Network DevOps course description This course is not a soft skills course covering the concepts of DevOps but instead concentrates on the technical side of tools and languages for network DevOps. Particular technologies focussed on are ansible, git and Python enabling delegates to leave the course ready to starting automating their network. Hands on sessions follow all major sections. More detailed courses on individual aspects of this course are available. What will you learn Evaluate network automation tools. Automate tasks with ansible. Use git for version control. Use Python to manage network devices. Use Python libraries for network devices. Network DevOps course details Who will benefit: Administrators automating tasks. Prerequisites: TCP/IP Foundation Duration 5 days Network DevOps course contents What is DevOps Programming and automating networks, networks and clouds, AWS, OpenStack, SDN, DevOps for network operations. Initial configuration Configuring SSH, ZTP, POAP. Hands on Initial lab configuration. Getting started with ansible The language, the engine, the framework. Uses of ansible, orchestration. The architecture, Controlling machines, nodes, Agentless, SSH, modules. Configuration management, inventories, playbooks, modules, roles. Hands on Installing ansible, running ad hoc commands. Ansible playbooks ansible-playbook, YAML, plays, tasks, handlers, modules. Playbook variables. Register module, debug module. Hands on Running playbooks. Ansible Inventories /etc/ansible/hosts, hosts, groups, static inventories, dynamic inventories. Inventory variables, external variables. Limiting hosts. Hands on Static inventories, variables in inventory files. Ansible modules for networking Built in modules, custom modules, return values. Core modules for network operations. Cisco and/or Juniper modules. ansible_connection. Ansible 2.6 CLI. Hands on Using modules. Ansible templating and roles aConfiguration management, full configurations, partial configurations. The template module, the assemble module, connection: local, Jinja2 templates, variables, if, for, roles. Hands on Generating multiple configurations from a template. Network programming and modules Why use Python? Why use ansible? alternatives, ansible tower, Linux network devices. Programming with Python Python programming Functions. Classes, objects and instances, modules, libraries, packages. Python strings, Python file handling, pip list, pip instal. Hands on Python programming with pyping. More Python programming Functions. Classes, objects and instances, modules, libraries, packages. Python strings, Python file handling, pip list, pip install. Hands on Python programming with pyping. Git Distributed version control, repositories, Git and GitHub, Alternatives to GitHub, Installing git, git workflows, creating repositories, adding and editing files, branching and merging, merge conflicts. Hands on working with Git. Python and networking APIs, Sockets, Telnetlib, pysnmp, ncclient, ciscoconfparse. Paramiko SSH and Netmiko Integrating Python and network devices using SSH. Netmiko, Netmiko methods. Hands on Netmiko. NAPALM What is NAPALM, NAPALM operations, getters, Replace, merge, compare, commit, discard. Hands on Configuration with NAPALM. Integrating ansible and NAPALM. Python and REST REST APIs, enabling the REST API. Accessing the REST API with a browser, cURL, Python and REST, the request library. Hands on Using a REST API with network devices.
