Tag Archives: track

Prepare for CCNP, CCIE ENCOR 350-401 with this guide preview

Although the Cisco Certified Network Professional track no longer has prerequisite exams, most CCNP exams still require an understanding of the networking topics found in the reworked Cisco Certified Network Associate, or CCNA, exam.

For the CCNP and Cisco Certified Internetwork Expert (CCIE) ENCOR 350-401 exam, a significant portion of the material includes information from the new CCNA exam. Authors Ramiro Garza Rios, David Hucaby, Brad Edgeworth and Jason Gooley cover both the old and new material in their guidebook CCNP and CCIE ENCOR 350-401 Official Cert Guide, which is available now.

The ENCOR 350-401 exam — which stands for Enterprise Core — particularly emphasizes Cisco’s move from uncommon, advanced capabilities to the networking requirements for current job roles.

Below is an excerpt from the guide: Chapter 6, “IP Routing Essentials.” This chapter covers fundamental routing protocols — many of which have remained from when the authors themselves began to study for Cisco certification exams.

When Edgeworth first studied for the Cisco certification exams, he said understanding how routers think and operate was the most challenging part. As an author, he has tried to write chapters in a way that provides in-depth perspective, yet also shows how technologies and protocols work within configurations. Edgeworth suggested CCNP and CCIE ENCOR 350-401 hopefuls participate in labs to put the concepts they learn from books into practice.

Gooley, on the other hand, found unstructured, solo studying the most challenging, saying he felt alone when he first started studying for his Cisco certifications. He suggested that hopefuls should lean on the community, whether that’s in person or through social media. People can hold each other accountable for studying and readers can reach out to the authors themselves if they have questions.

In addition to potentially challenging new topics in the CCNP and CCIE ENCOR 350-401 exam — such as programmability and software-defined WAN — Edgeworth and Gooley said they are pleased with how relevant the ENCOR 350-401 exam is to current job roles. CCNP and CCIE hopefuls can expect to learn and solidify skills they use daily at their jobs, including the IP routing fundamentals.

Edgeworth said this chapter covers many routing essentials, such as Open Shortest Path First (OSPF) and Border Gateway Protocol (BGP) — topics the new CCNA exam also includes. The chapter delves into fundamental knowledge network engineers need for jobs and explores routing essentials in a vendor-agnostic way, as OSPF is OSPF and BGP is BGP regardless of which vendor platform an engineer uses, according to Edgeworth.

Go to Original Article
Author:

Traditional, emerging topics unite in the new CCNA exam

While Cisco’s updated Cisco Certified Network Associate — or CCNA — certification track shrunk to a single path and single exam, CCNA hopefuls must know a broad range of both networking basics and emerging networking technologies in order to pass the exam.

Cisco announced sweeping changes to its certification tracks in June 2019, and the new CCNA exam derives from one of the largest changes in Cisco history, according to Cisco author Wendell Odom. Odom, author of every CCNA Official Cert Guide, wrote two new volumes of his guides for the CCNA 200-301 exam. The singular path of the new CCNA exam is smaller overall compared to past exam versions, yet the extensive amount of material — both old and new — necessitated two volumes.

Both Volumes 1 and 2 cover various traditional networking topics, such as virtual LANs (VLANs) and basic IP services, as well as newer networking technologies, such as network automation. Odom said the new CCNA exam includes a lot for engineers to learn but also contains relevant and useful material for the current job market.

Editor’s note: The following interview was edited for length and clarity.

Can you compare details of the former and the new CCNA exams?

Wendell OdomWendell Odom

Wendell Odom: If you took the old CCNA Routing and Switching exam blueprint, about half those topics are in the new CCNA exam. The literal words are there. It’s not just the same topic — it’s copied-and-pasted topics from the old to the new.

Then, the new exam has topics that weren’t in any of the old. It has a few you might say came from CCNA Collaboration or CCNA Data Center. For the most part, the new topics [show] the world is changing and IT changes quickly. These are new things Cisco finds important for routing and switching, like automation and cloud. Now, it introduces intent-based networking to CCNA for the first time.

If you view the old as 100 points in volume, the new is about 75% of that — 75 points. Fifty points are old exam topics that stuck around: VLANs, VLAN trunks, IPv4 and IPv6 routing, Layer 3 filters, sub-Layer 2 filtering with port security, security protocols, basic IP services, like SNMP [Simple Network Management Protocol] and NTP [Network Time Protocol].

CCNA Guide book coverClick to learn more about
this book.

Now, there’s more OSPF [Open Shortest Path First] — particularly, OSPF network types. On an Ethernet interface, you’ve got two or more routers that run OSPF connected to the same Ethernet. They elect a designated router, which causes OSPF to model the connected subnet differently. It changes OSPF operation on that LAN.

That’s typical on a LAN, but if you use Ethernet in WANs — particularly point-to-point WAN links — you don’t want LAN-like OSPF behavior electing a designated router. To change that, in Cisco routers, you change the OSPF network type to point-to-point instead of the default broadcast type, which is what causes it to act like a LAN.

The new Volume 1 has four chapters on wireless LANs. It’s basic: What’s an access point [AP]? What are the different wireless standards? How would you configure an AP to be a stand-alone AP? How would you do it with a wireless LAN controller? To a networker, it’s not very deep, but it’s your first step, and there’s a lot in CCNA that are first steps in learning technologies.

Now, there’s DHCP [Dynamic Host Configuration Protocol] snooping and dynamic ARP [Address Resolution Protocol] inspection. And the new CCNA exam mentions TFTP [Trivial File Transfer Protocol] and FTP specifically.

People will enjoy the topics they learn, both for learning and for how it matches real jobs today. Cisco did this particular exam right.
Wendell OdomAuthor

The old had basics of what I call ‘controller-based networking;’ there’s more now. It talks about underlays and overlays, which now gets you ready for software-defined access. The old and new CCNA exams have a lot about the old way to do LANs — how you build switch networks, Spanning Tree Protocol, etc.

Now, there’s REST, JSON [JavaScript Object Notation], specifically mentioned comparisons of Ansible, Puppet and Chef, as far as how they work under the covers. It doesn’t get into how to manipulate the tools, but more of which uses a push model, which uses a pull model, etc.

If you studied now for everything except newer technologies, which is 10% of the exam blueprint, it’d seem like traditional networking technology. Then, you get into newer, evolving technologies. Now, we’re pushing the baby birds out of the nest because … you’re going to get a lot of this in the CCNP Enterprise Core, etc. I’m glad some of it is in CCNA.

What questions have you gotten about the new CCNA exam?

Odom: Oddly enough, there’s not much worry about new topics. ‘Do I need to know Python?’ That’s probably most common because exam topics don’t mention Python. You think automation, and you think your first step is a programming language. You can actually learn everything in CCNA for automation without knowing Python.

People quickly zero in on technical questions: Layer 2, Layer 3 interactions. People get confused about encapsulation. OSPF concepts are more common — typically, LSAs [link-state advertisement], what those mean and whether that’s important. ‘Do I need to understand what a Type 1, Type 2 and Type 3 LSA is?’ I don’t know how important that is for the exam depending on the version. But if you’re going to use OSPF, you need to know what it is for real life.

I’m happy with how [the new CCNA exam] balances newer automation features and technologies — not overwhelming newbies with too much new and giving the foundation they need to get a real job. I think Cisco hit the right balance. People will enjoy the topics they learn, both for learning and for how it matches real jobs today. Cisco did this particular exam right.

Go to Original Article
Author:

Salesforce.org Education Cloud updates enhance student engagement

Students will be able to better engage with school staff and track their college coursework with the help of some new features in Salesforce.org Education Cloud.

These features can help students and staff get a better view of the student journey throughout the college lifecycle without having to use external systems and help better connect K-12 schools in the Salesforce ecosystem.

Higher education is an industry that lags in terms of digital transformation, said Joyce Kim, a higher education analyst at Ovum. But Salesforce’s foundation in the enterprise has a lot of applicability to the higher-education model.

