Category Archives: Expert advice on Windows based systems and hardware

Expert advice on Windows based systems and hardware

Updated Exchange Online PowerShell module adds reliability, speed

PowerShell offers administrators a more flexible and powerful way to perform management activities in Exchange Online. At times, PowerShell is the only way to perform certain management tasks.

But there have been widespread concerns by many Exchange administrators who have not always felt confident in Exchange Online PowerShell’s abilities, especially when dealing with thousands of mailboxes and complicated actions. But Microsoft recently released the Exchange Online PowerShell V2 module — also known as the ExchangeOnlineManagement module — to reduce potential management issues.

New cmdlets attempt to curb PowerShell problems

Moving the messaging platform to the cloud can frustrate administrators when they attempt to work with the system using remote PowerShell without a reliable connection to Microsoft’s hosted email system. Microsoft said the latest Exchange Online PowerShell module, version 0.3582.0, brings new enhancements and new cmdlets to alleviate performance and reliability issues, such as session timeouts or poor error handling during complex operations.

Where a spotty connection could cause errors or scripts to fail with the previous module, Microsoft added new cmdlets in the Exchange Online PowerShell V2 module to restart and attempt to run a script where it left off before issues started.

Microsoft added 10 new cmdlets in the new Exchange Online PowerShell module. One new cmdlet, Connect-ExchangeOnline, replaces two older cmdlets: Connect-EXOPSSession and New-PSSession.

Microsoft took nine additional cmdlets in the older module, updated them to use REST APIs and gave them new names using the EXO prefix:

  • Get-EXOMailbox
  • Get-EXORecipient
  • Get-EXOCASMailbox
  • Get-EXOMailboxPermission
  • Get-EXORecipientPermission
  • Get-EXOMailboxStatistics
  • Get-EXOMailboxFolderStatistics
  • Get-EXOMailboxFolderPermission
  • Get-EXOMobileDeviceStatistics

Microsoft said the new REST-based cmdlets will perform significantly better and faster than the previous PowerShell module. The REST APIs offer a more stable connection to the Exchange Online back end, making most functions more responsive and able to operate in a stateless session.

Given that administrators will develop complex PowerShell scripts for their management needs, they needed more stability from Microsoft’s end to ensure these tasks will execute properly. Microsoft helped support those development efforts by introducing better script failure with functionality that will retry and resume from the point of failure. Previously, the only option for administrators was to rerun their scripts and hope it worked the next time.

There are cases where some properties are queried during a script execution that can generally impact the overall response and performance of the script given the size of the objects and their properties. To help optimize these scenarios, Microsoft introduced a way for a PowerShell process to run against Exchange Online to only retrieve relevant properties of objects needed during the execution process.  An example would be retrieving mailbox properties that would be the most likely to be used, such as mailbox statistics, identities and quotas.

Microsoft removed the need to use the Select parameter typically used to determine which properties are needed as part of the result set.  This neatens scripts and eliminates unnecessary syntax as shown in the example below.

Before:

Get-ExoMailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox | Select WhenCreated, WhenChanged | Export-CSV c:tempExportedMailbox.csv

After:

Get-ExoMailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox  -PropertySets Quota -Properties WhenCreated, WhenChanged | Export-CSV c:tempExportedMailbox.csv

How to get the new Exchange Online PowerShell module

To start using the latest Exchange Online PowerShell capabilities requires the installation or upgrade of the ExchangeOnlineManagement module. This can be done from a PowerShell prompt running under administrator settings and executing one of the two following commands:

Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement; Get-Module ExchangeOnlineManagement

Or:

Update-Module -Name ExchangeOnlineManagement
Exchange Online PowerShell module install
New Exchange Online PowerShell module users can use the Install-Module command to start working with the new cmdlets.

Exchange Online PowerShell V2 module commands offer speed boost

IT pros who use the new Exchange Online PowerShell module should see improved performance and faster response time.

We can run a short test to compare how the current version stacks up to the previous version when we run commands that provide the same type of information.

First, let’s run the following legacy command to retrieve mailbox information from an organization:

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox | Select DisplayName, ProhibitSendReceiveQuota, WhenCreated, WhenChanged

The command completes in 2.3890 seconds.

Exchange Online PowerShell mailbox command
One typical use of PowerShell on Exchange Online is to use the Get-Mailbox cmdlet to retrieve information about mailboxes used by members of the organization.

This is the new version of the command that provides same set of information but in a slightly different format:

$RESTResult = Measure-Command { $Mbx = Get-ExoMailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox -PropertySets Quota -Properties WhenCreated, WhenChanged

The command completes in 1.29832 seconds, or almost half the time. Extrapolate these results to an organization with many thousands of users and mailboxes in Exchange Online and you can begin to see the benefit when a script takes half as much time to run.

Use the following command to get mailbox details for users in the organization:

Get-ExoMailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox -PropertySets Quota -Properties WhenCreated, WhenChanged
Exchange Online mailbox details
The updated Get-ExoMailbox cmdlet fetches detailed information for a mailbox hosted in Exchange Online.

The following command exports a CSV file with details of mailboxes with additional properties listed:

Get-ExoMailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox -PropertySets Quota -Properties WhenCreated, WhenChanged | Export-CSV c:tempExportedMailbox.csv

Be aware of the Exchange Online PowerShell module provisions

There are several caveats Exchange administrators should know before they use the latest ExchangeOnlineManagement module:

  • The new Exchange PowerShell Online module only works on Windows PowerShell 5.1 with support coming for the new cross-platform version of PowerShell.
  • Data results returned by the latest cmdlets are in alphabetic order, not chronologically.
  • The new module only supports OAuth 2.0 authentication, but the client machine will need basic authorization enabled to use the older remote PowerShell cmdlets.
  • Some results may require additional formatting or adjusting because the new cmdlets give output alphabetically.
  • Administrators should use Azure AD GUID for account identity.

How to give Microsoft feedback for additional development

As Microsoft continues to improve the module, administrators will continue to see more capabilities that will allow them to have a much more improved experience with PowerShell to manage their Exchange Online environment.

There are three avenues for users to provide feedback to Microsoft on the new PowerShell commands. The first one is to report bugs or other issues during the processing of the different scripts from within PowerShell. To do this, run the following command:

Connect-ExchangeOnline -EnableErrorReporting -LogDirectoryPath <Path to store log file> -LogLevel All

The second option is to post a message on the Office 365 UserVoice forum.

Lastly, users can file an issue or check on the status of one with the Exchange Online PowerShell commands on the Microsoft Docs Github site at this link.

Go to Original Article
Author:

A roundup of the Cisco certification changes in 2020

As network engineer skills become increasingly generalized, Cisco aims to match its certifications to the skills network engineers need in their daily lives.

Announced at Cisco Live 2019, the new Cisco certification changes rolled out on Feb. 24, 2020. Experts have touted the relevant material and the myriad topics Cisco’s certifications cover with these changes and potential benefits for network engineers. With more focus on automation and software skills and less on infrequently used coding languages, Cisco aims to spring its certification tracks forward into the new decade.

