Segmentation. Threat Defense. Visibility
|
|
- Arlene Cain
- 5 years ago
- Views:
Transcription
1
2
3 Segmentation Threat Defense Visibility Establish boundaries: network, compute, virtual Enforce policy by functions, devices, organizations, compliance Control and prevent unauthorized access to networks, resources, applications Stop internal and external attacks and interruption of services Patrol zone and edge boundaries Control information access and usage, prevent data loss and data modification Provide transparency to usage Apply business context to network activity Simplify operations and compliance reporting
4 1 Secure Internal Zone from External Zone 2 Secure Data for Compliance Internet CTX1 VDC1 CTX2 VDC2 vpc Cisco VXI Campus/Data Center vpc 3 Secure Application Tiers 4 Secure Multitenancy CTX1 CTX2 Front-End (Presentation) Web Tier (Business Logic) CTX1 CTX2 Extranet Vendor Partner DB Tier (Data Access) vpc
5
6 6 Data Center Edge Physical Delineation for all ingress and egress into the CORE of the DC Traditional Security Models apply to North-South Protection Aggregation Layer Initial filter for all ingress and egress to DC services & compute - North-South protection Stateful filtering and logging for all ingress and egress traffic flows Physical appliances can be virtualized and applied to server enclaves Services Layer (option) Additional services location for server farm specific protection and other potential zones Traditional Edge Security Internal Zoning Virtual Network & Access Virtual firewall, zone/enclave based filtering IP-Based Access Control Lists VM attribute-based policies Should Follow VM East-West protection
7 DC Edge Internet IP-NGN (BBG) Partners VRF-lite VRF-lite implemented at core and aggregation layers provides per tenant isolation at L3 VDC to segregate and virtualize the equipment DC Core DC Aggregation VDC VRF Vlan/802.1q Firewall/IDS Partitioning Network Separation: Per-tenant routing and forwarding tables (VRF) VLAN IDs and tag provide isolation and identification of tenant traffic across L2 domain Defense in Depth per consumer (front end ASA, back end VSG) DC Access Vlan/Pvlan VIRTUAL ACCESS FEX/A- FEX/VM-FEX Compute Separation: vnics, VLANs, Port Profiles DC Virtual Access VXLAN Storage Separation: VSAN, FC Zoning, LUN masking, vfilers Layer 3 Layer 2-10GE 4/8 Gb FC Virtual FW Application Tier : logical and Physical segmentation with L2/L3 firewalling and security zoning
8 ASA FW NGIPS Control North/South traffic with ASA 5585 Scale and HA with Clustering Inspect North/South traffic with NGIPS Segment and Protect virtual enclave with ASAv and vngips Physical Hosts
9 CTD : Cisco Thread Defense Leverage your Cisco Infrastructure to fight Advanced Pervasive Threats Clustering NGIPS SGT SGT SGT ASA FW SGT TrustSec with Security Group Tagging NGA SGT SGT Simplify Accelerate SGT SGT Virtual FlowSensor Automate ISE SGT SGT Standardize
10 Users, Device Classification ISE Directory Enforcement Fin Servers SGT = 4 SGT = 5 Data + SGT:5 HR Servers SGT = 10 Switch Router DC FW DC Switch SGT Propagation
11 Cluster Control Link
12 Sourcefire on 5500-X (Software) Sourcefire on 5585-X (Blade) Subscriptions: Threat: IPS, AVC, URL Filtering, AMP
13 ASA 9.2 : INCREASED CLUSTERING SIZE AND PERFORMANCE *Estimated Max with Jumbo frame no asymmetric traffic
14 Dark Fiber could be connected to Core / Aggregation or to a dedicated Services layer. Each has pros and cons based upon environment DCI With Dark Fiber RTT <10ms + <100Km DC Edge Internal DC Zone(s) Nexus 7000 Nexus 7000 Nexus 7000 Nexus 7000 DC Core VDC (Routed) Nexus 7000 Nexus 7000 Double-Sided vpc over Dark Fiber 10G-400G Nexus 7000 Nexus 7000 ASA5585-X vp C Nexus 5000 vp C vp C vp C FW CLUST ER ASA5585-X C CL Inter-DC FW CLUSTER ASA5585-X vp C Nexus 5000 vp C vp C vp C FW CLUST ER ASA5585-X DC Aggregation Layer VDC Nexus 2000 Nexus 2000 Nexus 1000v Nexus 1000v Cisco UCS Cisco UCS VSG ASA1000 v 10Gig Server Rack VSG ASA1000 v 10Gig Server Rack Compute Access Layer
15 DCI (OTV) Extranet RTT <10ms + <100Km DC Edge Internal DC Zone(s) Nexus 7000 OTV VDC Layer 2 Extension (OTV) OTV VDC Nexus 7000 DC Core VDC (Routed) Nexus 7000 Nexus 7000 CCL Nexus 7000 Nexus 7000 ASA5585-X vp C Nexus 5000 vp C vp C vp C ASA5585-X Inter-DC FW CLUSTER ASA5585-X vp C Nexus 5000 vp C vp C vp C FW CLUST ER ASA5585-X DC Aggregation Layer VDC Nexus 2000 Nexus 2000 Nexus 1000v Nexus 1000v Cisco UCS Cisco UCS VSG ASA1000 v 10Gig Server Rack VSG ASA1000 v 10Gig Server Rack Compute Access Layer
