Detailed Course Outline
Course Introduction
- Introductions and course logistics
- Course objectives
Security Concepts
- Key IT security principles for the SDDC
- Differences between securing traditional infrastructures and virtual infrastructures
- Identity and access management concepts for the SDDC
- Methods to secure your virtual infrastructure components
- EUC and mobile computing risks
- Guest operating system access security
- Hardening concepts and how they apply to virtual infrastructure components
vSphere Security Identity and Access Management
- Role-based access control concepts for vSphere and View
- Configuring role-based access control for ESXi, vCenter Server, and View
- Configuring vSphere single sign-on for administrative access
- Password hardening options
- Configuring ESXi local user management and integration with Active Directory
- ESXi security profiles and access to services
vSphere Hardening
- ESXi host hardening
- Implementing lockdown mode on ESXi hosts
- Configuring ESXi host-based firewall settings
- vCenter Server hardening
- Tools to reduce infrastructure vulnerabilities
- Implementing hardening best practices based on the vSphere Hardening Guide
Data Protection
- Data encryption technology
- Data-at-rest encryption options for server and desktop virtual machines
- View endpoint protection best practices
- Datastore security options
- View PCoIP encryption
- VMware Operating System Optimization Tool for desktop and server virtual machines
- Introducing VMware AirWatch for mobile and desktop security
- VMware AirWatch and VMware NSX integration
- Configuring vSphere security certificate management using VMware Certificate Authority and VMware Endpoint Certificate services
- Using the Certificate Automation Tool to manage vSphere certificates
- Establishing and using an IPsec VPN
- Using the VMware Endpoint Certificate Store
Network Security
- Managing network data in an SDDC
- Security policies and settings of vSphere switches
- Configuring vSphere advanced security features for distributed switches
- Using the VMware NSX distributed firewall and distributed router to implement microsegmentation
- Protecting and managing north-south traffic with VMware NSX® Edge™ services gateway and physical firewalls
- Managing access to the vSphere management network
- Using VMware NSX® Virtual Switch™ features to implement network security
- Designing clusters and racks to minimize vulnerabilities
- Limiting access to vSphere management networks
- Hardening network infrastructure components
Virtual Machine, Mobility, and Application Protection
- Securing virtual machine guest operating systems
- Mobile device security with VMware AirWatch
- Using VMware NSX with Service Composer for Endpoint Protection
- Using distributed firewalls and microsegmentation to isolate and protect virtual machines
- Using VMware NSX identity-based firewalls to control network traffic based on Active Directory user IDs
- Additional VMware NSX functionality using integration with third-party solutions
Data Center Monitoring and Compliance
- Using vRealize Log Insight to identify and analyze security-related log entries
- Implementing a distributed logging environment
- vRealize Configuration Manager compliance checkers
- vRealize Configuration Manager compliance monitoring
Automating Data Center Security
- Using VMware functions and tools to enforce consistent organizational security policies during infrastructure deployment
- Automating responses to security events
- Implementing security automation with security groups, security policies, and security tags
- Automatically applying security settings to newly provisioned virtual machines based on VMware NSX security policies