IEDIS V1.0 - Implementing Enterprise Data Center Infrastructure Security

5-Day Hands on Lab & Lecture Course

Course Description

Implementing Enterprise Datacenter Infrastructure Security (IEDIS) is a lab-intensive course that allows students to integrate and test Cisco® security products and security best practices that compose the Cisco Enterprise Data Center Architecture. Students will implement and integrate Layer 2 and Layer 3 network security best practices as well as the Cisco Nexus™ 7000 platform into the data center. Hands-on labs for the Cisco Nexus 7000 include initial network configuration with virtual switching, Layer 2 security, and control-plane policing (CoPP). The course also includes the integration of the Cisco ASA into the data center architecture as a redundant routed pair with additional labs on the implementation of the IPS functionality using the AIP-SSM-40 module. Once the infrastructure has been deployed and secured, the students will deploy Cisco Security Manager and Cisco Secure Monitoring Analysis and Response System (Cisco Security MARS) to manage network security devices.

Course Objectives

• Identify key components of the Data Center 3.0 solution
• Identify and describe network security threats for the enterprise data center
• Configure a Cisco Nexus 7000 platform for Layer 2 and Layer 3 network security
• Configure a Cisco Nexus 7000 platform for secure virtual switching
• Configure CoPP for the Cisco Nexus 7000 platform
• Deploy Layer 2 network security on the Cisco Catalyst 4900M switch
• Deploy Layer 3 network security for Cisco IOS® Software routers
• Configure the Cisco ASA to protect an enterpise data center
• Deploy the Cisco AIP-SSM module in the ASA to provide IPS services to the enterprise data center
• Configure the Cisco Security MARS management platform for network threat correlation
• Integrate Cisco Security Manager with the Cisco Security MARS platform for data center device configuration and management

Intended Audience

This course is targeted toward data center managers and administrators, network administrators, security professionals, and engineers interested in deploying and securing Cisco network data center solutions.

Prerequisites

Following are the required prerequisites for this course:

• CCNA® level networking knowledge and experience configuring Cisco network routers and switches
• Introductory level understanding of available Cisco security products

Following are the recommended additional prerequisites for this course:

• CCNP level networking knowledge and experience configuring Cisco network routers and switches

Course Outline

• Introduction
• Data Center Security Overview
• Cisco Nexus Architecture Overview and Setup
• CoPP for the Cisco Nexus 7000
• Layer 2 Network Security
• Layer 3 Network Security
• Deploying the Cisco ASA in an Enterprise Data Center
• Configuring IPS Services for the Data Center Using the Cisco ASA
• Securing Data Center DNS Using the Cisco ASA and AIP-SSM
• Managing Network Security Threats Using Cisco Security MARS
• Integrating Cisco Security Manager into the Data Center

Course Labs

• Lab 1: Remote Network Connectivity
• Lab 2: Configuring the Cisco Nexus 7000 for Layer 2 and Layer 3 Connectivity
• Lab 3: Deploying CoPP for the Cisco Nexus 7000
• Lab 4: Configuring Layer 2 Network Security
• Lab 5: Configuring Layer 3 Network Security
• Lab 6: Configuring the Cisco ASA to Protect the Enterprise Data Center
• Lab 7: Deploying IPS Services Using the Cisco ASA
• Lab 8: Securing Data Center DNS Using the Cisco ASA and AIP-SSM
• Lab 9: Managing Network Security Using the Cisco Security MARS
• Lab 10: Integrating Cisco Security Manager into the Data Center