The Cisco Certified Network Associate (CCNA), Cisco Certified Network Professional (CCNP) and Cisco Certified Internetwork Expert (CCIE) certifications all expanded the breadth of topics covered, yet all shrunk in size. Cisco also introduced new DevNet certifications among the other Cisco certification changes.

How did existing Cisco certifications change?

Cisco’s standard certification tracks — CCNA, CCNP and CCIE — all added new material that aims to be more relevant to current job roles and help advance the careers of network engineers. In addition to new material, the certifications also include fewer track options than before.

Cisco Certified Network Associate. CCNA is an entry-level certification for network engineers early in their careers. Formerly, Cisco issued the Cisco Certified Entry Networking Technician (CCENT) certification, which was the step before CCNA. After CCENT, CCNA offered different certifications for various career tracks, including CCNA Routing and Switching and CCNA Collaboration.

Now, CCENT is gone, and the recent Cisco certification changes transformed the CCNA from 10 separate tracks into a single unified exam, apart from the CCNA CyberOps track. Cisco author Wendell Odom said most topics in the new CCNA exam come from the former CCNA Routing and Switching track, with about one-third of new material.

A CCNA certification isn’t a prerequisite for higher certifications, yet it provides fundamental networking skills that network engineers require for current job roles.

Cisco Certified Network Professional. CCNP is an intermediate-level certification and a step up from CCNA. Similar to the CCNA changes, Cisco consolidated the CCNP certification tracks, although less drastically than with CCNA. Cisco cut CCNP from eight to five tracks, which, like CCNA, reflect holistic industry changes to bring more relevant material to Cisco’s certifications.

According to Cisco, the new CCNP tracks — which are also the new CCIE tracks — are the following:

  1. Enterprise
  2. Security
  3. Service Provider
  4. Collaboration
  5. Data Center

While these are the five core exams a network engineer can take, they must also take a concentration exam within the core topic to attain a CCNP certification. If a person solely takes the core exam and passes, she receives a Cisco Certified Specialist certification in that topic area.

Network engineers can take several core or concentration exams and receive a Cisco Certified Specialist certification upon passing, which can prove to employers the engineer has those specific skills.

Authors Brad Edgeworth and Jason Gooley said these changes didn’t remove much material, but they added more width to the knowledge and skills network engineers should have in their careers.

Cisco Certified Internetwork Expert. CCIE is an expert-level certification and a step up from CCNP. The CCIE and CCNP tracks fall under the same umbrellas and shrunk to the aforementioned five tracks. To become CCIE-certified, network engineers must take and pass one core exam — Enterprise, Security, etc. — and that topic’s corresponding lab.

Formerly, CCIE exams focused more on highly advanced skills and less on critical knowledge in areas such as network design skills. After the Cisco certification changes, the CCIE exams now include more practical knowledge for advanced network engineers.

network engineer skills
The recent Cisco certification changes aim to sharpen relevant network engineer skills, including management and automation capabilities.

What are the new Cisco certifications?

In Cisco’s new DevNet track, the company added three certifications that reflect the certification pyramid for standard Cisco certifications. The DevNet certifications are the following:

  1. Cisco Certified DevNet Associate
  2. Cisco Certified DevNet Specialist
  3. Cisco Certified DevNet Professional

The DevNet tracks encompass network automation, software and programmability skills that Cisco certifications previously lacked and that the industry has deemed increasingly important.

While DevNet lacks a CCIE-equivalent track, the requirements for a DevNet certification reflect those of its equivalent in Cisco’s standard certifications. For example, a person must pass one core and one concentration exam to receive a Cisco Certified DevNet Professional certification.

The DevNet track’s goal is to give network engineers a certification path for skills the industry says they need and help them adapt to newer, advanced technologies — such as network automation — that employers increasingly seek out. And, as the industry continues to change, so will Cisco’s certifications.

Go to Original Article
Author:

A closer look at new and updated Microsoft security features

Data breaches occur on a daily basis. They can’t be avoided in our interconnected world, but you can take a proactive approach to reduce your risk.

While the internet has been a boon for organizations that rely on remote users and hybrid services, it’s now easier than ever for an intrepid hacker to poke at weak points at the perimeter to try and find a way inside. Windows Server is a key IT infrastructure component for most enterprises that handles numerous tasks — such as authentication — and runs critical workloads, namely Exchange Server, SQL Server and Hyper-V. Due to its ubiquitous nature, Windows Server is a natural target for hackers seeking a foothold inside your company. There are many Microsoft security products and native features in the newer Windows Server designed to keep sensitive information from spreading beyond your organization’s borders.

Microsoft security in Windows Server improved with the Server 2019 release by updating existing protections and adding new functionality geared to prevent the exposure of sensitive information. The company also offers several cloud-based products that integrate with the Windows operating system to warn administrators of trending threats that could affect their systems.

What are some features in Microsoft Defender ATP?

Microsoft Defender Advanced Threat Protection — formerly, Windows Defender ATP — supplements existing security measures while also providing a cloud-based platform with a range of capabilities, including response to active attacks, automated investigation of suspicious incidents and a scoring system that determines the level of vulnerability for each endpoint.

Microsoft Defender ATP, which underwent a name change in 2019 when the product was extended to protect Mac systems, features multiple proactive and reactive methods to protect organizations from many forms of cyberattacks. For example, to keep an endpoint from being susceptible to a common intrusion method via a Microsoft Office application, Microsoft Defender ATP can prevent the application from launching a child process.

Microsoft Defender ATP gathers information from a vast array of resources — such as different events on on-premises Windows systems and the Office 365 cloud collaboration platform — that Microsoft analyzes to detect patterns, such as certain command-line actions, that could indicate malicious behavior. Microsoft Defender ATP integrates with several Azure security products for additional protection. For example, by connecting to Azure Security Center, administrators get a dashboard that highlights suspicious activity in the organization with recommended actions to execute to prevent further damage.

Microsoft security features in this offering were tailored for Windows Server 2019 customers to prevent attacks that start either in the kernel or memory — sometimes called file-less attacks — of the operating system. Microsoft Defender ATP eases the onboarding process for this server OS through System Center Configuration Manager with a script.

What new SDN security features are in Windows Server 2019?

Abstracting the operations work associated with networking offers administrators a way to add some agility in an area not typically known for its nimbleness. Software-defined networking (SDN) gives IT newfound abilities via a centralized management platform for network devices to make it easier to perform certain tasks, such as ensuring specific workloads get enough bandwidth to meet performance expectations. But SDN is not immune to traditional threats if a malicious actor gains network access and proceeds to sniff traffic to scoop up credentials and other valuable information.

Microsoft enhanced the security aspect of its Windows Server 2019 SDN functionality by introducing several features to avoid data leakage, even if the data center defenses failed to stop unauthorized system access.

By implementing the “encrypted networks” feature, organizations add another layer of security around data that moves between VMs inside a particular subnet by encoding the information. Other noteworthy SDN security additions for the Server 2019 OS include more granular control over access control lists to avoid security gaps and firewall auditing on Hyper-V hosts for further investigation of suspicious incidents.

