Cisco Secure SD-WAN and SASE Deep Dive Design and Operations (SDWANBDO)
Description
The Cisco Secure SD-WAN and SASE Deep Dive Design and Operations (SDWANBDO) v.17.3 20.3 is a 3-day instructior-led or virtual instructor-led course where the focus is on the fundamentals of the solution; it enables participants to deploy the solution in a lab, learn about the architecture and fundamental principles. To actually design and operate a real-life SD-WAN network, more in-depth knowledge is required. WAN Edge devices are CSR1000v (cEdge) and vEdge Cloud virtual routers running IOS XE 17.3 / 20.3 release. It is a high-end training, focused on the detailed design and operation of a real-life network, with 50% personal lab exercises.
The SDWANBDO course that is part of Cisco Black Belt Academy Aligned Content. It belongs to the stage: Blackbelt SD-WAN deployment stage 3.
The SDWANBDO course that is part of Cisco Black Belt Academy Aligned Content. It belongs to the stage: Blackbelt SD-WAN deployment stage 3.
Choose date
Date
Lang.
Location
Price
Date:
from 11.8.2021
to 20.8.2021
Language: English
Location: Online (CET, UTC+01:00)
2850 $
Book now
Date:
from 13.9.2021
to 15.9.2021
Language: English
Location: Online (CET, UTC+01:00)
2850 $
Book now
Date:
from 29.9.2021
to 1.10.2021
Language: English
Location: Online (CET, UTC+01:00)
2850 $
Book now
Date:
from 13.10.2021
to 15.10.2021
Language: English
Location: Online (CET, UTC+01:00)
2850 $
Book now
Date:
from 25.10.2021
to 27.10.2021
Language: English
Location: Online (CET, UTC+01:00)
2850 $
Book now
Date:
from 10.11.2021
to 12.11.2021
Language: English
Location: Online (CET, UTC+01:00)
2850 $
Book now
Date:
from 24.11.2021
to 26.11.2021
Language: English
Location: Online (CET, UTC+01:00)
2850 $
Book now
Date:
from 13.12.2021
to 15.12.2021
Language: English
Location: Online (CET, UTC+01:00)
2850 $
Book now
Date:
from 17.1.2022
to 19.1.2022
Language: English
Location: Online (CET, UTC+01:00)
2850 $
Book now
Date:
from 31.1.2022
to 2.2.2022
Language: English
Location: Online (CET, UTC+01:00)
2850 $
Book now
Objectives
Upon completing this course, the learner will be able to meet these overall objectives:
- Designing of complex SD-WAN networks with real-life network topologies and scenarios.
- Operating a SD-WAN network, including change management, monitoring and troubleshooting guides (including better understanding of Cisco SD-WAN policy engine) .
- Securing your network with SD-WAN and selecting the best suited security model ranging from dedicated security to moving towards SASE
- Integrating Amazon AWS with practical lab exercises, and understanding SaaS and IaaS in multi-cloud environments (Amazon AWS, Microsoft Azure, Google Cloud)
- An introduction to multi-domain: Interfacing SD-WAN deployments with SDA and ACI architecture.
Outline
The course contains these components:
- Part 1: Installing devices (quick review)
- Part 2: Underlay (routing, NAT, templates, certificates, troubleshooting)
- Part 3: Templates (operational best practices, and advanced features)
- Part 4: Overlay: Design and troubleshooting (goal: “all desired tunnels up”)
- Understanding routing (TLOCs, vRoutes, and how policies affect them).
- Design Guide Overlay: Where do we NOT need tunnels? Methodology for TLOC and routes (constraints: device scale, license, crypto performance, bandwidth bottlenecks, link cost, delay, traffic optimization, security, …).
- Amazon AWS integration (with lab exercise).
- Multi-cloud design and operation.
- Cloud OnRamp for Colocation, IaaS.
- Dynamic Tunnels.
- Troubleshooting the Overlay (Tunnels)
- Lab: Overlay
- Design and implement an overall tunnel infrastructure for all VPNs.
- Complex custom topologies and VPN membership.
- Amazon AWS integration, with two Edges in AWS. Monitor with Cloud OnRamp for IaaS.
- Change management of the policy.
- Part 5: Policies: Construction of an incremental, complex policy (goal: “policy design”).
- Design Guide Policy: How to construct and edit complex policies.
- Internet Breakout for guestnet, with NAT, switching between local and remote breakout policies.
- Complex Data traffic policies (QoS, traffic shaping, traffic engineering …)
- AAR and App QoE in detail
- Cloud OnRamp for SaaS.
- Troubleshooting policies
- Lab: Policies
- Design and Configure Per-VPN topologies
- Building a complex Per-VPN data traffic policy including local DIA
- Application aware routing
- Optimization of centralized policies including control, data traffic and AAR
- Part 6: Security Policies
- Moving SD-WAN towards SASE
- Integrating Umbrella
- Compliance (FW, IPS) (short intro)
- URL filtering and DNS-Security (short intro)
- AMP (short intro)
- Choosing the right tools (on-box, dedicated, cloud-delivered).
- Managing a security policy (with changes).
- Performance considerations
- Troubleshooting security policies
- Lab: Security Policies
- Design and configure external firewall service for Cisco SD-WAN
- TLS Proxy: Inspecting encrypted content.
- Design and build a single complex security policy
- Part 7: Migration
- Overall migration process and planning
- DC migration, site migration, migrate flows
- Part 8: Operation, monitoring, logging, analytics, multidomain integration
- vManage Clustering, disaster recovery. When do you need a cluster?
- Monitoring network performance, and Application Aware Routing.
- Netflow and visibility per VPN
- Logging and High-speed logging
- Certificates: Rollover, revocation, CA cert rollover.
- Working with Cisco API
- Multi-domain: Integration with SDA and ACI
- Lab: Operations
- Monitoring: logging, netflow, app performance
- Certificates: rollover device cert, root cert; revoke devices and certs.
- Troubleshooting Lab with LiveAction
- Working with API to automate basic operational tasks
Prerequisite Knowledge
The knowledge and skills that a learner should possess before attending this course are as follows:
- Cisco SD-WAN & SASE Bootcamp (SDWANB) or similar experience