> > > N1KV-VSG

Cisco VSG and PNSC on Nexus 1000V (N1KV-VSG)

Course Description Schedule Course Outline Lab Topology
 

About this Course

Cisco VSG and PNSC on Nexus 1000V is a 2-day hands-on course on implementing and managing Virtual Security Gateway (VSG) for Cisco Nexus 1000V Switches. VSG is a virtual appliance designed to secure data centers in enterprise and cloud provider environments based on dynamic policy-based operations, mobility-transparent enforcement, and scale-out deployment for dense multitenancy. VSG provides workload virtualization with the security of zone-based controls based on policy and activity monitoring. VSG will help you to ensure data center protection that is easy to manage, monitor and audit.

Who should attend

The primary audience for this course is:

  • Network, systems, and consulting systems engineers, as well as server administrators

The secondary audience for this course is:

  • Network designers, administrators, and managers

Class Prerequisites

Solid understanding of the key components and procedures for Nexus 1000V configuration and implementation covered in Configuring the Cisco Nexus 1000V (DCNX1K)

What You Will Learn

  • Design, Install, Configure and Troubleshoot Cisco Virtual Security Gateway (VSG), Prime Network Services Controller (PNSC/NSC), and Virtual Network Management Center (VNMC) and how they all interrelate and work together.
  • Gain a fresh view of the current best practices, pitfalls and known issues surrounding these technologies and the current list of certified 3rd party vendor products with which you can integrate easily.
  • Understand the fundamentals of the Cisco VSG, PNSC, and VNMC components, how to install, configure and troubleshoot each.
  • Gain an understanding of the current datacenter and infrastructure/application security model best practices, pitfalls and known issues.

Outline: Cisco VSG and PNSC on Nexus 1000V (N1KV-VSG)

Module 1: Configuring Cisco N1KV with vSphere

  • Cisco Nexus 1000V series components
  • Network-based policy
  • Cisco Nexus 1000V series theory of operation
    • VMware networking overview
      • System overview
      • Virtual chassis
      • Network policy management
      • Policy mobility
      • Installation
    • Virtual supervisor module (VSM)
      • Description
      • Cisco NX-OS software
      • VSM interfaces
      • Domain ID
      • VSM and VMware vCenter integration
    • Virtual ethernet module
      • Switch port interfaces
      • Switch forwarding
      • MAC address learning
      • Loop prevention
    • VEM-to-VSM communication: enhanced installer app
    • Port profiles
      • Virtual ethernet profiles
      • Live policy changes
      • Virtual ethernet profiles
      • Ethernet or uplink profiles
      • System VLANs
    • Cisco Nexus 1000V series network design
    • Design considerations
      • VSM best practices
      • Benefits of connecting VMware interfaces to Cisco Nexus 1000V series
    • Traffic classification
    • Bandwidth reservation with QoS queuing
    • VLAN consistency
    • Traffic separation
    • Upstream switch connectivity
      • Standard PortChannel
      • Special PortChannel
      • Load balancing
      • Network-state tracking
    • Design examples
      • Connection to two clustered upstream switches
      • Connection to two unclustered upstream switches certified configuration
  • Best practices
  • Known issues and pitfalls

Module 2: Installing and Configuring Cisco Prime Network Security Controller (PNSC)

  • Installing PNSC
    • Installation requirements
    • Cisco PNSC system requirements
    • Web-Based GUI client requirements
    • Firewall ports requiring access
    • Information required for installation and configuration
    • Shared secret password criteria
    • Configuring chrome for use with Cisco PNSC
  • ESXi server
  • Installing Cisco PNSC step-by-step
  • Verifying the PNSC installation

Module 3: Cisco Virtual Network Management Center (VNMC) Installation

  • VNMC features and GUI overview
  • Primary authentication
  • Role-based access control
  • Trusted points
  • VNMC profiles
  • VM managers
  • Tenants
  • Security policies
  • Device profiles and policies
  • Managed resources
  • Backups

Module 4: Virtual Security Gateway (VSG) Overview and Best Practices

  • VSG overview
    • VSG models
    • Product architecture
    • Fast path connection timeouts
    • Trusted multitenant access
    • Dynamic (virtualization-aware) operation
  • Cisco VSG deployment Scenarios
    • VEM Interface for a Cisco VSG in the layer-3 mode
    • Cisco vPath
    • Cisco VSG network virtual service
  • Configuring VSG for the network
  • Cisco VSG configuration overview
  • Cisco Nexus 1000V series switch VSM
  • Port profile
  • Virtual security gateway
    • Security profile
    • Firewall policy
    • Object groups
    • Zones
    • Rules
    • Actions
    • Service firewall logging
    • Sequence in configuring a Cisco VSG in layer-3 mode

Module 5: Cisco VSG Installation

  • Installing Cisco VSG
    • Host and VM requirements
    • Cisco VSG and supported Cisco Nexus 1000V series device terminology
  • Installing VSG via ISO
    • Host and VM requirements
    • Prerequisites to installing VSG software
    • Obtaining the VSG software
    • Detailed steps
  • Installing VSG via OVA
    • Host and VM requirements
    • Prerequisites to installing VSG software
    • Obtaining the VSG software
    • Detailed steps
  • Verifying the Cisco VSG configuration
Classroom Training

Duration 2 days

Price
  • United States: US$ 1,795
  • Cisco Learning Credits: 18 CLC
Enroll now
Online Training

Duration 2 days

Price
  • United States: US$ 1,795
  • Cisco Learning Credits: 18 CLC
Enroll now