By John Gardner | 34 Min Video

Learn how to enhance security in a multi-tenant environment by mastering user account creation, applying permissions, and leveraging API access for Intersight configuration. We also cover the critical role of certificates, including how to install and update them, to ensure a secure and efficient setup.

Watch more videos like this on our YouTube Channel.

Secure User and Access Management

• Account provisioning: Best practices for creating user accounts with least-privilege access.
• Role-based access controls: Utilize Intersight’s RBAC features to assign access based on organizational roles and responsibilities.
• Multi-tenant considerations: Segment administrative access to ensure separation across teams or projects.

Permissions and API Security

• API key lifecycle: Generate, rotate, and audit API keys regularly to secure automation workflows.
• Permission scoping: Restrict API key permissions to required actions only.
• Secure integrations: Use secured protocols and least privilege when integrating with third-party tools via Intersight API.

Certificate Management

• TLS certificates: Install valid trusted certificates to secure management plane communications.
• Automated updates: Keep certificates current through regular renewal cycles.
• Trust chain enforcement: Ensure certificates are trusted by both on-prem and cloud components.

Built‑in Platform Security

• Layered security model: Cisco Intersight incorporates cloud-native security features, encrypts data, and separates management from production traffic.
• ISO 27001 alignment: The platform is built and continuously tested according to Cisco’s secure development lifecycle and ISO 27001 standards.

Network Isolation and Telemetry

• Control-plane separation: Management traffic is isolated from production data via dedicated networks bxin.cisco.com.
• Telemetry control: Ensure sensitive config and telemetry data are encrypted at rest and isolated per tenant or organizational group.

Policy and Process Recommendations

• Secure development lifecycle: Embrace Cisco’s security-first approach in platform updates and deployments.
• Audit readiness: Regularly review access logs, API usage, and certificate status to comply with organizational policies.
• Zero-trust mindset: Validate every access request and properly segment duties and privileges.

Final Takeaways

• Follow least-privilege principles for user roles and automated integrations.
• Manage certificates and API keys thoroughly to avoid risk of misuse.
• Leverage Intersight’s built-in security—such as telemetry encryption and ISO-standard development—to reduce attack surface.
• Maintain network separation between control and production planes.
• Keep environments audit-ready, embracing vendor-recommended secure processes.

Instructor Bio:

As a specialist in the data center space, John provides consulting, implementation, and support for Cisco data center infrastructures. In addition to his CCSI, he holds CCNP certifications in the Cisco Data Center, Cloud and Service Provider spaces, and CCNP Cyber Ops, and can deliver the FP200 course for Cisco HTD and firepower security training. John has developed full data center labs for Cisco Nexus and ACI products, created data center derivative works courseware, and has recorded several Data Center videos for Cisco eLearning products. His broad experience will help us continue to grow and deliver outstanding product options to our customers.