LernIX Solutions

Course Overview

INCVDO, Cisco CyberVision Deployment and Operation, is a 3-day instructor-led course. Security is every enterprise’s top priority in today’s connected world and keeping enterprise architecture secure will protect business values and outcomes. Thus, a critical element to the success of any network is ensuring and maintaining security – it’s a need that is applicable to all networks and network devices, including those that power Cisco Internet of Things technologies and solutions. In an effort to simplify cybersecurity and increase device visibility within systems utilized by our IoT customers and partners, Cisco introduces Cisco Cyber Vision – a software cybersecurity solution for Operations Technology (OT). This course uses Cisco Validated Designs (CVD) to build a foundational understanding of the potential security threats impacting todays IoT Extended Enterprise and IT – OT integration using Cyber Vision. The goal of this course is to help the student understand the types of attacks, the types of targets and the tools available to protect the Industrial IoT architecture and to use Cyber Vision to keep the IoT infrastructure safe. Practical skills will be achieved using real-world scenarios and examples in a lab developed for such a purpose.

Course Objectives

After completing this course you should be able to:

Explain the common vulnerabilities in the IoT deployments.
Explain the cybersecurity approach for IoT architectures.
Define the Cyber Vision main concepts.
Describe Cyber Vision solution portfolio.
Describe and use the Cyber Vision GUI.
Identify and explain Cyber Vision Installation and Support procedures.
Define Cyber Vision Assessment.
Identify Cyber Vision Assessment components.
Explain and use Cyber Vision Asset solution.
Describe and use Cyber Vision API for Automation.
Identify Cyber Vision use cases.

Course Content

Lesson 1: Industrial Internet of Things Security Threats

Describe security threats and potential impacts on the network
Understand the security challenges faced by the IIoT staff on a daily basis
Explain why Cisco Validated Designs lead to a more secure infrastructure
Describe security threats in the Extended Enterprise network

Lesson 2: Introducing Cyber Vision

Cybersecurity overview in IIoT deployments
Cyber Vision overview
Cyber Vision solution components
Cyber Vision installation procedure

Lesson 3: Cyber Vision Concepts

Preset
Filters
Component
Activity
Flow
Time span
Tags
Properties
Vulnerabilities
Events
Credentials
Variable accesses

Lesson 4: Cyber Vision GUI Exploration

General Dashboard
Preset Views
Panels
Reports
Events
Monitor
Search
Admin
Systems Statistics
My Settings

Lesson 5: Cyber Vision Operation

Using General Dashboard
Explore Preset Views and Panels
Examine and generate Reporting features
Working with Events, Alerts and Audits.
Using Monitor Mode and its Views
Describing and Exploring Monitor Mode Differences
Creating Baselines from default preset and from groups
Defining with Weekend Baselines
Enabling and using Baselines
Cyber Vision Use Cases
Administering Cyber Vision System and Data Management
Cyber Vision Center and Sensors general administration
Administering Users
Administering Events
Administering Licensing
Working with RBAC and LDAP Settings
Exploring and using Cyber Vision API
Cyber Vision Context Information Exchange with pxGrid
IDS functionality with SNORT
Cyber Vision Integrations and Extensions
Working with My Settings

Labs:

Lab 1: Explore Overall system architecture
Lab 2: Work with Asset and flow visibility
Lab 3: Work with Organization and viewing data in the system
Lab 3: Use System events to quickly identifying changes in the environment
Lab 4: Generate Reports for compliance and tracking
Lab 5: Quickly identify vulnerabilities
Lab 6: Use Role Based Access Control
Lab 7: Configure Syslog Integrations (SIEM)
Lab 8: Explore Cisco Cyber Vision operation and upgrade
Lab 9: Configure dashboard for auto-login to CV
Lab 10: Configure and use Packet replay and capture

Course Overview

This course teaches you the fundamental skills necessary to configure and manage modern, open standards-based networking solutions using Aruba’s OS-CX routing and switching technologies. This course consists of approximately 60% lecture and 40% hands-on lab exercises to help you learn how to implement and validate small to medium enterprise network solutions. This 5-day course prepares network professionals for the Aruba Certified Switching Associate exam.

In this course, participants learn about ArubaOS-CX switch technologies including: Virtual Local Area Networks (VLANs), secure access using features like dynamic segmentation, redundancy technologies such as Multiple Spanning Tree Protocol (MSTP), link aggregation techniques including Link Aggregation Control Protocol (LACP), and switch virtualization with Aruba’s Virtual Switching Framework (VSF). You also learn about IP Routing including static and dynamic IP routing with Open Shortest Path First (OSPF).