Where can I use BitLocker encryption in my environment?

Microsoft released its BitLocker encryption feature for on-premises Windows systems, starting with the Vista operating system in 2007. Since that time, the company has continued to develop ways to use this technology in more places, both in the data center and beyond.

BitLocker started out as an encryption method to protect all the contents in a hard drive. That way, even if a laptop was stolen, prying eyes would not be able to do anything with the confidential data stored on the device due to the length of time it would take to do a brute-force hack of even a less-secure 128-bit key.

Using BitLocker, while effective to thwart hackers, can frustrate users when they need to authenticate every time they need to use a device or when a BitLocker-encrypted server requires an additional login process after a reboot. Microsoft developed a feature dubbed BitLocker Network Unlock, debuting with Windows 8 and Windows Server 2012, that uses the physical network to deliver the encrypted network key so protected systems can unlock if they are connected to the corporate network.

Microsoft extended BitLocker technology to the cloud to give administrators a way to put additional safeguards around sensitive Azure VMs with the platform’s Azure Disk Encryption feature for full volume protection of disks. For this type of deployment, the Azure Key Vault is used for key management.

What are some recent security features added to Hyper-V?

Data leakage can tarnish a company’s reputation, but it can be an expensive lesson for lax security practices if regulators determine a privacy law, such as the GDPR, was broken.

Organizations that use the Hyper-V platform get the typical benefits acquired by consolidating multiple workloads on a single host in a virtualized arrangement.

But Microsoft continues to help administrators who operate in sensitive environments by adding virtualization-based security features with each successive Windows Server release to reduce the probability of a data breach, even if an intruder makes their way past the firewall and other defensive schemes.

Microsoft added shielded VMs in Windows Server 2016, which encrypts these virtualized workloads to prevent access to their data if, for example, the VM is copied from the sanctioned environment. In Windows Server 2019, Microsoft extended this protection feature to Linux workloads that run on Hyper-V when the VMs are at rest or as they shift to another Hyper-V host.

Go to Original Article
Author:

5 PowerShell tools to help simplify admin tasks and support

PowerShell has become one of the most ubiquitous scripting languages in use today. Originally released in 2008, PowerShell has caught on like wildfire with systems admins, software developers and engineers who manage and automate thousands of repetitive tasks.

There are a variety of products designed to help PowerShell developers build better scripts. Tools that complement a PowerShell scripter include advanced editors, products to create scripts with a low-code approach and services more tailored to specific products such Active Directory (AD).

Here, we examine five companies that offer products and services that focus on or heavily depend on PowerShell. We’ll examine each product’s focus, target audience, pricing and how each PowerShell tool integrates into the bigger tech ecosystem. Note that product costs are listed in U.S. dollars.

Cimitra Software

The Cimitra IT process delegation tool is designed to decrease the resolution time of IT-related events. It enables non-administrative users to perform tasks typically requiring higher privilege escalation. Using Cimitra, an IT specialist can safely create and delegate routine IT tasks for other people to execute who don’t have the skills or access to otherwise perform the task.

Cimitra’s tool can help users:

  • reset AD passwords;
  • restart servers; and
  • update phone numbers in employee databases.

Each of these tasks is connected to an action that’s exposed via a web-based GUI. For any action, Cimitra could be running commands or invoking an API or random PowerShell scripts to accomplish tasks.

Some of the tools covered here have both competing and complementary features. When selecting a PowerShell product, pay close attention to the product’s focus and target audience.

To ensure Cimitra admins can manage user activity, the tool provides various role-based access controls and can integrate with authentication providers. The tool supports Lightweight Directory Access Protocol and multifactor authentication as well as various auditing roles.

Cimitra offers three licenses:

  • A free downloadable version that includes three users, three agents and unlimited actions with no expiration, and a support forum.
  • A Team version that includes 25 users, unlimited actions and agents, and an auditing panel to control and monitor user activity. This version also includes email support and costs $10,000 per year.
  • An Enterprise version that includes 100 users and the same features as the Team version. This version also includes phone and email support, and costs $25,000 per year.

Cimitra Server is offered as a Docker container and can be hosted in an organization’s data center or in the cloud.

Ironman Software Universal Automation

Universal Automation (UA) enables users to execute and schedule PowerShell scripts using a product that specifically offers PowerShell automation. This tool is designed to make it easier for users to invoke, control access to and manage a team’s PowerShell scripts.

Users can upload PowerShell scripts to the product, which then reads and parses the scripts to create graphical representations for easy use.

UA natively understands complex tasks in PowerShell scripts, such as the progress bar using the Write-Progress cmdlet or interactivity using the Read-Host cmdlet. UA can also read script parameters automatically, so there’s no need for an organization to adjust its scripts to use the UA platform.

UA automatically integrates with Git to support DevOps best practices and persists job output to a database for auditing and future evaluation. This PowerShell tool can also be configured for role-based access to provide users with the correct amount of privileges.

This product works well for individual PowerShell users and teams that need to schedule scripts in a platform that’s more powerful and PowerShell-centric than task scheduler. It also works well for organizations that want to implement DevOps practices into a PowerShell development environment.

UA offers an optional web-based GUI that enables users to manage the tool without having to drop down to a command line.

UA is currently in beta and offers two pricing models:

  • The free plan enables users to execute up to two concurrent jobs at once and 25 jobs per day.
  • The paid plan is licensed per agent at an introductory beta price of $99.99. This includes one year of upgrades and removes any restrictions on job execution.

The tool is built as a cross-platform PowerShell module. UA can be hosted on premises on IIS, Azure, AWS and other clouds.

Sapien Technologies PowerShell Studio

PowerShell Studio is a PowerShell scripting IDE. This product can visually design UIs for PowerShell scripts and use event-driven coding strategies, setting it apart from other PowerShell editors.

PowerShell Studio can code, test and run scripts on a variety of PowerShell versions, package them as executables and deploy them via Windows Installer packages.

This tool also includes an integrated debugger, profiler and support for many other script-based tools. Sapien provides IntelliSense for PowerShell modules that can’t be installed on the development machine. By using different machine profiles, IntelliSense and platform-specific settings can detect incompatibilities at the coding stage.

PowerShell Studio focuses primarily on PowerShell administrators who develop tools for themselves and others. This tool is designed for PowerShell power users who build lots of scripts and tooling.

PowerShell Studio offers a 45-day free trial. After that, the tool  costs $399, which includes one year of upgrades and free forum support. The upgrades and support subscription can be extended annually, and the license never expires.

PowerShell Studio integrates out of the box with many common tools, including the PSScriptAnalyzer PowerShell tool, Pester, Git, Sapien’s PowerShell HelpWriter and VersionRecall. Wherever possible, access to these tools is prominently placed on the main user interface and requires only the push of a button.

