CCNA: Security at Commsupport

Posted on by Craig

I nearly forgot that my CCNA was due to expire, but Cisco sent me a few reminders, well I say a few, it ended up bordering on spam.  This meant that my efforts to gain the CCENT and the CCNA would soon be in demise and I would enter the realms of a ‘retired Cisco Certified Network Associate’.

With this in mind, I had a few choices to make:

Do Nothing this was close to being a front runner, however, if I’m being honest with myself, not being a Cisco Certified really bothered me.  It was almost like riding your bike everyday and then one day your dad saying ‘you aren’t allowed on the bike anymore’.  This thought process made we not want to loose the ‘bike’ in the first place.

Stay The Same to be fair this never really entered the equation.  Since starting in IT, one thing that I have always enjoyed is moving forward with skills, projects, vendors and technologies.  I don’t ever want to be a person who says I have 15 years experience in IT, well in fact, what you really meant to say is I gave up learning 12 years ago, so I only really have 3 years experience.

Move Forward this was the front runner, but I didn’t have enough time to self study as I had done before with the CCENT and CCNA (see blog posts CCENT Study Guide and CCNA ICND2 Study Guide) due to family and work commitments.

I spend some time over on CertForums and met a friendly fellow called Cisco Lab Rat who is the Owner/Senior Instructor at Commsupport.  His forum posts impressed me and when my employer was looking for for a new Cisco training provider, I recommended Commsupport’s services.

A few of my colleagues have used Commsupport, and the feedback has always been top notch.  So with this in mind, I decided to head to Commupport for my CCNA: Security training.  I knew that it was going to be a tough week as Joe AKA Cisco Lab Rat performs the course over six days with the average day being 9:00am to 6:00pm.

One thing of note, is that I would highly recommend that you have either the CCNA or have configured Cisco ASA’s and Routers out in the field.  During my time as an engineer I have been lucky enough to configure oodles of ASA 5510 in high availability and more site to site VPN’s than I could shake a stick at.

Anyway, back to the course, before it starts Commsupport provide you with access to there e-learning portal and they ask that you brush up on the basics so you are fully prepared for the course.

The course is held in Central Finchley (London) and this meant a two and half hour trek, door to door.  The first day was a Sunday which I have to say isn’t generally the trend in IT courses, but it was welcomed as I knew we had a lot of information to cram in.

The Commsupport offices are OK, they aren’t the Ritz but they certainly aren’t the ghetto.  You have to bear in mind the course cost, along with the equipment being used and the technical expertise giving the training.

Upon arrival, I was greeted by a slightly over excited Joe!  He instantly made me feel welcome and offered me a seat in front of a stack of Cisco equipment.

I was surprised by the amount of equipment we had to use:

3 x Cisco 1841 Routers
1 x Cisco 2801 Router
1 x Cisco 3560
2 x Cisco 3550
1 x Cisco ASA 5510
2 x Laptops

Normally, in most courses I attend, you have the initial meet and great, with the ‘Hi I work for x and do y’.  None of this, we cracked straight on with Cisco.

The way that Joe teaches you is excellent, he has a passion for networking, Cisco and ranting about random topics.  The overall work flow for each day is really structured, essentially, you have.

Step 1 – Joe Talks

Joe talks over the days plan giving us an overview of what we are going to achieve e.g. Client less SSL VPN from ASA over two routers with two lots of NAT.

He then draws out the network diagram and talks over the concepts of each area e.g. why you would use an SSL VPN rather than L2TP IPSEC or PPTP.

Step 2 – Joe Does The Lab

This part is cool, Joe then puts together the lab and explains all the IOS commands, ensuring you understanding what he is doing and why.

Step 3 – You Do It

Joe prints you out a set of instructions to configure your lab, this includes parts from the GUI (if you like that sort of thing) and also CLI.  One of the aspects that I really enjoyed was when you couldn’t get something to work Joe would spend the time and help you troubleshoot the issue.

Conclusion

Overall it was an excellent week, I gained a much deeper understanding of what it actually was that I was configuring rather than just making it work.  Joe’s ability to convey very technical information in a humorous fashion is second to none.  The lab you have to use is fantastic and the ability to access Joe before and after the course really helps when you have questions you are unsure off.

Would I recommend the CCNA: Security at Commsupport, yes definately.

Topics Covered

Common Security Threats

Describe common security threats

Security and Cisco Routers

Implement security on Cisco router
Describe securing the control, data, and management plan
Describe Cisco Security Manager
Describe IPv4 to IPv6 transition

AAA on Cisco Devices

Implement AAA (authentication, authorization, and accounting
Describe TACACS+
Describe RADIUS
Describe AAA
Verify AAA functionality

IOS ACLs

Describe standard, extended, and named IP IOS access control lists (ACLs) to filter packets
Describe considerations when building ACLs
Implement IP ACLs to mitigate threats in a network

Secure Network Management and Reporting

Describe secure network management
Implement secure network management

Common Layer 2 Attacks

Describe Layer 2 security using Cisco switches
Describe VLAN security
Implement VLANs and trunking
Implement spanning tree

Cisco Firewall Technologies

Describe operational strengths and weaknesses of the different firewall technologies
Describe stateful firewalls
Describe the types of NAT used in firewall technologies
Implement zone-based policy firewall using CCP
Implement the Cisco Adaptive Security Appliance (ASA)
Implement Network Address Translation (NAT) and Port Address Translation (PAT)

VPN Technologies

Describe the different methods used in cryptography
Describe VPN technologies
Describe the building blocks of IPSec
Implement an IOS IPSec site-to-site VPN with pre-shared key authentication
Verify VPN operations
Implement Secure Sockets Layer (SSL) VPN using ASA device manager

VMware Hands on Labs Online

Posted on by Craig

A really quick blog post, VMware have announced some exciting news, that they will soon be offering Labs Online.

Previously to use these labs you had to attend a VMware event of some description, but now they will be available online.

The purpose behind this is to give end users the ability to use and explore the latest VMware products.

For more information see VMware Hands on Labs Online – Beta

VMworld 2012 Barcelona – My Schedule

Posted on by Craig

I feel really fortunate to be able to go to VMworld 2012 Barcelona, it’s my first time, so looking forward to breaking my VMworld virginity.

I finally put aside some time to compile my draft schedule, I have to say so many amazing sessions I want to see, but as I’m not fault tolerant (yet) I can’t be in two places at once.

The schedule seems quite full, I’m wondering how I’m going to be able to spend anytime with vendors such as Cisco, EMC, HP and Veeam to see what they have going on.

You can see that I’m heavily focused on the design and performance in vSphere, which reflects on my day to day work activities.

I’m looking forward to meeting some great people during VMworld, if you see me come say hi.

vSphere 5.1 – My Take On What’s New/Key Features

Posted on by Craig

With the release of vSphere 5.1, it’s been tough keeping up with all the tweets and information from VMworld 2012 San Francisco.

With the plethora of data, I thought it would be handy to blog about what the key features that will have the biggest impact on my every day life.

Licensing

vRAM – It’s gone, licensing is back to per physical processor.

vSphere Essentials Plus – Now includes vSphere Storage Appliance and vSphere Replication.

vSphere Standard  – Now includes vSphere Storage Appliance, vSphere Replication, Fault Tolerance, Storage vMotion and vCentre Operations Manager Advanced.

Beneath The Hood

Monster Virtual Machines

Virtual Machines, can now have the following hardware features:

1TB RAM
64 vCPUs
> 1 Million IOPS per VM

Wonder if I will continue to have those we need a physical SQL server conversation?

This is made possible by Virtual Machine Format 9.

vMotion

vMotion no longer requires shared storage.  This has been achieved by combining vMotion and Storage vMotion into a single operation.  So when a VM is moved, it moves the memory, processing threads and disk over the network to it’s target.

Now what is really, cool it maintains the same performance levels as the older vMotion with shared storage!

Note, I recommend that you use multiple NIC’s for vMotion as per my post High Availability for vMotion

vSphere Replication

Enables virtual machine data to be replicated over LAN and WAN.  Previously to achieve 15 minutes  a-synchronous replication you need sub 2 ms latency.

vSphere Replication integrates with Microsoft’s Volume Shadow Copy (VSS) ensuring that applications such as Exchange and SQL will be in a consistent state if DR was implemented.

vSphere Replication can be used for up to 500 virtual machines.

The initial seed can be done offline and taken to the destination to save bandwidth and time.

VMware Tools

No more downtime to upgrade VMware Tools.

vSphere Web Client

This is going to be the tool for administrating vCentre.  Some pretty cool features like vCenter Inventory Tagging, which means you can apply meta data to items and then such on them e.g. group applications together for a particular department or vendor.

We now have the ability to customise the web client to give it ‘our look and feel’.

Always getting called away when you are half way through adding a vNIC to a VM, well we can now pause this and it appears in ‘work in progress’ so we never forgot to complete an action.

For the pub quiz fans, you can have 300 concurrent Web Client users.

Link Aggregation Control Protocol Support

Used to ‘bind’ several physical connections together for increased bandwidth and link failure (think Cisco Port Channel Groups), this is now a supported feature in vSphere 5.

Memory Overhead Reduction

Every task undertaken by vSphere has an overhead, whether this is a vCPU or a vNIC, it requires some attached memory.  A new feature allows upto 1GB of memory back from a vSphere host which is under pressure.

Latency Sensitivity Setting

vSphere 5.1 makes it easier to support low latency applications (something which I have encountered with Microsoft Dynamics AX).  The ability to ‘tweek’ latency for an individual VM is great.

Storage

We now have 16Gb Fiber Channel support and iSCSI Storage Driver has been upgraded. Some very impressive increases in performance.

Thin provisioning has always been an issue unless your array supported T10 UNMAP.  With vSphere 5.1 a new virtual disk has been introduced the ‘sparse virtual disk’ AKA SE spare disk.  It’s major function is to reclaim previously used space in the guest OS.  This feature alone is worth the upgrade.