Course Objectives

After you successfully complete this course, expect to be able to:

Network Fundamentals
Review Aruba Switching portfolio
ArubaOS-CX Network Operating System
VLANs
Spanning Tree Protocol
VRRP
Link Aggregation
IP Routing
Subnetting
OSPFv2 – Single Area
Stacking using VSF
Secure Management and Maintenance
Aruba NetEdit

Course Content

After you successfully complete this course, expect to be able to:

Network Fundamentals
Review Aruba Switching portfolio
ArubaOS-CX Network Operating System
VLANs
Spanning Tree Protocol
VRRP
Link Aggregation
IP Routing
Subnetting
OSPFv2 – Single Area
Stacking using VSF
Secure Management and Maintenance
Aruba NetEdit

Too much information

Course Content

Top

Network Fundamentals

What is a network?
What is a Protocol?
OSI Reference Model
Encapsulation, frames, packets, segments
Layer 2 to Layer 7 headers
Media, cabling, Ethernet/wifi headers
Binary/Hex/Decimal theory and conversion
TCP/IP Stack (IP addressing & Transport Protocols TCP/UDP)
Types of traffic: Unicast, Broadcast, Multicast

TCP/IPStack

Overview
Ethernet frames
IPv4 Header
TCP Header – Three-way Handshake
TCP Header – Sequence Numbers
TCP Header – Port Numbers
TCP Header
UPD Header

Basic Networking with Aruba Solutions

Networking devices: Switches, Routers, Multilayer Switches, APs, Mobility Controllers, Firewalls, Servers (HTTP, DHCP, DNS, Telnet, FTP)
2-Tier vs 3-Tier hierarchy
Switching Portfolio (AOS switches & AOS-CX switches)is this introducing both portfolio on a couple of slide and few slides on AOS-CX hardware architecture, software architecture and intro to NAE high level.
Introduction to AOS-CX and feature set
Port numbering
Accessing Aruba OS-CX CLI
Prompt modes/levels and navigation
Context sensitive help
Show logs, configuration, interfaces, transceivers, flash, version
Hostname/interface name, enabling interfaces
Link Layer Discovery Protocol
ICMP and reachability testing tools: Ping and Traceroute
PoE (standards one slide and what we support and one or two slide on configuration and verifications.)

VLANs

Broadcast/collision domains
VLAN benefits
VLAN creation
DHCP serverconfiguration in switches (optional)
802.1Q tagging
Switchports vs. Routed ports
MAC address table
ARP table
Packet Delivery part 1

Spanning Tree Protocol

Redundant network
L2 loops
802.1D
Common Spanning Tree
802.1s
802.1w overview
802.1w load balancing
802.1w region configuration

Link Aggregation

Static Aggregation
LACP
Load Balancing

IPRouting – Part 1

Default Gateway
DHCP IP Helper Address
IP Routing Service
Inter-VLAN routing
Packet Delivery Part 2
Need for layer 3 redundancy
Introduction to VRF

VRRP

VRRP overview
VRRP basic operation
VRRP failover and preempt
VRRP and MSTP coordination

IPRouting – Part 2

Subnetting
CIDR
Static routes
Administrative Distance
Floating routes
Scalability issues

IPRouting – Part 3

IGP vs EGP
Distance Vector vs Link State
OSPF Router-ID and Hello Messages
Passive interfaces
States
DR and BDR
LSDB: LSA 1 and 2
Path selection and convergence
Using cost to manipulate routes

Stacking

Control Plane, Management Plane, and Data Plane
Introduction to Stacking technologies
Stacking Benefits
Centralized control and management plane
Distributed Data Plane and Distributed Link Aggregation
VSF
VSF requirements
VSF Link and member roles
VSF member IDs and port numbers
VSF Configuration
VSF Provisioning use cases
Tracing Layer 2 traffic: Unicast
Tracing Layer 2 traffic: Broadcast, Multicast, and Unknown Unicast
VSF Failover and OSFP Graceful-Restart
VSF Link failure without MAD
MAD
VSX Introduction

Secure Management and Maintenance

OOBM port
Management VRF
Secure Management Protocols: AAA, SSH, HTTPS, RBAC
Radius-based management auth (VSA)
SNMP
Web interface
Configuration file management (Backup, restore, checkpoint and roll back)
Operating System image management (backup and restore)
Factory default/password recovery

AOS-CX Management tools

Intro to NetEdit
NetEdit installation
Basic monitoring with NetEdit
AOS-CX Mobile App

Course Overview

The Aruba Network Security Fundamentals course covers foundational security concepts and prepares candidates to take the exam to achieve Aruba Certified Networking Security Associate (ACNSA) certification. The course describes common security threats and vulnerabilities and provides an overview of important security technologies. It teaches how to create a trusted network infrastructure with Aruba mobility solutions and switches. In addition to discussing device hardening, the course discusses implementing security at the edge with AAA, basic roles and firewall policies, dynamic segmentation, and endpoint classification. The course will further explain basic threat detection technologies and how to collect logs and alarms and use them to initiate an investigation.