ScriptRunner Software platform

ScriptRunner is an all-in-one PowerShell product that simplifies the way IT professionals, admin teams and DevOps engineers write and manage PowerShell scripts. Features include:

  • Centralized script and module management, which helps to ensure a standardized development process and companywide, consistent use of PowerShell scripts.
  • Secure credential administration, which enables users to run and delegate scripts in a safe environment.
  • Convenient web interfaces, which enable users to easily manage all PowerShell activities. Help desk teams and end-user work with automatically generated web-based input forms.
  • Centralized script execution that ensures all manual, scheduled, and event- and process-driven PowerShell activities can be monitored at a glance.

Admins can use ScriptRunner roles to delegate securely to help desk teams and end users. Domain users can perform defined tasks in on-premises, hybrid or cloud systems without administrative back-end permissions.

ScriptRunner offers a free 30-day trial, as well as an Essential Edition for up to five users that’s ideal for small IT and service desk teams. Contact ScriptRunner for a price quote.

System Frontier

System Frontier helps organizations reduce admin rights and simplify IT support by delegating granular admin permissions. IT admins can turn PowerShell and other scripts into secure web-based tools without having to build GUIs by hand.

This privilege access management tool is designed for systems admins who manage Windows and Linux servers, network devices, AD or Office 365 resources, and have PowerShell or other scripting skills.

System Frontier is licensed per managed node and is broken into server and non-server licenses. Server nodes cover Windows and Linux servers, network devices and other devices acting in a server capacity. Non-server nodes cover managing workstations and user accounts such as AD or Office 365 users.

The tool offers four licensing options:

  • A free Community Edition that’s limited to 5,000 server or endpoint nodes, 50 delegated users, five custom tools and community support.
  • A free 30-day trial version with features enabled that anyone with a business email address can download.
  • The Pro version starts at $29 per server node or $5.80 per non-server node. It’s limited to 100 delegated users and 20 custom tools. Priority email support is included.
  • The Enterprise version starts at $49 per server node or $9.80 per non-server node. It includes unlimited delegated users and unlimited custom tools, as well as priority email and phone support.

System Frontier offers integrations for enterprise applications, including ServiceNow, Remedy, Cisco and Check Point. This tool also has a built-in REST API that enables other applications and services to integrate with it. Due to its script-based nature, users can build PowerShell scripts on their own to connect to a near-endless number of other services.

A PowerShell tool to meet every organization’s needs

Each of the products examined here represents an ecosystem that’s cropped up from PowerShell or other scripting languages. Although each product has a strong foundation with PowerShell, each serves a different purpose.

Some of the tools covered here have both competing and complementary features. When selecting a product, pay close attention to the product’s focus and target audience. Note which tools complement each other and choose a product or products that focus on your organization’s specific needs.

Go to Original Article
Author:

7 PowerShell courses to help hone skills for all levels of expertise

PowerShell can be one of the most effective tools administrators have for managing Windows systems. But it can be difficult to master, especially when time is limited. An online PowerShell course can expedite this process by prioritizing the most important topics and presenting them in logical order.

Admins have plenty of PowerShell courses from which to choose, offered by well-established vendors. But with so many courses available, it isn’t always clear which ones will be the most beneficial. To help make the course selection process easier, here we offer a sampling of popular PowerShell courses that cater to varying levels of experience.

Windows currently ships with PowerShell 5.1, but PowerShell Core 6 is available for download, and PowerShell 7 is in preview. PowerShell Core is a cross-platform version of PowerShell that runs on multiple OS platforms. It isn’t an upgrade to Windows PowerShell, but a separate application that runs on the same system.

Some of the PowerShell courses listed here, as well as other online classes, specify the PowerShell version on which the course is based. But not all classes offer this information, and some courses provide only a range, such as PowerShell 4 or later. So, before signing up for an online course, be sure to verify the PowerShell version.

Learning Windows PowerShell

This popular PowerShell tutorial from Udemy is designed for beginners. This course targets systems admins who have no prior PowerShell experience but want to use PowerShell to manage Windows desktops and servers. This course is based on PowerShell 5. But this shouldn’t be an issue when learning basic concepts, which is the primary focus of this PowerShell tutorial.

Admins have plenty of PowerShell courses from which to choose, offered by well-established vendors.

The course provides background information about PowerShell and explains how to set up the PowerShell environment, including how to configure the console and work with profiles. The course introduces cmdlets, shows how they’re related to .NET objects and classes, and explains how to build a pipeline using cmdlets and other language elements. With this information, systems admins will have the basics they need to move onto the next topic: PowerShell scripts.

The tutorial on scripting is nearly as extensive as the section on cmdlets. The course examines the details of script elements, such as variables, constants, comparison operators, if statements, looping structures and regular expressions. This is followed by details on PowerShell providers and how to work with files and folders, and then a discussion of administration basics. This course can help provide participants with a solid foundation in PowerShell so they’re ready to take on more advanced topics.

Introduction to Windows PowerShell 5.1

This Udemy tutorial is based on PowerShell 5.1, so it’s more current than the previous course. The training is geared toward both beginner PowerShell users and more experienced admins who want to hone their PowerShell skills. The course covers a wide range of topics, from understanding PowerShell syntax to managing Active Directory (AD). Participants who sign up for this course should already know how to run PowerShell, but they don’t need to be advanced users.

The course covers the basics of how to use both the PowerShell console and the Intelligent Scripting Environment (ISE). It explains what steps to take to get help and find commands. This is followed by an in-depth look at the PowerShell command syntax. The material also covers objects and their properties and methods, as well as an explanation of how to build a PowerShell pipeline.

Participants can move onto the section on scripting, which starts with a discussion on arrays and variables. Users then learn how to build looping structures and conditional statements, and how to use PowerShell functions. This course demonstrates how to use PowerShell to work with AD, covering such tasks as installing and configuring server roles.

PowerShell version 5.1 and 6: Step-by-Step

This tutorial, which is one of Udemy’s highest rated PowerShell courses, is geared toward admins who want to learn how to use PowerShell to perform management tasks. The course is broad in scope and covers both PowerShell 5.1 and PowerShell Core 6. Users who sign up for this course should have a basic understanding of the Windows OS — both desktop and server versions.

Because the course covers so many topics, it’s longer than the previous two training sessions and goes into more detail. It explains the differences between PowerShell and the Windows Command Prompt, how to determine the PowerShell version and how to work with aliases. The course also examines the steps necessary to run unsupported commands and create PowerShell transcripts.

This PowerShell tutorial also examines more advanced topics, such as working with object members, creating hash tables and managing execution policy levels. This is followed by a detailed discussion about the Common Information Model (CIM) and how it can manage hard drives and work with BIOS. In addition, participants will learn how to create profile scripts, functions and modules, as well as how to use script parameters and to pause script execution. Because the course is so comprehensive, admins should come away with a solid understanding of how to use PowerShell to script their daily management tasks.

Udemy course pricing

Udemy distinguishes between personal and business users. For personal users, Udemy charges by the course, with prices for PowerShell courses ranging between $25 and $200. Udemy also offers personal users a 30-day, money-back guarantee.

