Security in the DC: Architectures, TrustSec and ACI Training (SDCSE)

classroom Live training locations in Canada onsite training virtual training live
Classroom Live Online Live Onsite Training Self-Paced

Security in the DC: Architectures, TrustSec and ACI Training (SDCSE)


Security in the DC: Architectures, TrustSec and ACI Training (SDCSE) Course Description

Security can no longer be an afterthought in any part of the network, as attacks become more sophisticated and targeted; the Data Center is more and more becoming a target for many attacks. Data Center administrators face a significant challenge: They need to secure the Data Center without compromising the performance and functionality that new Data Center environments enable. Many are looking to secure the Data Center using solutions designed for the Internet edge, but these solutions are not enough. The Data Center has unique requirements around provisioning, performance, virtualization, applications, and traffic that Internet-edge security devices are simply not designed to address.

Securing the Data Center requires a solution that can:

Provide visibility and control over custom Data Center applications
Handle asymmetric traffic flows and application transactions between devices and Data Center’s
Adapt as Data Center’s evolve: to virtualization, software-defined networking (SDN), network functions virtualization (NFV), Cisco Application-Centric Infrastructures (ACIs) and beyond
Address the entire attack continuum: before, during, and after an attack
Integrate with security deployed across the entire network
Uses software-defined segmentation to simplify and accelerate security operations, and consistently enforce policy in the network (Cisco TrustSec)
Support geographically dispersed inter-DC traffic and deployments, including private, public and cloud environments. Architecture changes this, providing an architectural approach to Data Center security.

This course focuses on providing Cisco Partner SEs with a good technical overview of the solutions that are used to Secure a public or private Data Center.

Customize It:

● If you are familiar with some aspects of Security in the DC: Architectures, TrustSec and ACI Training (SDCSE), we can omit or shorten their discussion.
● We can adjust the emphasis placed on the various topics or build the course around the mix of technologies of interest to you (including technologies other than those included in this outline).
● If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the course in manner understandable to lay audiences.

Audience / Target Group:

The primary audience for this workshop is the SE or technical sales professional working mid-market and enterprise accounts.

Related Courses:

VersaStack Implementation Fast Track Training (VSIFT)
VersaStack Implementation Training (VSI)

Duration: 1 days

Skills Gained:

Following completion of this course, students will:

Be able to explain the various solutions that make up Cisco Secure Data Center and how they can help customers evolve their Data Center and solve critical issues.
Understand how each of these solutions work, with particular focus on ASA (5585x, ASAv), Firepower and NGFW, Trustsec Integration, and how they will provide the levels of security required in the modern day Data Center.

Course Content:

Positioning Security in the Data Center

Data Center trends and Solutions
Business Challenges
Security Challenges and priorities
Evolution of Traditional Data Center to cloud

Trends and Architecture

Evolution of Data Center architecture
Journey to the Cloud
DC traditional and evolving use cases

Evolution of Data Center Architecture

Security Building blocks (Segmentation)
Traditional Data Center to Application-Centric Infrastructure Security (ACIS)

Securing with ASA’s

Physical Firewalls: ASA 5585 Appliances
Virtualized ASA Firewall
Firewall Design Modes of Operation
ASA Failover
DC Scale Physical Firewalls with Clustering
Clustering features
Control and Data Interfaces
Packet flow through Cluster
Monitoring and Troubleshooting Clustering

Inter Data Centre (DC) Clustering

Split or Single Individual Mode Cluster
Extended Spanned Etherchannel Cluster
Split Spanned Etherchannel Cluster

Segmentation with TrustSec

TrustSec Relevancy to Data Center
How SGT/SGA Scales Policy Control
Policy Definition – ISE Policy Matrix
Use Cases for TrustSec in the Data Center

Threat Prevention

Firewall is not enough
IPS in Data Centers
What is FirePOWER™?
Firesight Management
Deployment Scenario
Cisco CVD Use Cases
ASA Cluster “Sandwich”
Nexus 7K EEM Scripts for SF Failure Monitoring

AMP add CTD and Cyber Security Insert


Common Virtualization Concerns
Virtualization Security
Managing Virtual Networking Policy
Cisco ASAv

Application-Centric Infrastructure Security (ACIS)

Centralized Policy Management and Automation
What is a REST API?
ASAv Flexible Licensing
vASA and vSwitch
Routed and Transparent Firewall
ASAv Deployment: Cloud Security FW+VPN
ASAv and VSG Compared

Comparing Cisco Virtual Firewalls

Journey to the Cloud “What can we do today to prepare for the cloud?”

Whether you are looking for general information or have a specific question, we want to help

Request More Information

Time Frame: 0-3 Months4-12 Months


If multiple locations, please list in the additional comments field.


Public Training Schedule
Private Group Training

Print Friendly, PDF & Email