Introduction
In most modern operating systems, there is an option to install a firewall on the host. The rules configured in a host-based firewall manage the traffic at the host level, and provide an additional layer of defense along with network firewalls and intrusion detection systems. Multiple layers of security provide a complete defense-in-depth architecture. As mentioned in Chapter 1, Threat and Vulnerability Overview, the concept of defense-in-depth builds layers of security providing protection, should another layer fail or be compromised.
The second component of the vShield family to be configured, which we'll discuss, is vShield App. vShield App is a host-based layer 2 firewall that is implemented at the vNIC level of the hypervisor. vShield App presents itself as a virtual appliance in the vCenter management tool. For each protected ESXi host, there is an associated vShield App virtual machine that runs on the said host. To protect the entire virtualization environment managed...