Udemy also offers two business plans that provide unlimited access to its courses. The Team plan supports between five and 20 users and costs $240 per user, per year. It also comes with a 14-day trial. Contact Udemy for details regarding its Enterprise plan, which supports 21 or more users. Udemy also offers courses to help users prepare for IT certifications, supporting such programs as Cisco CCNA, Oracle Certification and Microsoft Certification.

Windows PowerShell: Essentials

Pluralsight offers a variety of PowerShell courses, as well as learning paths. A path is a series of related courses that provide users with a strategy for learning a specific technology. This path includes six courses ranging from beginner to advanced user. Participants should come away with a strong foundation in how to create PowerShell scripts that automate administrative processes. Before embarking on this path, however, they should have a basic understanding of Windows networking and troubleshooting.

The beginning courses on this path provide users with the information they need to start working with PowerShell, even if they’re first-timers. Users will learn how to use cmdlets, work with objects and get help when they need it. These courses also introduce concepts such as aliases, providers and mapping network drives. The intermediate tutorials build on the beginning courses by explaining how to work with objects and the PowerShell pipeline, and how to format output. The intermediate courses also focus on using PowerShell in a networked environment, covering such topics as CIM and Windows Management Instrumentation.

The advanced courses build on the beginning and intermediate tutorials by focusing on automation scripts. Admins will learn how to use PowerShell scripting to automate their routine processes and tasks. They’ll also learn how to troubleshoot problems in their scripts if PowerShell exhibits unusual behavior. The path approach might not be for everyone, but for those ready to invest their time in a comprehensive program, this path could prove a valuable resource.

Practical Desired State Configuration

Those not suited to a learning path can choose from a variety of other Pluralsight courses that address specific technologies. This highly rated course caters to advanced users and provides real-world examples of how to use PowerShell to write Desired State Configurations (DSCs). Those interested in the course should be familiar with PowerShell and DSC principles.

DSC refers to a new way of managing Windows Server that shifts the focus from point-and-click GUIs to infrastructure as code. To achieve this, admins can use PowerShell to build DSCs. This process is the focus of this course, which covers several advanced topics ranging from writing configurations with custom resources to building dynamic collector configurations.

The tutorial demonstrates how to use custom resources in a configuration and offers an in-depth discussion of securing DSC operations. Participants then learn how to use the DSC model to configure and manage AD, covering such topics as building domains and creating users and groups. The course demonstrates how to set up Windows event forwarding. Although not everyone is looking for such advanced topics, for some users, this course might be just what they need to progress their PowerShell skills.

Pluralsight pricing

Pluralsight doesn’t charge by the course, but rather it offers three personal plans and two business plans. The personal plans start at $299 per year, and the business plans start at $579 per user, per year. All plans include access to the entire course library. In addition, Pluralsight offers a 10-day personal free trial and, like Udemy, courses geared toward IT certification.

PowerShell 5 Essential Training

Of the 13 online PowerShell courses offered by LinkedIn Learning — formerly, Lynda.com — this is the most popular. The course targets beginner and intermediate PowerShell users who are Windows systems admins. Although the course is based on PowerShell 5, the basic information is still applicable today, like other courseware written to this version.

The material covers most of the basics one would expect from a course at this level. It explains how to set up and customize PowerShell, and it introduces admins to cmdlets and their syntax and how to find help. This is followed by installing modules and packages. The course also describes how to use the PowerShell pipeline, covering such topics as working with files and printers, as well as storing data as a webpage.

The course moves onto objects and their properties and methods. Participants can learn how to create scripts that incorporate variables and parameters so they can automate administrative tasks. Participants are also introduced to PowerShell ISE and shown how to use PowerShell remoting to manage multiple systems at once, along with practical examples of administrative operations at scale.

PowerShell: Scripting for Advanced Automation

This course, which is also offered by LinkedIn Learning, focuses on automating advanced administrative operations in a Windows network. Those planning to take the course should have a strong foundation in managing Windows environments. As its name suggests, the course is geared toward advanced users.

After a brief introduction, the course jumps into DSC automation, providing an overview of DSC and explaining how to set up DSCs. Users can learn how to work with DSC resources, push DSCs and create pull configurations. The course then moves onto Just Enough Administration, explaining JEA concepts and best practices. In this part of the course, participants learn how to create role capability files and JEA session configurations, as well as how to register JEA endpoints.

The final section of the tutorial describes how to troubleshoot PowerShell scripts. The discussion begins with an overview of PowerShell workflows and examines the specifics of troubleshooting PowerShell in both the console and ISE. The section ends with information about using the PSScriptAnalyzer tool for quality control. As with any advanced course, not all users will benefit from this information. But the tutorial could provide a valuable resource for admins looking to refine their PowerShell skills.

LinkedIn Learning pricing

LinkedIn Learning sells courses individually, offers a one-month free trial and provides both personal and business plans. Individual PowerShell courses cost between $30 and $45, and individual subscription plans start at $20 per month. Contact LinkedIn Learning regarding business plans. LinkedIn Learning also offers courses aimed at IT certifications.

Go to Original Article
Author:

Windows IIS server hardening checklist

Default configurations for most OSes are not designed with security as the primary focus. Rather, they concentrate…

on ease of setup, use and communications. Therefore, web servers running default configurations are obvious targets for automated attacks and can be quickly compromised.

Device hardening is the process of enhancing web server security through a variety of measures to minimize its attack surface and eliminate as many security risks as possible in order to achieve a much more secure OS environment.

Because web servers are constantly attached to the internet and often act as gateways to an organization’s critical data and services, it is essential to ensure they are hardened before being put into production.

Consult this server hardening checklist to ensure server hardening policies are correctly implemented for your organization’s Windows Internet Information Services (IIS) server.

General

  • Never connect an IIS server to the internet until it is fully hardened.
  • Place the server in a physically secure location.
  • Do not install the IIS server on a domain controller.
  • Do not install a printer.
  • Use two network interfaces in the server: one for admin and one for the network.
  • Install service packs, patches and hot fixes.
  • Run Microsoft Security Compliance Toolkit.
  • Run IIS Lockdown on the server.
  • Install and configure URLScan.
  • Secure remote administration of the server, and configure for encryption, low session timeouts and account lockouts.
  • Disable unnecessary Windows services.
  • Ensure services are running with least-privileged accounts.
  • Disable FTP, Simple Mail Transfer Protocol and Network News Transfer Protocol services if they are not required.
  • Disable Telnet service.
  • Disable ASP.NET state service if not used by your applications.
  • Disable Web Distributed Authoring and Versioning if not used by the application, or secure it if it is required.
  • Do not install Microsoft Data Access Components (MDAC) unless specifically needed.
  • Do not install the HTML version of Internet Services Manager.
  • Do not install Microsoft Index Server unless required.
  • Do not install Microsoft FrontPage Server Extensions (FPSE) unless required.
  • Harden the TCP/IP stack.
  • Disable NetBIOS and Server Message Block — closing ports 137, 138, 139 and 445.
  • Reconfigure recycle bin and page file system data policies.
  • Secure CMOS (complementary metal-oxide semiconductor) settings.
  • Secure physical media — CD-ROM drive and so on.