Network management technologies course description A comprehensive tour of the available network management technologies available for todays networks. The course starts with basic tools such as syslog along with Python network automation. SNMP is then covered with the *flow technologies and streaming telemetry. Configuration management with ansible, Python, NETCONF and RESTCONF is then studied. The final part of the course looks at SDN. Hands on sessions are used throughout to reinforce the theory rather than teach specific manufacturer equipment. Note that sections are available as individual courses. What will you learn Evaluate network management technologies. Evaluate network management technologies. Recognise the weaknesses of SNMP versus NETCONF and streaming telemetry. Explain the role of NETCONF and RESTCONF. Compare & contrast *flow and streaming telemetry. Explain the role of SDN in network management. Automate network configuration with ansible and Python. Network management technologies course details Who will benefit: Those wishing to manage networks. (Previous Python experience is NOT needed) Prerequisites: Intro to data comms Duration 5 days Network management technologies course content Basic network management Network management What is network management? Benefits, issues. FCAPS model. Fault management, Configuration management, accounting, performance, security. What to manage, what not to manage. Managing network devices, managing servers. Monitoring networks Traditional network tools Ping..., SSH, syslog, TFTP for configurations. nmap. Wireshark. CLI. Web based management. Splunk. Nessus, snort, Kali. Hands on syslog, network inventories. Network automation using the CLI Programming and automating networks, netOps. Python, Git. Python network modules, SSH, paramiko, netmiko. EVE-NG. Hands onPython network modules. Structured versus unstructured data Problems with automation and unstructured data. XML, JSON, YAML. The role of YANG. Hands on Parsing data. SNMP SNMP architecture, SNMP MIBs, SMI, the SNMP protocol, polling security. Configuring SNMP. SNMPv1, v2, v3, SNMP security. Which version should you use? MIBs and MIB structure. mib-2, extra parts of mib-2, Private enterprise MIBs. Summary: What SNMP is good/bad at. Hands on Configuring agents and a NMS. MIB browsing. Server management Microsoft, Linux, application polling. WMI vs SNMP. Hands on: Application polling. Performance management *flow Polling, push vs pull, netflow, sflow, IPFIX, *flow. Flows. Where to monitor traffic. Comparing *flow with SNMP. Architecture: Generators and collectors. When flows are exported. NetFlow reporting products. SolarWinds. Hands on Netflow configuration. Collectors. Streaming telemetry Model driven telemetry, periodic/on change. Structured data. Telemetry protocol stack. gRPC and gNMI. Protobuf. gNMI operations. Telemetry architecture. Telegraf, databases, Grafana. Hands on Telemetry example. Configuration management Configuration management tools Chef, puppet, ansible, saltstack. Ansible architecture, controlling machines, nodes, agentless, SSH, modules. Inventories, playbooks, modules, network modules, jinja2 templates. Hands on Network configuration with ansible. NETCONF What is NETCONF? Protocol stack, Data stores, traffic flows, validating configurations, rollback. YANG data models and how YANG is used by NETCONF. XML. Explorers and other tools. Hands on anx, Python and NETCONF. RESTCONF The REST API, HTTP, What is RESTCONF? Tools including Postman. Comparison with NETCONF. Hands on Configuration with RESTCONF. Python network automation: configuration SSH issues. Using structured data. Jinja2. ncclient, requests, NAPALM, Nornir. Automated testing. Hands on Python network device configuration with nornir. Software Defined Networks and orchestration Classic SDN What is SDN? benefits. SDN architecture. SDN applications, SDN switches, SDN controllers, Network Operating Systems. Control plane, data plane. Northbound interfaces. SDN components. Southbound interfaces. OpenFlow. ONF, OpenFlow ports, Flow tables. Network virtualization Virtual networks, virtual switches, NfV. Service chaining. NfV and SDN. SDN implementations Classic SDN, Hybrid SDN, SDN via APIs, SDN via overlays. Data centre SDN, VXLAN, Service Provider SDN, SD WAN, Enterprise SDN, WiFi. SDN and open source OpenDaylight, OpenVSwitch, Open Networking Forum, Open Network Operating System. Hands onOpenStack. SD-WAN What is SD-WAN? Architecture: Edge, gateway, orchestrator, controller. Overlay and underlay. Use of MPLS, 4G/5G. Benefits and features. Secure Access Service Edge (SASE).
