Security Operations for the Software-Defined Data Center (SOSDDC) – Details

Detaillierter Kursinhalt

Course Introduction

  • Introductions and course logistics
  • Course outline
  • Course objectives

Security Concepts

  • Key IT security principles for the SDDC
  • Differences between securing traditional infrastructures and virtual infrastructures
  • Identity and access management concepts for the SDDC
  • Methods to secure your virtual infrastructure components
  • Guest operating system access security
  • Hardening concepts and how they apply to virtual infrastructure components

vSphere Security Identity and Access Management

  • Role-based access control concepts
  • Configuring role-based access control for VMware ESXi™ and vCenter Server
  • Configuring vSphere single sign-on for administrative access
  • Password hardening options
  • Configuring ESXi local user management and integration with Active Directory (AD)
  • ESXi security profiles and access to services

vSphere Hardening

  • ESXi host hardening
  • Implementing lockdown mode on ESXi hosts
  • Configuring ESXi host-based firewall settings
  • vCenter Server hardening
  • Tools to reduce infrastructure vulnerabilities
  • Implementing hardening best practices based on the vSphere Hardening Guide

Data Protection

  • Data encryption technology
  • Data-at-rest encryption options
  • Datastore security options
  • Configuring vSphere security certificate management using VMware Certificate Authority and VMware Endpoint Certificate Services
  • Using the Certificate Automation Tool to manage vSphere certificates
  • Establishing and using an IPsec VPN
  • Using the VMware Endpoint Certificate Store

Network Security

  • Managing network data in an SDDC
  • Security policies and settings of vSphere switches
  • Configuring vSphere advanced security features for distributed switches
  • Using the VMware NSX distributed firewall and distributed router to implement microsegmentation
  • Protecting and managing north-south traffic with VMware NSX® Edge™ services gateway and physical firewalls
  • Managing access to the vSphere management network
  • Using VMware NSX® Virtual Switch™ features to implement network security
  • Designing clusters and racks to minimize vulnerabilities
  • Limiting access to vSphere management networks
  • Hardening network infrastructure components

Virtual Machine and Application Protection

  • Securing virtual machine guest operating systems
  • Using VMware NSX with Service Composer for Endpoint Protection
  • Using distributed firewalls and microsegmentation to isolate and protect virtual machines
  • Using VMware NSX identity-based firewalls to control network traffic based on AD user IDs
  • Additional VMware NSX functionality using integration with third-party solutions

Data Center Security Compliance

  • Using VMware vRealize® Log Insight™ to identify and analyze security-related log entries
  • Implementing a distributed logging environment
  • VMware vRealize® Configuration Manager™ compliance checkers
  • VMware Realize® Operations Manager™ compliance monitoring
  • vRealize Configuration Manager and vRealize Operations Manager integration
  • Performing network flow monitoring to analyze network traffic

Automating Data Center Security

  • Using VMware functions and tools to enforce consistent organizational security policies during infrastructure deployment
  • Automating responses to security events
  • Implementing security automation with security groups, security policies, and security tags
  • Automatically applying security settings to newly provisioned virtual machines based on VMware NSX security policies