Accounts

  • Remove unused accounts from the server.
  • Disable Windows Guest account.
  • Rename Administrator account, and set a strong password.
  • Disable IUSR_Machine account if it is not used by the application.
  • Create a custom least-privileged anonymous account if applications require anonymous access.
  • Do not give the anonymous account write access to web content directories or allow it to execute command-line tools.
  • If you host multiple web applications, configure a separate anonymous user account for each one.
  • Configure ASP.NET process account for least privilege. This only applies if you are not using the default ASP.NET account, which is a least-privileged account.
  • Enforce strong account and password policies for the server.
  • Enforce two-factor authentication where possible.
  • Restrict remote logons. (The “access this computer from the network” user right is removed from the Everyone group.)
  • Do not share accounts among administrators.
  • Disable null sessions (anonymous logons).
  • Require approval for account delegation.
  • Do not allow users and administrators to share accounts.
  • Do not create more than two accounts in the administrator group.
  • Require administrators to log on locally, or secure the remote administration system.

Files and directories

  • Use multiple disks or partition volumes, and do not install the web server home directory on the same volume as the OS folders.
  • Contain files and directories on NT file system (NTFS) volumes.
  • Put website content on a nonsystem NTFS volume.
  • Create a new site, and disable the default site.
  • Put log files on a nonsystem NTFS volume but not on the same volume where the website content resides.
  • Restrict the Everyone group — no access to WINNTsystem32 or web directories.
  • Ensure website root directory has deny write access control entry (ACE) for anonymous internet accounts.
  • Ensure content directories have deny write ACE for anonymous internet accounts.
  • Remove resource kit tools, utilities and SDKs.
  • Remove any sample applications or code.
  • Remove IP address in header for Content-Location.

Shares

  • Remove all unnecessary shares, including default administration shares.
  • Restrict access to required shares — the Everyone group does not have access.
  • Remove administrative shares — C$ and Admin$ — if they are not required. (Microsoft System Center Operations Manager — formerly Microsoft Systems Management Server and Microsoft Operations Manager — requires these shares.)

Ports

  • Restrict internet-facing interfaces to port 443 (SSL).
  • Run IIS Lockdown Wizard on the server.

Registry

  • Restrict remote registry access.
  • Secure the local Security Account Manager (SAM) database by implementing the NoLMHash Policy.

Auditing and logging

  • Audit failed logon attempts.
  • Relocate and secure IIS log files.
  • Configure log files with an appropriate file size depending on the application security requirement.
  • Regularly archive and analyze log files.
  • Audit access to the MetaBase.xml and MBSchema.xml files.
  • Configure IIS for World Wide Web Consortium extended log file format auditing.
  • Read how to use SQL Server to analyze web logs here.

Sites and virtual directories

  • Put websites on a nonsystem partition.
  • Disable Parent Paths setting.
  • Remove any unnecessary virtual directories.
  • Remove or secure MDAC Remote Data Services virtual directory.
  • Do not grant included directories read web permission.
  • Restrict write and execute web permissions for anonymous accounts in virtual directories.
  • Ensure there is script source access only on folders that support content authoring.
  • Ensure there is write access only on folders that support content authoring and these folders are configured for authentication and SSL encryption.
  • Remove FPSE if not used. If FPSE are used, update and restrict access to them.
  • Remove the IIS Internet Printing virtual directory.

Script mappings

  • Map extensions not used by the application to 404.dll — .idq, .htw, .ida, .shtml, .shtm, .stm, idc, .htr, .printer.
  • Map unnecessary ASP.NET file type extensions to HttpForbiddenHandler in Machine.config.

ISAPI filters

IIS Metabase

  • Restrict access to the metabase by using NTFS permissions (%systemroot%system32inetsrvmetabase.bin).
  • Restrict IIS banner information (disable IP address in content location).

Server certificates

  • Ensure certificate date ranges are valid.
  • Only use certificates for their intended purpose. For example, the server certificate is not used for email.
  • Ensure the certificate’s public key is valid, all the way to a trusted root authority.
  • Confirm that the certificate has not been revoked.

Machine.config

  • Map protected resources to HttpForbiddenHandler.
  • Remove unused HttpModules.
  • Disable tracing: <trace enable=”false”/>.
  • Turn off debug compiles: <compilation debug=”false” explicit=”true” defaultLanguage=”vb”>.

Dig Deeper on Microsoft Windows security

Go to Original Article
Author:

Ended support for Windows Server 2008 leaves clients circumspect

It’s understandable that organizations haven’t immediately parted with Microsoft Windows Server 2008.

Microsoft ended support for Windows Server 2008 in January, forcing organizations to consider making wholesale changes to how they manage and control their technology stacks. But as with any trusted technology, the server operating system has been a reliable backbone since its release more than a decade ago, a timeframe that coincided with enterprises increasingly depending on applications and networks to drive business.

Change is always hard, and a change of this magnitude won’t happen overnight, especially when the alternative could mean shifting a large chunk of operations to the cloud, which is what Microsoft hopes for as it promotes its Azure cloud platform as an option. A big embrace of the cloud is a big step for companies that still depend on on-premises mainframes.

“Even though it’s the end of life for 2008, many still think it’s not necessary to move yet,” said Craig McQueen, vice president of innovation for the Toronto-based MSP Softchoice. “Some customers don’t want to move too quickly because it’s difficult to see the business benefits.” And even if a company recognizes they’re more susceptible to security risks with Microsoft no longer providing patches and updates to Windows Server 2008, “the life of an IT person is so busy that migration drags on,” he said.

Customers weigh Window Server 2008 transitions

Craig McQueenCraig McQueen

McQueen and representatives of three other Microsoft partners didn’t offer a number on how many customers have shifted or will soon shift away from Windows Server 2008. But they all said the majority of their customers will, for a little while longer, operate on the side of familiarity.

Many of those customers indicated they will eventually start migrating to Azure or another cloud computing platform, perhaps later this year or next year, but many others still need to make a decision. Microsoft ended support for Windows Server 2008 and 2008 R2 on Jan. 14, coming off the heels of a July 2019 end-of-life date for SQL Server 2008.

Rob LeachRob Leach

Companies that haven’t yet committed to halting use of Windows Server 2008 aren’t ignorant of security risks, according to Microsoft partners. For every day that passes, they know threat actors increase their efforts to exploit vulnerabilities in the old operating system. “[Windows Server 2008 users] know all about security breaches, and they should do everything necessary to protect themselves. They don’t want to be on the front page of The Wall Street Journal,” said Rob Leach, the North American Azure lead for the Seattle IT consulting company Avanade.

But the desire to break free of Windows Server 2008 and other mainframe servers is often tempered by contractual and budgetary considerations, Leach said. Many Avanade customers haven’t yet entirely shifted to cloud because they are contractually obligated to on-premises servers until those leases expired. But Leach said he expects to see an increase in cloud migrations over the next few years and Azure to be an attractive option because it would be a lift and shift within the Microsoft family.

