|Classroom Live||Online Live||Onsite Training||Self-Paced|
Security in the DC: Architectures, TrustSec and ACI Training (SDCSE) Course Description
Security can no longer be an afterthought in any part of the network, as attacks become more sophisticated and targeted; the Data Center is more and more becoming a target for many attacks. Data Center administrators face a significant challenge: They need to secure the Data Center without compromising the performance and functionality that new Data Center environments enable. Many are looking to secure the Data Center using solutions designed for the Internet edge, but these solutions are not enough. The Data Center has unique requirements around provisioning, performance, virtualization, applications, and traffic that Internet-edge security devices are simply not designed to address.
Securing the Data Center requires a solution that can:
Provide visibility and control over custom Data Center applications
Handle asymmetric traffic flows and application transactions between devices and Data Center’s
Adapt as Data Center’s evolve: to virtualization, software-defined networking (SDN), network functions virtualization (NFV), Cisco Application-Centric Infrastructures (ACIs) and beyond
Address the entire attack continuum: before, during, and after an attack
Integrate with security deployed across the entire network
Uses software-defined segmentation to simplify and accelerate security operations, and consistently enforce policy in the network (Cisco TrustSec)
Support geographically dispersed inter-DC traffic and deployments, including private, public and cloud environments. Architecture changes this, providing an architectural approach to Data Center security.
This course focuses on providing Cisco Partner SEs with a good technical overview of the solutions that are used to Secure a public or private Data Center.
● If you are familiar with some aspects of Security in the DC: Architectures, TrustSec and ACI Training (SDCSE), we can omit or shorten their discussion.
● We can adjust the emphasis placed on the various topics or build the course around the mix of technologies of interest to you (including technologies other than those included in this outline).
● If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the course in manner understandable to lay audiences.
Audience / Target Group:
The primary audience for this workshop is the SE or technical sales professional working mid-market and enterprise accounts.
Duration: 1 days
Following completion of this course, students will:
Be able to explain the various solutions that make up Cisco Secure Data Center and how they can help customers evolve their Data Center and solve critical issues.
Understand how each of these solutions work, with particular focus on ASA (5585x, ASAv), Firepower and NGFW, Trustsec Integration, and how they will provide the levels of security required in the modern day Data Center.
Positioning Security in the Data Center
Data Center trends and Solutions
Security Challenges and priorities
Evolution of Traditional Data Center to cloud
Trends and Architecture
Evolution of Data Center architecture
Journey to the Cloud
DC traditional and evolving use cases
Evolution of Data Center Architecture
Security Building blocks (Segmentation)
VXLAN, DCI, LISP
Traditional Data Center to Application-Centric Infrastructure Security (ACIS)
Securing with ASA’s
Physical Firewalls: ASA 5585 Appliances
Virtualized ASA Firewall
Firewall Design Modes of Operation
DC Scale Physical Firewalls with Clustering
Control and Data Interfaces
Packet flow through Cluster
Monitoring and Troubleshooting Clustering
Inter Data Centre (DC) Clustering
Split or Single Individual Mode Cluster
Extended Spanned Etherchannel Cluster
Split Spanned Etherchannel Cluster
Segmentation with TrustSec
TrustSec Relevancy to Data Center
How SGT/SGA Scales Policy Control
Policy Definition – ISE Policy Matrix
Use Cases for TrustSec in the Data Center
Firewall is not enough
IPS in Data Centers
What is FirePOWER™?
Cisco CVD Use Cases
ASA Cluster “Sandwich”
Nexus 7K EEM Scripts for SF Failure Monitoring
AMP add CTD and Cyber Security Insert
Common Virtualization Concerns
Managing Virtual Networking Policy
Application-Centric Infrastructure Security (ACIS)
Centralized Policy Management and Automation
What is a REST API?
ASAv Flexible Licensing
vASA and vSwitch
Routed and Transparent Firewall
ASAv Deployment: Cloud Security FW+VPN
ASAv and VSG Compared
Comparing Cisco Virtual Firewalls
vIPS / vIDS
Journey to the Cloud “What can we do today to prepare for the cloud?”
Whether you are looking for general information or have a specific question, we want to help