“Student retention and completion are really important targets for institutions but having the right data and insights that will help a school achieve those goals is a challenge,” Kim said.

Enriching the student journey

A feature that could have a widespread effect is Salesforce Advisor Link Pathways, which assists in degree planning and helps keep students on track to graduate.

Currently, staff and students in the San Mateo County Community College District (SMCCCD) use a third-party system called DegreeWorks to aid with degree planning. Students currently have access to Salesforce, but they can only see members of their success team and alerts from faculty — such as a student failed a test, and tasks such as applying for a summer internship, resume review and updating a LinkedIn profile. The Pathways feature can bring degree planning right into the Salesforce system, eliminating the need for a third-party app.

“The big thing for staff and students is being able to have everyone integrated onto one system, and be able to take action in real time,” said Karrie Mitchell, vice president of planning for the SMCCCD. “There are so many different systems that are siloed, and Education Cloud brings it all together.”

Student retention and completion are really important targets for institutions but having the right data and insights that will help a school achieve those goals is a challenge.
Joyce KimHigher education analyst, Ovum

Many students take extra credits and extra student loan debt that don’t add up to a degree, and this will help advisers proactively manage and support students to make it to their graduation goal, said Nathalie Mainland, senior vice president and general manager of Education Cloud at Salesforce.org. Salesforce.com acquired Salesforce.org in April 2019 at a price of $300 million.

Another feature that could be beneficial to SMCCCD is the Einstein Analytics template for recruitment and admissions, using the Education Data Architecture as a foundation. These templates may help admission staff find trends in each year’s class, including demographics, areas of study and who’s taking what classes — and prevent the need to manually input information into the system, Mitchell said.

“This gives you a 360-degree view of the student, and that’s critical for us,” said Daman Grewal, CTO at SMCCCD.

Other new features

Also, in the Education Data Architecture, Salesforce is adding application and test score objects, making it easier to bring in data for the recruiting and admission process, such as application data and test scores. Previously, schools were doing custom builds, and now there will be a standardized way to bring this data into the system, Mainland said.

Other new Salesforce Advisor Link features include queue management — the No. 1 most requested feature from customers — and Salesforce Advisor Link for onboarding and pre-advising. Queue management will enable students to proactively make an appointment with their advisers, and the onboarding and pre-advising feature help catch students that received offer letters to be sure they accept and show up on campus.

And while K-12 institutions already have been using Salesforce.org Education Cloud, there is now a K-12 architecture kit. This will accelerate schools’ ability to use Education Cloud and Salesforce technology, and users will no longer have to customize it themselves, Mainland said.

While Oracle, Ellucian, Jenzabar and Campus management are all competing vendors with end-to-end CRM suites, Salesforce is positioned competitively in the higher-education CRM market, Kim said.

“Because of its user-friendly interface and ability to use emerging technologies for things like predictive analytics and automating processes, end users find their products are intuitive and effective,” she said.  

Salesforce plans to dig into this Education Cloud news during Dreamforce, which takes place Nov. 19 to 22 in San Francisco, Mainland said.

The Education Data Architecture and K-12 architecture kits are both free, open source and available to both Salesforce and non-Salesforce users. They will be available on AppExchange and GitHub.

The Education Data Architecture features will be available in January. Everything else will be available by Nov. 18.

Go to Original Article
Author:

How to rebuild the SYSVOL tree using DFSR

Active Directory has a number of different components to keep track of user and resource information in an organization….

If one piece starts to fail and a recovery effort falters, it could mean it’s time for a rebuilding process.

The system volume (SYSVOL) is a shared folder found on domain controllers in an Active Directory domain that distributes the logon and policy scripts to users on the domain. Creating the first domain controller also produces SYSVOL and its initial contents. As you build domain controllers, the SYSVOL structure is created, and the contents are replicated from another domain controller. If this replication fails, it could leave the organization in a vulnerable position until it is corrected.

How the SYSVOL directory is organized

SYSVOL contains the following items:

  • group policy data;
  • logon scripts;
  • staging folders used to synchronize data and files between domain controllers; and
  • file system junctions.
domain controller shares
Figure 1: Use the Get-SmbShare cmdlet to show the SYSVOL and NETLOGON shares on an Active Directory domain controller.

