Implementing Data Center Application Services

Implementing Data Center Application Services (DCASI) v2.0 teaches learners how to implement a Cisco Data Center Application Services solution by deploying the Cisco Application Control Engine (ACE) service module, Cisco ACE appliance, and GSS. This course covers implementation of all of the key Cisco ACE features, including virtualization and role-based access control (RBAC), server load balancing (Layers 3 and 4 and Layers 5 to 7), Secure Sockets Layer (SSL) termination and offload, security features including application-layer inspection, web application acceleration and optimization using the Cisco ACE Appliance. It also covers the Cisco ACE Global Site Selector (GSS) implementation of global server load balancing (GSLB).

The primary audience for this course is as follows:

• Field engineers responsible for the implementation and troubleshooting of Cisco ACE-based solutions

The secondary audience for this course is as follows:

• Network administrators and network engineers responsible for the implementation and troubleshooting of Cisco ACE-based solutions

Upon completing this course, the learner will be able to meet these overall objectives:

• Describe Enterprise Application Architecture
• Describe IP Application Delivery with the Cisco ACE module
• Describe the configuration tasks necessary to successfully deploy a Cisco ACE module
• Describe the structure and function of the Modular Policy CLI statements used to configure Cisco ACE features
• Describe and implement the methods used to manage the Cisco ACE module
• Describe and implement the Cisco ACE features that provide IP application-based security
• Describe and implement the capabilities and configuration of the Cisco ACE features used to provide load balancing of IP-based applications
• Describe and implement the health monitoring capabilities of the Cisco ACE module
• Identify the Layer 7 processing options used to provide advanced application networking
• Describe and implement the Cisco ACE support for SSL protocol processing
• Implement the technology used to design and configure multiple Cisco ACE features
• Design a plan of migration from the CSM and CSS to the Cisco ACE module and Appliance
• Describe and implement the ACE 4710 Web Application and Optimizations
• Describe and implement a GSS topology and successfully configure appliance.
• Describe and implement the high availability capabilities of the Cisco ACE products
• Identify the steps taken to troubleshooting application network services

This course is part of the following Certifications:

• Cisco Data Center Application Services Support Specialist (DCASI)

Detailed Course Outline

Data Center Application Services Overview Describe the key functions provided by Cisco Data Center Application Services and the products that support those functions. IP-Based Data Center Applications

• Describe the fundamentals of IP-based communications
• Describe the fundamentals of IP-based applications
• Describe HTTP-based applications
• Describe global server load balancing

Introducing Cisco ACE Family Solutions

• Describe the multitier application design
• Describe the redundancy design requirements within the data center
• Describe the redundancy design requirements between data centers
• Identify which products provide application delivery for the design

Deploying the Cisco ACE Appliance and Service Module

• Describe the process of connecting the Cisco ACE to the network
• Describe possible deployment topologies including routed, bridge, and one-arm modes, as well as direct server return
• Describe the process of initially setting up the Cisco ACE appliance
• Provide an overview of the Cisco ACE appliance graphic user interface
• Describe the use of multiple contexts
• Explain the resource management controls available on the Cisco ACE
• Explain the process of granting access to authorized users for management tasks
• Describe the steps to configure Cisco ACE interfaces
• Describe the configuration management capability

Implementing Server Load Balancing Describe how to design server load-balancing solutions with the Cisco ACE service module and appliance.

Modular Policy CLI

• Describe the structure and configuration of class maps
• Describe the structure and configuration of policy maps
• Describe the steps necessary to activate policy maps

Managing the Cisco ACE Appliance and Service Module

• Explain how to control management access to the Cisco ACE
• Describe SNMP support for multiple contexts
• Describe Cisco ACE management support with ANM

Security Features

• Describe simple IP access control lists
• Describe the use of ACL object groups
• Explain IP fragmentation processing
• Explain TCP/IP normalization
• Describe the use of SYN cookies
• Explain NAT and PAT

Layer 4 Load Balancing

• Describe the key concepts of server load balancing
• Describe the load-balancing algorithms available
• Describe the configuration of Layer 4 load balancing
• Explain the rate-limiting controls available within a context
• Describe the key concepts of firewall load balancing

Health Monitoring

• Describe health monitoring options
• Describe the configuration of health probes
• Describe the configuration of HTTP error code monitoring
• Describe the use of Tcl for scripted probes
• Explain route health injection
• Describe the use of backup servers and server farms

Layer 7 Protocol Processing

• Describe HTTP Layer 7 load balancing
• Explain persistent HTTP connections and pipelined HTTP requests
• Explain the reuse of Cisco ACE-to-server connections
• Describe the modifications that the Cisco ACE can make to an HTTP transaction
• Explain session persistence
• Explain Layer 7 protocol inspection
• Describe HTTP inspection
• Explain the FTP processing capabilities of the Cisco ACE
• Explain the RDP processing capabilities of the Cisco ACE
• Explain the RADIUS processing capabilities of the Cisco ACE
• Explain the RTSP processing capabilities of the Cisco ACE
• Explain the SIP processing capabilities of the Cisco ACE
• Explain the generic protocol parsing capabilities of the Cisco ACE
• Describe the Layer 7 inspected protocols

Processing Secure Connections

• Describe the use of digital encryption in IP-based applications
• Explain SSL offload, back-end SSL, and end-to-end encryption
• Describe the steps needed to configure a public key infrastructure
• Describe the steps needed to configure SSL proxy services
• Describe the benefits of using SSL session reuse on the Cisco ACE module
• Describe the benefits of using the SSL queue delay on the Cisco ACE module
• Describe the benefits of using SSL client authentication on the Cisco ACE module

Migrating from CSS and CSM

• Describe the portfolio of Cisco load-balancing solutions before the Cisco ACE
• Describe the steps necessary to migrate CSS configurations to the Cisco ACE
• Describe the steps necessary to migrate CSM configurations to the Cisco ACE

Web Application Acceleration Overview

• Describe the network performance factors that affect web application performance
• Describe the architecture of the web application acceleration features
• Describe the FlashForward feature of the Cisco ACE appliance
• Explain the use of delta optimization and its benefits
• Describe the single-request features of the Cisco ACE appliance
• Describe HTTP compression
• Describe the process used to configure HTTP compression

Integrating Multiple Features

• Describe the process of identifying features needed to fulfill network requirements
• Explain the process of designing a multiple-context implementation
• Explain the process of designing a multifeature Cisco ACE implementation
• Describe the configuration of multiple integrated features

Implementing Site-to-Site Load-Balancing Solutions Describe how to design site-to-site load-balancing solutions with the Cisco GSS.

Deploying the GSS

• Describe the physical characteristics of the GSS
• Explain why GSLB capabilities are required in a design that incorporates a load balancer and multiple sites
• Describe the process of initially setting up the Cisco ACE GSS appliance
• Describe the configuration steps necessary to connect the GSS to the network

Managing the GSS

• Describe the default management roles available on the GSS
• Describe how to configure additional management roles on the GSS
• Describe GSS network management support and how it can be incorporated into the overall design

Implementing Global Server Load Balancing

• Describe the various GSLB methods available on the GSS and how to use them in the overall design
• Describe the GSS load and keepalive tracking and how it should be used in the overall design
• Describe the Cisco ACE module support for KAL-AP integration
• Describe the network proximity load-balancing capabilities of the GSS
• Describe the purpose of zones and locations in the design
• Describe the architecture relating to the proximity subsystem of the GSS product
• Explain the guidelines that should be followed when using the GSS product and network proximity feature in the design

• Explain how to configure network proximity using the GUI and the CLI
• Describe the use of DNS persistence
• Explain how to configure DNS sticky using the GUI and CLI

Redundancy and Troubleshooting Implement and troubleshoot high-availability data center application services.

High Availability

• Describe the Cisco ACE redundancy model
• Explain object tracking
• Explain the failover recovery process
• Explain state replication between Cisco ACE appliances
• Describe the information used to create fault-tolerant configurations
• Describe the information used to monitor fault-tolerant configurations
• Describe the GSS redundancy model

Troubleshooting Application Services

• Describe the separate data and control planes of the Cisco ACE architecture
• Describe the steps needed to troubleshoot Layer 1 and device management
• Describe the steps needed to troubleshoot Layer 2 connectivity
• Describe the steps needed to troubleshoot Layer 3 connectivity
• Describe the steps needed to troubleshoot SLB
• Describe the steps needed to troubleshoot Cisco ACE security features
• Describe the steps needed to troubleshoot Cisco ACE high-availability features
• Describe the steps needed to troubleshoot Cisco ACE GSS features

The knowledge and skills that a learner must have before attending this course are as follows:

• CCNA® or equivalent knowledge
• Familiarity with TCP/IP protocol suite
• Knowledge of HTTP and SSL protocols
• Basic understanding of n-tier application architecture
• Basic understanding of server load-balancing concepts