Security in the DC: Architectures, TrustSec and ACI (SDCSE) – Outline
Detailed Course Outline
Positioning Security in the Data Center
- Data Center trends and Solutions
- Business Challenges
- Security Challenges and priorities
- Evolution of Traditional Data Center to cloud
Trends and Architecture
- Evolution of Data Center architecture
- Journey to the Cloud
- DC traditional and evolving use cases
Evolution of Data Center Architecture
- Security Building blocks (Segmentation)
- VXLAN, DCI, LISP
- Traditional Data Center to Application-Centric Infrastructure Security (ACIS)
Securing with ASA’s
- Physical Firewalls: ASA 5585 Appliances
- Virtualized ASA Firewall
- Firewall Design Modes of Operation
- ASA Failover
- DC Scale Physical Firewalls with Clustering
- Clustering features
- Control and Data Interfaces
- Packet flow through Cluster
- Monitoring and Troubleshooting Clustering
Inter Data Centre (DC) Clustering
- Split or Single Individual Mode Cluster
- Extended Spanned Etherchannel Cluster
- Split Spanned Etherchannel Cluster
Segmentation with TrustSec
- TrustSec Relevancy to Data Center
- How SGT/SGA Scales Policy Control
- Policy Definition – ISE Policy Matrix
- Use Cases for TrustSec in the Data Center
Threat Prevention
- Firewall is not enough
- IPS in Data Centers
- What is FirePOWER™?
- Firesight Management
- Deployment Scenario
- Cisco CVD Use Cases
- ASA Cluster “Sandwich”
- Nexus 7K EEM Scripts for SF Failure Monitoring
AMP add CTD and Cyber Security Insert
Virtualization
- Common Virtualization Concerns
- Virtualization Security
- Managing Virtual Networking Policy
- Cisco ASAv
Application-Centric Infrastructure Security (ACIS)
- Centralized Policy Management and Automation
- What is a REST API?
- ASAv Flexible Licensing
- vASA and vSwitch
- Routed and Transparent Firewall
- ASAv Deployment: Cloud Security FW+VPN
- ASAv and VSG Compared
Comparing Cisco Virtual Firewalls
- vIPS / vIDS
- Journey to the Cloud “What can we do today to prepare for the cloud?”