Security Operations for the Software-Defined Data Center (SOSDDC) – Outline

Detailed Course Outline

Course Introduction

  • Introductions and course logistics
  • Course objectives

Security Concepts

  • Key IT security principles for the SDDC
  • Differences between securing traditional infrastructures and virtual infrastructures
  • Identity and access management concepts for the SDDC
  • Methods to secure your virtual infrastructure components
  • EUC and mobile computing risks
  • Guest operating system access security
  • Hardening concepts and how they apply to virtual infrastructure components

vSphere Security Identity and Access Management

  • Role-based access control concepts for vSphere and View
  • Configuring role-based access control for ESXi, vCenter Server, and View
  • Configuring vSphere single sign-on for administrative access
  • Password hardening options
  • Configuring ESXi local user management and integration with Active Directory
  • ESXi security profiles and access to services

vSphere Hardening

  • ESXi host hardening
  • Implementing lockdown mode on ESXi hosts
  • Configuring ESXi host-based firewall settings
  • vCenter Server hardening
  • Tools to reduce infrastructure vulnerabilities
  • Implementing hardening best practices based on the vSphere Hardening Guide

Data Protection

  • Data encryption technology
  • Data-at-rest encryption options for server and desktop virtual machines
  • View endpoint protection best practices
  • Datastore security options
  • View PCoIP encryption
  • VMware Operating System Optimization Tool for desktop and server virtual machines
  • Introducing VMware AirWatch for mobile and desktop security
  • VMware AirWatch and VMware NSX integration
  • Configuring vSphere security certificate management using VMware Certificate Authority and VMware Endpoint Certificate services
  • Using the Certificate Automation Tool to manage vSphere certificates
  • Establishing and using an IPsec VPN
  • Using the VMware Endpoint Certificate Store

Network Security

  • Managing network data in an SDDC
  • Security policies and settings of vSphere switches
  • Configuring vSphere advanced security features for distributed switches
  • Using the VMware NSX distributed firewall and distributed router to implement microsegmentation
  • Protecting and managing north-south traffic with VMware NSX® Edge™ services gateway and physical firewalls
  • Managing access to the vSphere management network
  • Using VMware NSX® Virtual Switch™ features to implement network security
  • Designing clusters and racks to minimize vulnerabilities
  • Limiting access to vSphere management networks
  • Hardening network infrastructure components

Virtual Machine, Mobility, and Application Protection

  • Securing virtual machine guest operating systems
  • Mobile device security with VMware AirWatch
  • Using VMware NSX with Service Composer for Endpoint Protection
  • Using distributed firewalls and microsegmentation to isolate and protect virtual machines
  • Using VMware NSX identity-based firewalls to control network traffic based on Active Directory user IDs
  • Additional VMware NSX functionality using integration with third-party solutions

Data Center Monitoring and Compliance

  • Using vRealize Log Insight to identify and analyze security-related log entries
  • Implementing a distributed logging environment
  • vRealize Configuration Manager compliance checkers
  • vRealize Configuration Manager compliance monitoring

Automating Data Center Security

  • Using VMware functions and tools to enforce consistent organizational security policies during infrastructure deployment
  • Automating responses to security events
  • Implementing security automation with security groups, security policies, and security tags
  • Automatically applying security settings to newly provisioned virtual machines based on VMware NSX security policies