GPON and FTTx networks training course description Designed to benefit those requiring an in depth knowledge of the principles and applications of Ten Gigabit and Gigabit Passive Optical Networking and Fibre to the X in NG Networks applications and their associated equipment, its flexibility and function within a modern transmission network. Using an effective mix of 'hands on' equipment instruction and correlation to theory based learning the delegate will gain a complete understanding of the equipment and the tasks to be undertaken in a real life situation. What will you learn Compare PON/FTTx systems. Explain network elements and designs. Support applications and network interfaces. List circuit provisioning and bandwidth requirements. Understand upstream & downstream issues. Describe headend & network elements/OLT-ONT. Perform network testing with OTDR test sets. GPON and FTTx networks training course details Who will benefit: Anyone working with GPON and FTTx. Prerequisites: Introduction to data communications and networking. Duration 5 days GPON and FTTx training course contents FTTN, FTTC, FTTH SMF, MMF, Fibre safety and properties (dispersion/attenuation), Fibre reel cables and types, Fibre installation and air blown fibre, Transmitters and receivers - power budget/laser classes. Fibre to the home (FTTH), FTTC (Fibre to the Cabinet), FTTN (Fibre to the node) , FTTD (Fibre to the desk), FFTH topologies and wavelengths, Active or passive optical network. WDM equipment and GPON OSP design Wavelength considerations, WDM/DWDM/CWDM, EDFA optical amplification, AWG (Arrayed Waveguide Grating) splitters , Couplers (splitters) and losses, Optical splitters 1x2, 1x4, 1x8, 1x16, 1x32, 1x64, 2x64. PON variants Gigabit passive optical network (GPON), Gigabit Ethernet passive optical network (GEPON), Time division PON (TDM-PON), Wave Division Multiplexing PON (WDM-PON), 1Gbps, 10Gbps, 40Ggps, 100Gbps FSAN (Full Service Access Network) NGA (Next Generation Access), Strategies for TDM-PON to WDM-PON migration, Architecture of NG-PON (hybrid WDM/TDM PON), Additional services than triple play. GEPON design GPON OSP centralized and distributed design, GPON PON splitters x4 x8 x32, Fibre splice trays /cassette trays & enclosures, GPON field testing and installation verification, GPON physical layer testing, Optical time domain reflectometer (OTDR), Optical power source & meter, Optical return loss (ORL), APON/BPON/GPON/EPON comparisons. GPON ITU-T G.984.1 Reference model, terminology & architecture, Access network system management functions. ONT & OLT functional block examples. FTTx scenarios, 4 switching arrangements for external access network backup. GPON ITU-T G.984.2 Physical layer, Enhancement band, Bit rate and wavelengths, FEC and RAMAN. GPON ITU-T G.984.3 Frame structure, GPON encapsulation method (GEM), GTC adaptation and framing sublayer protocol stack, Status reporting & traffic monitoring DBA (SR-DBA & TM-DBA), Transmission container (T-CONT) types, Downstream & upstream multiplexing, GEM port identifier, Media access control and ONU registration, Extended bandwidth assignment model scheduling architecture, PLOAM & alarm messages, Downstream & Upstream FEC, Process order in a GTC transmit flow. GPON ITU-T G.984.4 and G.988 ONT management and control interface (OMCI) Management interface, Reference model, Typical ONT with SCTE 55-1 or SCTE 55-2 compliancy. GPON ITU-T G.984.5 enhancement band Band options, GPON NGA, Wavelength allocation. GPON ITU-T G.984.6 optical reach extension (G.984.re) Reach extension (RE), OA-based and OEO-based reach extenders, Protection, Reach extender with OTDR blocking filters (BF) and bypass (BYP) filters. GPON ITU-T G.984.7 long reach Quiet Window. 10-GPON ITU-T G.987.1 (XG-PON) Scenarios, reference access network architecture, XG-PON with G-PON through WDM1r, G-PON and XG-PON wavelength allocation, G-PON and XG-PON co-existence with video overlay option, RE migration scenarios. G.989 40Gbps XG-PON2 Functional reference architecture, NG-PON2 system coexistence with legacy systems, Definitions of legacy compatibility terminology. GPON issues and standards GPON components GPON OLT / GPON ONT, GPON management, Operational support systems (OSS), Network management systems (NMS), OMCI (ONT Management control interface), RG (Residential gateway), Data and prioritised voice channel product, GPON broadband-forum standards, Broadband-forum , TR-069 and TR-156, HPNA (home phone network alliance), Powerline carrier (PLC), GPON DLNI G.hn or G.9960, MOCA, FTTH council certification standard for network certification. Fibre-connected home badge, Ethernet in the first mile (EFM), GPON frame synchronization to network timing, Direct clock synchronization interface (BITS), Multiservice access platform (MSAP), Software planning tool, Superconnected cities / voucher scheme. Hands on practical assignments Single and multimode fibre recognition, Fibre Cleaning methods, Checking cleaning with an optical microscope, Optical light source and optical power meter referencing, PON splitter and fibre drum testing with an optical power meter, 6km classroom passive optical network testing with an OTDR at 1310/1550nm, Using decibels (dB's) and decibel milliwats (dBm's), Designing networks up to 20km long using vendor specifications (power budget), Fault finding with a visible fault locator.
