> > > SDCSE

Security in the DC: Architectures, TrustSec and ACI (SDCSE)

Course Description Schedule Course Outline
 

About this Course

Security can no longer be an afterthought in any part of the network, as attacks become more sophisticated and targeted; the Data Center is more and more becoming a target for many attacks. Data Center administrators face a significant challenge: They need to secure the Data Center without compromising the performance and functionality that new Data Center environments enable. Many are looking to secure the Data Center using solutions designed for the Internet edge, but these solutions are not enough. The Data Center has unique requirements around provisioning, performance, virtualization, applications, and traffic that Internet-edge security devices are simply not designed to address.

Securing the Data Center requires a solution that can:

  • Provide visibility and control over custom Data Center applications
  • Handle asymmetric traffic flows and application transactions between devices and Data Center’s
  • Adapt as Data Center’s evolve: to virtualization, software-defined networking (SDN), network functions virtualization (NFV), Cisco Application-Centric Infrastructures (ACIs) and beyond
  • Address the entire attack continuum: before, during, and after an attack
  • Integrate with security deployed across the entire network
  • Uses software-defined segmentation to simplify and accelerate security operations, and consistently enforce policy in the network (Cisco TrustSec)
  • Support geographically dispersed inter-DC traffic and deployments, including private, public and cloud environments. Architecture changes this, providing an architectural approach to Data Center security.

This course focuses on providing Cisco Partner SEs with a good technical overview of the solutions that are used to Secure a public or private Data Center.

Who should attend

The primary audience for this workshop is the SE or technical sales professional working mid-market and enterprise accounts.

What You Will Learn

Following completion of this course, students will:

  • Be able to explain the various solutions that make up Cisco Secure Data Center and how they can help customers evolve their Data Center and solve critical issues.
  • Understand how each of these solutions work, with particular focus on ASA (5585x, ASAv), Firepower and NGFW, Trustsec Integration, and how they will provide the levels of security required in the modern day Data Center.

Outline: Security in the DC: Architectures, TrustSec and ACI (SDCSE)

Positioning Security in the Data Center
  • Data Center trends and Solutions
  • Business Challenges
  • Security Challenges and priorities
  • Evolution of Traditional Data Center to cloud
Trends and Architecture
  • Evolution of Data Center architecture
  • Journey to the Cloud
  • DC traditional and evolving use cases
Evolution of Data Center Architecture
  • Security Building blocks (Segmentation)
  • VXLAN, DCI, LISP
  • Traditional Data Center to Application-Centric Infrastructure Security (ACIS)
Securing with ASA’s
  • Physical Firewalls: ASA 5585 Appliances
  • Virtualized ASA Firewall
  • Firewall Design Modes of Operation
  • ASA Failover
  • DC Scale Physical Firewalls with Clustering
  • Clustering features
  • Control and Data Interfaces
  • Packet flow through Cluster
  • Monitoring and Troubleshooting Clustering
Inter Data Centre (DC) Clustering
  • Split or Single Individual Mode Cluster
  • Extended Spanned Etherchannel Cluster
  • Split Spanned Etherchannel Cluster
Segmentation with TrustSec
  • TrustSec Relevancy to Data Center
  • How SGT/SGA Scales Policy Control
  • Policy Definition – ISE Policy Matrix
  • Use Cases for TrustSec in the Data Center
Threat Prevention
  • Firewall is not enough
  • IPS in Data Centers
  • What is FirePOWER™?
  • Firesight Management
  • Deployment Scenario
  • Cisco CVD Use Cases
  • ASA Cluster “Sandwich”
  • Nexus 7K EEM Scripts for SF Failure Monitoring
AMP add CTD and Cyber Security Insert


Virtualization
  • Common Virtualization Concerns
  • Virtualization Security
  • Managing Virtual Networking Policy
  • Cisco ASAv
Application-Centric Infrastructure Security (ACIS)
  • Centralized Policy Management and Automation
  • What is a REST API?
  • ASAv Flexible Licensing
  • vASA and vSwitch
  • Routed and Transparent Firewall
  • ASAv Deployment: Cloud Security FW+VPN
  • ASAv and VSG Compared
Comparing Cisco Virtual Firewalls
  • vIPS / vIDS
  • Journey to the Cloud “What can we do today to prepare for the cloud?”
Classroom Training

Duration 1 day

Price
  • United States: US$ 695
  • Cisco Learning Credits: 7 CLC
Enroll now
Online Training

Duration 1 day

Price
  • United States: US$ 695
  • Cisco Learning Credits: 7 CLC
Enroll now