DCID v7n0 - Designing Cisco® Data Center Infrastructure **Part of the CCNP Data Center certification track** Course Outline
Overview
Designing Cisco Data Center Infrastructure (DCID) v6.0 is a five-day instructor-led course that focuses on data center design based on Cisco solutions. The course includes theoretical content, as well as design-oriented case studies that are in the form of
testlets. The course is designed to help students prepare for Cisco CCNP® Data Center certification and for professional-level data center roles.
The course includes information on designing data centers with Cisco components and technologies. It covers network designs with virtualization, Layer 2 and Layer 3 technologies and routing protocols, and data center interconnect design options. Also
covered are device virtualization technologies such as virtual data centers and network function virtualization with virtual appliances, including virtual switches, virtual routers, and virtual firewalls. Storage and SAN design is covered, with explanation
of Fibre Channel networks and Cisco Unified Fabric.
Design practices for the Cisco Unified Computing System (UCS) solution based on Cisco UCS B-Series and C-Series servers and Cisco UCS Manager are covered. Network management technologies include UCS Manager, Cisco Prime Data Center Network Manager, and
Cisco UCS Director.
Note: Students registering for this course will be receiving their course kit in a digital format.
Requirements and Instructions
Please also be aware that this digital version is designed for online use, not for printing. You can print up to 10 pages only in each guide within a course. Please note that every time you click the Print button in the book, this counts as one page
printed, whether or not you click OK in the Print dialog.
Objectives
Upon completion of this course, you will be able to:
Describe Layer 2 switching and Layer 3 forwarding in a data center, including cabling and rack design for the access, aggregation, and core layers
Design vPC, Cisco FabricPath, OTV, and LISP in customer scenarios and describe management options in the LAN
Describe hardware virtualization and FEX technologies, compare the Cisco Nexus 1000v with VM-FEX designs, discuss data center security threats and Cisco Virtual Application Container Services for IaaS, and describe management and automation options for the
data center infrastructure
Describe storage and RAID options, describe the Fibre Channel concept and architecture, and design Fibre Channel and FCoE networks, along with management options
Describe the UCS C-Series, M-Series, and B-Series servers, with connectivity and adapter options. For the UCS B-Series deployment, you will be able to describe the blade chassis, I/O modules, and fabric interconnects, with a focus on southbound and
northbound connectivity and oversubscription. Compare the EHV and NPV network operations modes. Explain and distinguish among the different system integrated stack solutions and the management options for the UCS domains
Design the resource parameters for a UCS domain, starting with the setup and IP concepts, RBAC, and integration with authentication servers. Design the resource pools and policies used in UCS service profiles and templates
Prerequisites
Students considered for this training should have attended the following classes or obtained equivalent level of knowledge:
Introducing Cisco Data Center Networking (DCICN) v6.0
Introducing Cisco Data Center Technologies (DCICT) v6.0
Implementing Cisco Data Center Infrastructure (DCII) v6.0
Implementing Cisco Data Center Unified Computing (DCUCI) v6.0
Implementing Cisco Data Center Virtualization and Automation (DCVAI) v6.0
The knowledge and skills that a learner should have before attending this course:
Implement data center networking (LAN and SAN)
Describe data center storage
Implement data center virtualization
Implement Cisco Unified Computing System
Implement data center automation and orchestration with the focus on Cisco ACI and UCS Director
Describe products in the Cisco Data Center Nexus and MDS families
Who Should Attend
The primary audience for this course is as follows:
Network Designer
Network Administrator
Network Engineer
Systems Engineer
Consulting Systems Engineer
Technical Solutions Architect
Cisco Integrators/Partners
The secondary audience for this course is as follows:
Server Administrator
Network Manager
The tertiary audience for this course is as follows:
Storage Administrator
Program Manager
Project Manager
Course Outline
Module 1: Data Center Network Connectivity Design
Lesson 1: Describing High Availability on Layer 2
Error Detection
UDLD Configuration
High Availability on Layer 2
RSTP and MSTP
Layer 2 Protocols and Layer 2 Fabrics
Layer 2 Scalability Limitations
Layer 2 Newer Scaling Technologies
Virtual Port Channels
vPC Use Cases
Cisco FabricPath
Cisco FabricPath Simplicity and Usability in the Data Center
Cisco FabricPath Technology, Architecture, and CE
Conversational MAC Learning and IS-IS
Multidestination Trees and Data Encapsulation
Transparent Interconnection of Lots of Links
Layer 2 Technologies in the Data Center
Challenge
Activity: Design Virtual Port Channels
Activity: Design FabricPath
Lesson 2: Describing Layer 3 Forwarding
Layer 2 Error Detection
High Availability on Layer 3
Comparing First Hop Redundancy Protocols
Hot Standby Router Protocol
HSRP Within the Data Center
Virtual Router Redundancy Protocol
Gateway Load Balancing Protocol
IPv6 in Data Centers
Routing Protocols in Data Center Networks
Routing Design and Policy Based Routing
Routing Protocol Security
Neighbor Authentication
Control Plane Policing and Protection
Routing Protocols High Availability
Centralized and Distributed Forwarding
Layer 3 Technologies Within Data Centers
Challenge
Activity: Design FHRP
Activity: Design Routing Protocols
Lesson 3: Designing Data Center Topologies
Data Center Traffic Flows
Cabling Challenges
Direct-Connect vs. Distributed Cabling
EoR vs. MoR vs. ToR
ToR with Cisco Nexus 2000 Series FEX
Data Center Access: vPC
Data Center Access: FEX
Data Center Access: Unified Fabric
Data Center Aggregation: Services
Data Center Aggregation: Unified Fabric
Data Center Aggregation: IP-Based Storage
Data Center Core: Layer 3
Data Center Core: Layer 2
Data Center Core: Collapsed Core with VDCs
Need for Spine-Leaf Architecture
Spine-Leaf Architecture Overview
Migration to Spine-Leaf Fabric
Challenge
Lesson 4: Designing Data Center Interconnects with Cisco OTV
Cisco OTV Overview
Cisco OTV Components
Cisco OTV Control Plane
Cisco OTV Control Plane Using Multicast
Cisco OTV Control Plane Using Unicast
Cisco OTV Data Plane
Failure Isolation: STP
Failure Isolation: Unicast Storms
Failure Isolation: ARP Traffic
Cisco OTV Multi-Homing
Cisco OTV Mobility
Cisco OTV Scalability
Cisco OTV Path Optimization: Egress Routing
Cisco OTV Path Optimization: Ingress Routing
Cisco OTV VLAN Translation Feature
FabricPath and VXLAN vs. Cisco OTV as the DCI
Cisco OTV Support
Challenge
Activity: Design Data Center Interconnect Using Cisco OTV
Lesson 5: Designing a LISP Solution
LISP Overview
LISP Terms and Components
LISP Packet Flow
LISP Control Plane
Use Case: LISP Host Mobility Overview
LISP Host Mobility Deployment Models
Use Case: Multi-Tenant Environments
Use Case: IPv6 Enablement
Cisco Nexus 7000 as a Platform for LISP
Challenge
Module 2: Data Center Infrastructure Design
Lesson 1: Describing Hardware and Device Virtualization
Hardware High Availability and Redundancy
Device-Based Network Virtualization
VLAN and VRF Principle
VDC Architecture
VDC Use Case
Network Virtualization
Server Hardware
Universally Unique Identifiers
World Wide Name
Service Profile Summary
Server Virtualization
Virtual Access Layer
Virtual Access Layer Solutions
Storage Virtualization
VSAN Primary Functions
VSAN Numbering
VSAN Membership
VSAN Tagging
Inter-VSAN Routing
IVR Terminology
NPIV Use Case
NPV Use Case
NPV and NPIV Hardware Support
NPV Traffic Distribution
Challenge
Activity: Design Your VXLAN Network
Lesson 2: Describing FEX Options
Cisco Adapter FEX
Cisco Adapter FEX Scalability
Cisco Adapter FEX Use Cases
Access Layer with Cisco FEX
Cisco FEX Port Types
Cisco FEX Access Topologies
Cisco VM-FEX
Virtualization-Aware Networking
VN-Tag Frame Format
Cisco VM-FEX Traffic Flow
Cisco VM-FEX Traffic Modes
Dynamic Interfaces
Cisco FEX Technologies in the Data Center
Challenge
Activity: Design a FEX
Lesson 3: Describing Virtual Networking
Hypervisor Extensions
Cisco Nexus 1000V Architecture Principles
Cisco Nexus 1000V Components Communication
Cisco Nexus 1000V VSM-VEM Layer 2 Connectivity
Cisco Nexus 1000V VSM-VEM Layer 3 Connectivity
Cisco Nexus 1010 Virtual Services Appliance
Cisco Nexus 1000V Architecture High-Availability Communication
Cisco Nexus 1000V Licensing Model
Cisco Nexus 1000V Licensing Types
Cisco Nexus 1000V License Editions
Cisco Nexus 1000V Multi-Hypervisor Licensing
Hypervisor Extension Scale
Hypervisor Extension Compatibility
VXLAN on Cisco Nexus 1000V
VXLAN Unicast-Only Mode on Cisco Nexus 1000V
MAC Address Distribution with VXLAN on Cisco Nexus 1000V
VXLAN Trunking on Cisco Nexus 1000V
Cisco vPath on Cisco Nexus 1000V
Cisco vPath Service Chaining Architecture
Cisco Nexus 1000V Interface Types
Cisco Nexus 1000V Port Profiles and Port Groups
Cisco Nexus 1000V Port Profiles Hierarchy
Cisco Nexus 1000V Port Profiles Characteristics
Policy-Based VM Connectivity Using Port Profiles
Mobility of Network and Security Properties
Cisco Nexus 1000V Series Security
Virtual Networking Technologies in the Data Center
Challenge
Activity: Design a Cisco Nexus 1000V-Based Solution
Lesson 4: Describing Basic Data Center Security
Threats in Data Centers
Switched Infrastructure Attack Countermeasures
DHCP Server Spoofing
DHCP Starvation
DHCP Snooping
ARP Spoofing: Man-in-the-Middle Attack
Dynamic ARP Inspection
IP Source Guard
Unicast Reverse Path Forwarding
Traffic Storm Control
Device Compromise Threat
Traffic Capture and Injection Threat
Device and Link DoS Threat
Management Plane Security
Management Plane Countermeasures
Management Plane Security Features
Device Hardening
Control Plane Countermeasures
Control Plane Security
Control Plane Policing
Control Plane Protection
CoPP Enhancements on Cisco Nexus 7000
User Management Features
Authentication, Authorization, and Accounting
RBAC with AAA
AAA Best Practices on Cisco Nexus 7000 Series Switches
AAA Server Monitoring
User Accounts and Roles
User Role Rules
Challenge
Lesson 5: Describing Advanced Data Center Security
Enclave Architecture
Cisco TrustSec Architecture
Cisco TrustSec Principle
Cisco TrustSec Authentication
Cisco TrustSec: Security Group Tags
Cisco TrustSec: Admission Control
Cisco TrustSec: SGACL Enforcement
Cisco TrustSec: Link Security
Cisco TrustSec: Ingress Access Control
Data Center Firewalls
Firewall Characteristics
Firewall Deployment Options
Firewall Modes
Firewall Virtualization
Cisco ASA Virtualization Deployment Choices
Positioning the Firewall Within Data Center Networks
Cisco FirePOWER Portfolio
FireSIGHT Controlling FirePOWER
FirePOWER Service Integration in Cisco ASA
FirePOWER Services Support
Cisco ASA Clustering Integration
Cisco ASA Clustering Performance
Threat Management with NextGen IPS
Threat Management with NextGen IPS Design Options
Threat Management with NextGen IPS Design Principles
Challenge
Lesson 6: Describing Virtual Appliances
Cisco ASAv in the Data Center
Cisco ASAv Architecture and Design Principles
Cisco ASAv High Availability
Cisco ASAv Scalability and Performance
Cisco ASAv Deployment: Public Cloud
Cisco ASAv Deployment with NAT
VSG vs. Cisco ASAv and Cisco ASA 1000V
Cisco VSG in the Data Center
Cisco VSG Architecture
Cisco VSG Scalability and Performance
Cisco ASAv and Cisco VSG—3-Tier Server Zone Use Case
Cisco CSR 1000V Architecture
Cisco CSR 1000V Box-to-Box Availability
Cisco CSR 1000V Feature and Technology Packages
Cisco CSR 1000V Licensing Management
Cisco CSR 1000V Scalability and Performance
Cisco CSR 1000V Use Cases
Cisco ITD in the Data Center
Cisco ITD Comparison with Traditional Load-Balancer
Cisco ITD Architecture
Cisco ITD Scalability and Performance
Cisco ITD Load-Balance Selective Traffic
Cisco Prime NAM in the Data Center
Cisco Prime NAM Product Family
Cisco Prime vNAM Key Features
Cisco Prime vNAM Use Case: VM-Level Visibility
Cisco Virtual Application Container Services
Cisco VACS Architecture
Cisco VACS Requirements
Cisco VACS Scalability and Performance
Cisco VACS Use Case
Challenge
Activity: Design a Cisco VACS Solution
Lesson 7: Describing Management and Orchestration
Cisco Prime Network Services Controller
Cisco Prime Network Services Controller—Features
Cisco Prime Network Services Controller—Requirements
Cisco Prime Network Services Controller—Deployment
Cisco UCS Director
Cisco UCS Director—Principle
Cisco UCS Director—Management Capabilities
Cisco UCS Director Network Configuration and Administration
Cisco UCS Director Network Monitoring and Reporting
Challenge
Activity: Design Management and Orchestration in Cisco UCS Solution
Module 3: Data Center Storage Network Design
Lesson 1: Describing Storage and RAID Options
Place Storage Technologies in the Data Center
Direct Attached Storage
SSD Performance Comparison
DAS Use Case
Network-Attached Storage
NAS Use Case
Fibre Channel Storage Area Network
Fibre Channel Storage Use Case
Fibre Channel over Ethernet
FCoE Use Case
Internet Small Computer Systems Interface
Compare Storage Performance in Data Center
RAID Options
Host to Storage Fibre Channel Multipathing
ESXi Multipathing with ALUA Storage Array
MPIO ALUA on NetApp Cluster Use Case
Challenge
Lesson 2: Describing Fibre Channel Concepts
Fibre Channel Topologies
Fibre Channel Ports
Fibre Channel Port Speeds
Fibre Channel Concepts
Fibre Channel Addressing: WWN, NWWN, PWWN
Fibre Channel Addressing: FCID
Fibre Channel Flow Control
Buffer-to-Buffer and Credit-Based Flow Control
FSPF Routing
FSPF Routing Characteristics
Fibre Channel Services
Fibre Channel Device Login Process
Configuring the Fabric Via BF or RFC
Fibre Channel Use Case: Fibre Channel Address Design (Scalability)
NPIV Mode
NPV Mode vs. Fibre Channel Switching Mode
Storage Virtualization
Zoning and VSANs
Storage Trunking and Fibre Channel Port Channels
Challenge
Lesson 3: Describing Fibre Channel Topologies
Fibre Channel SAN Dual Fabric Design
Fibre Channel Fan-In, Fan-Out, and Oversubscription
Calculation of Fan-In, Fan-Out and ISL Oversubscription
Fibre Channel Core-Edge Design
Evaluating Core-Edge Fabric
Core-Edge Design Example
Fibre Channel Collapsed Core-Edge Design
Evaluating Collapsed-Core Design
Fibre Channel Collapsed Core-Edge Design Example
Fibre Channel Edge-Core-Edge Design
Evaluating the Fibre Channel Edge-Core-Edge Design
Fibre Channel Edge-Core-Edge Design Example
Choosing a Fibre Channel Design Solution
ToR and MoR Physical Topology
Entry-Level SAN Solution
Performance Advantages with Cisco MDS 9710 Series Switches
Fibre Channel SAN Extension Solutions
Scale Numbers on Cisco MDS Series Switches
Challenge
Activity: Design a Fibre Channel Network
Lesson 4: Describing FCoE
FCoE Overview
FCoE Standards
FCoE vs. Fibre Channel Stack
FCoE Benefits
Data Center Bridging
IEEE 802.1Qbb PFC
IEEE 802.1Qaz ETS
IEEE 802.1az DCBX
FCoE Elements and Ports
Fabric-Provided MAC Address
FCoE Forwarding
FCoE Initialization Protocol
FIP Process
FCoE vs. FIP
FCoE NPV
FCoE Single-Hop Topology
FCoE FEX Topology
FCoE Remote-Attached Topology
FCoE Multihop Topology
Dynamic FCoE
Fibre Channel vs. FCoE Data Center Design
Challenge
Activity: Design and Integrate an FCoE Solution
Lesson 5: Describing Storage Security
Secure SAN Design
Fibre Channel SAN and IP SAN Security Features
Zoning
Zoning Basics
Smart Zoning vs. Regular Zoning
Basic vs. Enhanced Zoning
Zone Merge
Zoning and VSANs
IVR Zones
LUN Masking and LUN Zoning
Storage Port Security
DH-CHAP Authentication
Other Fabric Access Security Options
IPsec Tunnel Encryption for FCIP or IP-SAN Security
Cisco MACsec Link Encryption for MAC-Layer Security
Cisco TrustSec Link Encryption
Challenge
Activity: Design a Secure SAN
Lesson 6: Describing Management and Orchestration
SAN Device Virtualization
Cisco Prime DCNM for SAN
Cisco UCS Director in SAN
Designing Cisco UCS Director Workflow for Storage Provisioning
Challenge
Activity: Design Cisco UCS Director for Storage Networking
Module 4: Data Center Compute Connectivity Design
Lesson 1: Describing Cisco UCS C-Series Servers and Use Cases
Cisco UCS C-Series Server Classes and Applications
Cisco UCS C-Series Server Use Cases
Network Cards
Network Cards Functionality
Graphics Processing Units
Storage Accelerators
Local and Centralized Storage Accelerators
Cisco UCS C-Series Server Management
Cisco UCS C-Series Server Centralized Management
Challenge
Activity: Design Cisco UCS C-Series Servers Implementation
Lesson 2: Describing Cisco UCS M-Series Servers and Use Cases
Cisco UCS M-Series Servers and System Link Technology
Traditional vs. Disaggregated Servers
Cloud-Scale Computing
Challenge
Activity: Design Cisco UCS M-Series Servers Implementation
Lesson 3: Describing Cisco UCS B-Series Servers and Use Cases
Fabric Interconnects
Fabric Interconnect Cabling
Blade Chassis
I/O Module
Cisco UCS B-Series Server Adapter Cards
VIC Considerations
Server Access
Cisco UCS C-Series Server Integration with a UCS Domain
Stateless Computing
Cisco UCS Mini
Cisco UCS Mini Use Cases
Challenge
Activity: Design a UCS Domain and Fabric Interconnect Cabling
Activity: Design Cisco C-Series Integration with a UCS Domain
Activity: Design a UCS Mini Solution
Lesson 4: Describing Fabric Interconnect Connectivity
Fabric Interconnect Port Personalities
Oversubscription Options
VLANs in the UCS Domain
VSANs in the UCS Domain
Southbound Connection
Northbound Connection
Compare the EHV and Switch Mode
NPV and FC Switching Mode
Fabric Interconnect High Availability and Redundancy
Challenge
Activity: Design Cisco UCS Fabric Interconnect Network and Storage Connectivity
Lesson 5: Describing Hyperconverged and Integrated Systems
Hyperconvergence Overview
Cisco HyperFlex
HX Platform Overview
HX Platform: Scale Out
HX Platform: Scale Up
Non-Disruptive Operations
Continuous Data Optimization
Data Services
HyperFlex Configurations
Integrated Systems Overview
Challenge
Lesson 6: Describing Management Systems
Cisco UCS Manager
Cisco UCS Performance Manager
VMware vCenter
Microsoft Systems Center
Cisco UCS Central
Cisco UCS Director
Challenge
Lesson 7: Describing Hadoop, SAP Hana, and IoT on Cisco UCS
Introduction to Digital Disruption
Converting Big Data into Disruptive Intelligence
Introduction to Hadoop
Hadoop Principle
Introduction to SAP HANA
Hadoop vs. SAP HANA
Use Case: "Smart Train" Predictive Maintenance
FlexPod for SAP HANA and Hadoop
Challenge
Module 5: Data Center Compute Resource Parameters Design
Lesson 1: Describing System-Wide Parameters
Cisco UCS System Configuration Types
Initial System Setup Parameters
Server Management IP Address in Cisco UCS
Cisco UCS Core Elements and Monitor Interfaces
Syslog
Cisco UCS and SNMP
Global Fault Summary in the GUI
CIM XML and SMASH CLP
Call Home
QoS System Classes
Defining the QoS System Class
Provisioning a QoS Policy in a Service Profile
Virtual Network Overview
Multiple vSwitches on a VMware ESX/ESXi Host
Cisco UCS B-Series Blade Server with Multiple vSwitches
Organizations in Cisco UCS Manager
Local Resources in an Organization
Organization Inheritance and Name Resolution
Challenge
Activity: Design System-Wide Parameters in a Cisco UCS Solution
Lesson 2: Describing RBAC
Role-Based Access Control
Roles and Privileges
Default Roles
Default Privileges
Organizations
Organizations Structure
Organization Policy Resolution
Organization Pool Resolution
Locales
User Effective Rights
User Authentication
RADIUS Integration
TACACS+ Integration
LDAP Integration
Authentication Servers Functionality Comparison
Two Factor Authentication in Cisco UCS Manager
Two Factor Authentication Mechanism
Two Factor Authentication Administration
Challenge
Activity: Design an LDAP Integration with a UCS Domain
Lesson 3: Describing Pools for Service Profiles
Scaling Cisco UCS Management with Cisco UCS Central
Global and Local Pools
UUID Use
UUID Format
UUID Suffix Pools
Provisioning UUID Suffix Pools
MAC Address Pools
Provisioning MAC Address Pools
WWN Format
WWNN Pools
Provisioning WWNN Pools
WWPN Pools
Provisioning WWPN Pools
Example: UUID/MAC/WWN Pool Addressing
Server Pools
Provisioning Server Pools
Example: Server Pool Convention
iSCSI Boot Interfaces and Initiator IP Pools
Provisioning iSCSI Initiator IP Pools
Challenge
Activity: Design Pools for Service Profiles in a Cisco UCS Solution
Lesson 4: Describing Policies for Service Profiles
Global vs. Local Policies
Storage Policies
Provisioning a Storage Policy
RAID Levels in a Storage Policy
BIOS Policies
Provisioning a BIOS Policy
Boot Policies
Provisioning a Boot Policy
Boot Order Summary
IPMI Policies
Provisioning an IPMI Policy
Cisco UCS Integration with VMware vSphere DPM
Scrub Policies
Provisioning a Scrub Policy
Maintenance Policies
Provisioning a Maintenance Policy
Challenge
Lesson 5: Describing Network Specific Adapters and Policies
LAN Connectivity and VLANs
LAN Connectivity and Uplink Ports
LAN Connectivity and Pin Groups
LAN Connectivity Policy
Fabric Selection and Failover
Fabric Interconnect SAN Connectivity
SAN Connectivity and VSANs
SAN Connectivity and Uplink Ports
SAN Pinning
SAN Connectivity Policy
SAN Adapter Failover
Virtual Interfaces
Virtual Network Interface Connections
Cisco VM-FEX
Host View with Cisco VM-FEX: One Network
Cisco VM-FEX Operational Model
Cisco VM-FEX in High-Performance Mode with vMotion
UniDirectional Link Detection
Provision UDLD in Cisco UCS
Cisco usNIC
VMQ Support
Challenge
Activity: Design Network-Specific Adapters and Policies in a Cisco UCS Solution
Lesson 6: Describing Templates in Cisco UCS Manager
Cisco UCS Templates
Service Profile Templates
Networking Templates
Challenge
View outline in Word
CSDCID