Complete C programming training course description A hands-on introduction to programming in the ANSI C programming language. The course initially moves at a fast pace in order to spend as much time as possible on the subject of pointers - the area which cause the most bugs in C programs. What will you learn Write ANSI C programs Use the C libraries Debug C programs Examine existing code and determine its function. Complete C programming training course details Who will benefit: Programmers wishing to learn C. Programmers wishing to learn C++ or Java. Prerequisites: None, although experience in another high level language would be useful. Duration 5 days Complete C programming training course contents Getting started The compilation process, comments, main(), statement blocks, printf(). C data types and operators char, int, float and double, qualifiers, arithmetic and assignment operators, precedence, Associativity. Basic I/O C libraries, stdin and stdout, getchar(), putchar(), printf() formatting. Flow control if else, dangling elses, else if, while and for loops. switch statements, the null statement, break, continue and gotos. Functions Function calls, arguments and return types, function declarations (prototypes), function definitions, scope of variables. The preprocessor Preprocessor actions, macros, #include. Libraries and their relationship with header files. Conditional compilation. More data types and operators Logical, bitwise and other operators, type conversion, casting, typedefs and access modifiers. Arrays Declaring and handling arrays, common gotchas, multidimensional arrays. Pointers What are pointers? Why they are so important, declaring and using pointers,The three uses of the *,pointer example - scanf, pointers as arguments. More pointers Golden rules of pointers and arrays, pointers to arrays, pointer arithmetic, arrays of pointers, multiple indirection. Character/string manipulation Arrays of characters, string definition, working with strings, String library. Program arguments argc and argv, example uses,char *argv[] versus char ** argv. Program structure and storage classes Globals (externals), multi source programs, the look of a C program. Structures Declaration, the . and - operators, unions and bitfields. Library functions File handling, fopen and fclose, reading from and writing to files, fseek().calloc() and malloc()
Complete VBA programming training course description This course helps you extend the capabilities of the entire Office suite using Visual Basic for Applications (VBA). Even if you have no programming experience, you'll be automating routine computing processes quickly using the simple, yet powerful VBA programming language. We start at the beginning to get you acquainted with VBA so you can start recording macros right away. You'll then build upon that foundation to utilize the full capabilities of the language in Word, Excel, Outlook, and PowerPoint. What will you learn Record, write and run macros. Work with VBA Editor. Use the huge library of built-in functions. Create simple dialog boxes and complex forms. Customize Word, Excel, PowerPoint, Outlook, and Access. Program the Office 2016 ribbon. Complete VBA programming training course details Who will benefit: Anyone looking to extend the capabilities of the entire Office suite using VBA. Prerequisites: None. Duration 5 days Complete VBA programming training course contents Macros and getting started in VBA VBA syntax, variables, constants, and enumerations, array variables, finding objects, methods, and properties. Working with VBA 1 VBA syntax, variables, constants, and enumerations, array variables, finding objects, methods, and properties. Decisions, loops and functions Built-in functions, creating your own functions, making decisions in your code, using loops to repeat actions. Using message boxes, input boxes, and dialog boxes Getting user input with message boxes and input boxes, creating simple custom dialog boxes, creating complex forms. Creating effective code Building modular code and using classes, debugging your code and handling errors, building well-behaved code, exploring VBA's security features. Programming the Office applications The Word object model and key objects, working with widely used objects in Word, the Excel object model and key objects, working with widely used objects in Excel, the PowerPoint object, model and key objects, working with shapes and running slide shows, the Outlook object model and key objects, working with events in Outlook, the Access object model and key objects, manipulating the data in an Access database via VBA, accessing one application from another application, programming the Office 2016 ribbon.
UNIX Virtualization and High Availability course description This course covers administering UNIX enterprise-wide with an emphasis on virtualization and high availability. What will you learn Manage Virtual Machines. Manage containers. Manage HA clusters. Manage HA cluster storage. UNIX Virtualization and High Availability course details Who will benefit: Enterprise-level UNIX professional. UNIX professionals working with virtualization and/or High availability. Prerequisites: Linux network administration 2 (LPIC-2) Duration 5 days UNIX Virtualization and High Availability course contents VIRTUALIZATION Virtualization concepts and theory Terminology, Pros and Cons of virtualization, variations of Virtual Machine monitors, migration of physical to VMs, migration of VMs between host systems, cloud computing. Xen Xen architecture, networking and storage, Xen configuration, Xen utilities, troubleshooting Xen installations, XAPI, XenStore, Xen Boot Parameters, the xm utility. KVM KVM architecture, networking and storage, KVM configuration, KVM utilities, troubleshooting KVM installations. Other virtualization solutions OpenVZ and LXC, other virtualization technologies, virtualization provisioning tools. Libvirt and Related Tools libvirt architecture, networking and storage, basic technical knowledge of libvirt and virsh, oVirt. Cloud Management Tools Basic feature knowledge of OpenStack and CloudStack, awareness of Eucalyptus and OpenNebula. Containers Containers versus VMs, Docker, Kubernetes. Load balanced clusters of LVS/IPVS, VRRP, configuration of keepalived, configuration of ldirectord, backend server network configuration. HAProxy, configuration of HAProxy. Failover clusters Pacemaker architecture and components (CIB, CRMd, PEngine, LRMd, DC, STONITHd), Pacemaker cluster configuration, Resource classes (OCF, LSB, Systemd, Upstart, Service, STONITH, Nagios), Resource rules and constraints (location, order, colocation), Advanced resource features (templates, groups, clone resources, multi-state resources), Pacemaker management using pcs, Pacemaker management using crmsh, configuration and management of corosync in conjunction with Pacemaker, other cluster engines (OpenAIS, Heartbeat, CMAN). HIGH AVAILABILITY CLUSTER STORAGE DRBD/cLVM DRBD resources, states and replication modes, configuration of DRBD resources, networking, disks and devices, configuration of DRBD automatic recovery and error handling, management of DRBD using drbdadm. drbdsetup and drbdmeta, Integration of DRBD with Pacemaker, cLVM, integration of cLVM with Pacemaker. Clustered File Systems Principles of cluster file systems. Create, maintain and troubleshoot GFS2 file systems in a cluster, create, maintain and troubleshoot OCFS2 file systems in a cluster, Integration of GFS2 and OCFS2 with Pacemaker, the O2CB cluster stack, other commonly used clustered file systems.
CWSP training course description A hands-on training course concentrating solely on WiFi security with an emphasis on the delegates learning the necessary knowledge and skills to pass the CWSP exam. The course progresses from simple authentication, encryption and key management onto in depth coverage of 802.X and EAP along with many other security solutions such as access control, intrusion prevention and secure roaming. What will you learn Demonstrate the threats to WiFi networks. Secure WiFi networks. Configure: WPA2 RADIUS 802.1x EAP Pass the CWSP exam. CWSP training course details Who will benefit: Technical network staff. Technical security staff. Prerequisites: Certified Wireless Network Associate. Duration 5 days CWSP training course contents WLAN Security overview Standards, security basics, AAA, 802.11 security history. Hands on WLAN connectivity. Legacy 802.11 security Authentication: Open system, shared key. WEP. VPNs. MAC filters. SSID segmentation, SSID cloaking. Hands on Analysing 802.11 frame exchanges, viewing hidden SSIDs. Encryption Basics, AES, TKIP, CCMP, WPA, WPA2. Hands on Decrypting 802.11 data frames. 802.11 layer 2 authentication 802.1X: Supplicant, Authenticator, Authentication server. Credentials. Legacy authentication. EAP, Weak EAP protocols, Strong EAP protocols: EAP -PEAP, EAP-TTLS, EAP-TLS, EAP-FAST. Hands on Analysing 802.1X/EAP frames. 802.11 layer 2 dynamic key generation Robust Security Network. Hands on Authentication and key management. SOHO 802.11 security WPA/WPA2 personal, Preshared Keys, WiFi Protected Setup (WPS). Hands on PSK mapping. WLAN security infrastructure DS, Autonomous APs, WLAN controllers, split MAC, mesh, bridging, location based access control. Resilience. Wireless network management system. RADIUS/LDAP servers, PKI, RBAC. Hands on 802.1X/EAP configuration. RADIUS configuration. 802.11 Fast secure roaming History, RSNA, OKC, Fast BSS transition, 802.11k. Hands on Roaming. Wireless security risks Rogue devices, rogue prevention. Eavesdropping, DOS attacks. Public access and hotspots. Hands on Backtrack. WiFi security auditing Layer 1 audit, layer 2 audit, pen testing. WLAN security auditing tools. WiFi security monitoring Wireless Intrusion Detection and Prevention Systems. Device classification, WIDS/WIPS analysis. Monitoring. 802.11w. Hands on Laptop spectrum analysers. VPNs, remote access, guest access Role of VPNs in 802.11, remote access, hotspots, captive portal. Wireless security policies General policy, functional policy, recommendations.
Linux virtualization and HA training course description The LPIC-3 certification is the culmination of LPI's multi -level professional certification program. LPIC-3 is designed for the enterprise-level Linux professional and represents the highest level of professional, distribution neutral Linux certification within the industry. LPIC-3 304 covers administering Linux enterprise-wide with an emphasis on virtualization and high availability. At SNT we have enhanced the contents of the course by covering containers. What will you learn Manage Virtual Machines. Manage containers. Manage HA clusters. Manage HA cluster storage. Linux virtualization and HA training course details Who will benefit: Linux professionals working with virtualization and/or High availability. Prerequisites: Linux network administration 2 (LPIC-2) Duration 5 days Linux virtualization and HA training course contents VIRTUALIZATION Virtualization concepts and theory Terminology, Pros and Cons of virtualization, variations of Virtual Machine monitors, migration of physical to VMs, migration of VMs between host systems, cloud computing. Xen Xen architecture, networking and storage, Xen configuration, Xen utilities, troubleshooting Xen installations, XAPI, XenStore, Xen Boot Parameters, the xm utility. KVM KVM architecture, networking and storage, KVM configuration, KVM utilities, troubleshooting KVM installations. Other virtualization solutions OpenVZ and LXC, other virtualization technologies, virtualization provisioning tools. Libvirt and Related Tools libvirt architecture, networking and storage, basic technical knowledge of libvirt and virsh, oVirt. Cloud Management Tools Basic feature knowledge of OpenStack and CloudStack, awareness of Eucalyptus and OpenNebula. Containers Containers versus VMs, Docker, Kubernetes. Load balanced clusters of LVS/IPVS, VRRP, configuration of keepalived, configuration of ldirectord, backend server network configuration. HAProxy, configuration of HAProxy. Failover clusters Pacemaker architecture and components (CIB, CRMd, PEngine, LRMd, DC, STONITHd), Pacemaker cluster configuration, Resource classes (OCF, LSB, Systemd, Upstart, Service, STONITH, Nagios), Resource rules and constraints (location, order, colocation), Advanced resource features (templates, groups, clone resources, multi-state resources), Pacemaker management using pcs, Pacemaker management using crmsh, configuration and management of corosync in conjunction with Pacemaker, other cluster engines (OpenAIS, Heartbeat, CMAN). HIGH AVAILABILITY CLUSTER STORAGE DRBD/cLVM DRBD resources, states and replication modes, configuration of DRBD resources, networking, disks and devices, configuration of DRBD automatic recovery and error handling, management of DRBD using drbdadm. drbdsetup and drbdmeta, Integration of DRBD with Pacemaker, cLVM, integration of cLVM with Pacemaker. Clustered File Systems Principles of cluster file systems. Create, maintain and troubleshoot GFS2 file systems in a cluster, create, maintain and troubleshoot OCFS2 file systems in a cluster, Integration of GFS2 and OCFS2 with Pacemaker, the O2CB cluster stack, other commonly used clustered file systems.
Network automation course description This course is not a soft skills course covering the concepts of DevOps but instead concentrates on the technical side of tools and languages for network DevOps. Particular technologies focussed on are ansible, git and Python enabling delegates to leave the course ready to starting automating their network. Hands on sessions follow all major sections. More detailed courses on individual aspects of this course are available. What will you learn Evaluate network automation tools. Automate tasks with ansible. Use git for version control. Use Python to manage network devices. Use Python libraries for network devices. Network automation course details Who will benefit: Network engineers. Prerequisites: TCP/IP foundation for engineers. Duration 5 days Network automation course contents What is DevOps Programming and automating networks, networks and clouds, AWS, OpenStack, SDN, DevOps for network operations. Initial configuration Configuring SSH, ZTP, POAP. Hands on Initial lab configuration. Getting started with ansible The language, the engine, the framework. Uses of ansible, orchestration. The architecture, Controlling machines, nodes, Agentless, SSH, modules. Configuration management, inventories, playbooks, modules, roles. Hands on Installing ansible, running ad hoc commands. Ansible playbooks ansible-playbook, YAML, plays, tasks, handlers, modules. Playbook variables. Register module, debug module. Hands on Running playbooks. Ansible Inventories /etc/ansible/hosts, hosts, groups, static inventories, dynamic inventories. Inventory variables, external variables. Limiting hosts. Hands on Static inventories, variables in inventory files. Ansible modules for networking Built in modules, custom modules, return values. Core modules for network operations. Cisco and/ or Juniper modules. ansible_connection. Ansible 2.6 CLI. Hands on Using modules. Ansible templating and roles Configuration management, full configurations, partial configurations. The template module, the assemble module, connection: local, Jinja2 templates, variables, if, for, roles. Hands on Generating multiple configurations from a template. Network programming and modules Why use Python? Why use ansible? alternatives, ansible tower, Linux network devices. Programming with Python Scripting versus application development, Python interactive mode, Python scripts, Python 2.7 vs Python 3. A simple Python script. Variables, loops, control statements, operators. PEP style guide. Python IDEs. Hands on Simple Python programs. More Python programming Functions. Classes, objects and instances, modules, libraries, packages. Python strings, Python file handling, pip list, pip install, Hands on Python programming with pyping. Git Distributed version control, repositories, Git and GitHub, Alternatives to GitHub, Installing git, git workflows, creating repositories, adding and editing files, branching and merging, merge conflicts. Hands on working with Git. Python and networking APIs, Sockets, Telnetlib, pysnmp, ncclient, ciscoconfparse. Paramiko SSH and Netmiko Integrating Python and network devices using SSH. Netmiko, Netmiko methods. Hands on Netmiko. PyEZ Juniper, NETCONF, installing PyEZ, a first pyEZ script, pyEZ configuration management. Hands on Juniper configuration management with pyEZ. NAPALM What is NAPALM, NAPALM operations, getters, Replace, merge, compare, commit, discard. Hands on Configuration with NAPALM. Integrating ansible and NAPALM. Python and REST REST APIs, enabling the REST API. Accessing the REST API with a browser, cURL, Python and REST, the request library. Hands on Using a REST API with network devices.
