ENCC: Designing and Implementing Cloud Connectivity
The Designing and Implementing Cloud Connectivity training helps you develop the skills required to design and implement enterprise cloud connectivity solutions. Learn how to leverage both private and public internet-based connectivity to extend the enterprise network to cloud providers. Explore the basic concepts surrounding public cloud infrastructure and how services like Software as a Service (SaaS) can be integrated. You will practice how to analyze and recommend connectivity models that provide the best quality of experience for users. Implement both Internet Protocol Security (IPsec) and Software-Defined Wide-Area Network (SD-WAN) cloud connectivity, as well as build overlay routing with Open Shortest Path First (OSPF) and Border Gateway Protocol (BGP). Finally, practice troubleshooting cloud connectivity issues relating to IPsec, SD-WAN, routing, application performance, and policy application.
This course is worth 32 Continuing Education (CE) credits toward recertification.
How you will benefit from this course:
- Develop the skills required to design and implement enterprise cloud connectivity solutions
- Learn how to apply the VPN and overlay networking technology, including Cisco Catalyst SD-WAN to extend the enterprise network to cloud providers, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) using both private connectivity services and public internet as an underlay
- Examine the solutions for optimizing access to SaaS cloud providers and the workflows for diagnosing and troubleshooting cloud connectivity issues
- Gain knowledge for protocols, solutions, and designs to acquire professional-level and expert-level enterprise roles
- This training prepares you for the 300-440 ENCC exam. If passed, you earn the Cisco Certified Specialist–Enterprise Cloud Connectivity certification and satisfy the concentration exam requirement for the Cisco Certified Network Professional (CCNP) Enterprise certification.
Audience
Individuals involved in extending the enterprise network to cloud providers.
Prerequisites
Attendees should meet the following prerequisites:
- Good understanding of enterprise routing
- Good understanding of WAN networking
- Good understanding of VPN technology
- Good understanding of Cisco Catalyst SD-WAN
- Good understanding of Public Cloud services. such as AWS, Microsoft Azure and Google Cloud Platform.
Course objectives
After completing this course you should be able to:
- Describe the fundamental components and concepts of cloud computing, including deployment models, cloud services, and cloud providers, to provide learners with a comprehensive overview of the subject
- Describe the options available for establishing connectivity to public cloud services, including point-to-point IPsec VPN and various Cisco Catalyst SD-WAN Cloud OnRamp deployment options
- Describe private connectivity options to public cloud provider infrastructure
- Describe the available options for connectivity to SaaS applications from a geographically distributed organization’s premises
- Describe various cloud connectivity options and explore high availability, resiliency, and scalability capabilities with Cisco cloud connectivity
- Describe and explore public cloud security and its components comprehensively
- Describe regulatory compliance requirements
- Explain the available options and describe the procedures for implementing IPsec-driven internet-based public cloud connectivity
- Introduce overlay routing
- Introduce the Cisco Catalyst SD-WAN capabilities for internet-based public cloud connectivity
- Describe Cisco SD-WAN native and cloud security capabilities
- Introduce the Cloud OnRamp for SaaS
- Introduce the Catalyst Cisco SD-WAN Policies
- Introduce AppQoE
- Describe how to diagnose and troubleshoot common issues for connectivity to public cloud environments using internet-based connectivity
- Troubleshoot OSPF, BGP, route redistribution, and static routes deployed in cloud environments
- Describe Cisco SD-WAN and connectivity to public cloud providers
Course content
Public Cloud Fundamentals
- Cloud Computing
- Cloud Deployment Models
- Public Cloud Service Models
- Public Cloud Providers
Internet-Based Connectivity to Public Cloud
- Public Internet
- VPN
- Cisco SD-WAN
- Cisco SD-WAN Cloud Connectivity
Private Connectivity to Public Cloud
- Private Connectivity Overview
- Direct Connect and Private Peering
- Colocations, Cloud Exchange and Software-Defined Cloud Interconnect
SaaS Connectivity
- Centralized Internet Gateway
- Direct Internet Access
- Cloud Security Providers (Umbrella)
- Dedicated Connectivity (Webex)
Resilient and Scalable Public Cloud Connectivity
- Business and Technical Requirements
- High Availability and Resiliency
- Performance and Scalability
- Bandwidth (Dedicated and Shared)
- SLA and QoS
- Design Case Study Activity: Designing Enterprise Cloud Connectivity
Cloud-Native Security Policies
- Public Cloud Security Overview
- East-West Traffic Control
- North-South Traffic Control
- Inter-Region Connectivity
- Amazon Web Servces (AWS) Native Security
- Microsoft Azure Native Security
- Google Cloud Platform (GCP) Native Security
Regulatory Compliance Requirements
- Regulatory Compliance Requirements
Internet-Based Public Cloud Connectivity
- Underlay Transport Network
- Overlay VPN Tunnels to a Cloud Gateway in AWS
- Overlay VPN Tunnels to a Cloud Gateway im Azure
- Overlay VPN Tunnels to a Cloud Gateway in GCP
- Overlay VPN Tunnels to a Cloud-Hosted Cisco IOS XE Router
Overlay Routing Deployment
- Overlay Routing
- Configure OSPF
- Configure BGP
- Configure BGP in AWS
- Configure BGP in Azure Cloud
- Configure BGP in GCP
- Summary Configuration Example
Cisco SD-WAN Internet-Based Cloud Connectivity
- Cloud OnRamp Functionality
- Cloud OnRamp for Multicloud
Cisco SD-WAN Cloud Security
- Cisco vManage Security Policies
- Cisco Umbrella Cloud Security
Cloud OnRamp for Saas
- SaaS Applications Challenges
- Client-Side SaaS Path Performance Statistics
- Cloud OnRamp for SaaS over SIG Tunnels
- Cloud OnRamp for SaaS and Microsoft 365
Cisco SD-WAN Policies
- Policy Configuration Overview
- Data Policy Overview
- Centralized Data Policy
- Use case - Implementing Traffic Engineering
- AAR Overview
- AAR Components
- Implement AAR Policy for Cloud OnRamp for SaaS
- Configuring Traffic Category and Service Area for Specific Policies
- Enable Cloud OnRamp for SaaS for Specific Applications at Specific Sites
Application Quality of Experience
- Application Quality of Experience Overview
- TCP Optimization
- Data Redundancy Elimination
- Packet Duplication
- Forward Error Correction
Internet-Based Public Cloud Connectivity Diagnostics
- Diagnose Underlay Transport Network
- Diagnose Overlay VPN Tunnel Connectivity to a Cloud Gateway
- Troubleshoot AWS VPN Gateways
- Troubleshoot Azure VPN Gateways
- Troubleshoot GCP VPN Gateways
Overlay Routing Diagnostics
- Overlay Network Basics
- Open Shortest Path First
- Border Gateway Protocol (BGP)
- Overlay Routing in Cloud Environments
Cisco SD-WAN Public Cloud Connectivity Diagnostics
- Troubleshoot Underlay Connectivity
- Troubleshoot Overlay Routing
- Troubleshoot Cisco SD-WAN Cloud OnRamp
Labs
- Discovery Lab 1: Initial Lab Network Exploration
- Discovery Lab 2: Implement IPsec Connectivity to Public Cloud Gateways
- Discovery Lab 3: Implement IPsec Connectivity to Cloud-Hosted Cisco IOS-XE Routers
- Discovery Lab 4: Implement Overlay Routing
- Discovery Lab 5: Deploy Cloud OnRamp for Multicloud
- Discovery Lab 6: Deploy Umbrella Cloud Security
- Discovery Lab 7: Implement Cloud OnRamp for SaaS withn AppQoE
- Discovery Lab 8: Troubleshoot Underlay Connectivity
- Discovery Lab 9: Troubleshoot Overlay Routing
- Discovery Lab 10: Diagnose Cloud OnRamp for Multicloud
Certification
This course is recommended as preparation for the following exam:
- 300-440 ENCC - Designing and Implementing Cloud Connectivity
