Chapter t: Networking Security Concepts 19
Wired, Wieless, Access On-Premise ‘Security and Policy
Mobie Access nastructure Gateways Infrastructure
MoM RSA,
$ SecuriD Active Certificate
Directory Authority
a (ap) (CA)
rT)
Core
5
Bl Cisco ISE
= oe
=
‘Aggregation
‘Services
outer (ASR)
Data Center
Figure 1-3 Data Center Topology
Switching
outer (ASR)
Home Office Data Center
Figure 1-4 Branch Office/Home Office Topology
Unknown20 CCNA Security 210-260 Official Cert Guide
Network Security for a Virtual Environment
Today's data center environments must be designed to significantly reduce adm
‘overhead and improve flexibility and operational efficiency. Critical security functions
‘must be able to dynamically scale to protect assets as business demands change. Cisco
has created technologies and products such as the Application Centric Infrastructure (ACD)
ecosystem and the Cisco ASAv (virtual ASA) to provide security solutions for today’s data
center demands. For example, ACI provides a centralized application-level policy engine for
physical, virtual, and cloud infrastructures. The Cisco ASA¥ provides detailed visibility and
control of application and services within the virtual environment.
Figure 15 illustrates a high-level data center environment with multiple network connec-
tons, and it defines the concept of east-west versus north-south trafic.
Ente
Noah South Tate
‘ServeriCompute Sonvices
ee
Figure 1-5 High-level Data Center Environment and Traffic Definitions
Figure 1-6 shows a virtualized data center where multiple software applications (such as
VMWare, KVM, Xen) are used to divide one physical server into multiple isolated virtual
environments. In this example physical firewalls are deployed to provide protection and seq:
‘mentation to the data center from the rest of the corporate network,
Unknown