16 Interconne ct L2 or L3 RTT <10ms + <100Km Data Center A Data Center B FabricPath Spine FabricPath Leaf ASA Cluster Pod A3 Pod B3 Pod A1 Pod A2 Pod B2 Pod B1 Compute Access Layer
17 Data Center Design Zone :
18
19 Source: Cisco Global Cloud Index 2012
20 Proven Cisco security: virtualized physical and virtual consistency Collaborative security model Cisco Virtual Secure Gateway (VSG) for intra-tenant secure zones Tenant A VDC Tenant B VDC Cisco ASA 1000V for tenant edge controls Transparent integration Cisco VSG Cisco VSG vapp vapp Cisco VSG With Cisco Nexus 1000V Switch and Cisco vpath Cisco VSG Scale flexibility to meet cloud demand Cisco ASA 1000V Cisco ASA 1000V Multi-instance deployment for scaleout deployment across the data center
21 Parity to physical form-factor feature-set Scaling through virtualization Up to 10 vnic interfaces Crypto in software SDN and traditional management tools Scales to 4 vcpus and 8 GB of memory Ability to manage one policy on both physical and virtual ASAs Removed clustering and multiple context mode
22 ASA OPEN SECURITY PLATFORM Hypervisor Support Orchestration Frameworks System Management CSM PNSC READ / WRITE SOUTHBOUND API MULTI-TENANT AND APPLICATION AWARE ASA PUBLISHED DEVICE MGMT PACKAGE FOR ACI STANDARDS COMPLIANT MONITORING FEATURES
23 ASAv (Active) ASAv (Standby)
24 2 Routed Firewall Routing traffic between vnics Maintains ARP and routing table Tenant edge firewall Transparent Firewall VLAN or VxLAN Bridging / Switching Maintains MAC-address tables Non-disruptive to L3 designs Service Tag Switching Applies inspection between service tags No network participation Fabric integration mode
25
26 /9.3.2
27 ASAv PHASED RELEASE
28
29 Cloud Cloud Admin Application Admin Web Tier External Zone App Tier APPLICATION DB Tier Security Admin DMZ Trusted Zone SECURITY DB Tier Network Admin INFRASTRUCTURE
30 Cloud Cloud Admin Application Admin APPLICATION External Zone Security Admin DMZ Trusted Zone SECURITY DB Tier Network Admin COMMON POOL OF RESOURCES
31 Flat Hardware Accelerated Network Full abstraction, de-coupled from VLANs and Dynamic Routing, low latency, built-in QoS Intelligent Fabric Cisco Nexus 9000 Flexible Insertion Every device is one hop away, microsecond latency, no power or port availability constraints, ease of scaling Fabric Port Services Hardware filtering and bridging; seamless service insertion, service farm aggregation Unified Management and Visibility ACI Controller manages all participating devices, change control and audit capabilities Apps Users Logical Endpoint Groups by Role Heterogeneous clients, servers, external clouds; fabric controls communication
32 ACI Fabric Spine Nodes Leaf Nodes Virtual Leaf EPG Internet Service Producers EPG apps EPG Users Service Consumers
33 Hypervisor Management Automation Tools Orchestration Frameworks System Management READ / WRITE ALL FABRIC INFO APIC TENANT AND APPLICATION AWARE Security ASA PUBLISHED DATA MODEL OPEN SOURCE A Platform approach to Data Centre infrastructure Industry Standard Compliant
34 Single Point of Management Different administrative groups use same interface, high level of object sharing Application Policy Infrastructure Controller (APIC) Policy Contract Users Apps Define Contracts Between Endpoint Groups Port-level rules: drop, prioritize, push to service chain; reusable templates ACI Fabric Ingress Fabric Rules Programmed from Contract Hardware rules on each port, security in depth, embedded QoS Single Pass Firewalling with Flow-Specific Policy Define Endpoint Groups Security administrator defines generic templates in APIC, availed to contract creation Apps Users Any endpoints anywhere within the fabric, virtual or physical
35 provider End points in group WEB can access end-points in group APP SERVER according to rules specified in the contract EPG APP SERVER Contract specifies rules and policies on groups of physical or virtual end-points without understanding of specific identifiers and regardless of physical location. consumer EPG WEB EP EP EP... identifies what traffic L4 port ranges TCP options identifies actions applied QoS Log Redirect into SVC graph defined bi-directionally in the provider centric way
36 Permit Deny Redirect Log Copy Packet There are six policy options supported: Permit the traffic Block the traffic Redirect the traffic Log the traffic Copy the traffic Mark the traffic (DSCP/CoS) Mark Packet DSCP Policy encompasses traffic handling, quality of service, security monitoring and logging.
