Cisco Implementing Cisco ACI Security (ACISEC)

Price
$3,600.00 USD

Duration
4 Days

 

Delivery Methods
Virtual Instructor Led
Private Group

Request More Information
Download Course Details
Course Details Only
Course Details & Schedule
Skip to Class Dates

Course Overview

This course provides in-depth knowledge and practical skills in implementing a comprehensive ACI security design.

Course Objectives

  • Proficient in managing and implementing a comprehensive Cisco ACI security solution
  • Utilize all of the Cisco ACI built in security mechanisms
  • Implement L4-L7 solutions into ACI
  • Integrate NGFW features into an ACI security solution

Who Should Attend?

  • Network administrators and engineers
  • IT professionals working with Cisco ACI
  • Individuals interested in Data Center security
  • Top-rated instructors: Our crew of subject matter experts have an average instructor rating of 4.8 out of 5 across thousands of reviews.
  • Authorized content: We maintain more than 35 Authorized Training Partnerships with the top players in tech, ensuring your course materials contain the most relevant and up-to date information.
  • Interactive classroom participation: Our virtual training includes live lectures, demonstrations and virtual labs that allow you to participate in discussions with your instructor and fellow classmates to get real-time feedback.
  • Post Class Resources: Review your class content, catch up on any material you may have missed or perfect your new skills with access to resources after your course is complete.
  • Private Group Training: Let our world-class instructors deliver exclusive training courses just for your employees. Our private group training is designed to promote your team’s shared growth and skill development.
  • Tailored Training Solutions: Our subject matter experts can customize the class to specifically address the unique goals of your team.

Course Prerequisites

  • Basic knowledge of Cisco ACI infrastructure
  • Recommend CCNP Certification or equivalent knowledge
  • Understanding of networking and security fundamentals

Agenda

Module 1: Cisco ACI Software Defined Networking (SDN) Architecture

  • Objective: Gain comprehensive knowledge of the Cisco SDN Architecture implementation of hardware and software
  • Lesson 1: ACI SDN Network Architecture
  • Lesson 2: ACI Zero Trust Model and Security constructs
  • Lesson 3: ACI Physical Server Integration
  • Lesson 4: ACI Security for Physical or Virtual workloads
  • Lesson 5: ACI L3Out external routing

Module 2: Secure Hypervisor integration with Cisco ACI

  • Objective: Understand the secure integration of leading hypervisors with Cisco Application Centric Infrastructure (ACI)
  • Lesson 1: Nutanix AHV (Nutanix Acropolis Hypervisor)
  • Lesson 2: VMware ESXi and vCenter
  • Lesson 3: Microsoft Hyper-V with System Center Virtual Machine Manager (SCVMM)
  • Lesson 4: Red Hat OpenStack
  • Lesson 5: Google Kubernetes
  • Lesson 6: Kernel-based Virtual Machine (KVM)

Module 3: Cisco ACI Native Access Control

  • Objective: Explore, configure, and evaluate all the native Cisco ACI access control mechanisms
  • Lesson 1: ACI networking constructs of Bridge Domain and VRF.
  • Lesson 2: ACI Zero Trust model objects of Tenant, EPG, Application Profile, Contract, Subject and Filters
  • Lesson 3: Network Centric vs Application Centric Security Models
  • Lesson 4: ACI zones
  • Lesson 5: ACI VRF Policy Control Enforcement
  • Lesson 6: ACI Preferred Groups
  • Lesson 7: Configure ACI vzAny
  • Lesson 8: Configure an ACI Allow List Model with Contracts and Filters
  • Lesson 9: Stateful vs Stateless Contracts
  • Lesson 10: ACI Tenant Span to analyze secure traffic flows
  • Lesson 11: ACI EPG Shutdown
  • Lesson 12: ACI contract logging
  • Lesson 13: Contract Inheritance with EPG Contract Master
  • Lesson 14: ACI Micro segmented EPG (uEPG) for Intra-EPG communications
  • Lesson 15: ACI Endpoint Security Groups (ESGs)
  • Lesson 16: VRF Leaking
  • Lesson 17: Designing a secure ACI Data Center