Course Objectives

After you successfully complete this course, expect to be able to:

1- Protect and Defend

Define security terminology
Harden devices
Secure a WLAN
Secure a wired LAN
Secure the WAN
Classify endpoints

2- Analyze

Threat detection
Troubleshooting
Endpoint classification

3- Investigate

Forensics

Course Content

Security Threats and Aruba Security Strategy

Threats Overview
Attack Stages
Aruba Security Strategy

Security Technologies

Regulatory Compliance
Secure Communications: Symmetric Encryption and Hash-Based Authentication
Secure Communications: Asymmetric Encryption and Digital Certificates
Secure Communications: TLS
Authentication, Authorization, Accounting (AAA)

Harden Aruba Switches

Hardening Overview
Set Up Out-of-Band Management
Authenticate Managers Securely
Ensure Physical Security and Other Hardening Actions

Harden ArubaOS Wireless Devices

Lock Down Administrative Access
Lock Down Services
Use CPSec

Enhance LAN Security

Spanning Tree Protections
DHCP Snooping and ARP Protection
Secure Routing Technologies

Network Authentication Technologies

Network Authentication
WLAN Security—Encryption + Authentication

Enforce Edge Security with an Aruba Infrastructure

Enforce WPA3-Enterprise
Enforce 802.1X on the Wired Network

Enforce Role-Based Authentication and Access Control

Aruba Role-Based Firewall Policies
Dynamic Segmentation

Identify and Classify Endpoints

Endpoint Classification Introduction
DHCP Fingerprinting with ArubaOS Mobility Devices
Aruba ClearPass Policy Manager Device Profiler
ClearPass Device Insight

Branch Security

Introduction to Aruba SD-Branch Solutions

Implement Threat Detection and Forensics

Understand Forensics
Analyze ArubaOS WIP Events

Troubleshoot and Monitor

Introduction to Troubleshooting Authentication Issues
Using ClearPass Tools to Troubleshoot Some Common Issues
Packet Captures
Monitoring

Course Overview

This course provides foundational skills in network access control using the Aruba ClearPass product portfolio. The course includes both instructional modules and labs to teach participants about the major features in the ClearPass portfolio. Participants learn how to setup ClearPass as an AAA server and configure the Policy Manager, Guest, OnGuard and Onboard feature sets. In addition, the course covers integration with external Active Directory servers, monitoring and reporting, as well as deployment best practices. The student gains insight into configuring authentication with ClearPass on both wired and wireless networks.

Course Objectives

Upon successful completion of this course, students should be able to:

• Implement a ClearPass network access solution

• Design and apply effective services and enforcement in ClearPass

• Troubleshoot a ClearPass solution

Course Content

Aruba ClearPass Configuration | H37YRS (hpe.com)

Course Overview

This course prepares participants with foundational skills in Network Access Control using the ClearPass product portfolio. This course includes both instructional modules and labs to teach participants about the major features of the ClearPass portfolio. Participants will learn how to set up ClearPass as an AAA server, and configure the Policy Manager, Guest, OnGuard and Onboard feature sets. In addition, this course covers integration with external Active Directory servers, Monitoring and Reporting, as well as deployment best practices. The student will gain insight into configuring authentication with ClearPass on both wired and wireless networks.

Course Objectives

After you successfully complete this course, expect to be able to:

Design a ClearPass cluster
Design a High availability solution with Virtual IP address following the best practices
Describe Public Key Infrastructure and certificate format types
Plan the certificates used by ClearPass
Explain how Enrollment over Secure Transport can automate the certificate generation process
Leverage RADIUS services to handle corporate wireless connections
Deploy WEBAUTH services to handle health checks
Describe the proposed RADIUS services that handles guest wireless connections
Explain general guest considerations
Design guest RADIUS services
Describe the proposed Onboard services
Describe the MPSK feature
Leverage these features in your deployment
Plan a successful wired access deployment
Provide administrative access control to ClearPass modules and NADs
Generate custom reports and alerts

Course Content

Network Requirements

ClearPass Goals
Network Topology
List of available resources
Scenario Analysis
Authentication requirements
Multiple user account databases
User Account attributes
High Level Design

PDI and Digital Certificates

Certificate Types
PKI
Certificate Trust
Certificate File Formats
ClearPass as CA
Certificate Use cases:
- EAP
- HTTPS
- Service-based certificates
- Onboarding
- Clustering
- RadSec
- NAD Captive Portal
Installing Certificates
Enrollment over Secure Transport

Cluster Design

ClearPass Server Placement
Determine the layout of the Cluster
High-Availability Schema
Design High-Availability
VIP Failover
VIP Mapping
Insight Primary and Secondary

Network Integration

Authentication Sources
- Local User Repository
- Endpoint Repository
- Admin User Repository
- Guest User Repository
- Guest Device Repository
- Onboard Device Repository
- Active Directory
- SQL Server
Define External Servers
- Unified Endpoint Management
- Email Server
Endpoint Profiling
- IF-MAP
- Active Scans (SNMP)
- DHCP
- HTTPS
Network Devices
- RadSec
- Dynamic Authorization
- Logging of RADIUS Accounting
- Device-groups
- Location Attributes
Policy Simulation

Corporate Access Design

Define the Requirements
High-level design
Services Design
Plan TIPs Roles
User Authentication
Machine Authentication
Tunneled EAP, EAP-TLS and Protected EAP
One versus Multiple Services
Plan Enforcement
Device-groups based Enforcement
Service Implementation
OnGuard Design and implementation
- Quarantine users
- Remediation
Onboard Design and implementation
- User and device authorization
Informational Pages
Authorization validation
Troubleshooting Enforcement
Downloadable Roles

Guest Access Design

Guest Network Design
Captive Portal Flow
Design Tasks
Define Web Pages
Guest Services Design
Guest Services
Guest Access Controls
Configure Network Access Devices
Guest Account Creation
Guest Self-Registration
Guest Sponsor Approval
Self-Registration AD Drop-Down List
Requirements for Guest Enforcement

Multi-Pre Shared Key

Define the Requirements
High-level design
Device authorization
Service Design and implementation

Wired Access

AAA configuration
1X and MAC auth
Using client profiling for authorization
Using conflict attribute for authorization
User Roles configuration in ArubaOS-S
User Roles configuration in ArubaOS-CX
Web Redirection
Multi-Service Ports
Downloadable User Roles Enforcement Profiles
Downloadable User Roles Configuration and Validation

Administrative Access

TACACs+ based NAD administration
TACACs+ command Authorization
Policy Manager Administrators
Guest and Onboard Operators
Register devices for MPSK
Insight Operators
Insight Reports and Alerts

Course Overview

This 5-day advanced level course covers Aruba technologies for designing mobility first networks. Participants will learn how to strategize their implementation and configuration and how to use their troubleshooting methodologies successfully. This course teaches how to take a complex scenario and break it down into manageable blocks while still managing your time accordingly. This course is approximately 35% lecture and 65% hands-on lab scenario-based exercises.

Course Objectives

After you successfully complete this course, expect to be able to:

Plan, implement and troubleshoot enterprise multi-site Aruba campus wireless network, remote-access, and multi-tenant environment.
Analyze functional requirements to create a network design and implementation plan
Configure and validate Aruba WLAN secure employee and guest solutions.
Implement advanced services and security solutions.
Manage and monitor Aruba solutions.
Perform advanced troubleshooting.

Course Content

Infrastructure & Redundancy

Analyze Functional Requirement for Aruba Architecture and troubleshooting zones
Mobility Master redundancy (L2 vs. L3)
Clustering (L2 & L3 deployment and Hitless failover)
Multi-controller Operations

Planning, implementing and troubleshooting Campus AP and Remote AP Provisioning

WLAN Provisioning
Secure employee WLAN
Guest Access
Remote AP
IAP VPN Development

Planning, implementing and troubleshooting advanced services and security solutions

Role Derivation & Firewall Policies
Dynamic RF Management (AirMatch, ARM old)
Voice & Video Optimization
AirGroup
Dynamic Segmentation
Multizone
RFProtect (WIDS/WIPS)
Advanced Aruba OS (AOS) Features
CPSec

Planning, implementing and troubleshooting Network Management and monitoring

ArubaOS Dashboard
AirWave
Spectrum Analysis
Monitor using ClearPass

Course Overview

Distribute, deploy, and monitor applications for managed users and systems.

In this course, you will use Configuration Manager and its associated site systems to efficiently manage network resources. You will learn day-to-day management tasks, including how to manage applications, client health, hardware and software inventory, operating system deployment, and software updates by using Configuration Manager. You will also discover how to optimize System Center Endpoint Protection, manage compliance, and create management queries and reports.

Course Objectives

Describe the features of Configuration Manager and Intune include, and explain how you can use these features to manage PCs and mobile devices in an enterprise environment. Analyze data by using queries and reports
Prepare a management infrastructure, including configuring boundaries, boundary groups, resource discovery, and integrating mobile-device management with Microsoft Exchange Server
Deploy and manage the Configuration Manager client
Configure, manage, and monitor hardware and software inventory as well as use Asset Intelligence and software metering
Identify and configure the most appropriate method to distribute and manage content used for deployments
Distribute, deploy and monitor applications for managed users and systems.
Maintain software updates for PCs that Configuration Manager administers
Manage configuration items, baselines, and profiles to assess and configure compliance settings and data access for users and devices
Configure an operating system deployment strategy by using Configuration Manager
Manage and maintain a Configuration Manager site

Course Content

Managing Computers and Mobile Devices in the Enterprise

Overview of systems management by using enterprise management solutions
Overview of the Configuration Manager architecture
Overview of the Configuration Manager administrative tools
Tools for monitoring and troubleshooting a Configuration Manager site

Analyzing Data Using Queries and Reports, and CMPivot

Introduction to queries
Configuring Microsoft SQL Server Reporting Services (SSRS)
Analyzing the real-time state of devices by using CMPivot

Preparing the Configuration Manager management infrastructure

Configuring site boundaries and boundary groups
Configuring resource discovery
Organizing resources using devices and user collections

Deploying and Managing the Configuration Manager client

Overview of the Configuration Manager client
Deploying the Configuration Manager client
Configuring and monitoring client status
Managing client settings and performing management operations

Managing Inventory for PCs and Applications

Overview of inventory collection
Configuring hardware and software inventory
Managing inventory collection
Configuring software metering
Configuring and managing Asset Intelligence

Distributing and Managing Content Used for Deployments

Preparing the infrastructure for content management
Distributing and managing content on distribution points

Deploying and Managing Applications

Overview of application management
Creating applications
Deploying applications
Managing applications
Deploying virtual applications by using System Center Configuration Manager (Optional)
Deploying and managing Windows Store apps

Maintaining Software Updates for Managed PCs

The software updates process
Preparing a Configuration Manager site for software updates
Managing software updates
Configuring automatic deployment rules
Monitoring and troubleshooting software updates
Enabling third-party updates

Implementing Endpoint Protection for Managed PCs

Overview of Endpoint Protection in Configuration Manager
Configuring, deploying, and monitoring Endpoint Protection policies
Configuring and deploying advanced threat policies

Managing Compliance and Secure Data Access

Overview of compliance settings
Configuring compliance settings
Viewing compliance results
Managing resource and data access

Managing Operating System Deployment

An overview of operating system deployment
Preparing a site for operating system deployment
Deploying an operating system
Managing Windows as a service

Managing and Maintaining a Configuration Manager Site

Configuring role-based administration
Configuring Remote Tools
Overview of Configuration Manager site maintenance and Management Insights
Backing up and recovering a Configuration Manager site
Updating the Configuration Manager Infrastructure

Course Overview

This 2-part deep-dive training covers Cisco UCS X-Series server family and how Intersight can be the enablement platform for all UCS servers. We will cover Intersight features such as IWOM, IST, ICO, and programmability either On-Prem or in the Cloud. Attendees will learn the breadth of the physical X-Series (pools, policies, firmware, so much more) platform as well as maintaining existing infrastructure with Intersight Infrastructures Services. Also covered is how to manage physical, virtual, cloud platforms and deploy to any or all.

Virtual Learning

This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.

Course Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

Understand, describe, and configure Cisco Intersight (on prem and SaaS models)
Understand, describe, and configure Intersight Advanced features (IST, ICO, IWOM)
Understand, describe, and configure IMM and UMM mode for UCS
Understand, describe, and configure Cisco X-Series (FI, IFM, X210c Server, Adv Fabric Module)
Create Intersight Pools, Policies, and Management for X-Series
Design and operate Cisco UCS with Intersight Managed Mode Solutions

Course Content

Section 1: Intersight Foundations

Intersight Architecture
Licensing
- Essentials
- Advantage
- Premier
Security
Role-Based Access Control (RBAC)
Administration
Dashboards Management
Create and Manage Widgets
Intersight Managed Mode vs. UCS Managed Mode

Section 2: Monitoring and Maintaining UCS Infrastructure with Intersight

Device health and Monitoring
Virtualization Monitoring
Integrated Support
Infrastructure Configuration
Server Deployment
Standalone C-Series Management

Section 3: Designing and Operationalizing Cisco UCS Solutions with Intersight

Hyperconvergence Overview
Cisco HyperFlex HX-Series Servers
Designing Intersight Deployment Options
Configuring Intersight Managed Mode

Section 4: Configuring Cisco UCS Server Hardware

Cisco UCS X-Series Blade Servers
Cisco UCS B-Series Blade Servers
Cisco UCS C-Series Rack Servers
Cisco UCS S-Series Rack Servers
Cisco Virtual Interface Cards
Cisco X-Fabric Modules

Section 5: Designing Cisco UCS LAN and SAN Connectivity

Cisco UCS Fabric Interconnects
Cisco UCS Fabric Interconnect Ethernet End-Host Mode Compared to Switching Mode
Cisco UCS Fabric Interconnect Uplink Pinning
Cisco UCS X-Series Connectivity

Section 6: Configuring Cisco UCS-X in IMM Mode

Fabric Interconnect Domain Profiles and Policies
Chassis Policies
Cisco UCS Server Profiles
Identity Pools
Server Pools
IP Pools
Intersight Provisioning Policies
- Server Policies
- Domain Policies
- Cluster Policies
Configuring Cisco UCS Server Profile Templates
Deriving Profiles to Blades
Deploying ESX to a Blade using Intersight
Managing vCenter in Intersight

