VMware vShield is a suite of security virtual appliances that are built to work with vSphere, protecting virtualized datacenters from attacks and misuse.

VMware vShield is not a component of vSphere, but as a companion to vSphere it provides security for applications and data in the cloud.

The vShield suite includes vShield Zones, vShield Edge, vShield App, and vShield Endpoint.

vShield Zones provides firewall protection for traffic between virtual machines. For each Zones Firewall rule, you can specify the source IP, destination IP, source port, destination port, and service.

vShield Edge provides network edge security and gateway services to isolate the virtual machines in a port group, distributed port group, or Cisco Nexus 1000V. vShield Edge connects isolated, stub networks to shared, uplink networks by providing common gateway services such as DHCP, VPN, NAT, and load balancing. Common deployments of vShield Edge include in the DMZ, VPN extranets, and multitenant cloud environments where vShield Edge provides perimeter security for virtual datacenters (VDCs).

vShield App is an interior, virtual-NIC-level firewall that allows you to create access control policies regardless of network topology. vShield App monitors all traffic in and out of an ESXi host, including between virtual machines in the same port group. vShield App includes traffic analysis and container-based policy creation.

vShield Endpoint delivers an introspection-based antivirus solution. vShield Endpoint uses the hypervisor to scan guest virtual machines from the outside without an agent. vShield Endpoint avoids resource bottlenecks while optimizing memory use.

See the vShield Administration Guide.