The Distributed File System Replication (DFSR) service replicates SYSVOL data on Windows 2008 and above when the domain functional level is Windows 2008 and above.

SYSVOL folder contents
Figure 2. The SYSVOL folder contains four folders: domain, staging, staging areas and sysvol.

The position of SYSVOL on disk is set when you promote a server to a domain controller. The default location is C:WindowsSYSVOLsysvol, as shown in Figure 1.

For this tutorial, we will use PowerShell Core v7 preview 3, because it fixes the .NET Core bug related to displaying certain properties, such as ProtectedFromAccidentalDeletion.

SYSVOL contains a number of folders, as shown in Figure 2.

How to protect SYSVOL before trouble strikes

As the administrator in charge of Active Directory, you need to consider how you’ll protect the data in SYSVOL to protect the system in case of corruption or user error.

Windows backs up SYSVOL as part of the system state, but you should not restore from system state, as it might not result in a proper restoration of SYSVOL. If you’re working with the relative identifier master flexible server master operations holder, you definitely don’t want to restore system state and risk having multiple objects with the same security identifier. You need a file-level backup of the SYSVOL area. Don’t forget you can use Windows Server backup to protect SYSVOL on a domain controller if you can’t use your regular backup approach.

If you can’t use a backup, then login scripts can be copied to a backup folder. Keep the backup folder on the same volume so the permissions aren’t altered. You can back up group policy objects (GPOs) with PowerShell:

Import-Module GroupPolicy -SkipEditionCheck

The SkipEditionCheck parameter is required, because the GroupPolicy module hasn’t had CompatiblePSEditions in the module manifest set to include Core.

Create a folder for the backups:

New-Item -ItemType Directory -Path C: -Name GPObackup

Use the date to create a subfolder name and create the subfolder for the current backup:

$date = (Get-Date -Format ‘yyyyMMdd’).ToString()

New-Item -ItemType Directory -Path C:GPObackup -Name $date

Run the backup:

Backup-GPO -All -Path (Join-Path -Path C:GPObackup -ChildPath $date)

If you still use login scripts, rather doing everything through GPOs, the system stores your scripts in the NETLOGON share in the C:WindowsSYSVOLdomainscripts folder.

Restore the SYSVOL folder

SYSVOL replication through DFSR usually works. However, as with any system, it’s possible for something to go wrong. There are two scenarios that should be covered:

  • Loss of SYSVOL information on a single domain controller. The risk is the change that removed the data from SYSVOL has replicated across the domain.
  • Loss of SYSVOL on all domain controllers, which requires a compete rebuild.

The second case involving a complete rebuild of SYSVOL is somewhat more complicated, with the first case being a subset of the second. The following steps explain how to recover from a complete loss of SYSVOL, with added explainers to perform an authoritative replication of a lost file.

Preparing for a SYSVOL restore

To prepare to rebuild the SYSVOL tree, stop the DFSR service on all domain controllers:

Stop-Service DFSR

On domain controllers where you can’t perform a restore, you’ll need to rebuild the SYSVOL tree folder structure and share structure.

On the domain controller with the SYSVOL you want to fix — or the one with the data you need to replicate — disable DFSR and make the server authoritative.

Get-ADObject -Identity “CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=TTSDC01,OU=Domain Controllers,DC=Sphinx,DC=org” -Properties * |

Set-ADObject -Replace @{‘msDFSR-Enabled’=$false; ‘msDFSR-options’=1}

Disable DFSR on the other domain controllers in the domain. The difference in the commands is you’re not setting the msDFSR-options property.

Get-ADObject -Identity “CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=TTSDC02,OU=Domain Controllers,DC=Sphinx,DC=org” -Properties * |

 Set-ADObject -Replace @{‘msDFSR-Enabled’=$false}

Rebuild the SYSVOL tree data

The next step is to restore the data. You can skip this if you’re just forcing replication of lost data.

On domain controllers where you can’t perform a restore, you’ll need to rebuild the SYSVOL tree folder structure and share structure. This tutorial assumes you’ve created SYSVOL in the default location with the following folder structure:

C:WindowsSYSVOL

C:WindowsSYSVOLdomain

C:WindowsSYSVOLdomainpolicies

C:WindowsSYSVOLdomainscripts

C:WindowsSYSVOLstaging

C:WindowsSYSVOLstagingdomain

C:WindowsSYSVOLstaging areas

C:WindowsSYSVOLsysvol

You can use the following PowerShell commands to re-create the folders in the minimum number of steps. Be sure to change the nondefault location of the Stest folder used below to match your requirements.

New-Item -Path C:StestSYSVOLdomainscripts -ItemType Directory

New-Item -Path C:StestSYSVOLdomainpolicies -ItemType Directory

New-Item -Path C:StestSYSVOLstagingdomain -ItemType Directory

New-Item -Path C:StestSYSVOL’staging areas’ -ItemType Directory

New-Item -Path C:StestSYSVOLsysvol -ItemType Directory

Re-create the directory junction points. Map SYSVOLdomain (source folder) to SYSVOLSYSVOL and SYSVOLstagingdomain (source folder) to SYSVOLstaging areas.

You need to run mklink as administrator from a command prompt, rather than PowerShell:

C:Windows>mklink /J C:stestSYSVOLSYSVOLsphinx.org C:stestSYSVOLdomain

Junction created for C:stestSYSVOLSYSVOLsphinx.org <<===>> C:stestSYSVOLdomain

C:Windows>mklink /J “C:stestSYSVOLstaging areassphinx.org” C:stestsysvolStagingdomain

Junction created for C:stestSYSVOLstaging areassphinx.org <<===>> C:stestsysvolStagingdomain

Set the following permissions on the SYSVOL folder:

NT AUTHORITYAuthenticated Users                           ReadAndExecute, Synchronize

NT AUTHORITYSYSTEM                                                        FullControl

BUILTINAdministrators           Modify, ChangePermissions, TakeOwnership, Synchronize

BUILTINServer Operators                                   ReadAndExecute, Synchronize

Inheritance should be blocked.

If you don’t have a backup of the GPOs, re-create the default GPOs with the DCGPOFIX utility, and then re-create your other GPOs.

You may need to re-create the SYSVOL share (See Figure 1). Set the share permissions to the following:

Everyone: Read

Authenticated Users: Full control

Administrators group: Full control

Set the share comment (description) to Logon server share.

Check that the NETLOGON share is available. It remained available during my testing process, but you may need to re-create it. 

Share permissions for NETLOGON are the following:

Everyone: Read

Administrators: Full control

You should be able to restart replication.

How to restart Active Directory replication

Start the DFSR service and reenable DFSR on the authoritative server:

Start-Service  -Name DFSR

Get-ADObject -Identity “CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=TTSDC01,OU=Domain Controllers,DC=Sphinx,DC=org” -Properties * | Set-ADObject -Replace @{‘msDFSR-Enabled’=$true}

Run the following command to initialize SYSVOL:

DFSRDIAG POLLAD

If you don’t have the DFS management tools installed, run this command from a Windows PowerShell 5.1 console:

Install-WindowsFeature RSAT-DFS-Mgmt-Con

The ServerManager module cannot load into PowerShell Core at this time.

Start DFSR service on other domain controllers:

Start-Service -Name DFSR

Enable DFSR on the nonauthoritative domain controllers. Check that replication has occurred.

Get-ADObject -Identity “CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=TTSDC02,OU=Domain Controllers,DC=Sphinx,DC=org” -Properties * | Set-ADObject -Replace @{‘msDFSR-Enabled’=$true}

Run DFSRDIAG on the nonauthoritative domain controllers:

DFSRDIAG POLLAD

The results might not be immediate, but replication should restart, and then SYSVOL should be available.

The process to rebuilding the SYSVOL tree is not something that occurs every day. With any luck, you won’t have to do it ever, but it’s a skill worth developing to ensure you can protect and recover your Active Directory domain.

Go to Original Article
Author: