Promoting cloud in a risk-averse organization
Our organization, like most large public bodies, is locked into formal bureaucratic procedures and, by general standards, is highly risk-averse. In addition, like other organizations of the United Nations System, it has a unique attribute which makes moving to the cloud a much greater leap than for most other organizations: UN System organizations enjoy a special status.
In the aftermath of World War II, countries negotiating the Charter for the future United Nations agreed the organization should be in a position to function without interference from any single Member State. For this reason, a regime of privileges and immunities was developed. It is this special legal regime that ensures UN organizations are immune from the jurisdiction of national courts, that their premises cannot be entered by national enforcement agencies without their consent, and that their archives – including their data – cannot be accessed without their agreement.
To read this article in full or to leave a comment, please click here
Plans for 2017
With January 6th the Christmas/New Year holidays are over even for most European countries, so it’s time to restart my blog and set some goals for 2017.
Webinars
2015 was year of SDN, 2016 was year of network automation, and 2017 is shaping up to be the year of the cloud.
Read more ...Aerohive’s Private Pre-Shared Key Technology
A fairly common question I get asked when talking to people about Aerohive Networks is “what makes us different?” In other words, why should they choose Aerohive to replace their existing wireless vendor? It is a fair question. After all, plenty of vendors sell APs that can serve the most basic wireless needs. All of the vendors I compete with do a lot of the same things when it comes to general wireless.
One of the things I like to talk to potential customers about is Aerohive’s Private Pre-Shared Key(PPSK) technology. For some organizations, PPSK is not something they are interested in. Maybe they already have a pretty solid 802.1X implementation and don’t have a need for WPA2 Personal(pre-shared key) security on their wireless network. That’s perfectly fine in my book. I have other things I can always talk about with regard to an Aerohive solution. For quite a few organizations though, they see the advantage of PPSK over standard pre-shared key implementations and jump right in to using it. I wanted to briefly discuss what PPSK is and how it can be utilized with an Aerohive solution. No configuration screenshots or long demonstration videos. Just a basic Continue reading
General – Happy New Year!
Happy new year to all the readers of the blog!
I’ve been lacking the time to update the blog lately which I’m sorry for. Work is keeping me busy with some interesting projects. I hope to get a bit more frequent with the updates and maybe do smaller posts than my traditional larger ones.
For 2017 I’m going to focus on a few different areas to stay sharp and broaden my skillset a bit.
Wireless – I haven’t worked much with wireless and I’m going to upskill in this area to be able to understand the wireless requirements better when designing enterprise networks.
Datacenter – There are a lot of DC projects right now. Many companies are at the end of their Catalyst 6500 lifecycle and are looking for new solutions in the datacenter. Cisco’s Application Centric Infrastructure (ACI) is a hot topic right now. I’ll probably be working more on DC projects and ACI in 2017.
Python – In my role as a network architect I don’t really have the need to do a lot of programming but I want to keep the brain sharp and know the basics of Python. I can use it to automate boring things Continue reading
2017 CCDE Exam Dates
2017 CCDE Exam dates has been announced.There are four CCDE exam every year. More precisely there are four CCDE Practical/Lab exam every year. There is no limitation for the CCDE Written exam. You can join CCDE Written exam anytime in any Pearson Vue Center. It is not only 4 times in a year. CCDE Practical […]
The post 2017 CCDE Exam Dates appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.
Is Cisco CCDE exam harder than CCIE ?
Is Cisco CCDE exam harder than CCIE exam ? This is one of the most commonly asked questions by the CCDE candidates. Short answer is no. But, you should know the differences between the CCIE vs. CCDE as well. CCDE exam is scenario based. You have four scenarios which is called as Lab or practical […]
The post Is Cisco CCDE exam harder than CCIE ? appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.
Musing: Norton Core Router | Introducing the Future of WiFi.
We set out to change WiFi forever. Our uncompromising vision: a wireless router that secures your digital life, while delivering the highest level of performance. The result is Norton Core. Core uses advanced machine learning and Symantec’s global intelligence network to defend your home WiFi—and every device connected to it—against malware, viruses, hackers and much more.
Powerful, secure WiFi is now a thing.
- We know that Norton produces sub-standard, low quality, deeply insecure anti-virus & malware desktop software. How good do you think this is ?
- Want to bet that no one cares and the branding plus a lot of marketing dollars will make it successful
- Attempting to be a full security suite in a single box. Oh, and WiFi.
- Enterprise-grade security features can now be offered to retail customers – (Enterprise comes last)
- Uses cloud for intelligence and threat analysis to power the security engine. Reuse of existing technology means its cheap and profitable.
- MIMO is hard, beam forming is really hard. I’m doubtful that Norton could get this right the first time (or at all).
- Lots of effort has been spent to make it look nice. Which is nice.
- Its probably better than nothing (which is what you really Continue reading
Response: XenDesktop and XenApp Interoperability with VMware NSX
Citrix and NSX integration to build departmental isolation between VDI desktops.
In this blog, I am going to focus on XenDesktop, NetScaler and NSX interoperability. I will discuss a field use case, see how to implement that in VMware NSX for XenDesktop and then look at a few micro-segmentation deployment scenarios, to showcase how XenDesktop and NetScaler in conjunction with NSX provides a compelling deployment model.
The ability to isolate and control desktops represents a major security and integrity enhancement. Using a Netscaler provides a single point of access into the data centre and can be integrated into the NSX overlay.
Adding NetScaler in this deployment would simplify the set up and allow the users of all the airlines (or tenants) access the same landing URL and still have complete isolation from each other’s data and resources.
Observation: NSX is an automation tool for connectivity between end points and offers isolation/segmentation as service. Added to Netscaler, we get orchestration to produce greater business benefits because the XenDesktop & NSX becomes a unified service.
No specific provisioning to make this happen. Thats an SDN outcome.
XenDesktop and XenApp Interoperability with VMware NSX | Citrix Blogs
ASA Pro Tip — A Better Prompt
The Cisco ASA FW has a simple and robust failover mechanism. It works so well that sometimes an administrator may not realize that the load has moved from the primary device to the secondary device. When connecting to the IP address, the primary IP address for the interface follows the active unit. So it is even possible to be logged in to a different Firewall than the administrator thinks they are in.
This can easily be determined by doing a show failover. In the output, it is easy to see if the unit is the Primary or Secondary (configured state) and Active or Standby (operational state). Since the ASA Failover is not preemptive, any glitch moving the load to standby will result in the load remaining there (unless there is a subsequent failure or manual failback).
Given the fact that I am a huge fan of situational awareness, I like to reflect the state in the CLI prompt. This is a simple configuration change.
asav-1# asav-1# conf t asav-1(config)# prompt hostname priority state asav-1/pri/act(config)# exit asav-1/pri/act#
As can be seen above, a simple configuration change results in the ASA displaying its hostname, configured priority and operational state.
Disclaimer: This Continue reading
Monitoring SNMP less devices with ease
Monitoring SNMP less devices with ease
In the consumer world you will likely encounter networking devices that don’t have a easy way to poll for their network stats, or in some cases you hate <abbr style=“border-bottom: 1px dotted green;” title=“S
Holiday DDoS Attacks: Targeting gamers (and five things you can do about it)
Over the past few years, a new tradition has emerged, the Holiday DDoS Attack.
Ryan Polk
ASA Active/Standby with BDI/BVI
I see a lot of ASA designs and they are typically flanked with switches. One of the reasons for this is that the failover requirements typically dictate that the devices to be layer 2 adjacent in each security zone. There is obviously the requirement to be L3 directly connected to their next hop. The result of this requirement that an ASA can’t typically be directly connected directly to an L3 only device and it is often the case that a switch is sandwiched between the FW and the next L3 device.
This article is meant to outline a possible work around with IOS and IOS-XE based routers to provide the L2 two adjacency using inherit L2 features. Readers may use these sample configurations to build out there own labs and more fully validate the applicability the their environment.
TL;DR–BDI and BVI allow ASA A/S to function properly in my testing.
The Topology
Below is the topology that used for validating this. In a real world scenario it is less likely that routers would be the connection point on all interfaces. The reason I positioned them here is to demonstrate both IOS and IOS-XE techniques in the same lab.
Solution Overview
How To Wade Through 100s Of Articles Weekly
The writing masses in addition to professional media generate tons of articles each week. What’s the best way to keep up? My strategy is multi-pronged.
TL;DR.
Filter quickly and mercilessly. Read only the most interesting articles.
- Know why you read. Ignore content that doesn’t align with your personal consumption goals.
- Ignore content with clickbait titles. These articles are purposely designed to drive traffic, generating salable ad impressions. Most of the time, they are content-free and safely ignored.
- Have no fear of declaring amnesty. Missing out doesn’t matter.
- Read it now; you probably won’t read it later. Don’t let articles pile up for when you have a better time.
- Use tools effectively. You can get through content more quickly and share or save the best stuff easily.
Know why you read.
Keeping up with technology is a big part of my business. Therefore, I subscribe to feeds about emerging tech from news organizations, independent tech writers, and technology vendors. From these sources, I monitor trends and hype, picking out what strikes me as useful or at least thought-provoking for IT practitioners. Articles that match this criteria inspire articles of my own as well as podcast scripts, and spawn research projects. My overarching goal is Continue reading