Section 7: Implementing Cisco UCS Firmware Updates

Update X-Series Firmware with Intersight
Update Cisco UCS C-Series Server Firmware
Download Tasks for the Infrastructure Image
Download Tasks for Cisco UCS B-Series Firmware Packages
Best Practices for Updating Firmware in Cisco UCS Manager
Firmware Upgrades Using Auto Install
Capability Catalog Updates
Host Firmware Packages
Driver Updates for Operating Systems and Hypervisors

Section 8: IWO (Intersight Workload Optimizer)

Overview
App/Infrastructure Dependencies
Analytics
Full Stack Automation
Ecosystem (AppD, SolarWinds, etc)
Application Resource and Performance Management

Section 9: IKS (Intersight Kubernetes Services)

Overview K8s
App and Infrastructure integration
Creating a Profile
Out of Box Container Interfaces
- Networking
- Storage
- Load Balancing
Managing K8s Clusters
IWE

Section 10: ICO (Intersight Cloud Orchestrator)

Overview
Tasks
Workflows
Customized Workflows
Deploying Virtual Infrastructure
Deploying Physical Infrastructure
Managing Infrastructure

Section 11: IST (Intersight Services for Terraform)

Overview
Connecting to Git
Deploying the IST Agent to Intersight
Creating an Agent Pool
Setting Variables
Deploying a Run from ICO
Deleting a Run from ICO

Section 12: Intersight API Overview

Architecture of API
Access methods
Request Semantics
Management Information Model
Querying the API
Performing Tasks

Lab Outline:

Labs are designed to assure learners a whole practical experience, through the following practical activities.

Part I:

Explore Cisco Intersight
Configure UCS-X in IMM Mode
Configure NTP, LAN, SAN, Server Policies in IMM Mode
Configure Intersight Identity Pools
Configure a Cisco UCS Server Profile Using Pools
Configure a Server Profile Template
Build an ESXi Host in X-Series
Optional: Convert a UMM domain to IMM Domain

Part 2:

Exploring IWOM
Deploy an on-prem K8s with IKS
Deploy a workload using Intersight Cloud Orchestrator
Deploy a workload using IST to UCS-X
API Crawl Lab
API Walk Lab
API Run La

Course Overview

Cisco DNA Spaces helps resolve physical-space ‘blind spots’ inside an organization. Through Cisco wireless infrastructure, organizations can gain insights into how people and things move throughout their physical spaces. Based on these insights, organizations can drive operational efficiencies by monitoring and managing the location, movement, and utilization of assets.

This course enables learners how to use DNA Spaces to drive operational efficiency across environment types. Learners will understand use-cases and obtain the ability to identify procedures and applications when implementing and operating DNA spaces that are getting ‘back to business’ or business as usual.

This course covers both basic and advanced operational elements of DNA Spaces while considering Data Analytics in the context of DNA Spaces. You will perform a hands-on ‘deep-dive’ into the solution and perform onboarding of wireless infrastructure. Subsequently, you will configure the DNA Spaces solution both tactically and strategically. This will include elements such as behavioral metrics, location analytics, captive portals, profiling, customer engagements, Internet of Things, asset identification and management, and API interfaces for streaming and notifications. You will also explore DNA Spaces App Center and IoT Device Marketplace.

The course qualifies for 18 Cisco Continuing Education Credits (CE).

Course Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

Understand DNA Spaces benefits
Use DNA Spaces in three phases
Explore the DNA Spaces security features in the context of data compliance
Analyze DNA Spaces components, architectures, and use cases
Consider DNA Spaces migration options
Analyze data provided by DNA Spaces
Discuss the DNA Spaces indoor Internet of Things (IoT) service and its use cases
Explore Open Roaming
Configure DNA Spaces onboarding
Configure and demonstrate DNA Spaces IoT Services
Configure DNA Spaces profiles, engagements, and triggers
Configure a captive portal
Perform API calls to DNA Spaces

Course Content

Section 1 – DNA Spaces Solutions Overview

Introduction – What is “DNA Spaces”?
- Resolution of physical-space blind spot to better understand behavior and location of people and things
Operationalizing DNA Spaces
- Providing Data Analytics for Business Intelligence
- Operational Efficiency and productivity
- Improve customer experience
- Understand behavior and monetization
- Onboarding to provide customer acquisition and loyalty
- Enhance IT productivity

Section 2 – DNA Spaces Use Cases

Example Use Cases by Vertical
- Retail
- Healthcare
- Carpeted Enterprises
- Education
- Hospitality
- Manufacturing
- Education
“Back-to-Business” – Observations, recommendations, and applications specific to safe Covid-19 reopening

Section 3 – ‘SEE-EXTEND-ACT’: Three-phased approach to extract maximum value from your Cisco wireless infrastructure.

SEE-EXTEND-ACT
- Overview
SEE what’s happening at your properties
- Behavior Metrics
- Right Now
- Camera metrics
- Open roaming
- Location Analytics
- Detect and Locate
- Impact Analysis
EXTEND platform capabilities and drive business Outcomes
- High-performance streaming API (Firehose)
- Dashboard
- Native integration into enterprise software
- Apps Center for industry-specific solutions
ACT on insights with digitization toolkits
- Internet of Things (IoT)
- Captive Portal
- Location Personas
- Engagements
- Asset Locator
- Proximity reporting

Section 4 – DNA Spaces and Data Compliance

Protecting data at rest and in transit
Data Security Law compliance

Section 5 – Architecture Overview and Location Compute Models

Supported Topologies
- On-premise Direct-Connect
- On-premise Cloud-enabled Connected Mobility Experience
- DNA Spaces Connector
- Meraki
Compute Model – On-Premise
Compute Model – Cloud
Migrating from Connected Mobility Experience/Mobility Services Engine (CMX/MSE) to DNA Spaces
- Why Migrate to DNA Spaces?
- Migration Options – Overview
- Migration Option 1 – Keep AireOS WLC and PI onpremise
- Migration Option 2 – Keep only AireOS WLC onpremise
- Migration Option 3 – Keep only Prime on-premise
- Migration Option 4 – Full stack migration
DNA Spaces – Ports, Protocols, and Data Flows

Section 6 – Getting started with DNA Spaces: Onboarding

Account Creation
Connecting to DNA Spaces and Network Onboarding
- Connecting to DNA Spaces – Introduction
- Cisco Wireless Connectors
- Meraki Connector
Configuring Locations
- Location Hierarchy – Introduction
- Location Hierarchy Creation – Automated Map Import
- Location Hierarchy Creation – Manual Configuration
- Location Hierarchy Configuration Best Practices

Section 7 – Advanced Topics

Open Roaming
- Problem Statement
- The Players
- On-Boarding
- Configuration
Indoor Internet of Things (IoT)
- Indoor IoT Problems
- Indoor IoT Solutions with DNA Spaces
- Indoor IoT Components
- Indoor IoT Gateway Types
- Indoor IoT Control Flows
- Indoor IoT Configuration
- Configure Asset Management using IoT device
DNA Spaces APIs and Firehose
- API configuration
- SLA and monitoring
- Firehose configuration (streaming data support)
DNA Spaces App Center
Extend location data into enterprise software platforms
Review enterprise application

Section 8 – DNA Spaces and Data Analytics

Introduction to Data Analytics
Data analytics review – mathematical, probability, and Statistical functions
Introduction to graphical functions and data structures to represent data
Extracting data using DNA Spaces APIs
Proposed use cases:
- Determining physical location density based on telemetry data
- Build and index people proximity in a given space using dynamic clustering
- Predicting when a space’s capacity limits will be reached telemetry data
- Calculation of dynamic proximity coefficient. Example: ‘x’ number of people crowded around a moving crane. Currently this is done using RFID tags with maximu distance of 15 meters within 3 meters of precision

Lab Outline:

Lab 1: Configure DNA Spaces Connector

Step 1: Log in to DNA Spaces Account
Step 2: Configure Spaces connector
Step 3: View the token
Step 4: Log in to On-premise Connector and verify settings
Step 5: Configure Token
Step 6: View Connector Status On-premise
Step 7: View Connector Status in Cloud Account

Lab 2: Add Wireless LAN Controllers

Step 1: Add Controllers
Step 2: Check WLC Connectivity on the Connector
Step 3: Check status on the WLC

Lab 3: Maps and Location Hierarchy

Step 1: Configure or Export Maps from Cisco Prime
Step 2: Upload Maps in DNA Spaces
Step 3: View the Location Hierarchy
Step 4: Add META Data about the site
Step 5: Enter Location Details
Step 6: Add Zone
Step 7: Select Access Points for Zone
Step 8: View the updated Location Hierarchy

Lab 4: Location Analytics

Step 1: Navigate to Location Analytics
Step 2: View the different Analytics
Step 3: Apply Filters

Lab 5: Captive Portal Setup

Step 1: Captive Portal Setup
Step 2: Select Authentication
Step 3: Select Email
Step 3: Enable Data Capture
Step 4: Review User Agreements
Step 5: Portal Editor
Step 6: Verify Portal Created
Step 7: Configure SSID
Step 8: Captive Portal Rule Creation
Step 9: Provide Rules
Step 10: Portal Status
Step 11: Setting up WLAN on the WLC
Step 12: Connect your gadgets

Lab 6: Location Personas

Step 1: Setting up Visitor and Employee Personas
Step 2: Viewing Configured Personas

