification and approaches, major security vendors are committed to developing a new protective equipment, but improving the firewall is still the fastest approach. In this thesis, we propose a defense architecture about network management and security, for resolve some security issues after the traditional physical network transform to cloud virtual network. In this paper, a method based on VLAN segmentation will be improved, replacing a physical firewall by the virtual switch which has the function of packets forwarding, to save the time that packets exchanged between the physical and virtual network. Combined with the security policy decision system to make defense rules, according to defense rules by SPDS, controller will command the virtual switch to perform it. Through this paper, we hope to construct a simple virtual firewall which can implement the function of physical network security defense system in cloud virtual environments.