37 Application Container Web Application Container "Database /24 Policy Contract Web Database EPG Web EPG Database Service Chain Web Database
38 FW_ADC 1 Application Admin Policybased Redirection Service Admin ASA 5585 Netscaler VPX
39 Graph Logical Physical Nexus ACI Fabric - - -
40 ACI Fabric - Physical Graph - Logical
41
Data Center Security. Fuat KILIÇ Consulting Systems
Data Center Security Fuat KILIÇ Consulting Systems Engineer @Security Data Center Evolution WHERE ARE YOU NOW? WHERE DO YOU WANT TO BE? Traditional Data Center Virtualized Data Center (VDC) Virtualized
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationCisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack
White Paper Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack Introduction Cisco Application Centric Infrastructure (ACI) is a next-generation data center fabric infrastructure
More informationVirtual Security Gateway Overview
This chapter contains the following sections: Information About the Cisco Virtual Security Gateway, page 1 Cisco Virtual Security Gateway Configuration for the Network, page 10 Feature History for Overview,
More informationCisco Virtual Security Gateway (VSG) Mohammad Salaheldin
Cisco Virtual Security Gateway (VSG) Mohammad Salaheldin Virtual Security Gateway (VSG) Overview VSG Packet Flow VSG Policy Model Use Case Example ASA on 1000V Summary 2011 Cisco and/or its affiliates.
More informationCisco HyperFlex Systems
White Paper Cisco HyperFlex Systems Install and Manage Cisco HyperFlex Systems in a Cisco ACI Environment Original Update: January 2017 Updated: March 2018 Note: This document contains material and data
More informationService Graph Design with Cisco Application Centric Infrastructure
White Paper Service Graph Design with Cisco Application Centric Infrastructure 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 101 Contents Introduction...
More information"Charting the Course... Designing Cisco Data Center Infrastructure (DCID) Course Summary
Course Summary Description v6.0 is a five-day instructor-led course that focuses on data center design based on Cisco solutions. The course includes theoretical content, as well as design oriented case
More informationCisco Virtual Networking Solution Nexus 1000v and Virtual Services. Abhishek Mande Engineer
Cisco Virtual Networking Solution Nexus 1000v and Virtual Services Abhishek Mande Engineer mailme@cisco.com Agenda Application requirements in virtualized DC The Anatomy of Nexus 1000V Virtual Services
More informationEvolution with End-to-End Data Center Virtualization
Evolution with End-to-End Data Center Virtualization Yves Louis DC Virtualisation Technical Solution Architect Agenda Data Center Virtualization Overview Front-End Data Center Virtualization Core Layer
More informationMigration from Classic DC Network to Application Centric Infrastructure
Migration from Classic DC Network to Application Centric Infrastructure Kannan Ponnuswamy, Solution Architect, Cisco Advanced Services Acronyms IOS vpc VDC AAA VRF STP ISE FTP ToR UCS FEX OTV QoS BGP PIM
More informationSDN Security BRKSEC Alok Mittal Security Business Group, Cisco
SDN Security Alok Mittal Security Business Group, Cisco Security at the Speed of the Network Automating and Accelerating Security Through SDN Countering threats is complex and difficult. Software Defined
More informationCisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003
Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003 Agenda ACI Introduction and Multi-Fabric Use Cases ACI Multi-Fabric Design Options ACI Stretched Fabric Overview
More informationCisco ACI Multi-Pod and Service Node Integration
White Paper Cisco ACI Multi-Pod and Service Node Integration 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 68 Contents Introduction... 3 Prerequisites...
More informationSecurity & Virtualization in the Data Center
Security & Virtualization in the Data Center Jim Kotantoulas Consulting SE, Security Technologies CCIE #4446 dkotanto@cisco.com Abstract The evolving complexity of the data center is placing increased
More informationSecuring Containers Using a PNSC and a Cisco VSG
Securing Containers Using a PNSC and a Cisco VSG This chapter contains the following sections: About Prime Network Service Controllers, page 1 Integrating a VSG into an Application Container, page 3 About
More informationSecuring Containers Using a PNSC and a Cisco VSG
Securing Containers Using a PNSC and a Cisco VSG This chapter contains the following sections: About Prime Network Service Controllers, page 1 Integrating a VSG into an Application Container, page 4 About
More informationCisco ACI Virtual Machine Networking
This chapter contains the following sections: Cisco ACI VM Networking Supports Multiple Vendors' Virtual Machine Managers, page 1 Virtual Machine Manager Domain Main Components, page 2 Virtual Machine
More informationConfiguring Policy-Based Redirect
About Policy-Based Redirect, on page 1 About Multi-Node Policy-Based Redirect, on page 3 About Symmetric Policy-Based Redirect, on page 3 Policy Based Redirect and Hashing Algorithms, on page 4 Policy-Based
More informationCisco Application Centric Infrastructure
Data Sheet Cisco Application Centric Infrastructure What s Inside At a glance: Cisco ACI solution Main benefits Cisco ACI building blocks Main features Fabric Management and Automation Network Security
More informationMulti-Site Use Cases. Cisco ACI Multi-Site Service Integration. Supported Use Cases. East-West Intra-VRF/Non-Shared Service
Cisco ACI Multi-Site Service Integration, on page 1 Cisco ACI Multi-Site Back-to-Back Spine Connectivity Across Sites Without IPN, on page 8 Bridge Domain with Layer 2 Broadcast Extension, on page 9 Bridge
More informationService Oriented Virtual DC Design
Dubrovnik, Croatia, South East Europe 20-22 May, 2013 Service Oriented Virtual DC Design Višnja Milovanović Consulting Systems Engineer Data Center & Virtualization 2011 2012 Cisco and/or its affiliates.
More informationDeploying Cloud Network Services Prime Network Services Controller (formerly VNMC)
Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC) Dedi Shindler - Sr. Manager Product Management Cloud System Management Technology Group Cisco Agenda Trends Influencing
More informationCisco Application Centric Infrastructure Roadshow. Wednesday, 2. April 14
Cisco Application Centric Infrastructure Roadshow Wednesday, 2. April 14 Cisco ACI Roadshow - Agenda Business and IT trends Cisco Open Network Environment (ONE) Lunch Cisco Application Centric Infrastructure
More informationDeploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework
White Paper Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework August 2015 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
More informationVerified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k)
Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k) Overview 2 General Scalability Limits 2 Fabric Topology, SPAN, Tenants, Contexts
More informationCisco SDN 解决方案 ACI 的基本概念
Cisco SDN 解决方案 ACI 的基本概念 Presented by: Shangxin Du(@shdu)-Solution Support Engineer, Cisco TAC Aug 26 th, 2015 2013 Cisco and/or its affiliates. All rights reserved. 1 Type Consumption Delivery Big data,
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationLayer 4 to Layer 7 Design
Service Graphs and Layer 4 to Layer 7 Services Integration, page 1 Firewall Service Graphs, page 5 Service Node Failover, page 10 Service Graphs with Multiple Consumers and Providers, page 12 Reusing a
More informationApplication Provisioning
Overview, page 1 Application Categories, page 1 Application Containers, page 2 Catalogs, page 7 Self-Service Provisioning, page 8 Overview After you have allocated your resources among your user groups,
More informationCisco ACI Virtual Machine Networking
This chapter contains the following sections: Cisco ACI VM Networking Supports Multiple Vendors' Virtual Machine Managers, page 1 Virtual Machine Manager Domain Main Components, page 2 Virtual Machine
More informationIntuit Application Centric ACI Deployment Case Study
Intuit Application Centric ACI Deployment Case Study Joon Cho, Principal Network Engineer, Intuit Lawrence Zhu, Solutions Architect, Cisco Agenda Introduction Architecture / Principle Design Rollout Key
More informationACI Multi-Site Architecture and Deployment. Max Ardica Principal Engineer - INSBU
ACI Multi-Site Architecture and Deployment Max Ardica Principal Engineer - INSBU Agenda ACI Network and Policy Domain Evolution ACI Multi-Site Deep Dive Overview and Use Cases Introducing ACI Multi-Site
More informationQuestion No: 3 Which configuration is needed to extend the EPG out of the Cisco ACI fabric?
Volume: 60 Questions Question No: 1 You discover that a VLAN is not enabled on a leaf port even though on EPG is provisioned. Which cause of the issue is most likely true? A. Cisco Discovery protocol is
More informationConfiguring Policy-Based Redirect
About Policy-Based Redirect, page 1 About Symmetric Policy-Based Redirect, page 8 Policy Based Redirect and Hashing Algorithms, page 8 Using the GUI, page 9 Using the NX-OS-Style CLI, page 10 Verifying
More informationCisco UCS Director and ACI Advanced Deployment Lab
Cisco UCS Director and ACI Advanced Deployment Lab Michael Zimmerman, TME Vishal Mehta, TME Agenda Introduction Cisco UCS Director ACI Integration and Key Concepts Cisco UCS Director Application Container
More informationVerified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k)
Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k) Overview 2 General Scalability Limits 2 Fabric Topology, SPAN, Tenants, Contexts
More informationApplication Centric Infrastructure
Application Centric Infrastructure Design pro řešení na zelené louce i do stávajícího DC DCA4 Miroslav Brzek, Systems Engineer Agenda Modern DC infrastructure Customer requirements What s Application Centric
More informationCisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002
Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002 Agenda Joint Cisco and Microsoft Integration Efforts Introduction to CCA-MCP What is a Pattern?
More informationMP-BGP VxLAN, ACI & Demo. Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017
MP-BGP VxLAN, ACI & Demo Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017 Datacenter solutions Programmable Fabric Classic Ethernet VxLAN-BGP EVPN standard-based Cisco DCNM Automation Modern
More informationDesign Guide for Cisco ACI with Avi Vantage
Page 1 of 23 Design Guide for Cisco ACI with Avi Vantage view online Overview Cisco ACI Cisco Application Centric Infrastructure (ACI) is a software defined networking solution offered by Cisco for data
More informationCisco ACI Multi-Site Fundamentals Guide
First Published: 2017-08-10 Last Modified: 2017-10-09 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)
More informationVirtual Machine Manager Domains
This chapter contains the following sections: Cisco ACI VM Networking Support for Virtual Machine Managers, page 1 VMM Domain Policy Model, page 3 Virtual Machine Manager Domain Main Components, page 3,
More informationCisco Application Policy Infrastructure Controller Data Center Policy Model
White Paper Cisco Application Policy Infrastructure Controller Data Center Policy Model This paper examines the Cisco Application Centric Infrastructure (ACI) approach to modeling business applications
More informationCisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design
White Paper Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design Emerging IT technologies have brought about a shift from IT as a cost center to IT as a business driver.
More informationRunning RHV integrated with Cisco ACI. JuanLage Principal Engineer - Cisco May 2018
Running RHV integrated with Cisco ACI JuanLage Principal Engineer - Cisco May 2018 Agenda Why we need SDN on the Data Center What problem are we solving? Introduction to Cisco Application Centric Infrastructure
More informationThe Next Opportunity in the Data Centre
The Next Opportunity in the Data Centre Application Centric Infrastructure Soni Jiandani Senior Vice President, Cisco THE NETWORK IS THE INFORMATION BROKER FOR ALL APPLICATIONS Applications Are Changing
More informationACI Terminology. This chapter contains the following sections: ACI Terminology, on page 1. Cisco ACI Term. (Approximation)
This chapter contains the following sections:, on page 1 Alias API Inspector App Center Alias A changeable name for a given object. While the name of an object, once created, cannot be changed, the Alias
More informationService Insertion with ACI using F5 iworkflow
Service Insertion with ACI using F5 iworkflow Gert Wolfis F5 EMEA Cloud SE October 2016 Agenda F5 and Cisco ACI Joint Solution Cisco ACI L4 L7 Service Insertion Overview F5 and Cisco ACI Integration Models
More informationIntegrating the Cisco ASA with Cisco Nexus 9000 Series Switches and the Cisco Application Centric Infrastructure
Solution Guide Integrating the Cisco ASA with Cisco Nexus 9000 Series Switches and the Cisco Application Centric Infrastructure Data Center Design Opportunities Modern designs for the highly secure data
More informationWe re ready. Are you?
We re ready. Are you? Security Architectures and the Data Center Evolution: Physical, Virtual, and Automated Gustavo Santana Technical Solutions Architect CCIEx3# 8806 (DC, SAN, R&Sw) Agenda Security Threats
More informationSecurity and Virtualisation in the Data Centre
Security and Virtualisation in the Data Centre Greg Gibbs Network Consulting Engineer CCIE #19084 Abstract The evolving complexity of the data centre is placing increased demand on the network and security
More informationCisco Virtual Security Gateway Deployment Guide VSG 1.4
Deployment Guide Cisco Virtual Security Gateway Deployment Guide VSG 1.4 Deployment Guide 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 33
More informationF5 BIG-IP Local Traffic Manager Service Insertion with Cisco Application Centric Infrastructure
F5 BIG-IP Local Traffic Manager Service Insertion with Cisco Application Centric Infrastructure Deployment Guide December 2015 2015 Cisco F5. All rights reserved. Page 1 Contents Introduction... 4 Preface...
More informationIntegration of Hypervisors and L4-7 Services into an ACI Fabric. Azeem Suleman, Principal Engineer, Insieme Business Unit
Integration of Hypervisors and L4-7 Services into an ACI Fabric Azeem Suleman, Principal Engineer, Insieme Business Unit Agenda Introduction to ACI Review of ACI Policy Model Hypervisor Integration Layer
More informationHuawei CloudFabric and VMware Collaboration Innovation Solution in Data Centers
Huawei CloudFabric and ware Collaboration Innovation Solution in Data Centers ware Data Center and Cloud Computing Solution Components Extend virtual computing to all applications Transform storage networks
More informationCisco ACI vcenter Plugin
This chapter contains the following sections: About Cisco ACI with VMware vsphere Web Client, page 1 Getting Started with, page 2 Features and Limitations, page 7 GUI, page 12 Performing ACI Object Configurations,
More informationData Center and Cloud Automation
Data Center and Cloud Automation Tanja Hess Systems Engineer September, 2014 AGENDA Challenges and Opportunities Manual vs. Automated IT Operations What problem are we trying to solve and how do we solve
More informationLayer-4 to Layer-7 Services
Overview, page 1 Tenant Edge-Firewall, page 1 LBaaS, page 2 FWaaS, page 4 Firewall Configuration, page 6 Overview Layer-4 through Layer-7 services support(s) end-to-end communication between a source and
More informationPolicy Driven Data Centre with ACI
Policy Driven Data Centre with ACI Chris Gascoigne Technical Solutions Architect #clmel Agenda Introduction What is policy Network policy Application policy Conclusion Introduction Traditional Data Centre
More informationConfiguring Policy-Based Redirect
About Policy-Based Redirect, page 1 About Symmetric Policy-Based Redirect, page 8 Using the GUI, page 8 Using the NX-OS-Style CLI, page 10 Verifying a Policy-Based Redirect Configuration Using the NX-OS-Style
More informationConfigure. Background. Register the FTD Appliance
Background, page 1 Register the FTD Appliance, page 1 Create a Service Graph, page 9 Apply a Service Graph Template, page 10 Supported Functions, page 13 FTD Deployments, page 18 Background The ACI fabric
More informationCisco Designing Cisco Data Center Unified Fabric (DCUFD) v5.0. Download Full Version :
Cisco 642-996 Designing Cisco Data Center Unified Fabric (DCUFD) v5.0 Download Full Version : https://killexams.com/pass4sure/exam-detail/642-996 Answer: A QUESTION: 156 Which three functions are provided
More informationEnterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.
2 CHAPTER Cisco's Disaster Recovery as a Service (DRaaS) architecture supports virtual data centers that consist of a collection of geographically-dispersed data center locations. Since data centers are
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationCisco Application Centric Infrastructure (ACI) Simulator
Data Sheet Cisco Application Centric Infrastructure (ACI) Simulator Cisco Application Centric Infrastructure Overview Cisco Application Centric Infrastructure (ACI) is an innovative architecture that radically
More informationCisco ACI Terminology ACI Terminology 2
inology ACI Terminology 2 Revised: May 24, 2018, ACI Terminology Cisco ACI Term Alias API Inspector App Center Application Policy Infrastructure Controller (APIC) Application Profile Atomic Counters Alias
More informationPrinciples of Application Centric Infrastructure
White Paper Principles of Application Centric Infrastructure What You Will Learn One of the main innovations in application centric infrastructure (ACI) is the introduction of a highly abstracted interface
More informationDesigning Cisco Data Center Unified Computing
Designing Cisco Data Center Unified Computing Number: 642-998 Passing Score: 800 Time Limit: 120 min File Version: 1.1 http://www.gratisexam.com/ Sections 1. Drag and Drop 2. Questions 3. Hot Spot CISCO
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
SAI2803BU The Road to Micro- Segmentation with VMware NSX #VMworld #SAI2803BU Disclaimer This presentation may contain product features that are currently under development. This overview of new technology
More informationCisco ACI Virtual Machine Networking
This chapter contains the following sections: Cisco ACI VM Networking Supports Multiple Vendors' Virtual Machine Managers, page 1 Virtual Machine Manager Domain Main Components, page 2 Virtual Machine
More informationCisco CloudCenter Solution with Cisco ACI: Common Use Cases
Cisco CloudCenter Solution with Cisco ACI: Common Use Cases Cisco ACI increases network security, automates communication policies based on business-relevant application requirements, and decreases developer
More informationReal World ACI Deployment and Migration
Real World ACI Deployment and Migration #clmel Kannan Ponnuswamy Solution Architect Cisco Advanced Services Icons and Terms APIC Application Policy Infrastructure Controller (APIC) Cisco Nexus 9500 Cisco
More informationF5 Demystifying Network Service Orchestration and Insertion in Application Centric and Programmable Network Architectures
F5 Demystifying Network Service Orchestration and Insertion in Application Centric and Programmable Network Architectures Jeffrey Wong - Solution Architect F5 Networks February, 2015 Agenda F5 Synthesis
More informationNew and Changed Information
This chapter contains the following sections:, page 1 The following table provides an overview of the significant changes to this guide for this current release. The table does not provide an exhaustive
More informationDevNet Technical Breakout: Introduction to ACI Programming and APIs.
DevNet Technical Breakout: Introduction to ACI Programming and APIs. Michael Cohen Agenda Introduction to ACI ACI Policy ACI APIs REST API Python API L4-7 Scripting Opflex 3 Application Centric Infrastructure
More informationQ&As DCID Designing Cisco Data Center Infrastructure
CertBus.com 300-160 Q&As DCID Designing Cisco Data Center Infrastructure Pass Cisco 300-160 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: 100% Passing Guarantee
More informationCisco ACI and Cisco AVS
This chapter includes the following sections: Cisco AVS Overview, page 1 Installing the Cisco AVS, page 5 Key Post-Installation Configuration Tasks for the Cisco AVS, page 14 Distributed Firewall, page
More informationNetwork Services in Virtualized Data Center
Network Services in Virtualized Data Center Tomáš Michaeli Consulting Systems Engineer, DCV Central / Czech republic 21 Mar 2012 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 Almost
More informationReal World ACI Deployment and Migration Kannan Ponnuswamy, Solutions Architect BRKACI-2601
Real World ACI Deployment and Migration Kannan Ponnuswamy, Solutions Architect BRKACI-2601 Icons and Terms APIC Application Policy Infrastructure Controller (APIC) Cisco Nexus 9500 Cisco Nexus 9300 Nexus
More informationTenant Onboarding. Tenant Onboarding Overview. Tenant Onboarding with Virtual Data Centers
Overview, page 1 with Virtual Data Centers, page 1 with Resource Groups, page 5 Overview In Cisco UCS Director, tenants enable you to securely control and allocate the virtual and physical infrastructure
More informationQuick Start Guide (SDN)
NetBrain Integrated Edition 7.1 Quick Start Guide (SDN) Version 7.1a Last Updated 2018-09-03 Copyright 2004-2018 NetBrain Technologies, Inc. All rights reserved. Contents 1. Discovering and Visualizing
More informationCreating Application Containers
This chapter contains the following sections: General Application Container Creation Process, page 1 Creating Application Container Policies, page 2 About Application Container Templates, page 5 Creating
More informationAutomate Application Deployment with F5 Local Traffic Manager and Cisco Application Centric Infrastructure
Automate Application Deployment with F5 Local Traffic Manager and Cisco Application Centric Infrastructure White Paper 2016 Cisco F5 Networks. All rights reserved. Page 1 Contents What You Will Learn...
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
NET1350BUR Deploying NSX on a Cisco Infrastructure Jacob Rapp jrapp@vmware.com Paul A. Mancuso pmancuso@vmware.com #VMworld #NET1350BUR Disclaimer This presentation may contain product features that are
More informationKey Security Measures to Enable Next-Generation Data Center Transformation
Key Security Measures to Enable Next-Generation Data Center Transformation Bill McGee Senior Manager, Security Solutions Cisco Systems, Inc. Agenda Data Center Security Challenges Secure DC Strategies
More informationBuilding NFV Solutions with OpenStack and Cisco ACI
Building NFV Solutions with OpenStack and Cisco ACI Domenico Dastoli @domdastoli INSBU Technical Marketing Engineer Iftikhar Rathore - INSBU Technical Marketing Engineer Agenda Brief Introduction to Cisco
More informationLayer 4 to Layer 7 Service Insertion, page 1
This chapter contains the following sections:, page 1 Layer 4 to Layer 7 Policy Model, page 2 About Service Graphs, page 2 About Policy-Based Redirect, page 5 Automated Service Insertion, page 12 About
More informationDELL EMC VSCALE FABRIC
NETWORK DATA SHEET DELL EMC VSCALE FABRIC FIELD-PROVEN BENEFITS Increased utilization and ROI Create shared resource pools (compute, storage, and data protection) that connect to a common, automated network
More informationIBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture
IBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture Date: 2017-03-29 Version: 1.0 Copyright IBM Corporation 2017 Page 1 of 16 Table of Contents 1 Introduction... 4 1.1 About
More information2018 Cisco and/or its affiliates. All rights reserved.
Beyond Data Center A Journey to self-driving Data Center with Analytics, Intelligent and Assurance Mohamad Imaduddin Systems Engineer Cisco Oct 2018 App is the new Business Developer is the new Customer
More informationIntegrating Cisco UCS with Cisco ACI
Integrating Cisco UCS with Cisco ACI Marian Klas, mklas@cisco.com Systems Engineer Data Center February 2015 Agenda: Connecting workloads to ACI Bare Metal Hypervisors UCS & APIC Integration and Orchestration
More informationHierarchical Fabric Designs The Journey to Multisite. Lukas Krattiger Principal Engineer September 2017
Hierarchical Fabric Designs The Journey to Multisite Lukas Krattiger Principal Engineer September 2017 A Single Fabric, a Single Data Center External Layer-3 Network Pod 1 Leaf/ Topologies (aka Folded
More informationNevrijeme u oblacima i kako se zaštititi
Nevrijeme u oblacima i kako se zaštititi Goran Peteh Enterprise Systems Engineer Zagreb, 0.2.20. Agenda Internet trends MorganStanley Identity-aware infrastructure Physical and virtual security Cumulus
More informationCisco CCIE Data Center Written Exam v2.0. Version Demo
Cisco 400-151 CCIE Data Center Written Exam v2.0 Version Demo QUESTION 1 Which IETF standard is the most efficient messaging protocol used in an lot network? A. SNMP B. HTTP C. CoAP D. MQTI Correct Answer:
More informationConfiguring Layer 4 to Layer 7 Resource Pools
Configuring Layer 4 to Layer 7 Resource Pools About Layer 4 to Layer 7 Resource Pools, page 1 About External IP Address Pools, page 2 About External Layer 3 Routed Domains and the Associated VLAN Pools,
More informationHybrid Cloud Solutions
Hybrid Cloud Solutions with Cisco and Microsoft Innovation Rob Tappenden, Technical Solution Architect rtappend@cisco.com March 2016 Today s industry and business challenges Industry Evolution & Data Centres
More informationIntegrating NetScaler ADCs with Cisco ACI
Docs.Citrix.com Integrating NetScaler ADCs with Cisco ACI http://docs.citrix.com/content/docs/en-us/netscaler/10-1/ns-solutions-con/cisco-aci-wrapper.html Jan. 28, 2011 citrix.com 1 Integrating NetScaler
More informationDesign Guide to run VMware NSX for vsphere with Cisco ACI
White Paper Design Guide to run VMware NSX for vsphere with Cisco ACI First published: January 2018 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page
More informationCisco ACI - Application Policy Enforcement Using APIC
Cisco ACI - Application Policy Enforcement Using APIC Azeem Suleman Solutions Architect House Keeping Notes Tuesday April 15, 2014 Thank you for attending Cisco Connect Toronto 2014, here are a few housekeeping
More information