Cisco UCS Director Tech Module Cisco Adaptive Security Appliance (ASA & ASAv)

Similar documents
Cisco UCS Director Tech Module F5 BigIP

Cisco UCS Director Tech Module EMC VNX and VNX2

Cisco UCS Director Tech Module Cisco Application Centric Infrastructure (ACI)

Cisco UCS Director Tech Module EMC XtremIO

Cisco UCS Director Tech Module IBM Storage Arrays. June 2016

Cisco UCS Director Tech Module Cisco UCS Manager (UCSM)

Application Provisioning

Creating Application Containers

Creating Application Containers

Securing Containers Using a PNSC and a Cisco VSG

Securing Containers Using a PNSC and a Cisco VSG

Configuring Layer 4 to Layer 7 Resource Pools

Introduction to Cisco ASA to Firepower Threat Defense Migration

Deploying the Cisco ASA 1000V

UCS Director 5.4 Windows/Linux CSV Workflow Deployment

Implementing Core Cisco ASA Security (SASAC)

Upgrade the ASA FirePOWER Module

Cisco UCS Director Baremetal Agent Installation and Configuration Guide, Release 5.2

Service Graph Design with Cisco Application Centric Infrastructure

Multiple Disk VM Provisioning

Exam Actual. Higher Quality. Better Service! QUESTION & ANSWER

Routing Underlay and NFV Automation with DNA Center

Cisco UCS Director Baremetal Agent Installation and Configuration Guide, Release 5.0

Deploying the Cisco Tetration Analytics Virtual Appliance in Microsoft Azure

Cisco Nexus 1000V Switch for Microsoft Hyper-V

Introducing Cisco Cloud Administration CLDADM v1.0; 5 Days; Instructor-led

Cisco - ASA Lab Camp v9.0

Cisco Virtual Application Container Services 2.0 Lab v1

Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)

Simplify and automate your network with Cisco DNA

About the Authors. About the Authors

Cisco TrustSec Quick Start Configuration Guide

Technical Note FLX UC 1000/1500 Registering with Shoretel ShoreGear

Cisco ACI with Cisco AVS

Cisco Prime Service Catalog Virtual Appliance Quick Start Guide 2

Managing VMware vcenter Site Recovery Manager

Managing Deployment. Understanding Deployment CHAPTER

F5 iworkflow and Citrix XenServer: Setup. Version 2.0.1

Cisco HyperFlex Systems

Attribute-Based Access Control

Managing Site-to-Site VPNs

Cisco UCS Director and ACI Advanced Deployment Lab

Tenant Onboarding. Tenant Onboarding Overview. Tenant Onboarding with Virtual Data Centers

Contents. Introduction. Prerequisites. Requirements. Supported Devices

Nevrijeme u oblacima i kako se zaštititi

Enterprise Network Compute System (ENCS)

Managing Virtual Data Centers

Q&As DCID Designing Cisco Data Center Infrastructure

UDP Director Virtual Edition

Layer 4 to Layer 7 Design

Cisco UCS Director Compatibility Matrix, Release 5.3(2)

Simplify and Automate Your Network with Cisco DNA. Brink Sanders Managing Director, Software and Network Transformation 12 May 2017

ForeScout CounterACT. Cisco PIX/ASA Firewall Integration Module. Configuration Guide. Version 2.1

Deploying ASA. ASA Deployment Modes in ACI Fabric

ASA/PIX Security Appliance

Cisco Nexus 1000V InterCloud

Installing Cisco StadiumVision Director Software from a DVD

Cisco ISE Features Cisco ISE Features

Cisco Stealthwatch. Installation and Configuration Guide 7.0

vbranch Introduction and Demo

Security for shared infrastructure in Cisco ONE Enterprise Cloud Suite BRKPCA-2040

Failover for High Availability in the Public Cloud

Cisco Stealthwatch. Installation and Configuration Guide 7.0

FLX UC 1000/1500 Registering with Shoretel ShoreGear

Delivering Enterprise SDN. Now. Simplify and Automate Your Network for Digital Transformation

User Identity Sources

Cisco UCS Director Fundamentals Guide, Release 6.5

Managing Site-to-Site VPNs: The Basics

QUICK START GUIDE Cisco Virtual Network Management Center 2.0 Quick Start Guide

Contents. Introduction

AWS VPC Cloud Environment Setup

Cisco Intelligent Traffic Director Deployment Guide with Cisco ASA

Cisco Virtual Networking Solution Nexus 1000v and Virtual Services. Abhishek Mande Engineer

Network Deployments in Cisco ISE

Install ISE on a VMware Virtual Machine

Chapter 2 VLANs. CHAPTER 2 VLANs

Provisioning NAT/PAT Support

Integrating the Cisco ASA with Cisco Nexus 9000 Series Switches and the Cisco Application Centric Infrastructure

Managing Site-to-Site VPNs: The Basics

Configuring Policy-Based Redirect

Securing BYOD with Cisco TrustSec Security Group Firewalling

Cisco Integrated Management Controller (IMC) Supervisor is a management system that allows you to manage rack mount servers on a large scale.