Securing Linux systems training course description This course teaches you everything you need to know to build a safe Linux environment. The first section handles cryptography and authentication with certificates, openssl, mod_ssl, DNSSEC and filesystem encryption. Then Host security and hardening is covered with intrusion detection, and also user management and authentication. Filesystem Access control is then covered. Finally network security is covered with network hardening, packet filtering and VPNs. What will you learn Secure Linux accounts. Secure Linux file systems. Secure Linux access through the network. Securing Linux systems training course details Who will benefit: Linux technical staff needing to secure their systems. Prerequisites: Linux system administration (LPIC-1) Duration 5 days Securing Linux systems training course contents Cryptography Certificates and Public Key Infrastructures X.509 certificates, lifecycle, fields and certificate extensions. Trust chains and PKI. openssl. Public and private keys. Certification authority. Manage server and client certificates. Revoke certificates and CAs. Encryption, signing and authentication SSL, TLS, protocol versions. Transport layer security threats, e.g. MITM. Apache HTTPD with mod_ssl for HTTPS service, including SNI and HSTS. HTTPD with mod_ssl to authenticate users using certificates. HTTPD with mod_ssl to provide OCSP stapling. Use OpenSSL for SSL/TLS client and server tests. Encrypted File Systems Block device and file system encryption. dm-crypt with LUKS to encrypt block devices. eCryptfs to encrypt file systems, including home directories and, PAM integration, plain dm-crypt and EncFS. DNS and cryptography DNSSEC and DANE. BIND as an authoritative name server serving DNSSEC secured zones. BIND as an recursive name server that performs DNSSEC validation, KSK, ZSK, Key Tag, Key generation, key storage, key management and key rollover, Maintenance and resigning of zones, Use DANE. TSIG. Host Security Host Hardening BIOS and boot loader (GRUB 2) security. Disable useless software and services, sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration, Exec-Shield and IP / ICMP configuration, Limit resource usage. Work with chroot environments, Security advantages of virtualization. Host Intrusion Detection The Linux Audit system, chkrootkit, rkhunter, including updates, Linux Malware Detect, Automate host scans using cron, AIDE, including rule management, OpenSCAP. User Management and Authentication NSS and PAM, Enforce password policies. Lock accounts automatically after failed login attempts, SSSD, Configure NSS and PAM for use with SSSD, SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains, Kerberos and local domains, Kerberos tickets. FreeIPA Installation and Samba Integration FreeIPA, architecture and components. Install and manage a FreeIPA server and domain, Active Directory replication and Kerberos cross-realm trusts, sudo, autofs, SSH and SELinux integration in FreeIPA. Access Control Discretionary Access Control File ownership and permissions, SUID, SGID. Access control lists, extended attributes and attribute classes. Mandatory Access Control TE, RBAC, MAC, DAC. SELinux, AppArmor and Smack. etwork File Systems NFSv4 security issues and improvements, NFSv4 server and clients, NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos), NFSv4 pseudo file system, NFSv4 ACLs. CIFS clients, CIFS Unix Extensions, CIFS security modes (NTLM, Kerberos), mapping and handling of CIFS ACLs and SIDs in a Linux system. Network Security Network Hardening FreeRADIUS, nmap, scan methods. Wireshark, filters and statistics. Rogue router advertisements and DHCP messages. Network Intrusion Detection ntop, Cacti, bandwidth usage monitoring, Snort, rule management, OpenVAS, NASL. Packet Filtering Firewall architectures, DMZ, netfilter, iptables and ip6tables, standard modules, tests and targets. IPv4 and IPv6 packet filtering. Connection tracking, NAT. IP sets and netfilter rules, nftables and nft. ebtables. conntrackd Virtual Private Networks OpenVPN server and clients for both bridged and routed VPN networks. IPsec server and clients for routed VPN networks using IPsec-Tools / racoon. L2TP.