Introduction

• Introductions and course logistics
• Course objectives

Security Concepts

• Key IT security principles for the SDDC
• Differences between securing traditional infrastructures and virtual infrastructures
• Identity and access management concepts for the SDDC
• Methods to secure your virtual infrastructure components
• EUC and mobile computing risks
• Guest operating system access security
• Hardening concepts and how they apply to virtual infrastructure components

vSphere Security Identity and Access Management

• Role-based access control concepts for vSphere and View
• Configuring role-based access control for ESXi, vCenter Server, and View
• Configuring vSphere single sign-on for administrative access
• Password hardening options
• Configuring ESXi local user management and integration with Active Directory
• ESXi security profiles and access to services

vSphere Hardening

• ESXi host hardening
• Implementing lockdown mode on ESXi hosts
• Configuring ESXi host-based firewall settings
• vCenter Server hardening
• Tools to reduce infrastructure vulnerabilities
• Implementing hardening best practices based on the vSphere Hardening Guide

Data Protection

• Data encryption technology
• Data-at-rest encryption options for server and desktop virtual machines
• View endpoint protection best practices
• Datastore security options
• View PCoIP encryption
• VMware Operating System Optimization Tool for desktop and server virtual machines
• Introducing VMware AirWatch for mobile and desktop security
• VMware AirWatch and VMware NSX integration
• Configuring vSphere security certificate management using VMware Certificate Authority and VMware Endpoint Certificate services
• Using the Certificate Automation Tool to manage vSphere certificates
• Establishing and using an IPsec VPN
• Using the VMware Endpoint Certificate Store

Network Security

• Managing network data in an SDDC
• Security policies and settings of vSphere switches
• Configuring vSphere advanced security features for distributed switches
• Using the VMware NSX distributed firewall and distributed router to implement micro segmentation
• Protecting and managing north-south traffic with VMware NSX® Edge™ services gateway and physical firewalls
• Managing access to the vSphere management network
• Using VMware NSX® Virtual Switch™ features to implement network security
• Designing clusters and racks to minimize vulnerabilities
• Limiting access to vSphere management networks
• Hardening network infrastructure components

Virtual Machine, Mobility, and Application Protection

• Securing virtual machine guest operating systems
• Mobile device security with VMware AirWatch
• Using VMware NSX with Service Composer for Endpoint Protection
• Using distributed firewalls and micro segmentation to isolate and protect virtual machines
• Using VMware NSX identity-based firewalls to control network traffic based on Active Directory user IDs
• Additional VMware NSX functionality using integration with third-party solutions

Data Center Monitoring and Compliance

• Using vRealize Log Insight to identify and analyze security-related log entries
• Implementing a distributed logging environment
• vRealize Configuration Manager compliance checkers
• vRealize Configuration Manager compliance monitoring

Automating Data Center Security

• Using VMware functions and tools to enforce consistent organizational security policies during infrastructure deployment
• Automating responses to security events
• Implementing security automation with security groups, security policies, and security tags
• Automatically applying security settings to newly provisioned virtual machines based on VMware NSX security policies

• Make coaching and monitoring innovative and using modern
• Media training also using on the go training by using interactive means and focusing on
• The exercises, practical applications and real situations study
• Live delivery method, instructor-led training
• Experienced consultant, trainers, and professional
• Qualified trainer with high-level experience

• Send daily attendance reports to training departments
• Send full attendance report to training dep. by the end of the course
• Attend 100 % from the course days also provide daily
• Issue attendance certificate for participant who attend minimum 80% from the course duration

• Pre- assessment before starting training
• Post assessment after finish training
• Full report for the deferent between Pre-& Post assessment

• Cloud Administrators
• System Integrators 
• Operational Developers