Even when companies can immediately take advantage of cloud, they nonetheless proceed cautiously, Leach said. Customers want to see specific proof points for how cloud can boost the bottom line over the long haul. “It’s not just about technology,” he said. “It also has to make good business sense.”

David RodriguezDavid Rodriguez

David Rodriguez, the national director of cloud platforms for the consulting firm Core BTS Inc. in Garden City, N.Y., said the effective end of Windows Server 2008 support won’t be the sole driving force behind his customers’ shift to cloud, but having the end-of-service date “hanging over their heads” will be a factor.

How Microsoft partners can support Azure migrations

Core BTS helps customers overcome any hesitations about cloud, Rodriguez said. “We provide detailed reports with not only a line-by-line breakdown of what each [cloud] service will cost, but also what it will take to reinvest in a new VM host,” he said. “We compare side by side the estimated spend if you just upgrade hardware on-premises to what cloud costs.” Some are already making the move to a Microsoft cloud, migrating to either Azure VM or Hyper-V, he added.

With an opportunity to sell the benefits of cloud technology, Microsoft partners say they also have a legitimate opening to upsell other services that are related to cloud, including microservices, containers and AI-supported applications.

“The journey to the cloud is crawl, walk and run,” Rodriguez said. “With the ‘walk’ phase … you start to take applications they have in a VM, in the cloud, and look for more platform offerings.” For instance, some proprietary applications might work well with containerization. The “run” phase could mean making better use of the data in the cloud by integrating it through a suite of AI applications. “The journey to the cloud can be a complete transformation,” he said.

Rory McCawRory McCaw

Rory McCaw, president of enterprise advisory services at Green House Data, a Cheyenne, Wyo., enterprise advisory service, likes to point to client success stories to assuage doubts about cloud migration. One such story centers on an agricultural company in Omaha, Neb., that had relied on mainframe servers, including some usage of Windows Server 2008. The company recently shifted to Azure, on which it built a mobile application that lets its trucking fleet better manage its transport of soybeans, he said.

Still, even though the end of support for Windows Server 2008 is a bridge to cloud, companies will always keep some applications running on premises, McCaw noted. Some applications are so critical and embedded in processes that it sometimes makes sense to leave them alone, at least for now.

McCaw knows some companies that still run Windows 2000 to accommodate those unique apps. “It is firewalled but still going due to the type of application running on it or an inability for it to be modernized,” he said. In some instances, he added, the critical application was built internally, but its creators have since left the company and took their knowledge of the program with them.

Determining what migrates and what stays is part of Microsoft partners’ migration plans for their customers. Executives don’t anticipate problems migrating from Windows Server 2008 as long as the planning process is thorough and the client’s goals are considered. “It’s really just about trying to understand what they want to accomplish,” McCaw said. “It’s collecting as much information as possible, and not [really] selling anyone … anything, but instead presenting them with ideas they haven’t considered … [so] they can then decide with their knowledge of their own business.”

Go to Original Article
Author:

How to create and deploy a VMware VM template

A VMware VM template — also known as a golden image — is a perfect copy of a VM from which you can deploy identical VMs. Templates include a VM’s virtual disks and settings, and they can not only save users time but help them avoid errors when configuring new Windows and Linux VMs.

VM templates enable VMware admins to create exact copies of VMs for cloning, converting and deploying. They can be used to simplify configuration and ensure the standardization of VMs throughout your entire ecosystem. Templates can also be used as long-term backups of VMs. However, you can’t operate a VM template without converting it back to a standard VM.

VSphere templates can be accessed through your content library. The content library wizard will then walk you through configuration steps, such as publishing and optimizing templates. It designates roles and privileges that you can then assign to users, and it eases VM deployment options.

Best practices for Hyper-V templates

You can create and deploy VMware VM templates through Hyper-V, as well. Hyper-V templates enable users to deploy VMs quickly with greater security, such as with shielded VMs, and reduce network congestion. They rely on System Center Virtual Machine Manager (SCVMM) and require specific configurations.

To create a Hyper-V template, select a base object from which you want to create the template — an extant VM template, a virtual hard disk or a VM. Assign a name to the new template and configure the virtual hardware and operating settings the deployed VM will use.

Keep in mind that not every VM is a viable template candidate. If your system partition is not the same as your Windows partition, you won’t be able to use that VM as a template source.

To create a shielded VM — one that protects against a compromised host — run the Shielded Template Disk Creation Wizard. Specify your required settings in the wizard and click Generate to produce the template disk, then copy that disk to your template library. The disk should appear in your content library with a small shield icon, which signifies that it has shielded technology.

How to create a VMware VM template with Packer

Packer is a free tool that can help you automate vSphere template creation and management. It features multiple builders optimized for VMware Fusion, Workstation Pro or Workstation Player. The vmware-iso Packer plugin builder supports using a remote ESXi server to build a template, and the vsphere-iso plugin helps you connect to a vCenter environment and build on any host in a cluster.

When you use Packer to make a VM template, you use two main file types. The JSON file makes up the template, and the autounattend.xml file automates Windows installation on your VM. Once your scripts, JSON file and autounattend file are ready, you can build a VM template in Packer. When the build is complete, Packer converts the VM to a template that you can view and deploy through PowerCLI.

Use PowerCLI to deploy a template

You can use PowerCLI to deploy new VMs from a template. Create an OS customization specification through PowerCLI to start the deployment process and to ensure that when you create your VMs from a template, you can still change certain settings to make them unique. These settings would include organization name, security identifier, local administrator password, Active Directory domain, time zone, domain credentials, Windows product key and AutoLogonCount registry key. The PowerCLI cmdlet might resemble the following:

C:> New-OSCustomizationSpec -Name ‘WindowsServer2016’ -FullName ‘TestName’ -OrgName ‘MyCompany’ -OSType Windows -ChangeSid -AdminPassword (Read-Host -AsSecureString) -Domain ‘NTDOMAIN’ -TimeZone 035 -DomainCredentials (Get-Credential) -ProductKey ‘5555-7777-3333-2222’ -AutoLogonCount 1

After your OS is customized, you can easily deploy a VM from a template or multiple VMs from the same template. Start by placing the OS customization specifications into the variable $Specs.

$Specs = Get-OSCustomizationSpec -Name ‘WindowsServer2016’

Then, use the VM template in the variable $Template.

$Template = Get-Template -Name ‘ Windows2016Template’

Finish by deploying your VM using the New-VM cmdlet and piping in your template and OS specifications.

New-VM -Name ‘Windows16VM’ -Template $Template -OSCustomizationSpec $Spec -VMHost ‘ESXiHost’ -Datastore ‘VMDatastore’

Troubleshoot VM templates

Joining a VM to an Active Directory domain can cause the system to create a computer account for the VM, which then leaves that computer account orphaned during the template creation process.

There are a few common mistakes to VM template creation and deployment that you’ll want to avoid.

Creating a VMware template directly from a VM ends up destroying the VM. Always create a clone of a VM prior to creating a template from one. Even if you create a VM solely to become a template, template creation could fail and destroy your VM. A common reason for template creation failure is trying to create a template from a Linux VM. In that case, the template creation process wants to Sysprep a VM but Sysprep is designed for Windows OSes.

