Securing Kubernetes training course description This course introduces concepts, procedures, and best practices to harden Kubernetes based systems and container-based applications against security threats. It deals with the main areas of cloud-native security: Kubernetes cluster setup, Kubernetes cluster hardening, hardening the underlying operating system and networks, minimizing microservices vulnerabilities, obtaining supply chain security as well as monitoring, logging, and runtime security. What will you learn Harden Kubernetes systems and clusters. Harden containers. Configure and use Kubernetes audit logs. Securing Kubernetes training course details Who will benefit: Technical staff working with Kubernetes Prerequisites: Kubernetes_for_engineers_course.htm Definitive Docker for engineers Duration 2 days Securing Kubernetes training course contents This course does not only deal with the daily security administration of Kubernetes-based systems but also prepares delegates for the official Certified Kubernetes Security Specialist (CKS) exams of the Cloud Native Computing Foundation (CNCF). Structure: 50% theory 50% hands on lab exercise Module 1: User and authorization management Users and service accounts in Kubernetes Authenticating users Managing authorizations with RBAC Module 2: Supply chain security Vulnerabilit checking for images Image validation in Kubernetes Reducing image footprint Secure image registries Module 3: Validating cluster setup and penetration testing Use CIS benchmark to review the security configuration of Kubernetes components. Modify the cluster components' configuration to match the CIS Benchmark. Penetration testing Kubernetes for known vulnerabilities. Module 4: System hardening Use kernel hardening tools Setup appropriate OS level security domains Container runtime sandboxes Limit network access Module 5: Monitoring and logging Configure Kubernetes audit logs Configure Audit Policies Monitor applications behaviour with Falco
Server Load Balancing course description This two-day Server Load Balancing course introduces the concepts of SLB from the reasons to implement, through the basics and then onto details studies of load distribution, health checks, layer 7 switching and Global SLB. What will you learn Explain packet paths when implementing SLB. Recognise the impact of different topologies. Evaluate SLB load distribution methods. Describe how load balancers can improve security. Explain how GSLB works. Server Load Balancing course details Who will benefit: Anyone working with SLB. Prerequisites: None. Duration 2 days Server Load Balancing course contents Introduction Concept, reasons, benefits, alternatives. Other features: Security, Caching. SLB concepts Architectures, Virtual servers, real servers, Virtual IP address, health checks. DNS load balancing. Packet walk using SLB. Load balancing 6 modes of bonding and load balancing without SLB. ISP load balancing. Health. Distribution policies: Round Robin, least connections, weighted distributions, response time, other variations. Persistent versus concurrent. Layer 4 switching L2 SLB, L3 SLB, single arm SLB, DSR, more packet walking, TCP versus UDP, Port numbers. Layer 7 switching Persistence. Cookie switching, Cookie hashing, Cookie insertion, URL switching, URL Hashing, SSL. Health checks Layer 3: ARP, ping. Layer 4: SYN, UDP. Layer 7: HTTP GET, Status codes, HTTP keepalives, content verification, SSL. Other application keepalives. What to do after failure and recovery. Security DOS attack protection, SYN attack protection, Rate limiting: connections, transactions. SSL offload. Redundancy Hot standby, Active standby, Active active. Stateful, stateless. VRRP, STP. GSLB Anycasting. DNS, TTL, DNS load balancing, problems with DNS load balancing,. HTTP redirect, health, thresholds, round trip times, location.
Signalling training course description An intensive course that defines and explores the signalling methods that are to be found in today's telecommunications services. What will you learn Describe the Functionality and Features of Signalling. Describe the Functionality of Analogue & Digital Subscriber Signalling. Describe the various types of signalling used on different network types. Describe the Functionality of Private Network Signalling. Describe the Functionality of Public Network Signalling. Signalling training course details Who will benefit: Personnel involved with systems design, implementation and support. Prerequisites: Telecommunications Introduction Duration 2 days Signalling training course contents Introduction What is Signalling?, Standards, ITU-T Recommendations, Signalling Categories - Supervisory Addressing, E.164, Call Information, Network Management, Network Components, Inband/Outband Switch Signalling, Analogue Vs Digital Signalling. Analogue Subscriber Signalling Analogue Local Loops/Switches/Trunks, Digital Switches/Local Loops, Telephone Handset, Accessing the Local Exchange, Pulse/Tone Dialling. Digital Subscriber Signalling Integrated Digital Access, DASS2 & DPNSS, DASS2 - Call, IMUX, Euro ISDN, Q.931 Call Control, Message Identification, Message Types, Call Establishment Messages, Call Clearing. Network Types Service Types, Circuit Switched, Packet Switched, Signalling Terminology, In-Channel Signalling, G.704, Performance and Quality, Digital Signalling, CAS, CAS Applications, Foreign Exchange, CCS, Break-In/Out Private Network Signalling Types Networking PABXs, Inter PABX Analogue Signalling Methods, E & M, Tone-On-Idle, Inter PABX Digital Signalling Methods, DPNSS, DPNSS Deployment, PABX Support for DPNSS, DPNSS Call, Q.Sig, Q.Sig support/functionality/protocol, Message Overview, Call Establishment. Public Network Signalling SS7, SS7 Operations, SS7 Topology, SSP, STP, SCP, Database Types - CMSDB NP LIDB HLR VLR, Signalling Modes, Link Types, Further Redundancy, Linksets, SS7 addressing, Point Codes, Sub-System, Global Title Addressing and Translation, ANSI PCs, ITU-T PCs, SS7 Protocol Stack, MTP Level 1, MTP Level 2, Flow Control, FISU, LSSU, MSU, MSU SIF, MTP Level 3, SCCP, TCAP, TUP, Facility Format, Main Facilities, Flow Control Negotiation, Closed User Groups, Reverse Charging, Fast Select Facility, Throughput Class Negotiation, Call Barring, On-Line Facility Registration. BTUP, ISDN ISUP, Supplementary Services, ISUP Call - IAM, Progress/Answer/Suspend/ Resume/Release Messages, Intelligent Network (IN) Introduction, IN Evolution, IN Conceptual Model, IN Target Services & Service Features, Service Independent Building Blocks
Definitive Salt training course description Salt is a remote execution framework and configuration management system. This course covers Salt from the basics. After a quick first taste the course moves onto execution modules, salt states, minion and master data, jinja, Salt extensions and then topology and configuration options. Hands on sessions are used to reinforce the theory rather than teach specific manufacturer equipment. What will you learn Install and use Salt. Describe the architecture of Salt. Manage configurations with Salt. Extend Salt. Definitive Salt training course details Who will benefit: Anyone working with Salt. Prerequisites: Linux fundamentals. Duration 2 days Definitive Salt training course contents Introduction What is Salt? High- level architecture, Some quick examples, system management, configuration management, A brief history, Topology options, Extending Salt. Quick start: First taste of Salt Single-master setup, from packages, bootstrap scripts, Starting up, Basic commands, salt: the main workhorse, salt-key: key management, salt-call: execution on the minion, salt-run: co-ordination of jobs on the master, summary of commands, Key management, viewing keys, accepting keys, rejecting keys, key files, Minion targeting, minion ID, list (-L), glob, regular expressions (-E), grains (-G), compound (-C), targeting summary, Additional remote execution details, Conclusion. Execution modules: The functional foundation sys: information and documentation about modules, sys.doc basic documentation, sys.list_modules, sys.list_functions: simple listings, cmd: execute via shell, cmd.run: run any command, pkg: manage packages, virtual modules, pkg.lists_pkgs: list all installed packages, pkg.available version: see what version will be installed, pkg.install: install packages, user: manage users, user.add: add users, user.list_users, user info: get user info, saltutil: access various Salt utilities, Summary. Configuration management: Salt states Salt files overview, SLS example: adding a user, working with the multi-layered state system, Highstate and the top file, the top file, State ordering, require: depend on another state, watch: run based on other changes, odds and ends, Summary. Minion data / master data Grains are minion data, performing basic grain operations, setting grains, targeting with grains in the top file, Pillars are data from the master, querying pillar data, querying other sources with external pillars, Renderers give data options. Extending Salt: part I Introduction to Jinja, Jinja basics, Templating with Jinja, filtering by grains, Custom execution module, Custom state modules, Custom grains, External pillars, Summary. More on the matter Runners, manage minions, manage jobs, The orchestrate runner, The event system, The reactor system, Summary. Extending Salt: part II Python client API, reading configuration data on a master and minion, using the master client (localclient) API, Using the caller client API, Custom runners, writing a custom runner, using the runnerclient API, Summary. Topology and configuration options Master configuration, directories and files, logging, access control, files server options, Topology variations, masterless minions, peer systems, syndication masters, multiple masters. Brief introduction to salt-cloud Overview, Setup AWS and salt-cloud, installing salt-cloud, cloud providers, cloud profiles, cloud maps, Introspection via salt cloud, Creating infrastructure, More information. Using vagrant to run Salt examples YAML.
ITIL® 4 Specialist: High Velocity IT: In-House Training The ITIL® 4 Specialist: High-Velocity IT module is part of the Managing Professional stream for ITIL® 4. Candidates need to pass the related certification exam for working towards the Managing Professional (MP) designation. This course is based on the ITIL® 4 Specialist: High-Velocity IT exam specifications from AXELOS. With the help of ITIL® 4 concepts and terminology, exercises, and examples included in the course, candidates acquire the relevant knowledge required to pass the certification exam. This module addresses the specifics of digital transformation and helps organizations to evolve towards a convergence of business and technology, or to establish a new digital organization. It was designed to enable practitioners to explore the ways in which digital organizations and digital operating models function in high-velocity environments. Working practices such as Agile and Lean, and technical practices and technologies such as Cloud, Automation, and Automatic Testing are included. What You Will Learn At the end of this course, participants will be able to: Understand concepts regarding the high-velocity nature of the digital enterprise, including the demand it places on IT. Understand the digital product lifecycle in terms of the ITIL operating model. Understand the importance of the ITIL guiding principles and other fundamental concepts for delivering high-velocity IT. Know how to contribute to achieving value with digital products. Course Introduction Let's Get to Know Each Other Course Learning Objectives Target Audience Characteristics ITIL® 4 Certification Scheme Course Components Course Agenda Module-End Exercises Exam Details Introduction to High-Velocity IT High-Velocity IT Digital Technology Digital Organizations Digital Transformation High-Velocity IT Approaches Relevance of High-Velocity IT Approaches High-Velocity IT Approaches in Detail High-Velocity IT Operating Models Introduction ITIL® Perspective High-Velocity IT Aspects High-Velocity IT Applications ITIL® Building Blocks for High-Velocity IT Digital Product Lifecycle Service Value Streams Four Dimensions of Service Management ITIL® Management Practices High-Velocity IT Culture Key Behavior Patterns ITIL® Guiding Principles Supporting Models and Concepts for Purpose Ethics Design Thinking Supporting Models and Concepts for People Reconstructing for Service Agility Safety Culture Stress Prevention Supporting Models and Concepts for Progress Working in Complex Environments Lean Culture ITIL® Continual Improvement Model High-Velocity IT Objectives and Techniques High-Velocity IT Objectives High-Velocity IT Techniques Techniques for Valuable Investments Prioritization Techniques Minimum Viable Products and Services Product / Service Ownership A/B Testing Techniques for Fast Developments Basic Concepts Related to Fast Development Infrastructure as Code Reviews Continual Business Analysis Continuous Integration / Continuous Delivery (CI/CD) Continuous Testing Kanban Techniques for Resilient Operations Introduction to Resilient Operations Technical Debt Chaos Engineering Definition of Done Version Control Algorithmic IT Operations ChatOps Site Reliability Engineering (SRE) Techniques for Co-created Value Basic Concepts of Co-created Value Service Experience Techniques for Assured Conformance DevOps Audit Defense Toolkit DevSecOpsPeer Review
ITIL® 4 Strategist: Direct, Plan and Improve: In-House Training The ITIL® 4 Strategist: Direct, Plan, and Improve course is based on the ITIL® 4 Strategist Direct, Plan, and Improve candidate syllabus from AXELOS. This course is based on the ITIL® 4 Strategist: Direct, Plan and Improve IT exam specifications from AXELOS. With the help of ITIL® 4 concepts and terminology, exercises, and examples included in the course, candidates acquire the relevant knowledge required to pass the certification exam. This course provides the practical skills necessary to create a 'learning and improving' IT organization, with a strong and effective strategic direction. It was designed to provide practitioners with a practical and strategic method for planning and delivering continual improvement with necessary agility. It covers both practical and strategic elements, making it the universal module that is a key component to both ITIL® 4 Managing Professional and ITIL® 4 Strategic Leader streams. What You Will Learn At the end of this course, participants will be able to: Understand the key concepts of direction, planning, improvement Understand the scope of what is to be directed and/or planned and know how to use key principles and methods of direction and planning in that context Understand the role of GRC and know how to integrate the principles and methods into the service value system Understand and know how to use the key principles and methods of continual improvement for all types of improvements Understand and know how to use the key principles and methods of Communication and Organizational Change Management to direction, planning and improvement Understand and know how to use the key principles and methods of measurement and reporting in direction, planning, and improvement Understand and know how to direct, plan, and improve value streams and practices Course Introduction Let's Get to Know Each Other Course Overview ITIL® 4 Certification Scheme Course Learning Objectives Course Components Course Agenda Exercises Case Study: Axle Car Hire Case Study: HandyPerson on Demand Exam Details Core Concepts of DPI Key Terms Covered in the Module Module Learning Objectives Basics of Direction Basics of Planning Basics of Improvement Other Core Elements DPI through Service Value Chain and Guiding Principles Key Terms Covered in the Module Module Learning Objectives DPI of the SVS DPI of Guiding Principles Role of Direction in Strategy Management Key Terms Covered in the Module Introducing Strategy Management Developing Effective Strategies Implementation of Strategies Key Terms Covered in the Module Module Learning Objectives Managing Risks Making Decisions through Portfolio Management Directing via Governance, Risk, and Compliance (GRC) Introduction to Assessment and Planning Key Terms Covered in the Module Module Learning Objectives Core Concepts of Assessment Conducting Effective Assessments Core Concepts of Planning Assessment and Planning through VSM Key Terms Covered in the Module Module Learning Objectives Introducing VSM Developing Value Stream Maps Knowing More About VSM Measurement, Reporting, and Continual Improvement Key Terms Covered in the Module Module Learning Objectives Measurement and Reporting Alignment of Measurements and Metrics Success Factors and Key Performance Indicators Continual Improvement Measurements and Continual Improvement through Dimensions and SVS Key Terms Covered in the Module Module Learning Objectives Measurements for the Four Dimensions Continual Improvement of the Service Value Chain and Practices OCM Principles and Methods Key Terms Covered in the Module Module Learning Objectives Basics of OCM OCM throughout DPI and Service Value Chain Resistance and Reinforcement Communication Principles and Methods Key Terms Covered in the Module Module Learning Objectives Basics of Effective Communication Communication with Stakeholders SVS Development Using Four Dimensions Key Terms Covered in the Module Module Learning Objectives Organizations and People in the SVS Partners and Suppliers in the SVS Value Streams and Processes in the SVS Information and Technology in the SVS
NFV training course description Network Functions Virtualization (NFV) brings many benefits, this training course cuts through the hype and looks at the technology, architecture and products available for NFV. What will you learn Explain how NFV works. Describe the architecture of NFV. Explain the relationship between NFV and SDN. Recognise the impact NFV will have on existing networks. NFV training course details Who will benefit: Anyone wishing to know more about NFV. Prerequisites: Introduction to Virtualization. Duration 2 days NFV training course content Introduction What is NfV? What are network Functions? NfV benefits, NfV market drivers. ETSI NfV framework. Virtualization review Server, storage and network virtualization and NfV. Virtual machines, containers and docker. Data centres, clouds, SaaS, IaaS, PaaS. Virtualization of Network Functions Network virtualization versus Network Function virtualization. ETSI NfV architecture ETSI documents, Architecture overview, compute domain, hypervisor domain, infrastructure network domain. IETF and NfV Creating services, Service Functions, Service Function Chaining. SPRING and source packet routing. YANG and NetConf. RESTCONF. VLANs, VPNs, VXLAN. MANO Management and Orchestration. OpenStack, OpenDaylight PaaS and NfV. The VNF domain. Service graphs, MANO descriptors, Open orchestration. The virtualization layer VM centric model, containers versus hypervisors, FD.io. Summary Deploying NfV, performance, testing. Futures.