TrustSec Configuration Guides. TrustSec Capabilities on Wireless 8.4 Software-Defined Segmentation through SGACL Enforcement on Wireless Access Points

Introduction to the Cisco ASAv

Configuration Guide Cisco UCS Express Local Management Platform

UCS Director: Tenant Onboarding Cisco ACI & Microsoft HyperV. Dec. 2016

VNS3 Configuration. Quick Launch for first time VNS3 users in Azure

Configuring Global Service Profiles

Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC)

Cisco Prime Data Center Network Manager Release 7.1

BIG-IP Virtual Edition and Citrix XenServer: Setup. Version 13.1

Monitoring WAAS Using WAAS Central Manager. Monitoring WAAS Network Health. Using the WAAS Dashboard CHAPTER

User Identity Sources

UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)

Cisco VVB Installation

Cisco NAC Profiler UI User Administration

FirePower 2100 NGFW. Elodie Heurtevent Security BDM Commercial. 21 March 2017

Deployment of FireSIGHT Management Center on VMware ESXi

Cisco Prime Collaboration Deployment

Installing Cisco WebEx Social

Transcription:

Cisco UCS Director Tech Module Cisco Adaptive Security Appliance (ASA & ASAv) Version: 1.0 September 2016 1

Agenda Overview & Architecture Hardware & Software Compatibility Licensing Orchestration Capabilities Reports Example Use-Cases 2

Architecture & Overview 3

UCS Director ASA Integration Architecture UCS Director SSH (CLI) via Port 22 Cisco ASA Management Interface Cisco ASA 5510-X Cisco ASA 5515-X Cisco ASA 5555-X Cisco ASA 5585-X Cisco ASAv 4

Adding an ASA Account Navigate to Administration à Physical Accounts, choose the Managed Network Elements tab and click Add Network Element 5

Adding a ASA Account Enter the information about the ASA device to add the account 6

Hardware & Software Compatibility 7

IMPORTANT!! The following slide featuring support information may be out of date ALWAYS check the most up to date version of the UCS Director Compatibility Matrix The latest Compatibility Matrix and other supporting UCS Director documentation can be found at the following location: http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ucs-director/doc-roadmap/b_ucsdirectordocroadmap.html 8

UCS Director Cisco Physical ASA Support (as of UCS Director 6.0) Supported Models Supported Software (NX-OS) ASA 5510-X 8.4(5) 9.1(5) ASA 5515-X 9.1(1) 9.1(2) 9.3(1) ASA 5555-X 9.5(2) ASA 5585-X 9.1(2) 9.3(1) 9.4(1) 9.4(2) 9.5(2) 9

UCS Director Cisco Virtual ASA (ASAv) Support (as of UCS Director 6.0) Supported Models Supported Software (NX-OS) ASAv 9.1(2) 9.2(0) 9.3(1) 9.3(2) 9.4(2) 9.5(2) 10

Licensing 11

Licensing Information UCS Director licensing is purchased solely in the form of physical server licenses Each physical server license includes a storage device license and a network device license as well. UCS Director tracks the number of physical servers, storage and network devices being managed against the number of installed licenses. If additional storage and/or network device licenses are required, you can purchase additional physical server licenses 12

Licensing Information Each managed/added ASA account, whether physical or virtual, is counted as a network device license in UCS Director NOTE!: network device licenses are included in and solely available by purchasing additional physical server licenses for UCS Director 13

Licensing Examples Network Device Physical Server Example 1 Qty. to be managed Total licenses available Example 2 Storage Device Example 3 X 6 /50 X 0 /8 X 10 /10 X 50 /50 X 0 /8 X 4 /10 X 8 /50 X 8 /8 X 2 /10 Total Physical Server Licenses Required: 50 Total Physical Server Licenses Required: 8 Storage Device License Included in Physical Server License Total Physical Server Licenses Required: 10 Network Device License Included in Physical Server License 14

Orchestration Capabilities 15

Orchestration Capabilities UCS Director provides Orchestration tasks to automate ASA configurations to provision and de-provision the below objects. (as applicable to the platform) Security Context Sub-Interfaces Context Interface Context ACL Context NAT NAT Licensing Firewall Mode ASAv OVF deployment 16

Orchestration Capabilities Security Context Create Security Context Remove Security Context NAT Configure Context NAT Configure NAT ACL Configure Context ACL Interfaces Configure Sub Interface Configure Context Interface Other Deploy ASAv OVF TrustSec Refresh Configure License Configure Cisco ASA Firewall Mode 17

Reports 18

Tabular Reports and Information Configurations Modules Interfaces Licenses ASA Contexts ACL SXP Connection Peers SGT Service Request Details 19

Example Use-Cases 20

Example Use-Cases Use-Case #1: Create Security Context on Physical ASA Use-Case #2: Configure any ASA commands unsupported by UCSD 21

Use Case # 1 Physical ASAs can be logically divided into multiple firewall instances (security contexts), with each context operating independently and has separate configuration, interfaces and policies 22

Use Case # 1 UCSD has in-built task for workflows as well as 1-click button to create security context 23

Use Case # 1 Click on Create ASA Context (from location shown in previous task) and provide below inputs. Context Name Context Description Disk0 Config File Allocate Outside Interface Allocate Inside Interface Context Mode Transparent or Routed (default) 24

Use Case # 1 UCSD and ASA Verification 25

Use Case # 2 Leverage Execute Network Device CLI task to configure specific command/feature which is currently not supported by UCSD (this task is executed on existing accounts and so you don't have to provide IP and credentials) Below workflow has Failover commands executed on pair of ASA (primary/secondary) Currently UCSD doesn t have any built-in tasks for Failover configurations but using task Execute Network Device CLI, UCSD can SSH into ASA device and configure any supported commands Start Execute Network Device CLI Execute Network Device CLI Finish Workflow can be downloaded from the UCS Director community site https://communities.cisco.com/docs/doc-69484 26

Use Case # 2 Execute Network Device CLI task has input for rollback commands which should be listed as shown (in case there is need for workflow rollback) Select ASA Primary Select ASA Secondary Config Commands Rollback Steps 27

Use Case # 2 Service Request completion and ASA Verification 28

29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback