Chapter t: Networking Security Concepts 19 Wired, Wieless, Access On-Premise ‘Security and Policy Mobie Access nastructure Gateways Infrastructure MoM RSA, $ SecuriD Active Certificate Directory Authority a (ap) (CA) rT) Core 5 Bl Cisco ISE = oe = ‘Aggregation ‘Services outer (ASR) Data Center Figure 1-3 Data Center Topology Switching outer (ASR) Home Office Data Center Figure 1-4 Branch Office/Home Office Topology Unknown20 CCNA Security 210-260 Official Cert Guide Network Security for a Virtual Environment Today's data center environments must be designed to significantly reduce adm ‘overhead and improve flexibility and operational efficiency. Critical security functions ‘must be able to dynamically scale to protect assets as business demands change. Cisco has created technologies and products such as the Application Centric Infrastructure (ACD) ecosystem and the Cisco ASAv (virtual ASA) to provide security solutions for today’s data center demands. For example, ACI provides a centralized application-level policy engine for physical, virtual, and cloud infrastructures. The Cisco ASA¥ provides detailed visibility and control of application and services within the virtual environment. Figure 15 illustrates a high-level data center environment with multiple network connec- tons, and it defines the concept of east-west versus north-south trafic. Ente Noah South Tate ‘ServeriCompute Sonvices ee Figure 1-5 High-level Data Center Environment and Traffic Definitions Figure 1-6 shows a virtualized data center where multiple software applications (such as VMWare, KVM, Xen) are used to divide one physical server into multiple isolated virtual environments. In this example physical firewalls are deployed to provide protection and seq: ‘mentation to the data center from the rest of the corporate network, Unknown