Detaillierter Kursinhalt
Course Introduction
- Introductions and course logistics
- Course outline
- Course objectives
Security Concepts
- Key IT security principles for the SDDC
- Differences between securing traditional infrastructures and virtual infrastructures
- Identity and access management concepts for the SDDC
- Methods to secure your virtual infrastructure components
- Guest operating system access security
- Hardening concepts and how they apply to virtual infrastructure components
vSphere Security Identity and Access Management
- Role-based access control concepts
- Configuring role-based access control for VMware ESXi™ and vCenter Server
- Configuring vSphere single sign-on for administrative access
- Password hardening options
- Configuring ESXi local user management and integration with Active Directory (AD)
- ESXi security profiles and access to services
vSphere Hardening
- ESXi host hardening
- Implementing lockdown mode on ESXi hosts
- Configuring ESXi host-based firewall settings
- vCenter Server hardening
- Tools to reduce infrastructure vulnerabilities
- Implementing hardening best practices based on the vSphere Hardening Guide
Data Protection
- Data encryption technology
- Data-at-rest encryption options
- Datastore security options
- Configuring vSphere security certificate management using VMware Certificate Authority and VMware Endpoint Certificate Services
- Using the Certificate Automation Tool to manage vSphere certificates
- Establishing and using an IPsec VPN
- Using the VMware Endpoint Certificate Store
Network Security
- Managing network data in an SDDC
- Security policies and settings of vSphere switches
- Configuring vSphere advanced security features for distributed switches
- Using the VMware NSX distributed firewall and distributed router to implement microsegmentation
- Protecting and managing north-south traffic with VMware NSX® Edge™ services gateway and physical firewalls
- Managing access to the vSphere management network
- Using VMware NSX® Virtual Switch™ features to implement network security
- Designing clusters and racks to minimize vulnerabilities
- Limiting access to vSphere management networks
- Hardening network infrastructure components
Virtual Machine and Application Protection
- Securing virtual machine guest operating systems
- Using VMware NSX with Service Composer for Endpoint Protection
- Using distributed firewalls and microsegmentation to isolate and protect virtual machines
- Using VMware NSX identity-based firewalls to control network traffic based on AD user IDs
- Additional VMware NSX functionality using integration with third-party solutions
Data Center Security Compliance
- Using VMware vRealize® Log Insight™ to identify and analyze security-related log entries
- Implementing a distributed logging environment
- VMware vRealize® Configuration Manager™ compliance checkers
- VMware Realize® Operations Manager™ compliance monitoring
- vRealize Configuration Manager and vRealize Operations Manager integration
- Performing network flow monitoring to analyze network traffic
Automating Data Center Security
- Using VMware functions and tools to enforce consistent organizational security policies during infrastructure deployment
- Automating responses to security events
- Implementing security automation with security groups, security policies, and security tags
- Automatically applying security settings to newly provisioned virtual machines based on VMware NSX security policies