NGFWv & ASAv in Public Cloud (AWS & Azure)
|
|
- Domenic Horton
- 5 years ago
- Views:
Transcription
1
2 & in Public Cloud (AWS & Azure) Anubhav Swami, CCIE# Technical Marketing Engineer
3 Your Speaker Anubhav Swami Technical Marketing Engineer 5 years in Cisco TAC 2 years in ASA BU 2 years in Technical Marketing 14+ years in Networking Youtube Channel: Cisco and/or its affiliates. All rights reserved. Cisco Public 3
4 Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space Cisco Spark spaces will be available until July 3, cs.co/ciscolivebot# 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
5 Spark Room Managers Goran Saradzic Manager, Technical Marketing David Abercrombie Sr. Manager, Product Management 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
6 Related Cisco Live Las Vegas 2017 Sessions BRKSEC-3035 Firepower Platform Deep Dive BRKSEC-2050 Firepower NGFW Edge Deployment Scenarios BRKACI-3004 Deep Dive on Cisco Security in ACI (NGFW, ASA and NGIPS) BRKSEC-3032 NGFW Clustering Deep Dive BRKARC-2749 Extending Enterprise Network into Public Cloud with Cisco CSR1000v 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
7 Agenda Introduction to Security in Public Cloud /FTDv & in Azure Demo ( N/S, E/W traffic inspection & Micro segmentation) /FTDv and in AWS Demo ( Stateless Scale-out) Conclusion
8 Challenges for IT APP Applications On-Premise or cloud? Build/Buy/Rent? Agility Provision app development Risk Mitigation Security. Compliance. Sovereignty Cisco and/or its affiliates. All rights reserved. Cisco Public 8
9 Cloud Terminology For your Reference Azure Resource Group (RG) Virtual Network (VNET) Subnet User Defined Routes (UDR) Load Balancer Availability Set Azure Resource Manager Template (ARM) AWS Virtual Private Cloud (VCP) Route Table and Subnet Elastic Cloud Compute (EC2) Elastic Load balancer (ELB) Elastic IP Availability Zone (AZ) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
10 & Overview
11 Native security in Azure and AWS Azure Network Security Group (NSG) and AWS Security Group (SG) Similar to access control list Action (Allow or Deny) traffic Layer 3/Layer 4 rules Control Inbound and Outbound traffic Today security requires critical function like stateful packet inspection, application visibility and control, threat centric protection, URL filtering, advanced malware protection and Virtual Private Network (VPN) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
12 Next Generation Firewall () Features (Public Cloud) Next Generation Firewall 6.2 Routed & Passive modes (AWS), ACL, application inspection and S2S VPN. Comprehensive threat prevention, Layer 7 Application Visibility and Control Security intelligence (C&C, botnets, IP, DNS) threat/risk reports Networking, Firewalling and NAT URL filtering, malware blocking, continuous file analysis, malware network trajectory Cisco AMP public and private cloud with Threat Grid integration Management Tool Firepower Management Center (FMC) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13 Firepower Management Center (FMC) Next Generation Firewall 6.2 FMC 1000, 2500, 4500, Virtual Appliance FMC is required for managing FTDv/ Virtual FMC can be deployed on ESXi, KVM and in AWS Required for configuration, management & checking events in cloud can be managed by FMC in AWS or FMC on premise (physical or virtual) FMC dashboard provides complete visibility 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
14 Deployment modes and FTDv Firepower Thread Defense Virtual on Hypervisors (ESXi and KVM) Next Generation Firewall Virtual in Public Cloud Routed Inline Routed (AWS and Azure) Passive (AWS) Transparent Inline Tap Passive No support for passive mode in Azure because ERSPAN is not supported 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
15 Firewall Features (Public Cloud) ASA 9.7 Firewall functionality, NAT, ACL and packet inspection VPN capability (LAN-to-LAN, RAVPN (AnyConnect) and Clientless VPN REST API for programmed configuration and monitoring AAA with Local, Radius, TACACS+, and LDAP support Route based VPN (VTI) Management tools ASDM, CSM, API or Cisco Defense Orchestrator 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
16 Orchestrate configuration using Cisco Defense Orchestrator (CDO) Cisco Defense Orchestrator (CDO) ASA configuration orchestration CDO is licensed per device Cloud based solution Easy to integrate Cisco Defense Orchestrator 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
17 Performance Numbers
18 & Performance Numbers AWS Instance Instance Type Throughput Interface VPN Endpoints c3.xlarge 1 Gbps 2 + 2* S2S VPN Azure c3/c4.large (10) 1 Gbps 2 + 1* 250 c3/c4.xlarge ( 30) 2 Gbps 3 + 1* 750 Instance Instance Type Throughput Interface VPN Endpoints Standard D3, D3v2 1 Gbps 2 + 2* S2S VPN Standard D3, D3v2 (10) 1 Gbps 3 + 1* 750 * Management interface 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19 & in Azure
20 in Azure Deploy in Routed Mode Launch supported instance from Azure Marketplace Edge firewall and S2S VPN, AVC, Threat-centric protection, URL and AMP capabilities North/South & East/West traffic inspection Supports Cisco Smart BYOL model Supported Machine Size Number of Interfaces (Subnets) NGFW Platform Number of vcpus Standard D3 & D3v RAM (GB) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
21 in Azure Deploy in Routed Mode Launch supported instance from Azure Marketplace Deploy at the edge to provide RA VPN, Site to Site VPN and edge firewall capabilities North-South, East-West traffic control capability Supports Cisco Smart BYOL model Supported Machine Size Number of Interfaces (Subnets) Platform Number of vcpus Standard D3 & D3v RAM (GB) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
22 Deployment modes
23 in Azure Routed Mode Internal eth3 eth2 External Management Workloads vnet On premise FMC 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
24 in Azure Routed Mode Inside dmz1 Workloads Mgmt/Outside dmz2 Workloads vnet Workloads 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
25 Use Cases ( & )
26 Use Cases - Azure North/South, East/West Traffic Inspection Micro segmentation Multiple IP on interface VNET peering Site to Site VPN and Remote access VPN Inter-subnet communication Edge Firewall Service Chain 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
27 N/S, E/W traffic filtering & Micro Segmentation WEB-RT vnet WEB Destination APP DB WEB Next Hop APP-RT Destination INT-RT Next Hop Management0/0 FMC Highlighted routes are required for Micro Segmentation Destination Next Hop WEB Internal External APP DB APP Destination DB-RT Next Hop Destination WEB Routes on Next Hop users DB APP WEB APP DB x.x.x.1 (First IP of Internal Subnet) DB /0 y.y.y.1 (First IP of external Subnet) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
28 N/S, E/W traffic filtering & Micro Segmentation WEB-RT INT-RT vnet Destination Next Hop Destination Next Hop WEB APP DB WEB dmz1 dmz2 Highlighted routes are required for Micro Segmentation APP-RT Destination WEB Next Hop Inside Outside Mgmt0/0 APP DB APP DB Destination APP WEB DB-RT Next Hop Destination WEB APP DB Routes on Next Hop x.x.x.1 (First IP of Internal Subnet) /0 y.y.y.1 (First IP of external Subnet) users DB same-security-traffic permit intra-interface command is required on ASA to enable Hairpinning 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
29 / Multiple IPs on Interface NAT on Firewall Real IP Mapped IP WEB-RT Destination APP DB Next Hop (internal) (internal) (internal) Internal /24 External /24 Translation on Azure NAT Gateway WEB vnet 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
30 NAT configuration Example: Above NAT configuration is an example of one-to-one translation & you still need access control policy to allow traffic 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
31 interconnect VNETs (Site to Site VPN tunnel) Internal-RT Internal-RT Destination Next Hop Destination Next Hop vnet2.vnetn (internal) (internal) FMC vnet2.vnetn (internal) (internal) Internal vnet vnet Internal External Site to Site VPN Tunnel External Destination External-RT Next Hop AS Av Destination External-RT Next Hop AS Av /0 x.x.x.1 (external subnet) /0 x.x.x.1 (external subnet) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
32 interconnect VNETs (Site to Site VPN tunnel) Internal-RT Internal-RT Destination Next Hop Destination Next Hop (internal) (internal) vnet2.vnetn (internal) vnet2.vnetn (internal) Inside vnet vnet dmz1 dmz2 dmz2 dmz1 Internal Inside Outside Site to Site VPN Tunnel Outside Destination External-RT Next Hop AS Av Destination External-RT Next Hop AS Av /0 x.x.x.1 (external subnet) /0 x.x.x.1 (external subnet) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
33 Site to Site VPN Internal Internal-RT Destination Corporate DC Next Hop (internal) (internal) Management0/0 FMC External Site to Site VPN Tunnel Use case Network Address Translation (NAT) vnet Site to Site Tunnel Access Control Policy, IPS Policy and AMP policy Networking, Firewalling and AVC NGFW Corporate Data Centre Site-to-site VPN 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
34 Inter Subnet and Edge Firewall DB Use case Network Address Translation (NAT) Access Control Policy, IPS Policy and AMP policy Networking, Firewalling and AVC WEB DB-RT WEB-RT 1 users Destination Next Hop Destination Next Hop (Internal) -Edge (inside) WEB (Internal) DB (External) vnet 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
35 Cisco Edge Firewall, RA VPN & Site to Site VPN Inside Destination Internal-RT Next Hop RA VPN Users (internal) Corporate DC (internal) RA VPN Pool (Internal) Outside Site to Site VPN Tunnel Remote Access VPN Dmz1 and DMZ2 RT dmz1 dmz2 Destination Next Hop (internal) ASA Workloads vnet Corporate DC RA VPN Pool (internal) (Internal) Corporate Data Centre Site-to-site VPN 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
36 Inter Subnet and Service Chain Inside dmz1 Workloads DM VPN Other Security Outside CSRv Services dmz2 ASR vnet Workloads Workloads Corporate Data Centre 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
37 HA in Azure
38 HA in Azure Overview Integrated solution No external scripts or agents Stateless Switchover Connections must be initiated Fast switchover From detection to recovery in seconds Management s are managed separately (configuration, control, monitoring). No config sync between active and backup.) HA in Azure is coming out in July Cisco and/or its affiliates. All rights reserved. Cisco Public 38
39 ARM Template Deployment ( and )
40 Deploy / using ARM template Add / to existing resource group Publish template to customers, partner and vendors Deploy firewall with additional parameters (example: Availability Set) Multiple device deployment ARM template is a.json script 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
41 Pre-requisites for template deployment Following should be created before initiating firewall deployment using ARM template Resource Group Availability Set VNET Subnets Storage Account No conflicting resource name ARM Template: ARM Template: Cisco and/or its affiliates. All rights reserved. Cisco Public 41
42 Stateless scale-out design ( & )
43 Scale out design Inside dmz1 Translated Source Egress Interface Source Translated Destination Internal Load Balancer address Destination users Load Balancer mgmt Azure Internal Load Balancer dmz2 Availability Set Azure External Load Balancer (Public IP) vnet Incoming Traffic Return Traffic 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
44 ASA NAT configuration example For your Reference object service obj-http service tcp destination eq www object network obj host object network obj host object service obj-8080 service tcp destination eq 8080 nat (management,inside) source dynamic any interface destination static interface obj service obj-http obj-http nat (management,inside) source dynamic any interface destination static interface obj service obj-8080 obj Cisco and/or its affiliates. All rights reserved. Cisco Public 44
45 Scale out design Inside dmz1 Translated Source Egress Interface Source Load Balancer Translated Destination Internal Load balancer address Destination mgmt users Azure Internal Load Balancer dmz2 Availability Set Azure External Load Balancer (Public IP) PowerShell script is required to send traffic to eth2 interface vnet Incoming Traffic Return Traffic 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
46 Scale out design (Contd.) Power Shell Script to change behavior of Azure Load Balancer Login-AzureRmAccount Select-AzureRmSubscription -Subscriptionid "xxxxxxx" $RG=Get-AzureRmResourceGroup -Name "answami-ngfw" -location "westcentralus" $NRPLB = Get-AzureRmLoadBalancer -ResourceGroupName "answami-ngfw" -Name "answami-ngfwelb $beaddresspool= Get-AzureRmLoadBalancerBackendAddressPoolConfig -Name "ngfwpool" - LoadBalancer $NRPLB $nic1 = Get-AzureRmNetworkInterface -Name "answami-ngfw001-nic2" -ResourceGroupName "answami-ngfw" $nic1.ipconfigurations[0].loadbalancerbackendaddresspools=$beaddresspool Set-AzureRmNetworkInterface -NetworkInterface $nic1 $nic2 = Get-AzureRmNetworkInterface -Name "answami-ngfw002-nic2" -ResourceGroupName "answami-ngfw" $nic2.ipconfigurations[0].loadbalancerbackendaddresspools=$beaddresspool Set-AzureRmNetworkInterface -NetworkInterface $nic2 $NRPLB Set-AzureRmLoadBalancer 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
47 Demo N/S, E/W traffic inspection & Micro Segmentation in Azure
48 N/S, E/W traffic filtering & Micro Segmentation WEB-RT vnet / WEB / APP Destination APP DB WEB Destination WEB DB APP APP-RT Next Hop Next Hop INT-RT Destination Next Hop /24 Internal Management0/ /24 External FMC Highlighted routes are required for Micro Segmentation / DB Destination APP WEB DB DB-RT Next Hop Destinati on WEB APP DB Next Hop Routes on (First IP of Internal Subnet) / (First IP of external Subnet) users IP Add Interface Internal external 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
49 & in Amazon Web Services (AWS)
50 in AWS Deploy & FMCv in AWS and FMCv AMI are available in AWS market place supports Routed & Passive Mode Provides Networking, firewalling, threat-centric protection, URL filtering & AMP capabilities Cisco Smart BYOL, hourly and annual model Instance Type Interfaces Number of vcpus FMCv & c3.xlarge 2 + 2* FMCv c3.2xlarge RAM (GB) * Management interface 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
51 in AWS Deploy in AWS in Routed Mode Deploy at the edge to provide RA VPN, Site to Site VPN & edge firewall capabilities East/West traffic control capability Cisco Smart BYOL, hourly and annual model Supported Instance Types Number of Interfaces (Subnets) Platform Number of vcpus c3.large/c4.large 2+1* c3.xlarge/c4.xlarge 3+1* RAM (GB) * Management interface can be used as a data interface 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
52 Deployment modes
53 in AWS Routed Mode Internal Workloads EC2 Management External Firepower Management Center* * Firepower Management can be on Premise or in AWS AWS Gateway 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
54 in AWS Passive Mode Internal Management Workloads EC2 CSRv ERSPAN Firepower Management Center* External * Firepower Management can be on Premise or in AWS AWS Gateway 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
55 in AWS Routed Mode Inside dmz1 EC2 AWS Gateway Mgmt/Outside dmz2 EC2 EC Cisco and/or its affiliates. All rights reserved. Cisco Public 55
56 Use Cases (AWS)
57 Use Cases - AWS Secure Transit VPC Multiple IP on interface VPC peering Edge firewall and Site to Site VPN Inter-subnet communication Remote access VPN ASA Virtual Tunnel Interface (Route Based VPN) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
58 Secure Transit VPC - VPC A VPC B Spoke VPC AZ1 AZ2 CSRv CSRv RT Transit VPC *Only one IGW, two IGWs for better diagram Cisco and/or its affiliates. All rights reserved. Cisco Public 58
59 Control plane connectivity Transit VPC Transit VPC Subnet Next Hop IGW Add specific routes to No default routes because it will be learned from BGP session with IGW Subnet /24 MGMT RT Subnet /24 Add specific routes to No default routes because it will be learned from BGP session with Subnet Next Hop Subnet Next Hop / Csr1-ngfwv Csr2-ngfwv / /24.6 CSR1 RT CSR / IGW Subnet Next Hop MGMT RT -IN /24 IN.4 can reach out to 5.5 and 6.6 through IN (4.4).224 -OUT OUT /24 Subnet Next Hop / IGW / Traffic to get out from -OUT interface FMCv AZ1 Subnet / AZ2 *Only one IGW, two IGWs for better diagram Cisco and/or its affiliates. All rights reserved. Cisco Public 59
60 Data Plan connectivity Transit VPC Transit VPC Subnet IGW Next Hop IGW *Only one IGW, two IGWs for better diagram. IGW Subnet Next Hop / Subnet Next Hop MGMT RT CSR1 Subnet /24 Csr1-ngfwv Csr2-ngfwv / /24.6 -IN / IN RT.4 MGMT RT Subnet Next Hop / (Active CSR1) (Standby CSR2) Spoke-CIDR Subnet /24 CSR (Active CSR1) (Standby CSR2) / () -OUT OUT /24 Subnet Next Hop / Subnet Next Hop / For return traffic to spoke vpc to be redirected to CSR Active For internet traffic from spoke vpc to be redirected to IGW / FMCv AZ1 Subnet / AZ Cisco and/or its affiliates. All rights reserved. Cisco Public 60
61 Packet flow: to Spoke Spoke-A Transit VPC Subnet IGW Next Hop IGW *Only one IGW, two IGWs for better diagram. IGW Subnet Next Hop / Subnet IGW Next Hop MGMT RT CSR1 Subnet /24 Csr1-ngfwv Csr2-ngfwv / /24.6 -IN / IN RT.4 MGMT RT Subnet Subnet /24 Next Hop / (Active CSR1) (Standby CSR2) Spoke-CIDR CSR (Active CSR1) (Standby CSR2) / () -OUT OUT /24 Subnet Next Hop / / Subnet Next Hop / For return traffic to spoke vpc to be redirected to CSR Active For internet traffic from spoke vpc to be redirected to FMCv AZ1 Subnet / AZ Cisco and/or its affiliates. All rights reserved. Cisco Public 61
62 Packet flow:spoke to Spoke-A Transit VPC Subnet IGW Next Hop IGW Subnet Next Hop Subnet-1 MGMT RT Subnet-2 Subnet Next Hop *Only one IGW, two IGWs for better diagram. IGW / Subnet Next Hop MGMT RT CSR1 Csr1-ngfwv Csr2-ngfwv / /24.6 -IN / IN RT.4 Subnet Next Hop / (Active CSR1) (Standby CSR2) Spoke-CIDR CSR (Active CSR1) (Standby CSR2) / () OUT -OUT /24 Subnet Next Hop / / For return traffic to spoke vpc to be redirected to CSR Active For internet traffic from spoke vpc to be redirected to IGW / FMCv AZ1 Subnet / AZ Cisco and/or its affiliates. All rights reserved. Cisco Public 62
63 / in AWS Multiple IPs inside outside EC2 instances Users 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
64 in AWS Inter VPC inside outside Site to Site VPN Tunnel outside EC2 instances FMC 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
65 in AWS Interconnect VPCs (Site to Site VPN) For your Reference inside outside Site to Site VPN Tunnel outside EC2 instances 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
66 in AWS Edge Firewall & Site to Site VPN inside Corporate DC Site-to-site VPN NGFW outside Site to Site VPN Tunnel Traffic Management EC2 instances FMC Users 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
67 in AWS RA VPN, Site 2 Site VPN, Edge Firewall and inter-subnet Inside dmz1 Corporate DC Site-to-site VPN EC2 instances outside Site to Site VPN Tunnel Remote Access VPN NGFW ASA dmz2 EC2 instances EC2 instances RA VPN Users 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
68 ASA in AWS VTI (Route Based VPN) Inside ASA should have version running Route based VPN requires BGP Corporate DC (Site-to-site VPN) Site to Site VPN Tunnel ASA NGFW EC2 instances AWS VPN Connection Steps to configuration Route-based VPN 1. Create Customer Gateway (Dynamic for Route based VPN) 2. Create Virtual Private Gateway 3. Attach Virtual Private Gateway to VPC 4. Create VPN connection 5. Enable route propagation in AWS route table to learn routes 6. Download configuration 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
69 ASA VTI Configuration Steps Step 1 Click VPC from AWS services Step 2 Click VPC from AWS services 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
70 ASA VTI Configuration Steps Step 3: Click Customer Gateway, Step 4: Create Customer Gateway, Step 5: Yes, Create Name Tag: Enter name Routing: Dynamic IP address: Public address of your on premise ASA BGP ASN: Required for route based VPN 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
71 ASA VTI Configuration Steps (contd.) Step 6: click VPN Gateway Step 7: Enter name for VPN Gateway, Step 8: Yes, Create Name Tag: Enter name 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
72 ASA VTI Configuration Steps (contd.) Step 9: Attach to VPC, Step 10: Select VPC from drop down, Step 11: Yes, Attach This process can take few minutes 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
73 ASA VTI Configuration Steps (contd.) Step 12: Click VPN connections, Step 13: Create VPN connection, Step 14: Select proper customer gateway, VPN Gateway and routing option Dynamic, Step 15: Yes, Create Dynamic routing is required for route based VPN 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
74 ASA VTI Configuration Steps (contd.) Step 17: Enable route propagation in AWS route table 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
75 ASA VTI Configuration Steps (contd.) Step 17: Download the suggested configuration. Choose the values below in order to generate a configuration that is a VTI style configuration. Select Vendor: Cisco Platform: ISR Series Router Software: IOS: Cisco and/or its affiliates. All rights reserved. Cisco Public 75
76 ASA VTI Configuration Steps (contd.) After downloading configuration some conversion is required For your Reference 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
77 ASA VTI Configuration Steps (contd.) For your Reference 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
78 ASA VTI Configuration Steps (contd.) For your Reference 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
79 ASA VTI Configuration Steps (contd.) For your Reference Final Step is to add converted configuration on ASA (on premise) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
80 Stateless Scale-Out Design (AWS)
81 Load Balancing across Availability Zones Subnet-2a Subnet-1a Subnet-3a AZ1 Subnet-2b ELB IGW users Subnet-1b Subnet-3b AZ Cisco and/or its affiliates. All rights reserved. Cisco Public 81
82 NAT configuration For your Reference asaaz1 object service obj-http service tcp destination eq www object network obj host nat (management,inside) source dynamic any interface destination static interface obj service obj-http obj-http asaaz2 object service obj-http service tcp destination eq www object network obj host nat (management,inside) source dynamic any interface destination static interface obj service obj-http obj-http 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
83 Demo stateless scale-out design & load balance traffic across Availability Zone in AWS
84 stateless scale-out design & load balance traffic across Availability Zone lnx-az1 asaaz1 ELB asaaz2 lnx-az2 us-west-2a us-west-2b users AWS IGW 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
85 NAT configuration For your Reference asaaz1 object service obj-http service tcp destination eq www object network obj host nat (management,inside) source dynamic any interface destination static interface obj service obj-http obj-http asaaz2 object service obj-http service tcp destination eq www object network obj host nat (management,inside) source dynamic any interface destination static interface obj service obj-http obj-http 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
86 Licensing & Marketplace Listings
87 Azure AWS licensing Cisco Smart License (BYOL) Bring your own license Hourly & annual usage model 2 Activate and Use Software Licenses are managed by Firepower Management Center Cisco Smart Software Manager Entitlement 1 Place Order Distribution Cisco Smart License (BYOL) Bring your own license 3 Cisco Smart Software Manager BASE License (Networking, Firewalling, AVC) Term Based Licenses* (Threat, URL Filtering, AMP) * Term is 1yr, 3yr & 5 year 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
88 Azure AWS licensing Cisco Smart License (BYOL) Bring your own license Hourly & annual usage model 2 Activate and Use Software Cisco Smart Software Manager Entitlement 1 Place Order Distribution Cisco Smart License (BYOL) Standard License (Firewalling & Throughput) VPN License (Anyconnect & IPSEC) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
89 and Marketplace Listings Product Marketplace listing BYOL Marketplace listing Hourly & Annual FMCv Marketplace listing BYOL Marketplace listing BYOL, Hourly & Annual AWS Marketplace listing Product Marketplace listing BYOL Marketplace listing BYOL Azure Marketplace listing Cisco and/or its affiliates. All rights reserved. Cisco Public 89
90 Summary Available in AWS and Azure Flexible licensing (BYOL + Hourly + Annual) Feature Parity Template Deployment for and in Azure Leverage existing management/monitoring tools and operational resources Stateless Scale-Out design High Availability in Azure for releasing in July 2017 REST-API support for orchestration and automation Integration with Cisco Defense Orchestrator for configuration orchestration 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
91 Demo Videos For your Reference Demo1: North-South, East-West traffic inspection and micro segmentation Demo2: Scale-Out in AWS Cisco and/or its affiliates. All rights reserved. Cisco Public 91
92 YouTube Channel Public Cloud Playlist: Cisco and/or its affiliates. All rights reserved. Cisco Public 92
93 in cloud (Videos) For your Reference Cisco deployment in AWS and block malware (Part1, 2 and 3) Cisco deployment in Azure Cisco Firepower in Azure : Protect vnet workloads N/S and E/W Cisco micro-segmentation use case in Azure Cisco and/or its affiliates. All rights reserved. Cisco Public 93
94 in cloud (Videos) For your Reference Cisco deployment in AWS Cisco deployment in Azure Cisco template deployment Cisco scale out design in AWS Cisco scale out design in Azure Cisco and/or its affiliates. All rights reserved. Cisco Public 94
95 Reference Links For your Reference Cisco licensing (BYOL) Cisco licensing (BYOL) ARM Template ARM Template Cisco and/or its affiliates. All rights reserved. Cisco Public 95
96 Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card. Complete your session surveys through the Cisco Live mobile app or on Don t forget: Cisco Live sessions will be available for viewing on demand after the event at Cisco and/or its affiliates. All rights reserved. Cisco Public
97 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
98 Thank you
99
NGFWv and ASAv in Public Cloud
and ASAv in Amazon Web Services (AWS) and Azure Jesper Rathsach jrathsac@cisco.com Consulting cybersecurity systems engineer, Cisco Systems 29 th August 2018 Introduktion til public cloud Overblik over,
More informationAdvanced CSR Lab with High Availability and Transit VPC
Advanced CSR Lab with High Availability and Transit VPC Fan Yang, Cisco, Engineer, Technical Marketing Nikolai Pitaev, Cisco, Engineer, Technical Marketing LTRVIR-3004 Agenda Slides (30 Min.): CSR 1000V
More informationLTRDCN-2100 Cloud networking solutions with Cisco Cloud Services Router (CSR 1000V) on AWS and Azure
LTRDCN-2100 Cloud networking solutions with Cisco Cloud Services Router (CSR 1000V) on AWS and Azure Fan Yang, Cisco, Engineer, Technical Marketing Raghavendra K S, Cisco, Engineer, Technical Marketing
More informationDeploy the Firepower Management Center Virtual On the AWS Cloud
Deploy the Firepower Management Center Virtual On the AWS Cloud Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you define.
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationCisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13
Q&A Cisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13 Q. What is the Cisco Cloud Services Router 1000V? A. The Cisco Cloud Services Router 1000V (CSR 1000V) is a router in virtual
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationNGF0502 AWS Student Slides
NextGen Firewall AWS Use Cases Barracuda NextGen Firewall F Implementation Guide Architectures and Deployments Based on four use cases Edge Firewall Secure Remote Access Office to Cloud / Hybrid Cloud
More informationSECURING THE MULTICLOUD
SECURING THE MULTICLOUD Bahul Harikumar and Ali Bidabadi Juniper Networks This statement of direction sets forth Juniper Networks current intention and is subject to change at any time without notice.
More informationEdgeConnect for Amazon Web Services (AWS)
Silver Peak Systems EdgeConnect for Amazon Web Services (AWS) Dinesh Fernando 2-22-2018 Contents EdgeConnect for Amazon Web Services (AWS) Overview... 1 Deploying EC-V Router Mode... 2 Topology... 2 Assumptions
More informationCisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002
Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002 Agenda Joint Cisco and Microsoft Integration Efforts Introduction to CCA-MCP What is a Pattern?
More informationSegmentation. Threat Defense. Visibility
Segmentation Threat Defense Visibility Establish boundaries: network, compute, virtual Enforce policy by functions, devices, organizations, compliance Control and prevent unauthorized access to networks,
More informationData Center Security. Fuat KILIÇ Consulting Systems
Data Center Security Fuat KILIÇ Consulting Systems Engineer @Security Data Center Evolution WHERE ARE YOU NOW? WHERE DO YOU WANT TO BE? Traditional Data Center Virtualized Data Center (VDC) Virtualized
More informationCreating your Virtual Data Centre
Creating your Virtual Data Centre VPC Fundamentals and Connectivity Options Paul Burne, Senior Technical Account Manager, Enterprise Support - 28 th June 2017 2016, Amazon Web Services, Inc. or its Affiliates.
More informationNext generation branch with SD-WAN and NFV
Next generation branch with SD-WAN and NFV Kiran Ghodgaonkar, Senior Manager, Enterprise Marketing Mani Ganeson, Senior Product Manager PSOCRS-2004 @ghodgaonkar Cisco Spark How Questions? Use Cisco Spark
More informationCisco Multicloud Portfolio: Cloud Connect
Design and Deployment Guide Cisco Multicloud Portfolio: Cloud Connect AWS Transit VPC with Cisco Cloud Services Router 1000V June 2018 2018 Cisco and/or its affiliates. All rights reserved. This document
More informationTetration Hands-on Lab from Deployment to Operations Support
LTRACI-2184 Tetration Hands-on Lab from Deployment to Operations Support Furong Gisiger, Solutions Architect Lawrence Zhu, Sr. Solutions Architect Cisco Spark How Questions? Use Cisco Spark to communicate
More informationHow to Install Forcepoint NGFW in Amazon AWS TECHNICAL DOCUMENT
How to Install Forcepoint NGFW in Amazon AWS TECHNICAL DOCUMENT Table of Contents TABLE OF CONTENTS... 1 TEST NETWORK DIAGRAM... 2 PREPARING YOUR VPC... 3 IP addressing... 3 Virtual Private Cloud (VPC)...
More informationCloud-Ready WAN For IAAS & SaaS With Cisco s Next- Gen SD-WAN
BRKCRS-2113 Cloud-Ready WAN For IAAS & SaaS With Cisco s Next- Gen SD-WAN Sumanth Kakaraparthi Product Leader SD-WAN Manan Shah Director Of Product Management Cisco Spark How Questions? Use Cisco Spark
More informationHow to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud
How to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud The Barracuda NG Firewall can run as a virtual appliance in the Amazon cloud as a gateway device for Amazon EC2 instances in an
More informationCisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339
Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339 Agenda Introduction to Lab Exercises Platforms and Solutions ASA with
More informationCisco CSR1000V Overview. Cisco CSR 1000V Use Cases in Amazon AWS
Cisco CSR1000V Overview The Cisco Cloud Services Router 1000V (CSR 1000V) sets the standard for enterprise network services and security in the Amazon Web Services (AWS) cloud. The Cisco CSR 1000V is based
More informationMyIGW Main. Oregon. MyVPC /16. MySecurityGroup / us-west-2b. Type Port Source SSH /0 HTTP
MyIGW Main Oregon MyVPC 10.0.0.0/16 10.0.1.0/24 10.0.1.0 -- us-west-2a MySecurityGroup 10.0.2.0/24 10.0.2.0 -- us-west-2b MyWebServer1 MyDBServer DMZ MyInternetRouteTable 0.0.0.0/0 IGW Type Port Source
More informationImplementing Cisco Edge Network Security Solutions ( )
Implementing Cisco Edge Network Security Solutions (300-206) Exam Description: The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to
More informationCisco - ASA Lab Camp v9.0
Cisco - ASA Lab Camp v9.0 Code: 0007 Lengt h: 5 days URL: View Online Based on our enhanced SASAC v1.0 and SASAA v1.2 courses, this exclusive, lab-based course, provides you with your own set of equipment
More informationTransit VPC Deployment Using AWS CloudFormation Templates. White Paper
Transit VPC Deployment Using AWS CloudFormation Templates White Paper Introduction Amazon Web Services(AWS) customers with globally distributed networks commonly need to securely exchange data between
More informationAmazon Virtual Private Cloud Deep Dive
Amazon Virtual Private Cloud Deep Dive Randall Hunt Developer Evangelist, AWS 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Related Presentations Videos online https://www.youtube.com/user/amazonwebservices
More informationCisco Firepower NGIPS Tuning and Best Practices
Cisco Firepower NGIPS Tuning and Best Practices John Wise, Security Instructor High Touch Delivery, Cisco Learning Services CTHCRT-2000 Cisco Spark How Questions? Use Cisco Spark to communicate with the
More informationCisco Firepower Thread Defence. Claudiu Boar
Cisco Firepower Thread Defence Claudiu Boar Security everywhere Stop threats at the edge Control who gets onto your network Find and contain problems fast Protect users wherever they work Simplify network
More informationOverview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP
Networking in AWS 2017 Amazon Web Services, Inc. and its affiliates. All rights served. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon Web Services,
More informationTransit Network VPC. AWS Reference Deployment Guide. Last updated: May 10, Aviatrix Systems, Inc. 411 High Street Palo Alto, CA USA
Transit Network VPC AWS Reference Deployment Guide Last updated: May 10, 2017 Aviatrix Systems, Inc. 411 High Street Palo Alto, CA 94301 USA http://www.aviatrix.com Tel: +1 844.262.3100 TABLE OF CONTENTS
More informationSilver Peak EC-V and Microsoft Azure Deployment Guide
Silver Peak EC-V and Microsoft Azure Deployment Guide How to deploy an EC-V in Microsoft Azure 201422-001 Rev. A September 2018 2 Table of Contents Table of Contents 3 Copyright and Trademarks 5 Support
More informationIntuit Application Centric ACI Deployment Case Study
Intuit Application Centric ACI Deployment Case Study Joon Cho, Principal Network Engineer, Intuit Lawrence Zhu, Solutions Architect, Cisco Agenda Introduction Architecture / Principle Design Rollout Key
More informationThreat Centric Network Security
BRKSEC-2056 Threat Centric Network Security Ted Bedwell, Principal Engineer Network Threat Defence Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationPSOACI Why ACI: An overview and a customer (BBVA) perspective. Technology Officer DC EMEAR Cisco
PSOACI-4592 Why ACI: An overview and a customer (BBVA) perspective TJ Bijlsma César Martinez Joaquin Crespo Technology Officer DC EMEAR Cisco Lead Architect BBVA Lead Architect BBVA Cisco Spark How Questions?
More informationExtending Enterprise Security to Multicloud and Public Cloud
Extending Enterprise Security to Multicloud and Public Cloud Paul Kofoid Sr. Consulting Engineer: Security & Cloud This statement of direction sets forth Juniper Networks current intention and is subject
More informationLayer 4 to Layer 7 Design
Service Graphs and Layer 4 to Layer 7 Services Integration, page 1 Firewall Service Graphs, page 5 Service Node Failover, page 10 Service Graphs with Multiple Consumers and Providers, page 12 Reusing a
More informationExam : Implementing Microsoft Azure Infrastructure Solutions
Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions Objective Domain Note: This document shows tracked changes that are effective as of January 18, 2018. Design and Implement Azure App Service
More informationCloud Security Best Practices
Cloud Security Best Practices Cohesive Networks - your applications secured Our family of security and connectivity solutions, VNS3, protects cloud-based applications from exploitation by hackers, criminal
More informationAWS Networking Fundamentals
AWS Networking Fundamentals Tom Adamski Specialist Solutions Architect, AWS Traditional Network WAN VPN VPN Fiber Applications Applications AWS Network VPN WAN (AWS Direct Connect) VPN Fiber Applications
More informationSecurity for shared infrastructure in Cisco ONE Enterprise Cloud Suite BRKPCA-2040
Security for shared infrastructure in Cisco ONE Enterprise Cloud Suite Roxana Diaz TSA, CCIE BRKPCA-2040 @roxadiaz2 Agenda Introduction Cisco VACS Overview VACS Configuration Security Use-cases Customers
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationCloudEdge SG6000-VM Installation Guide
Hillstone Networks, Inc. CloudEdge SG6000-VM Installation Guide Version 5.5R1 Copyright 2015Hillstone Networks, Inc.. All rights reserved. Information in this document is subject to change without notice.
More informationCisco UCS Director and ACI Advanced Deployment Lab
Cisco UCS Director and ACI Advanced Deployment Lab Michael Zimmerman, TME Vishal Mehta, TME Agenda Introduction Cisco UCS Director ACI Integration and Key Concepts Cisco UCS Director Application Container
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
LHC2103BU NSX and VMware Cloud on AWS: Deep Dive Ray Budavari, Senior Staff Technical Product Manager NSX @rbudavari #VMworld #LHC2103BU Disclaimer This presentation may contain product features that are
More informationExtending Enterprise Network into Public Cloud with Cisco CSR1000v
Extending Enterprise Network into Public Cloud with Cisco CSR1000v Fan Yang, Technical Marketing Engineer Tony Banuelos, Product Manager BRKARC-2749 Cisco Spark How Questions? Use Cisco Spark to chat with
More informationNext-Generation Security Platform on Azure Reference Architecture
t n e g i l l e nt i ES UR T C E T I ARCH Next-Generation Security Platform on Azure Reference Architecture Release 2 February 2018 Contents. Introduction................................................
More informationSAM 8.0 SP2 Deployment at AWS. Version 1.0
SAM 8.0 SP2 Deployment at AWS Version 1.0 Publication Date July 2011 Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and
More informationVM-SERIES ON GOOGLE CLOUD DEPLOYMENT GUIDELINES
SERIES ON GOOGLE CLOUD DEPLOYMENT GUIDELINES Organizations are adopting Google Cloud Platform to take advantage of the same technologies that drive common Google services. Many business initiatives, such
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
LHC2384BU VMware Cloud on AWS A Technical Deep Dive Ray Budavari @rbudavari Frank Denneman - @frankdenneman #VMworld #LHC2384BU Disclaimer This presentation may contain product features that are currently
More information25 Best Practice Tips for architecting Amazon VPC
25 Best Practice Tips for architecting Amazon VPC 25 Best Practice Tips for architecting Amazon VPC Amazon VPC is one of the most important feature introduced by AWS. We have been using AWS from 2008 and
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years
More informationIntroducing AWS Transit Gateway
Introducing AWS Transit Gateway Nick Matthews Principal Solutions Architect AWS @nickpowpow Mohamed Hassan Senior Product Manager EC2 Networking, AWS @mohnader What is Transit Gateway? Introducing AWS
More informationBuilding a Modular and Scalable Virtual Network Architecture with Amazon VPC
Building a Modular and Scalable Virtual Network Architecture with Amazon VPC Quick Start Reference Deployment Santiago Cardenas Solutions Architect, AWS Quick Start Reference Team August 2016 (revisions)
More informationMulticloud Networking: An Overview. Shannon McFarland CCIE #5245 Distinguished
Multicloud Networking: An Overview Shannon McFarland CCIE #5245 Distinguished Engineer @eyepv6 Agenda Hybrid Cloud Networking vs Multicloud Networking - A Level Set Extending on-premises private cloud
More informationPSOACI Tetration Overview. Mike Herbert
Tetration Overview Mike Herbert Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion
More informationCloudCenter for Developers
DEVNET-1198 CloudCenter for Developers Conor Murphy, Systems Engineer Data Centre Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the
More informationDeploying Transit VPC for Amazon Web Services
This section contains the following topics: How to Deploy Transit VPC for DMVPN, page 1 How to Deploy Transit VPC for DMVPN Information About Deploying Transit VPC This is a summary about the deploying
More informationCloudEdge Deployment Guide
Hillstone Networks, Inc. CloudEdge Deployment Guide Version 5.5R3P1 Copyright 2016Hillstone Networks, Inc.. All rights reserved. Information in this document is subject to change without notice. The software
More informationDeploying Cloud Network Services Prime Network Services Controller (formerly VNMC)
Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC) Dedi Shindler - Sr. Manager Product Management Cloud System Management Technology Group Cisco Agenda Trends Influencing
More informationService Graph Design with Cisco Application Centric Infrastructure
White Paper Service Graph Design with Cisco Application Centric Infrastructure 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 101 Contents Introduction...
More informationCloud-Managed Security for Distributed Networks with Cisco Meraki MX
Cloud-Managed Security for Distributed Networks with Cisco Meraki MX Joe Aronow, Product Architect Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationPexip Infinity and Amazon Web Services Deployment Guide
Pexip Infinity and Amazon Web Services Deployment Guide Contents Introduction 1 Deployment guidelines 2 Configuring AWS security groups 4 Deploying a Management Node in AWS 6 Deploying a Conferencing Node
More informationIntercloud Fabric. Session ID 18PT. Michael Petersen, CCIE #39836 Systems Engineer, Cisco Danmark
Fabric Session ID 18PT Michael Petersen, CCIE #39836 Systems Engineer, Cisco Danmark Agenda Why Hybrid? What are the Challenges? and Cisco Fabric Solution and Architecture Overview Cisco ONE Summary, Q&A
More informationCreating Your Virtual Data Center
Creating Your Virtual Data Center VPC Fundamentals and Connectivity Options Giulio Soro, Sr. Solutions Architect AWS Antonio Sglavo, Head of Data Center Transformation - ENEL AWS Summit, 2016 2016, Amazon
More informationAlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment
BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug
More informationDeploying the Cisco CSR 1000v on Amazon Web Services
Deploying the Cisco CSR 1000v on Amazon Web Services This section contains the following topics: Prerequisites, page 1 Information About Launching Cisco CSR 1000v on AWS, page 1 Launching the Cisco CSR
More informationConfiguring High Availability
This section contains the following topics: Information about High Availability, on page 1 Error Messages for Amazon Web Services High Availability, on page 3 How to Configure High Availability, on page
More informationVirtual Private Cloud. User Guide. Issue 03 Date
Issue 03 Date 2016-10-19 Change History Change History Release Date What's New 2016-10-19 This issue is the third official release. Modified the following content: Help Center URL 2016-07-15 This issue
More informationCloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014
Cloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014 Karthik Krishnan Page 1 of 20 Table of Contents Table of Contents... 2 Abstract... 3 What
More informationCloud, SDN and BIGIQ. Philippe Bogaerts Senior Field Systems Engineer
Cloud, SDN and BIGIQ Philippe Bogaerts Senior Field Systems Engineer Virtual Editions TMOS/LTM 12.0 Highlights 1 NIC support Azure Marketplace Kernel Independent driver Enhanced Hypervisor support F5 Networks,
More informationDisclaimer CONFIDENTIAL 2
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally
More informationAmazon AWS-Solutions-Architect-Professional Exam
Volume: 392 Questions Question: 1 By default, Amazon Cognito maintains the last-written version of the data. You can override this behavior and resolve data conflicts programmatically. In addition, push
More information1V0-642.exam.30q.