You also need to ensure that the model VM you want to turn into a template isn’t domain-jointed. Joining a VM to an Active Directory domain can cause the system to create a computer account for the VM, which then leaves that computer account orphaned during the template creation process. To work around this issue, have the template itself handle the domain join and secure the library share in a way that prevents anyone other than VM admins from having access.

Finally, don’t include any preinstalled applications on a VM template. The Sysprep process often breaks such applications. You can instead use an application profile or configure a VM template to run a script for automated application installation.

Go to Original Article
Author:

Try 10 practice questions for the CCNP, CCIE ENCOR 350-401

In Cisco’s sweeping certification changes, the company eliminated prerequisite exams for the Cisco Certified Network Professional tracks, which means network engineers have a higher bar to meet when they take CCNP exams.

However, this higher bar doesn’t mean engineers must solely know advanced topics and technologies, such as software-defined WAN, automation and programmability — although those are on the exams. Instead, CCNP hopefuls on the Enterprise track — for ENCOR 350-401, in particular — should expect to know a solid amount of past CCNP material, such as IP routing essentials, in addition to new technologies. The same goes for Cisco Certified Internetwork Expert (CCIE) hopefuls, as well.

CCNP and CCIE hopefuls alike can explore old and new material in CCNP and CCIE ENCOR 350-401 Official Cert Guide, available now, by authors Ramiro Garza Rios, David Hucaby, Brad Edgeworth and Jason Gooley. This guidebook delves into topics that span from forwarding to wireless to software-defined networking best practices.

Below is the “Do I Know This Already?” quiz from Chapter 6, “IP Routing Essentials.” These 10 questions explore common routing protocols network engineers will likely recognize from their daily jobs and others that are also relevant to their positions. Edgeworth said the chapter covers fundamentals and helps readers understand how routers function and think.

The quiz offers readers a vendor-agnostic studying method, as routing protocols aren’t specific to Cisco or any other vendor. These universal fundamentals can help readers in their careers wherever they go and with whichever vendor products they may use.

These questions for the CCNP and CCIE ENCOR 350-401 help readers review enterprise networking essentials they need to know and test their expertise on key protocol differences and common routing concepts. The quiz covers a general overview of the protocols and dives deep into path selection, static routing, and virtual routing and forwarding.

Go to Original Article
Author:

How Cisco certification changes alter CCNP and CCIE tracks

For the Cisco Certified Network Professional and Cisco Certified Internetwork Expert — CCNP and CCIE, respectively — the Cisco certification changes mean less time flaunting advanced networking tricks and more time learning material relevant to the current job market.

Cisco announced these certification changes at Cisco Live 2019, where the significant cuts to the Cisco Certified Network Associate (CCNA) track garnered much attention. However, the Cisco certification changes also affected the CCNP and CCIE tracks, such as shrinking the former eight-track CCNP options to five tracks. Authors Brad Edgeworth and Jason Gooley said they believe these changes will greatly benefit CCNP and CCIE hopefuls, as the changes reflect shifts in the networking industry and network engineer job roles.

The effects of the Cisco certification changes are reflected in the new book from authors Ramiro Garza Rios, David Hucaby, Edgeworth and Gooley — CCNP and CCIE ENCOR 350-401 Official Cert Guide which is available now. The book explores the new CCNP and CCIE Enterprise tracks that include relevant information for enterprise network engineers.

Editor’s note: The following interview was edited for length and clarity.

How have the Cisco certification changes affected CCNP and CCIE? What remains the same?

Brad EdgeworthBrad Edgeworth

Brad Edgeworth: [Cisco] is adding more width to the knowledge required. It’s adding more programmability and automation, because that’s becoming more integrated into teams. Also, it’s trying to take advantage of more virtualized platforms.

Jason Gooley: The certifications are becoming more streamlined. They’re modular, so you can pick the technology core, then focus on a specialty and become certified in that direction. In addition, newer technologies such as software-defined access [SD-Access] or software-defined WAN [SD-WAN] are part of these exams.

Not a lot was removed. The level of knowledge you had to know before has grown, because we include what was there before and add a bunch of new technologies.

Edgeworth: Cisco is going back to what is relevant to jobs. Some technologies that are not as common, like frame relay, were removed. The core fundamentals of networking still reside within the certification exams, and Cisco built on top of them.

Jason GooleyJason Gooley

Gooley: You have to know what was asked [in the exams] before in addition to these new technologies. That fits with what customers see in work environments now. You’re certified in what you see in the industry versus an exam with some technology you might not use. It’s structured around current job roles.

When I took the CCNP, there were four exams. Now, you can take two — technology core and concentration — and become CCNP certified. The structure completely changed, which I think is for the better. As far as technology, things like SD-WAN, SD-Access and programmability become more robust because that’s what customers and the industry are leading to.

Edgeworth: The CCNP Routing and Switching exam before was great but never took wireless into account, which is what most enterprise customers use. Now, that’s integrated into it.

With CCIE, it used to be: What router ninja tricks can you do? CCIEs would maybe not have fundamentals for network design, so network design was integrated as a component of the CCIE practical exam. Design concepts have become a core specialization with CCNP, as well.

Where do you see Cisco certifications and the industry heading in the next 20 years?

Edgeworth: In the industry, there will be more automation and businesses becoming more digital. Another big thing is security. How do you integrate security throughout the service? The industry lagged with that. There’s going to be more automation and security integration for dotting i’s and crossing t’s to make sure data is correct and maintains its privacy.

Gooley: As job roles change and customers adopt different technologies, the certifications will follow. As the certifications evolve over time, they’ll follow what’s in the industry and what customers go through. That’s why we didn’t remove a lot from the certifications, because it’s still out there.

For Cisco to redo the entire certification program, as well as introduce a new line that focuses specifically on automation, software and programmability skills — that’s in response to the industry, and that’s critical. When you evolve your skill set and move toward newer technologies and automation, you still need to know how it works before you automate it. You can automate failure as fast as you automate success.

Edgeworth: You have to have fundamentals because of what you automate. Learn the trade, not tips of the trade, because tips of the trade come from learning the trade.

Going after a certification is nice. Obtaining the certification is nicer. But failure is part of the process. Learning on the journey is critical. I wouldn’t be where I am today if I hadn’t failed. [The first time] I tried for CCIE, I failed. But the knowledge I gained during the process allowed me to enter other opportunities to grow my career. While succeeding is nice, it’s about the knowledge you gain on the way.

Gooley: I went for the CCDE [Cisco Certified Design Expert] three times, and I still haven’t passed. You learn the technology and best practices in going for it. Even if you don’t pass, you’ve still enhanced your skill set, and it’s valuable. Everybody eventually has to get up and dust themselves off.

What’s nice about social media and the community is when you fail, you’re held accountable when you say it. Then other people come out of the woodwork saying you’re not alone. That helps everybody learn together. Embrace the journey. The journey is where you learn everything and have the fun.

Go to Original Article
Author: