The vCloud Networking and Security Data Security architecture has been defined in the following figure, where you will find similarities with the architecture of other solutions that work with vShield Endpoint, which we described in the previous chapter.
You cannot deploy vCloud Networking and Security Data Security unless you install vShield Endpoint for each ESXi host on your vSphere Datacenter. Once you install vShield Endpoint, you can use VMware vCloud Networking and Security Manager to deploy a vCloud Networking and Security Data Security virtual appliance on each ESXi host. The virtual appliance is based on the EPSEC framework, so it includes an agent that works with the vShield Endpoint service to scan virtual machines by communicating with them through the vShield Thin Agent that is included in VMware Tools. The Thin Agent driver is the software in the guest VM that offloads security events via the hypervisor to the vShield...