1V0-642.exam.30q Number: 1V0-642 Passing Score: 800 Time Limit: 120 min 1V0-642 VMware Certified Associate 6 Network Visualization Fundamentals Exam Exam A QUESTION 1 Which is NOT a benefit of virtualized
More informationIBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture
IBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture Date: 2017-03-29 Version: 1.0 Copyright IBM Corporation 2017 Page 1 of 16 Table of Contents 1 Introduction... 4 1.1 About
More informationCisco Security Enterprise License Agreement
Cisco Security Enterprise License Agreement Deploy Software and Technology more easily The Cisco Security Enterprise Licensing Agreement (ELA) gives you a simpler way to manage your licenses. And it saves
More informationDeploy and Secure an Internet Facing Application with the Barracuda Web Application Firewall in Amazon Web Services
Deploy and Secure an Internet Facing Application with the in Amazon Web In this lab, you will deploy an unsecure web application into Amazon Web (AWS), and then secure the application using the. To create
More informationNetworking in AWS. Carl Simpson Technical Architect, Zen Internet Limited
Networking in AWS Carl Simpson Technical Architect, Zen Internet Limited carl.simpson@zeninternet.co.uk About Me: About Me: Technical Architect Cloud & Hosting @ Zen Internet Limited About Me: Technical
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationConfiguring AWS for Zerto Virtual Replication
Configuring AWS for Zerto Virtual Replication VERSION 1 MARCH 2018 Table of Contents 1. Prerequisites... 2 1.1. AWS Prerequisites... 2 1.2. Additional AWS Resources... 3 2. AWS Workflow... 3 3. Setting
More informationAzure Compute. Azure Virtual Machines
Azure Compute Azure Virtual Machines Virtual Machines Getting started Select image and VM size New disk persisted in storage Management portal Windows Server Boot VM from new disk >_ Scripting (Windows,
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
SAI2803BU The Road to Micro- Segmentation with VMware NSX #VMworld #SAI2803BU Disclaimer This presentation may contain product features that are currently under development. This overview of new technology
More informationMigrating Applications with CloudCenter
Migrating Applications with CloudCenter Tuan Nguyen, Technical Marketing Engineer, Insieme BU DEVNET-1179 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the session 1. Find this
More informationZero Trust Security with Software-Defined Secure Networks
Zero Trust Security with Software-Defined Secure Networks Srinivas Nimmagadda and Pradeep Nair Juniper Networks This statement of direction sets forth Juniper Networks current intention and is subject
More informationTRex Realistic Traffic Generator
DEVNET-1120 TRex Realistic Traffic Generator Hanoch Haim, Principal Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco
More informationHySecure Quick Start Guide. HySecure 5.0
HySecure Quick Start Guide HySecure 5.0 Last Updated: 25 May 2017 2012-2017 Propalms Technologies Private Limited. All rights reserved. The information contained in this document represents the current
More informationHybrid Clouds: Integrating the Enterprise Data Center and the Public Cloud
Hybrid Clouds: Integrating the Enterprise Data Center and the Public Cloud Usha Ramachandran, Technical Marketing Engineer Session Abstract In this session, participants will learn how to create hybrid
More information25 Best Practice Tips for architecting Amazon VPC. 25 Best Practice Tips for architecting Amazon VPC. Harish Ganesan- CTO- 8KMiles
25 Best Practice Tips for architecting Amazon VPC 25 Best Practice Tips for architecting Amazon VPC Amazon VPC is one of the most important feature introduced by AWS. We have been using AWS from 2008 and
More information21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal. By Adeyemi Ademola E. Cloud Engineer
21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal By Adeyemi Ademola E. Cloud Engineer 1 Contents Introduction... 5 1.2 Document Purpose and Scope...5 Service Definition...
More informationCompute - 36 PCPUs (72 vcpus) - Intel Xeon E5 2686 v4 (Broadwell) - 512GB RAM - 8 x 2TB NVMe local SSD - Dedicated Host vsphere Features - vsphere HA - vmotion - DRS - Elastic DRS Storage - ESXi boot-from-ebs
More informationResilient WAN and Security for Distributed Networks with Cisco Meraki MX
Resilient WAN and Security for Distributed Networks with Cisco Meraki MX Daghan Altas, Director of Product Management BRKSEC-2900 Agenda Problem Cisco CNG Live network creation demo (45m) Product Brief
More informationBuilding a Big IaaS Cloud. David /
Building a Big IaaS Cloud David Nalley @ke4qqq ke4qqq@apache.org / david@gnsa.us #whoami Recovering Sysadmin F/LOSS contributor Committer on Apache CloudStack Assumptions You have a need for an IaaS compute
More informationMicrosoft Networking Academy
Microsoft Networking Academy with the C+E Global Black Belts Olivier Martin (@omartin) Networking TSP GBB Jaime Schmidtke (@jaimesc) ExpressRoute Partners GBB Bryan Woodworth (@brwoodwo) Networking TSP
More informationThe IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title.
I n t r o d u c t i o n The CCNA Security IINS exam topics have been refreshed from version 2.0 to version 3.0. This document will highlight exam topic changes between the current 640-554 IINS exam and
More informationCisco Firewall Basics
Cisco Firewall Basics Mark Cairns, Consulting Systems Engineer BRKSEC-1020 Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco
More informationNew Features and Functionality
This section describes the new and updated features and functionality included in Version 6.2.1. Note that only the Firepower 2100 series devices support Version 6.2.1, so new features deployed to devices
More informationCisco Multicloud Portfolio: Cloud Connect
Design and Deployment Guide Cisco Multicloud Portfolio: Cloud Connect Design and Deployment Guide for Private Data Center to AWS VPC October 2018 2018 Cisco and/or its affiliates. All rights reserved.
More informationAviatrix Virtual Appliance
Aviatrix Virtual Appliance For AWS VPN Gateway Connection Configuration Guide Last updated: April 11, 2017 Aviatrix Systems, Inc. 411 High Street Palo Alto CA 94301 USA http://www.aviatrix.com Tel: +1
More informationData Sheet Gigamon Visibility Platform for AWS
Data Sheet Gigamon Visibility Platform for Overview The rapid evolution of Infrastructure-as-a-Service (IaaS), or public clouds, brings instant advantages of economies of scale, elasticity, and agility
More informationDeploying and Using ArcGIS Enterprise in the Cloud. Bill Major
Deploying and Using ArcGIS Enterprise in the Cloud Bill Major Quick Survey Your role in your organization - Developer? - Cloud Admin? Already a cloud user Running Esri deployment on AWS Running Esri deployment
More information