Security Operations for the Software-Defined Data Center

Intended Audience:

• Experienced system administrators

• Cloud administrators

• System integrators

• Operational developers

Objectives: By the end of the course, you should be able to meet the following objectives:

• Describe the concepts involved in securing an SDDC and protecting the data in the data center

• Manage vSphere administrator access to hosts and the VMware vCenter Server system based on identified job roles and requirements

• Implement security best practices of vSphere components based on organizational security policies

• Configure data protection for data at rest and data in motion

• Manage protection for server and desktop-class virtual machines, endpoints, and networks

• Use microsegmentation to protect and manage multitier applications and network data

• Describe VMware AirWatch functionality to protect mobile computing and EUC deployments

• Perform activity monitoring and logging, and explore relevant logs to meet compliance requirements

• Use VMware NSX security groups, policies, and tags to automate deployment and security processes

• Use automation to respond to security-related events

Prerequisites: This class requires completion of one of the following courses:

• VMware vSphere 6.x: Install, Configure, Manage

• VMware vSphere 6.x: Fast Track An understanding of corporate or enterprise network implementations Experience working at the command prompt and with scripting tools likes Windows PowerShell is highly recommended.

Outline:

1. Course Introduction
   • Introductions and course logistics
   • Course objectives
2. Security Concepts
   • Key IT security principles for the SDDC
   • Differences between securing traditional infrastructures and virtual infrastructures
   • Identity and access management concepts for the SDDC
   • Methods to secure your virtual infrastructure components
   • EUC and mobile computing risks
   • Guest operating system access security
   • Hardening concepts and how they apply to virtual infrastructure components
3. vSphere Security Identity and Access Management
   • Role-based access control concepts for vSphere and View
   • Configuring role-based access control for ESXi, vCenter Server, and View
   • Configuring vSphere single sign-on for administrative access
   • Password hardening options
   • Configuring ESXi local user management and integration with Active Directory
   • ESXi security profiles and access to services
4. vSphere Hardening
   • ESXi host hardening
   • Implementing lockdown mode on ESXi hosts
   • Configuring ESXi host-based firewall settings
   • vCenter Server hardening
   • Tools to reduce infrastructure vulnerabilities
   • Implementing hardening best practices based on the vSphere Hardening Guide
5. Data Protection
   • Data encryption technology
   • Data-at-rest encryption options for server and desktop virtual machines
   • View endpoint protection best practices
   • Datastore security options
   • View PCoIP encryption
   • VMware Operating System Optimization Tool for desktop and server virtual machines
   • Introducing VMware AirWatch for mobile and desktop security
   • VMware AirWatch and VMware NSX integration
   • Configuring vSphere security certificate management using VMware Certificate Authority and VMware Endpoint Certificate services
   • Using the Certificate Automation Tool to manage vSphere certificates
   • Establishing and using an IPsec VPN
   • Using the VMware Endpoint Certificate Store
6. Network Security
   • Managing network data in an SDDC
   • Security policies and settings of vSphere switches
   • Configuring vSphere advanced security features for distributed switches
   • Using the VMware NSX distributed firewall and distributed router to implement microsegmentation
   • Protecting and managing north-south traffic with VMware NSX Edge services gateway and physical firewalls
   • Managing access to the vSphere management network
   • Using VMware NSX Virtual Switch features to implement network security
   • Designing clusters and racks to minimize vulnerabilities
   • Limiting access to vSphere management networks
   • Hardening network infrastructure components
7. Virtual Machine, Mobility, and Application Protection
   • Securing virtual machine guest operating systems
   • Mobile device security with VMware AirWatch
   • Using VMware NSX with Service Composer for Endpoint Protection
   • Using distributed firewalls and microsegmentation to isolate and protect virtual machines
   • Using VMware NSX identity-based firewalls to control network traffic based on Active Directory user IDs
   • Additional VMware NSX functionality using integration with third-party solutions
8. Data Center Monitoring and Compliance
   • Using vRealize Log Insight to identify and analyze security-related log entries
   • Implementing a distributed logging environment
   • vRealize Configuration Manager compliance checkers
   • vRealize Configuration Manager compliance monitoring
9. Automating Data Center Security
   • Using VMware functions and tools to enforce consistent organizational security policies during infrastructure deployment
   • Automating responses to security events
   • Implementing security automation with security groups, security policies, and security tags
   • Automatically applying security settings to newly provisioned virtual machines based on VMware NSX security policies