A: Both members of the vShield suite, vShield Zones and vShield App provide firewall services for virtual machines (VMs). vShield Zones is intended to provide basic protection by way of network ACLs. vShield App serves as an upgrade to vShield Zones when environments require more granular control over policies.

vShield App offers additional services such as flow monitoring and reporting, as well as policy enforcement via security and vCenter groups. vShield App’s firewall is also different in that it enforces network policies via hypervisor-layer inspection with support for multi-homed VMs.