Advanced DNS training course description This two-day hands on DNS training course studies both the UNIX BIND and the Microsoft (MS DNS) implementations. The course follows on from our Definitive DNS for engineers course starting with best practices. The majority of the course is spent on securing DNS and in particular DNSSEC. Some parts are specific to BIND. Students choose whether to use Windows or UNIX for the hands on sessions. What will you learn Implement DNS best practices. Harden DNS servers. Install, configure, maintain and troubleshoot DNSSEC. Advanced DNS training course details Who will benefit: Technical staff wanting to learn DNS including: Network personnel. System administrators. Prerequisites: Total DNS for engineers Duration 2 days Advanced DNS training course contents Best practices MX and PTR records, lame delegations, disallowing recursion, TTLs, online testing. Hands on Review of your DNS servers. Split DNS Partitioning internal and external DNS, views. Hands on Implementing split DNS. Hardening DNS ACLs, recursion, queries, trusted sources, chroot jail, secure BIND template. Hands on Securing the DNS server. DNSSEC What is DNSSEC? DNSSEC benefits, DNSSEC RRs. DNSKEY, RRSIG, NSEC, DS. Hands on Creating DNSSEC keys. Securing zone transfers TSIG, shared secret. Securing DDNS. Hands on Secure file transfers. Zone integrity Trusted anchors, Chains of trust, Zone status, Zone signing, Keys. ZSK, KSK, adding keys to a zone file. Secure delegations. Hands on Zone signing Maintaining Signed zones Key rollover, pre publish, double signing, rollover cache.
Total STP training course description The Spanning Tree Protocol (STP) dates from 1985. This course explores in depth how the protocol works and the implications this has on network performance. We also study STP variants including 802.1w (RSTP) and 802.1s (MSTP). What will you learn Explain how STP works. Explain how RSTP works. Explain how MSTP works. Troubleshoot STP and variants. Total STP training course details Who will benefit: Technical network staff. Prerequisites: Definitive Ethernet switching for engineers Duration 1 day Total STP training course contents STP What is 802.1D, what is STP, resilience, broadcast storms, forwarding and blocking, single path. Hands on Impact of broadcast storms, enabling disabling STP. Operation STP frames, BPDUs, root bridge election, blocked ports, root ports, designated ports. STP path costs. Hands on Analysing STP, troubleshooting implications. Topology changes Hello timer, Forward delay timer, max age timer, Topology Change Notification (TCN) BPDU. Hands on STP convergence. STP enhancements and tuning Bridge ID, Bridge priority, port priority, 30 second delay, Edge ports, PortFast, root guard, loop guard, BPDU guard. Hands on Root bridge positioning, improving STP convergence. RSTP 802.1w, Improvements, convergence times. RSTP bridge port roles, RSTP switch port states. Edge ports, link ports. Hands on RSTP configuration and convergence. VLANs and STP Access/untagged ports, trunk/tagged ports, PVST, PVST+, RPVST, MISTP, MSTP and 802.1s. MSTP BPDUs. Instances, Load balancing, impact on CPU. Hands on MSTP load balancing. Interoperability Regions, Virtual bridges, domains. Hands on STP, RSTP and MSTP interoperation.
Intro to containers training course description This course looks at the technologies of containers and microservices. The course starts with a look at what containers are, moving onto working with containers. Networking containers and container orchestration is then studied. The course finishes with monitoring containers with Prometheus and other systems. Hands on sessions are used to reinforce the theory rather than teach specific products, although Docker and Kubernetes are used. What will you learn Use containers. Build containers. Orchestrate containers. Evaluate container technologies. Intro to containers training course details Who will benefit: Those wishing to work with containers. Prerequisites: Introduction to virtualization. Duration 2 days Intro to containers training course contents What are containers? Virtualization, VMs, What are containers? What are microservices? Machine containers, application containers. Benefits. Container runtime tools Docker, LXC, Windows containers. Architecture, components. Hands on Installing Docker client and server. Working with containers Docker workflow, Docker images, Docker containers, Dockerfile, Building, running, storing images. Creating containers. Starting, stopping and controlling containers. Public repositories, private registries. Hands on Exploring containers. Microservices What are microservices? Modular architecture, IPC. Hands on Persistence and containers. Networking containers Linking, no networking, host, bridge. The container Network Interface. Hands on Container networking Container orchestration engines Docker swarm: Nodes, services, tasks. Apache Mesos: Mesos master, agents, frameworks. Kubernetes: Kubectl, master node, worker nodes. Openstack: Architecture, containers in OpenStack. Amazon ECS: Architecture, how it works. Hands on Setup and access a Kubernetes cluster. Managing containers Monitoring, logging, collecting metrics, cluster monitoring tools: Heapster. Hands on Using Prometheus with Kubernetes.