Yes, hosts can be nested. To use your analogy, you might have nested hosts - one for the immediate customer service / human resource / supply and logistics functions, and one for the more secure functions, like security, vault systems, safety deposit boxes, and the like. The latter host may have an appearance in the former host similar to a vault inside the physical bank - or it may just be a door to one side, innocuous. (Different design philosophy, is all.)
However he wants to handle it, though, is up to the GM, and though it doesn't make sense that you should be able to hack the vault by way of the coffeemaker, someone out there is liable to make that mistake. Once, anyhow. Me, I'd nest hosts - or at least have the bank's standard host
have a host-to-host access point into the bank's Vault Host, so that the employees don't have to take a virtual step outside the bank and run down the street just to get into their own vault.
Note, however, that purvue has something wrong: a host
always has a physical location.A host has a computer, or a network of computers, upon which it runs; the Matrix doesn't just mysteriously and magically run on nothing, there are buildings and buildings full of computer banks all over the world keeping this drek running. The host's physical location might
not correspond to its matrix location - all the Stuffer Shacks, for example, may be hosted on the Aztechnology grid (since they are, after all, a wholly-owned subsidiary of the fine folk down at AZT), and run off about a thousand computer systems deep inside Tenochtitlan; that would be their
physical location. Meanwhile, each Stuffer Shack host's
matrix location - its front door - corresponds with the physical location of the actual Stuffer Shack it represents.
Plotting out the physical location of a host might require some serious in-depth codehacking that certain individuals may not wish you to do, of course; sounds perfect for a shadowrun.