Module 4: Cisco ACI L4-L7 Service Graphs for Secure Device Integration

  • Objective: Develop skills in L4-L7 service graphs to extend ACI security with external devices
  • Lesson 1: ACI L4-L7 Service Graph
  • Lesson 2: ACI Service Graph Template
  • Lesson 3: Concrete Object
  • Lesson 4: Service Chaining with multiple highly available devices
  • Lesson 5: Managed vs Unmanaged L4-L7 ACI Integration
  • Lesson 6: Integrating Cisco ASAv
  • Lesson 7: Transparent vs routed mode security device integration
  • Lesson 8: Contracts to insert security services into ACI
  • Lesson 9: L3Out routing integration with security devices

Module 5: Cisco ACI and NGFW Integration

  • Objective: Develop skills in understanding the value and approach of Cisco ACI and NGFW integration
  • Lesson 1: Next Generation Firewall (NGFW) Integrated Security Architecture
  • Lesson 2: Cisco Secure Firewall Management Center (FMC)
  • Lesson 3: Cisco Secure Firewall Threat Defense Virtual (formerly FTDv/NGFWv) and Cisco Secure Firewall Management Center (FMC) enabling on Nutanix AHV
  • Lesson 4: Firepower Management Center Endpoint Update App for the Cisco Application Centric Infrastructure (ACI)
  • Lesson 5: NGFW Routed, switch or inline interface mode
  • Lesson 6: ACI L4-L7 Policy Based Redirect (PBR) to security service
  • Lesson 7: ACI PBR for micro-segmentation
  • Lesson 8: Extend PBR security services to ACI Multi-Pod
  • Lesson 9: Cisco NGFW zone-based policies in FMC
  • Lesson 10: Threat detection with Cisco intrusion detection systems (IDS) to ACI Insertion
  • Lesson 11: Threat detection with Cisco intrusion prevention systems (IPS) to ACI Insertion
  • Lesson 12: Cisco ACI Integration with SPAN for IDS and IPS
  • Lesson 13: Distributed Denial of Service (DDoS) Services Insertion
  • Lesson 14: Cisco DC App ACI Endpoint Update to push endpoint information to the ASA or FMC

Module 6: Application Policy Infrastructure Controller (APIC) Security and Hardening

  • Objective: Learn method of adding security to the APIC for all management and programmatic functions
  • Lesson 1: APIC Hardening
  • Lesson 2: APIC Northbound Protocols
  • Lesson 3: APIC Northbound Authentication
  • Lesson 4: ACI Role Based Access Control (RBAC) for secure access
  • Lesson 5: Audit logs for ACI changes
  • Lesson 6: Certificate based authentication
  • Lesson 7: Two factor authentication

Module 7: Administering Physical ACI Security

  • Objective: Master administration of ACI Physical Security
  • Lesson 1: Remote Leafs
  • Lesson 2: MACsec on ACI leafs
  • Lesson 3: Enabling 802.1x on ACI leafs
  • Lesson 4: NXOS Image signing and verification

Module 8: Cisco ACI Multidomain Security

  • Objective: Develop skills in understanding the value and approach of Cisco ACI and VMware NSX integration
  • Lesson 1: Trustsec Policy Domain
  • Lesson 2: Cisco Identity Services Engine (ISE) for a cohesive security policy
  • Lesson 3: Trustsec Security Group to ACI External EPG security translation
  • Lesson 4: Stealthwatch and ACI Integration
  • Lesson 5: Cisco ACI and Cisco Secure Workload Integration
  • Lesson 6: Cisco ACI and Cisco Secure Workload Rapid Threat Containment
 

Upcoming Class Dates and Times

Mar 10, 11, 12, 13
9:00 AM - 5:00 PM
ENROLL $3,600.00 USD

Virtual: Online - CST
Apr 28, 29, 30, May 1
9:00 AM - 5:00 PM
ENROLL $3,600.00 USD

Virtual: Online - CST
Jun 9, 10, 11, 12
9:00 AM - 5:00 PM
ENROLL $3,600.00 USD

Virtual: Online - CST
Jul 21, 22, 23, 24
9:00 AM - 5:00 PM
ENROLL $3,600.00 USD

Virtual: Online - CST
Sep 2, 3, 4, 5
9:00 AM - 5:00 PM
ENROLL $3,600.00 USD

Virtual: Online - CST
Oct 14, 15, 16, 17
9:00 AM - 5:00 PM
ENROLL $3,600.00 USD

Virtual: Online - CST
Nov 17, 18, 19, 20
9:00 AM - 5:00 PM
ENROLL $3,600.00 USD

Virtual: Online - CST
 



Do You Have Additional Questions? Please Contact Us Below.

contact us contact us 
Contact Us about Starting Your Business Training Strategy with New Horizons