Category: Cisco

  • From UCSM Managed Mode to Intersight Managed Mode with the IMM Transition Tool

    From UCSM Managed Mode to Intersight Managed Mode with the IMM Transition Tool

    If you have run Cisco UCS for any length of time, you know the building blocks by heart: policies, profiles, and templates managed through UCS Manager. Intersight Managed Mode keeps those exact concepts but moves the control point into Intersight. The good news is that you do not have to rebuild a domain by hand to get there. Cisco ships a free virtual appliance, the Intersight Managed Mode Transition Tool, that reads your live configuration, converts it, and in its newest mode performs the cutover for you.

    This post walks through what the tool does, how UCSM Managed Mode and Intersight Managed Mode differ, and the full in place migration flow as it actually runs, including the few manual gates that catch people the first time.

    At a glance

    IMM is a software stack for Fabric Interconnects that puts UCS configuration and lifecycle under Intersight instead of UCS Manager.

    The IMM Transition Tool is an OVA you deploy on vSphere. It replicates UCSM or UCS Central configuration and converts Service Profiles and Templates into Server Profiles and Templates.

    Identities carry over. UUIDs, MAC addresses, WWNNs, WWPNs, IQNs, and IP addresses are preserved so a migrated server keeps its identity.

    The tool offers five transition types. The headline one, In-Place UCS Domain Migration, automates fetch, convert, push, backup, erase, setup, claim, and domain deploy. You finish by deploying server profiles manually.

    Latest release is 5.1.3 (January 2026). The automated in place migration arrived in 5.0.1.

    UMM and IMM are the same parts, arranged differently

    UCSM Managed Mode, often shortened to UMM, is the model most of us have run for years. An administrator builds policies, rolls them into a service profile, optionally wraps that in a template, and applies it to a server. Each domain is configured on its own, and the configuration lives on the Fabric Interconnects under UCS Manager.

    Intersight Managed Mode reuses the same vocabulary. You still have policies, profiles, and templates. What changes is where they live and how they are reused. In IMM, those objects sit in Intersight and can be shared across many servers and many domains from one place. The Fabric Interconnects run a new software stack built on a Redfish based standard model, and Intersight becomes the single pane that supervises both standalone servers and Fabric Interconnect attached systems. Your existing knowledge carries over. You are applying what you already know in a more modular, more scalable structure.

    Comparison of UCSM Managed Mode and Intersight Managed Mode management models
    UMM versus IMM. Same building blocks, different center of gravity. In UMM the configuration is built and held per domain. In IMM the same objects live in Intersight and are reused across many servers and domains.
    DimensionUCSM Managed Mode (UMM)Intersight Managed Mode (IMM)
    Control pointUCS Manager on the Fabric InterconnectsIntersight, SaaS or appliance
    Building blocksPolicies, profiles, templatesPolicies, profiles, templates (same concepts)
    Reuse modelPer domain configurationObjects shared across servers and domains
    Server objectService Profile and Service Profile TemplateServer Profile and Server Profile Template
    UnderpinningUCS Manager object modelRedfish based standard model
    Scope of viewDomain by domainStandalone and Fabric Interconnect attached, one pane

    What the IMM Transition Tool actually does

    The tool is a prebuilt virtual appliance. You point it at a running UCS Manager domain or a UCS Central instance and it fetches the entire configuration and inventory over HTTPS. From there it validates hardware and software compatibility against Intersight, converts the logical objects, and can push the result into your destination Intersight account.

    The conversion does two things that matter for a clean cutover. First, it maps the Service Profile model onto the Server Profile model, including the policies and pools attached to each profile. Second, and this is the part that lets a physical server keep working after the move, it preserves the configuration identifiers that a server gets from its profile. That means UUIDs, MAC addresses, WWNNs, WWPNs, IQNs, and IP addresses come across rather than being regenerated.

    How the IMM Transition Tool converts Service Profiles and Templates to Server Profiles and Templates
    Conversion at a glance. Service Profiles and Templates become Server Profiles and Templates. Attached policies and pools come with them, and the server identities are preserved rather than reissued.

    Five transition types, one tool

    When you click Add IMM Transition, you pick a transition type. They range from a read only assessment to a fully automated cutover. Choosing the right one is the first real decision in any project.

    Transition typeWhat it does
    Generate Readiness ReportAssessment only. Produces the compatibility and readiness summary for a UCS Manager domain or a UCS Central configuration. Nothing is pushed.
    Generate Readiness Report + Push Config to IntersightConverts the configuration and pushes it into Intersight, building the policies, pools, profiles, and templates in your account without touching the source domain.
    In-Place UCS Domain MigrationAvailable from release 5.0.1. The automated end to end path. Fetches and converts, backs up UCSM, erases or changes the mode on the Fabric Interconnects, runs initial setup, claims them, then assigns and deploys the domain profile.
    Clone IntersightCopies configuration from one Intersight account to another, across SaaS, Connected Virtual Appliance, and Private Virtual Appliance accounts.
    Upload Configuration + Push to IntersightTakes a JSON configuration file you provide and pushes it straight to Intersight.