Lab 7: Engagement Rules

Step 1: Setting up Engagement Rules with Personas
Step 2: View Visitor Engagement Metrics

Lab 8: Add IoT Services

Step 1: Configure AP Gateway
Step 2: Deploy IoT Devices and/or sensors
Step 3: Configure and enable IoT Streams
Step 4: Configure Access Point as Beacon or Gateway
Step 5: Troubleshoot
Step 6: Monitor

Lab 9: REST API Query

Step 1: Go to Detect & Locate App
Step 2: Navigate to Notifications
Step 3: Get the API Keys
Step 4: Get Postman App
Step 5: Open the application and create a new request
Step 6: Create Request
Step 7: Prepare the query
Step 8: Submit/Send the query
Step 7: Prepare the query
Step 8: Submit/Send the query

Course Overview

In this three-day VMware Workspace ONE course, you learn how to apply the fundamental techniques for launching and maintaining an intelligence-driven, multiplatform endpoint management solution with VMware Workspace ONE® UEM. Through a combination of hands-on labs, simulations, and interactive lectures, you will configure and manage the endpoint life cycle.

After the three days, you will have the foundational knowledge for effectively implementing Workspace ONE UEM.

Course Objectives

By the end of the course, you should be able to meet the following objectives:

Explain and apply the fundamental techniques for launching and maintaining an intelligence-driven, multiplatform endpoint management solution with Workspace ONE UEM
Outline the components of Workspace ONE UEM
Explain the general features and functionality enabled with Workspace ONE UEM
Summarize the basic Workspace ONE administrative functions • Explain and deploy common Workspace ONE integrations
Securely deploy configurations to Workspace ONE UEM managed devices
Onboard device endpoints into Workspace ONE UEM
Summarize the alternative management methodologies for rugged devices
Discuss strategies to maintain environment and device fleet health
Configure and deploy applications to Workspace ONE UEM managed devices
Analyze a Workspace ONE UEM deployment • Enable email access on devices
Integrate Workspace ONE UEM with content repositories and corporate file shares

Course Content

1 Course Introduction

• Introductions and course logistics

• Course objectives • Online resources and references

2 Platform Architecture

• Summarize the features and functionality of Workspace ONE UEM

• Outline the benefits of leveraging Workspace ONE UEM

• Recognize the core and productivity components that make up the Workspace ONE UEM platform

• Summarize high availability and disaster recovery for the Workspace ONE solution

3 Administration

• Navigate and customize the Workspace ONE UEM console

• Summarize the hierarchical management structure

• Explain the features and functions of Workspace ONE Hub Services

• Outline account options and permissions

4 Enterprise Integrations

• Outline the process of integrating with directory services

• Explain certificate authentication and practical implementation with Workspace ONE

• Explain the benefits of integrating an email SMTP service into the Workspace ONE UEM console

• Describe VMware Dynamic Environment Manager and its architecture

5 Onboarding

• Outline the prerequisite configurations in the Workspace ONE UEM environment for onboarding devices for management

• Outline the steps for setting up autodiscovery in the Workspace ONE UEM console

• Enroll an endpoint through the VMware Workspace ONE® Intelligent Hub app

• Summarize the platform onboarding options

6 Managing Endpoints

• Explain the differences between device and user profiles

• Describe policy management options for Windows and macOS

• Describe the functions and benefits of using compliance policies

• Explain the use case for Freestyle Orchestrator

• Describe the capabilities that sensor and scripts enable.

7 Alternative Management Methods

• Describe the function and benefits of device staging

• Configure product provisioning in the Workspace ONE UEM console

• Understand the benefits of deploying a VMware Workspace ONE® Launcher™ configuration to Android devices

• List the system and device requirements for Linux device management in Workspace ONE UEM Applications

• Describe the features, benefits, and capabilities of application management in Workspace ONE UEM

• Understand and configure deployment settings for public, internal, and paid applications in the Workspace ONE UEM console

• Describe the benefits of using Apple Business Manager content integration • Describe the benefits of using server-to-client software distribution

• List the functions and benefits of VMware Workspace ONE® SDK

8 Device Email

• List email clients supported by Workspace ONE UEM

• Configure an Exchange Active Sync profile in the Workspace ONE UEM console

• Configure VMware Workspace ONE® Boxer settings

• Summarize the available email infrastructure integration models and describe their workflows

• Configure email compliance policies and notifications services

9 Content Sharing

• Describe the benefits of using Content Gateway

• Describe the Content Gateway workflows

• Describe the benefits of integrating content repositories with Workspace ONE UEM

• Configure a repository in the Workspace ONE UEM console 10 Maintenance

• Manage endpoints from the Device List view and the Details view.

• Analyze endpoint deployment and compliance data from the Workspace ONE UEM Monitor page.