    Conversion versus in place

    The push only conversion stands up your configuration in Intersight alongside the running UCSM domain, which suits a side by side or staged adoption. The in place migration is the one that actually moves an existing domain over and reconfigures the hardware in IMM. Use the readiness report first either way. It is the same engine under both, and it tells you what will and will not convert before anything changes.

    Before you start

    Sizing and connectivity

    The appliance is modest. The minimum is 2 vCPUs, 8 GB of RAM, and 100 GB of storage, with an optional extra 10 GB to 5000 GB if you plan to use the built in Software Repository for OS and firmware images. Plan the network for the ports the tool needs.

    • TCP 443 (HTTPS) for the tool UI and for talking to UCS Manager, UCS Central, and Intersight.
    • TCP 22 (SSH) for troubleshooting and advanced configuration.
    • DNS on TCP and UDP 53, and NTP on UDP 123.
    • For an in place migration specifically, both 443 and 22 must reach each Fabric Interconnect IP. The tool uses them for the erase, setup, and claim steps.

    Supported source versions are UCS Manager 3.2(1d) or later and UCS Central 2.0(1a) or later. The appliance is delivered as an OVA at virtual hardware version 11 and runs on ESXi 6.0 or later.

    Three gates that catch people on an in place run

    These come straight from a real run of the tool. Handle them before you reach the erase step or the validation will stop you.

    Unclaim the domain first. The source UCS Manager domain must not already be claimed by the destination Intersight account. If it is, the pre assignment of server profiles to server serial numbers will not work. Unclaim it from Intersight before you start, and confirm in the UCS Manager device connector that it shows unclaimed.

    Set the password encryption key. If you want passwords in converted policies to remain intact, set the password encryption key in UCS Manager and remember it. From UCS Manager 4.2(3d) and later you cannot create or import a backup configuration without it, and the in place flow takes a full state backup.

    Power off the servers. The erase validation requires every server in the domain to be powered off so the domain is in a clean state before it is reconfigured in IMM. Shut them down cleanly and retry the validation if it flags one.

    HyperFlex

    If your UCSM domain has any HyperFlex cluster deployed, do not migrate it to IMM. HyperFlex servers are not currently supported in Intersight Managed Mode.

    Deploying and reaching the appliance

    Download the OVA from the UCS Tools page at ucstools.cloudapps.cisco.com, then deploy it through vCenter. Direct deployment from an ESXi host is not supported and tends to fail, so use the vSphere Web Client.

    1. Deploy the OVF template. In the vSphere Web Client, right click the host or cluster, choose Deploy OVF Template, and point it at the downloaded OVA.
    2. Customize the template. Enter the network settings and set the system password. The NTP field is mandatory and defaults to ntp.ubuntu.com. Set the Software Repository disk size if you want it, between 10 and 5000.
    3. Finish, power on, and open the console to confirm the VM is up.
    4. Sign in. Browse to https://<VM IP>. HTTP redirects to HTTPS. Log in as admin with the password you set during deployment. The session times out after 30 minutes of inactivity.

    An auto generated default password is substituted into converted policies that carry secrets, such as Virtual Media and iSCSI Boot, and a separate one is used for Mutual CHAP in iSCSI Boot. Plan to reset those on the converted policies after they land in Intersight.


    The in place migration, step by step

    This is the path that moves a live domain. The tool drives the sequence, pausing at the points where you need to make a decision or take a manual action. The flow below groups the work into four phases.

    In place UCS domain migration workflow in four phases: prepare, convert, cut over, activate
    The in place migration in four phases. Prepare the environment, convert and push the configuration, cut over the Fabric Interconnects, then activate the servers. Everything through server discovery is automated; deploying the server profiles is the manual finish.

    Phase 1: Prepare

    This is the work you do in UCS Manager and Intersight before you open a transition. Unclaim the source domain from the destination Intersight account, set the password encryption key in UCS Manager, confirm that 443 and 22 reach both Fabric Interconnects, and power off every server in the domain. The first three save you from a failed validation later. The power off is enforced at the erase step.

    Phase 2: Convert and push

    Now you build the transition. Click Add IMM Transition, name it, choose In-Place UCS Domain Migration, and the tool shows a short guided tour of the steps before you Start.

    1. Add the source. Select an existing UCS Manager device or add a new one with its IP or FQDN, username, password, and a user label. Refresh so the latest configuration and inventory are pulled in. On a sizeable domain this takes a few minutes, with progress shown on the right.
    2. Add the destination. Choose an existing Intersight account or add a new one. A new SaaS or appliance account needs an API Key ID and Secret Key, which you generate in Intersight under Settings, API, API Keys. For SaaS you also pick the region, US or EU.
    3. Set the transition settings. Tags, fabric policy targets, and profile options live here. From release 5.1.2 the tool can configure vCon to PCI slot mappings automatically.
    4. Select profiles and templates. All are selected by default. The tool warns on profiles in an invalid state, such as a pending reboot or a configuration failure, and warns again if you push more than 100 profiles.
    5. Map organizations. Choose Default Mapping to mirror your UCS org names into Intersight, or Advanced Mapping to fold several UCS orgs into one Intersight org. In a simple lab you might map root straight to the default Intersight org.
    6. Generate and read the report. The readiness report is produced once and cannot be regenerated for that config, so review it carefully. Errors must be resolved before you continue. Warnings can be acknowledged, but understand each one first.
    7. Push the configuration. The converted objects are committed to Intersight. The push summary marks each object Success, Skipped, or Failed, with a detail view per object.

    Phase 3: Cut over the Fabric Interconnects

    This is the irreversible part, which is why the tool takes a backup first.

    1. Backup. A full state backup of the UCSM setup is taken so a rollback is possible. Download it and keep it somewhere safe.
    2. Erase or change mode. Two options. Erase Configuration resets the Fabric Interconnects to factory defaults and then reconfigures them in IMM, with initial setup done by DHCP or manually on the console. Change Mode switches the Fabric Interconnects to Intersight Managed Mode on reboot with no initial setup at all, which removes the DHCP and console work. Change Mode needs FI firmware 4.3(5c) or later and the tool at 5.0.3 or later. Before either runs, the tool validates that servers are powered off, the domain is unclaimed, and both protocols reach both FIs.
    3. Initial setup. If you chose Erase and have DHCP, enter the IP details and the tool completes setup automatically. Without DHCP, connect a console cable to each Fabric Interconnect and enter the values the tool displays, the management IP, subnet, gateway, and DNS, one FI at a time.
    4. Claim to Intersight. The tool claims the Fabric Interconnects, with an optional proxy if your device connectors need one.

    Phase 4: Activate

    With the Fabric Interconnects claimed, the tool assigns and deploys the converted domain profile, then triggers discovery so the servers appear in Intersight.

    The one manual step at the end

    After discovery, the tool stops. The server profiles are pre assigned to the server serial numbers, but deployment is not automated. You power on each server and deploy its server profile to finish the move. From release 5.1.3 there is also an optional step to push equipment specific items such as chassis and server labels, tags, and SPAN sessions, once the equipment is claimed and discovered.

    Reading the readiness report

    The report is the same engine behind every transition type, and it is where you decide whether a domain is ready. It is organized into a few sections.

    • Conversion score. Score meters for hardware compatibility and fabric configuration, both for UCS Manager domains, and for server policy configuration. The rating reads as Excellent, Very Good, Good, or Poor. Cisco notes the rating reflects general cases, so read the detail for your environment.
    • Overall summary. The attention points list the errors and warnings to address first. Errors are unsupported elements; warnings are elements that cannot be fully converted. Hardware compatibility shows pie charts per component, where green is compatible, orange means a firmware upgrade is needed, and red means not currently compatible. The config conversion summary maps each source object to its converted Intersight object.
    • Hardware compatibility detail. Component by component tables for Fabric Interconnects, chassis, racks, adapters, and the rest, color coded the same way.
    • Config conversion detail. Per object tables showing the attributes used, the source to destination mapping, and boot order, with the same warning and error coding.
    • Source config reference. The pool details from the source domain, including which IP addresses are assigned to which service profiles and physical servers.

    A note on timing

    Report generation and the push are not instant. On a large UCS Manager configuration with many connected servers, Cisco warns that some operations can take more than an hour. Plan your maintenance window with that in mind rather than assuming a few minutes.

    Which path should you take

    If you are assessing, start with Generate Readiness Report. It is free of risk and it tells you where the firmware upgrades and the unsupported objects are. If you are adopting IMM gradually or building a new account, the conversion with push lets you stand everything up in Intersight while the UCSM domain keeps running. When you are ready to actually move a domain and reconfigure its hardware, the in place migration is the path that does it, with backup and validation built in. In every case, let the readiness report guide the work. It is the cheapest hour you will spend on the project.

    The headline is simple. The concepts you already know in UCS Manager carry directly into Intersight Managed Mode, and the transition tool removes most of the manual conversion and a good deal of the risk. The parts that stay in your hands are the preparation gates and the final server profile deployment, and both are easy once you know they are coming.


    Source material for this walkthrough: the Cisco Intersight Managed Mode Transition Tool User Guide, 5.x, and the Release Notes for the IMM Transition Tool, current to release 5.1.3, dated January 2026. Verify exact behavior against the documentation for the specific release you deploy, since features and limits change between point releases.

  • Deploying Nutanix AHV with Pure Storage FlashArray: A Practical Field Guide

    Deploying Nutanix AHV with Pure Storage FlashArray: A Practical Field Guide

    Author: Javier Rodriguez, Managing Technical Architect, ePlus Technology  |  javier.rodriguez@eplus.com

    Why This Architecture Matters Now

    For years, Nutanix was almost synonymous with HCI, where compute and storage live together in the same nodes. That model works exceptionally well for general-purpose workloads, but it has always had a ceiling: when you need more storage capacity or performance, you also have to buy more compute, whether you need it or not.

    The formal partnership between Nutanix and Pure Storage, announced at .NEXT 2025 in May, changes that equation. Nutanix AHV can now run as a compute only platform backed by Pure Storage FlashArray over NVMe/TCP. Each Nutanix AOS vDisk maps directly to a FlashArray volume, which means per VM granularity for snapshots, quality-of-service controls, and replication. You get the operational simplicity of Prism as a unified management plane while the FlashArray handles the storage heavy lifting underneath.

    This post walks through what it actually takes to build that environment, based on the Cisco FlashStack with Nutanix Installation Field Guide (v1.0, December 2025) and supplemental information from Nutanix and Pure Storage documentation.


    Architecture Overview

    The deployment model covered here uses Cisco UCS servers (X-series, C-series, or B-series) as compute only nodes, managed by Cisco Intersight in Intersight Managed Mode (IMM). The nodes connect to Cisco UCS Fabric Interconnects (FIs), and those FIs connect upstream to top of rack switches. The Pure Storage FlashArray sits off to the side as a dedicated external storage array, connected to those same ToR switches over NVMe/TCP.

    • No local storage is used for AOS datastores. The nodes are diskless or have local drives used only for the hypervisor boot.
    • Storage traffic travels over dedicated VLANs and dedicated vNIC pairs, separate from management and guest VM traffic.
    • The Nutanix Controller VM (CVM) on each node handles the NVMe/TCP initiator connections to the FlashArray automatically. Administrators do not need to manually configure NVMe initiators.
    • Prism Central (or Prism Element) is the primary management interface for the cluster, while Cisco Intersight manages the UCS hardware layer.

    Software Version Requirements

    Before any hardware gets racked, confirm that all components meet the minimum software versions. Using mismatched versions is one of the most common causes of failed deployments.

    ComponentMinimum VersionNotes
    Nutanix AOS7.5 or later
    Nutanix AHV11.0 or later
    Foundation Central1.10 onlyDo not use 2.x at this time
    Prism Central7.5 or laterRequired for Licensing
    Nutanix LCM3.3Included with AOS 7.5
    Pure Storage Purity/FA6.10.3 or laterUpgrade must be done before installation begins
    Cisco Fabric Interconnect4.3(4.240066) or later
    Cisco Intersight Virtual Appliance1.1.5-1 or laterOlder CVA/PVA versions will cause failures
    Cisco UCS X210c-M7 Firmware5.4(0.250048) or later
    Cisco UCS C-series M6/M7 Firmware4.3(6.250053) or later
    Cisco UCS B-series M5/M6 Firmware5.3(0.250021) or later

    Important: Only Foundation Central version 1.10 should be used. The Appliance VM version 2.x is explicitly not supported for this deployment type. Do not use it.


    IP Address Planning

    IP address planning should be completed before any configuration begins. Retrofitting addressing after the fact wastes time and introduces risk.

    Infrastructure

    • 2 addresses for the Fabric Interconnects
    • 1 address for the Foundation Central Appliance VM
    • 1 optional address for Prism Central / Foundation Central VM

    Per Nutanix Host (five addresses each)

    1. AHV hypervisor management address
    2. Controller VM (CVM) management address
    3. CIMC management address (assigned as a pool in Intersight)
    4. Storage interface address, VLAN 1 (assigned as a pool in Prism Element)
    5. Storage interface address, VLAN 2 (assigned as a pool in Prism Element)

    Pure Storage FlashArray (seven addresses)

    • 1 per controller management interface
    • 1 roaming array management address
    • 1 per NVMe/TCP storage interface (minimum 4 across two controllers and two VLANs)

    Storage addresses must be Layer 2 adjacent to the hosts and cannot traverse a router. Use two separate storage VLANs, one for the A side controller interfaces and one for the B side.


    Step 1: Pure Storage FlashArray Configuration

    The FlashArray setup is best done via CLI. Some configuration tasks cannot be completed through the Purity GUI. This assumes the array is already racked, cabled, powered on, and reachable on its management network, with Purity/FA 6.10.3 or later already running.

    Enable and Configure NVMe/TCP Interfaces

    Four Ethernet interfaces need to be assigned to NVMe/TCP. The example below uses interfaces eth10 and eth11 on each controller.

    # Enable the four storage interfaces
    purenetwork eth enable ct0.eth10
    purenetwork eth enable ct0.eth11
    purenetwork eth enable ct1.eth10
    purenetwork eth enable ct1.eth11
    # Assign addresses, MTU 9000, and NVMe/TCP service
    purenetwork eth setattr --address 10.1.61.100/24 --mtu 9000 --servicelist nvme-tcp ct0.eth10
    purenetwork eth setattr --address 10.1.62.100/24 --mtu 9000 --servicelist nvme-tcp ct0.eth11
    purenetwork eth setattr --address 10.1.61.101/24 --mtu 9000 --servicelist nvme-tcp ct1.eth10
    purenetwork eth setattr --address 10.1.62.101/24 --mtu 9000 --servicelist nvme-tcp ct1.eth11

    Use MTU 9000 (jumbo frames) wherever possible. If jumbo frames are not supported end to end in your network, set MTU to 1500 and ensure consistency across all components.

    Create the Realm, Pod, and Administrative User

    # Create the Realm for RBAC segmentation
    purerealm create <realm_name>
    # Create a Pod within the Realm for this Nutanix cluster
    purepod create <realm_name>::<pod_name>
    # Create the management access policy granting admin rights to the Realm
    purepolicy management-access create --role admin --realm <realm_name> <policy_name>
    # Create the user Nutanix will use to authenticate to the array
    pureadmin create <username> --access-policy <policy_name>

    Important: Set a storage quota on the Pod after creation. Without a quota, the array will not accurately report available storage to Nutanix.


    Step 2: Cisco UCS and Intersight Configuration

    Configure Fabric Interconnect A first via serial console or HTTPS Express Setup, setting the management mode to Intersight. After FI-A shows a login prompt, configure FI-B. FI-B will detect the peer and prompt to join the cluster.

    Once the FIs are up, log into Cisco Intersight and claim the UCS domain using the Device ID and Claim Code from the FI web console. Create Resource Groups and an Organization, create and deploy a Domain Profile to the Fabric Interconnects, and set the System QoS Best Effort MTU to 9216 to allow jumbo frames.

    This is where compute only Nutanix deployments require careful attention. Each server needs at least two vNIC pairs: an infrastructure pair for AHV and CVM management traffic, and a dedicated storage pair carrying the NVMe/TCP storage VLANs.

    Infrastructure vNIC naming is case sensitive. Foundation Central will reject the deployment if these names are wrong. For a single VIC server use ntnx-infra-1-A on Slot MLOM, PCIe Order 0, Fabric A, Failover disabled and ntnx-infra-1-B on Slot MLOM, PCIe Order 1, Fabric B, Failover disabled.


    Step 3: Foundation Central Deployment

    For first-time cluster deployments with no existing Nutanix infrastructure, the Appliance VM is the simplest path. Deploy it with 2 vCPUs and 4 GB RAM with a static IP address. DHCP is not supported. Run the setup script from the local console after booting and access the GUI at https://<FC_IP>:9440.

    Upload the AOS installation package, its metadata JSON file, and the AHV ISO via API calls to the Appliance VM. Retrieve the hosted file URLs by browsing to http://<FC_IP>:8053/files/images and enter those URLs into the cluster deployment wizard.


    Step 4: Nutanix Cluster Deployment

    Connect Foundation Central to Cisco Intersight by entering the API Key ID and Secret Key under Settings. The API key user must have at minimum Server Administrator privileges in the relevant Intersight Organization.

    1. Onboard the Cisco UCS servers by selecting Intersight Managed Mode and choosing the target nodes
    2. Select the onboarded nodes and click Create Cluster
    3. Select Compute Cluster (not HCI Cluster, since there is no local storage)
    4. Configure the infrastructure vNIC pair and at least one dedicated storage vNIC pair
    5. Assign IP addresses and hostnames. Use Bulk Configuration to set sequential addresses efficiently
    6. Enter the download URLs for AOS, the AOS metadata file, and the AHV ISO
    7. Set NTP servers, DNS servers, and timezone
    8. Select the Foundation Central API Key and click Create Deployment

    Deployments without firmware changes typically complete in 75 to 90 minutes. If firmware upgrades are required, add 60 to 90 minutes.


    Step 5: External Storage Connectivity

    After the Nutanix cluster is up and accessible in Prism Element, select I’ll Do This Later when prompted to set up external storage. The virtual switch configuration must be done first.

    1. Edit the default virtual switch vs0 to remove any storage vNICs, leaving only the infrastructure vNIC pairs as uplinks
    2. Create a new dedicated storage virtual switch, assign it the storage vNIC pair, set MTU to 9000, and Bond Type to Active-Active with MAC pinning
    3. Create one External Storage Interface per storage VLAN, associated with the new storage virtual switch, with an IP pool large enough for one address per node plus room for growth. Enable the External Storage option and set MTU to 9000.

    Before attaching the array, verify jumbo frame connectivity from the CVMs to all four FlashArray storage interfaces:

    ping -M do -s 8972 10.1.61.100
    ping -M do -s 8972 10.1.62.100
    ping -M do -s 8972 10.1.61.101
    ping -M do -s 8972 10.1.62.101

    All four tests should complete with 0% packet loss. From Prism Element, click Attach External Storage, select Pure Storage FlashArray, enter the clustered management IP, the Realm administrative username and password, select the Realm and Pod, and click Attach. The connection typically completes within 30 to 60 seconds.


    Step 6: Post-Installation Tasks

    Change the default passwords on three accounts on AHV (root, admin, and nutanix) and on the CVM nutanix account. Run the NCC password health check after: ncc health_checks system_checks default_password_check

    Run a full NCC health check from Prism Element and resolve all failures and warnings before the cluster goes into production. LCM 3.3 ships with AOS 7.5. Run an inventory job to see available Nutanix software updates. Note that LCM will not perform server firmware updates for compute only nodes connected to external storage.


    Things Worth Calling Out

    vNIC naming. The ntnx-infra-1-A and ntnx-infra-1-B names in the LAN Connectivity Policy are case sensitive. A single capitalization error will cause the deployment to fail at validation. Fix it in the Intersight policy and resubmit.

    Foundation Central version. Version 1.10 only. The Appliance VM version 2.x exists and is available, but it does not work with Cisco UCS hardware in this context. Do not use it.

    Jumbo frames. The MTU 9000 setting at the vNIC level and the virtual switch level only permits jumbo frames to pass; it does not enforce them. All switching infrastructure between the hosts and the FlashArray interfaces must also support 9000 byte frames. Use the ping test above to verify before attaching the array.

    Storage VLAN design. Use two separate storage VLANs, one for the A side controller interfaces and one for the B side. Storage addresses within each VLAN must be in the same Layer 2 domain as the hosts and cannot be routed.

    Pod quota. Without setting a storage quota on the Pure Storage Pod, Nutanix will not accurately display available storage capacity. Set it immediately after verifying the Realm and Pod are created.


    Summary

    The Nutanix AHV compute only model backed by Pure Storage FlashArray over NVMe/TCP represents a meaningful shift in how converged infrastructure is deployed. It separates the scaling concerns for compute and storage, delivers per VM storage granularity at the array level, and maintains a single management plane through Prism for day to day operations.

    The installation process involves more moving parts than a traditional HCI cluster. Cisco Intersight, Foundation Central, Purity CLI, and Prism Element all play distinct roles, and the sequencing matters. Following the steps in order and confirming each layer before moving to the next is the most reliable path to a successful deployment.

    For questions about this architecture or assistance planning a deployment, reach out at javier.rodriguez@eplus.com.

  • CCNA DevNet Study Guide – Describe parsing of common data format (XML, JSON, YAML) to Python data structures

    CCNA DevNet Study Guide – Describe parsing of common data format (XML, JSON, YAML) to Python data structures

    This is the second post in a series about the new CCNA DevNet certification (Previous Post Here). In this post, we will look at how to manage in Python the three formats that we previously discussed.

    Example of XML parsing in Python

    from __future__ import print_function
    import xml.etree.ElementTree as ET
    def main():
        # create element tree object
        with open('xmlfile.xml', 'r') as xmlFile:
            tree = ET.parse(xmlFile)
        # get root element
        root = tree.getroot()
        print("Root Tag: " + root.tag)
        print("Using a for Loop:")
        for child in root:
            print(child.tag)
            for attrib in child:
                print(attrib.tag, end=' ')
                print(attrib.text)
    
        print("Using Indexes:")
        print(root[0].tag)
        print(root[0][0].tag,end=' ')
        print(root[0][0].text)
        print(root[0][1].tag,end=' ')
        print(root[0][1].text)
    
        print(root[1].tag)
        print(root[1][0].tag,end=' ')
        print(root[1][0].text)
        print(root[1][1].tag,end=' ')
        print(root[1][1].text)
    
        print(root[2].tag)
        print(root[2][0].tag,end=' ')
        print(root[2][0].text)
        print(root[2][1].tag,end=' ')
        print(root[2][1].text)
    
        print("Other:")
        for hostname in root.iter('hostname'):
            print(hostname.tag,end=' ')
            print(hostname.text)
    
    if __name__ == "__main__":
        # calling main function
        main()

    Example run of the previous code:

    Root Tag: esx
    Using a for Loop:
    XX1
    hostname ESXi01
    ipaddress 10.10.10.101
    XX2
    hostname ESXi02
    ipaddress 10.10.10.102
    XX3
    hostname ESXi03
    ipaddress 10.10.10.103
    Using Indexes:
    XX1
    hostname ESXi01
    ipaddress 10.10.10.101
    XX2
    hostname ESXi02
    ipaddress 10.10.10.102
    XX3
    hostname ESXi03
    ipaddress 10.10.10.103
    Other:
    hostname ESXi01
    hostname ESXi02
    hostname ESXi03

    This is the XML file we used:

    <?xml version="1.0" encoding="UTF-8"?>
    <esx>
    <XX1>
    <hostname>ESXi01</hostname>
    <ipaddress>10.10.10.101</ipaddress>
    </XX1>
    <XX2>
    <hostname>ESXi02</hostname>
    <ipaddress>10.10.10.102</ipaddress>
    </XX2>
    <XX3>
    <hostname>ESXi03</hostname>
    <ipaddress>10.10.10.103</ipaddress>
    </XX3>
    </esx>

    To achieve something similar with the .json file we would use “import json”

    import json
    
    def main():
        with open('jason.json', 'r') as jsonFile:
            #load jason file
            myJasonFile = json.load(jsonFile)
        print(myJasonFile)
    
    if __name__ == "__main__":
        # calling main function
        main()

    And to parse YAML

    import yaml
    
    with open("yamlfile.yaml", 'r') as yamlFile:
        try:
            print(yaml.safe_load(yamlFile))
        except yaml.YAMLError as exc:
            print(exc)

    Let us read the RSS feed (XML) directly from a Website (https://vwannabe.com/feed/)*

    from urllib.request import urlopen
    from xml.etree.ElementTree import parse

    myURL = urlopen("https://vwannabe.com/feed/")
    myXML=parse(myURL)

    for item in myXML.iterfind('channel/item'):
    title = item.findtext('title')
    date = item.findtext('pubDate')
    link = item.findtext('link')

    print(title)
    print(date)
    print(link)
    print()

    *adapted from “Python – How to Read XML from URL?” by Vinish Kapoor

    This is the result of the previous code:

    CCNA DevNet Study Guide – Part 1
    Sun, 19 Jan 2020 17:17:45 +0000
    
    CCNA DevNet Study Guide – Part 1
    vSphere Upgrade 6.0 to 6.5 Fails with Replace Process Level Token error. Wed, 19 Jun 2019 15:32:13 +0000
    vSphere Upgrade 6.0 to 6.5 Fails with Replace Process Level Token error.
    Vembu now supports Hyper-V Cluster Thu, 01 Nov 2018 12:25:42 +0000
    Vembu now supports Hyper-V Cluster
    vCenter 6.7 upgrade walkthrough Fri, 20 Apr 2018 19:26:54 +0000
    vCenter 6.7 upgrade walkthrough
    Vembu Wed, 28 Mar 2018 19:11:09 +0000
    Vembu
    How to re-register the embedded VMware Update Manager (VUM) to its vCenter (VCSA) 6.5 Wed, 21 Feb 2018 23:06:36 +0000
    How to re-register the embedded VMware Update Manager (VUM) to its vCenter (VCSA) 6.5
    How to spin up a Linux instance in AWS Thu, 08 Feb 2018 20:57:06 +0000
    How to spin up a Linux instance in AWS
    CCNA Cyber Ops – SECOPS 1.0 Tue, 02 Jan 2018 20:23:21 +0000
    CCNA Cyber Ops – SECOPS 1.0
    Hacking Public Speaking Wed, 30 Aug 2017 16:50:28 +0000
    Hacking Public Speaking
    VMworld 2017 General Session Day Two Tue, 29 Aug 2017 17:44:05 +0000 https://vwannabe.com/2017/08/29/vmworld-2017-general-session-day-two/

    The CISCO Blueprint uses REST calls to a site and parses the JSON. You can find the example here. In the next port for this series, I will talk about “Describe the concepts of test-driven development”.

  • CCNA DevNet Study Guide – Part 1

    CCNA DevNet Study Guide – Part 1

    I will start a series of posts on the new CCNA DevNet certification. I will keep my SOP of going through the curriculum and google the concepts for you. I will try to include Youtube videos of some of the topics that have more hands-on exercises. The certification name is Cisco Certified DevNet Associate. The first topic if about software development and design. It includes some essential topics that I synthesize in the rest of this post.

    1.0 Software Development and Design – Compare data formats (XML, JSON, YAML)

    The formats XML, JSON, and YAML are data-serialization formats, from Wikipedia: In computer science, in the context of data storage, serialization (or serialisation) is the process of translating data structures or object state into a format that can be stored (for example, in a file or memory buffer) or transmitted (for example, across a network connection link) and reconstructed later (possibly in a different computer environment). When the resulting series of bits is reread according to the serialization format, it can be used to create a semantically identical clone of the original object.

    Mostly you will probably accomplish your task with any of the three. If you are a javascript developer, you will probably feel more comfortable with JSON (JavaScript Object Notation), or if you code in Python, you might stick to YAML (YAML Ain’t Markup Language). The XML (eXtensible Markup Language) format comes from the World Wide Web Consortium (W3C).

    One difference between them is the format used by each. The XML uses tags like HTML, JSON uses objects in attribute-value pairs, and YAML uses indentation like Python.

    Here is a JSON snippet that I use as part of the Cisco HyperFlex Installation.

    {
        "esx": {
            "XX1": {
                "ipaddress": "10.10.10.101",
                "hostname": "ESXi01"
            },
            "XX2": {
                "ipaddress": "10.10.10.102",
                "hostname": "ESXi02"
            },
            "XX3": {
                "ipaddress": "10.10.10.103",
                "hostname": "ESXi03"
            }
        }
    }
    

    The previous example means that I have something called “esx”, which is the Hypervisor, and that I have three of them (XX1-XX3). Each has an IP address and a hostname. In XML it should like this:

    <?xml version="1.0" encoding="UTF-8"?> 
    <esx> 
      <XX1> 
        <hostname>ESXi01</hostname> 
        <ipaddress>10.10.10.101</ipaddress> 
      </XX1> 
      <XX2> 
        <hostname>ESXi02</hostname> 
        <ipaddress>10.10.10.102</ipaddress> 
      </XX2> 
      <XX3> 
        <hostname>ESXi03</hostname>
        <ipaddress>10.10.10.103</ipaddress> 
      </XX3>
    </esx>
    

    And in YAML, it should be something like this:

    ---
    esx:
      XX1:
        ipaddress: 10.10.10.101
        hostname: ESXi01
      XX2:
        ipaddress: 10.10.10.102
       hostname: ESXi02
      XX3:
        ipaddress: 10.10.10.103
        hostname: ESXi03

    I used two free online tools to convert one format to the other.

    1. https://www.freeformatter.com/json-to-xml-converter.html
    2. https://www.json2yaml.com/

    It is recommended to use the builtin libraries and not make your own to avoid mistakes. For example, javascript uses the JSON.parse() method, and python uses the JSON library. Example of use of the JSON library:

    import json
    json_string = '{"name": "Jason", "last_name":"Parser"}'
    parsed_json = json.loads(json_string)
    print(parsed_json['name'])
    "Jason"

    That is all for this post, I will publish periodically to add more sections to the software development and design topic:

    • Describe parsing of common data format (XML, JSON, YAML) to Python data structures
    • Describe the concepts of test-driven development
    • Compare software development methods (agile, lean, waterfall)
    • Explain the benefits of organizing code into methods/ functions, classes, and modules
    • Identify the advantages of common design patterns (MVC and Observer)
    • Explain the advantages of version control
    • Utilize common version control operations with Git
  • Vembu now supports Hyper-V Cluster

    Logo_01

    With the release of Version 4.0, Vembu now extends support to Hyper-V cluster. Vembu already supports both physical and virtual environments, covering all your needs for backups and disaster recovery. Please check their website at https://www.vembu.com, and requested a demo to experience the different features here: https://www.vembu.com/vembu-product-demo/. There are a couple of new interesting features in version 4.0 that are worth trying, not to mention that the free tier comes with the protection of up to three VMs in your environment. One of these features is the Hyper-V cluster.

    Hyper-V Failover Cluster

    high-availability-with-v4.0

    To view the latest Webinars, including one on how to manage a High Available Cluster, check the upcoming webinars here: https://www.vembu.com/webinars/#

  • Vembu

    Vembu

    Logo_01

    Vembu is a Backup and Disaster Recovery company which extends it support to both physical and virtual environments at affordable pricing thus ensuring high availability of resources to data centers. Vembu BDR Suite is their current software offering that provides free Backup & DR solutions for VMware vSphere, Microsoft Hyper-V Virtual Machines, Physical Servers, Workstations, MS-Applications and SaaS applications (Office 365 and G Suite).

    Vembu BDR Suite of Products – categorized based on following environments

    Vembu VMBackup is an agentless backup solution for VMware vSphere Backup and Microsoft Hyper-V Backup. Vembu CBT driver along with the VSS technology for application consistency ensures up to 5 times improvement in performance over any other backup software.

    Vembu ImageBackup, a part of Vembu BDR Suite, provides backup and disaster recovery solution for Windows IT environments. Quick VM Recovery helps the businesses to achieve an RTO of less than 15 mins.

    Vembu NetworkBackup protects business data across File servers, Application servers and Endpoints can be protected. Vembu Universal Explorer is a free tool that is devised to provide Backup and Recovery to application files and folders.

    Vembu OffsiteDR allows users to replicate the backed up data from their primary on-site backup server to an offsite server location in a highly secure and reliable manner through  AES 256-bit encryption.

    Following are the collection of products under Vembu Cloud Services:

    Vembu CloudDR allows users to replicate your VMware, Hyper-V and Windows Server backup to Vembu cloud storage thus ensuring high protectivity.

    Vembu OnlineBackup lets you backup the data across File Servers, Application Servers and Endpoints in Vembu cloud residing on Amazon Web Services (AWS) through AES 256-bit encryption.

    Vembu SaaSBackup is designed to backup the Mails, Calendars, Contacts and Drives content of Office 365 and Google Apps. The data after the backup will be sent to the Vembu Cloud for storage over a secured network.

    Vembu BDR360  significantly increases administrator’s productivity by providing end to end visibility to all your IT environments. Thus, making it easier for the business to manage their overall  IT setup through an efficient report generation process.

    To Download the free trial version of Vembu BDR Suite click below: https://www.vembu.com/vembu-bdr-suite-download/

     Other Free Products offered by Vembu are as follows:

    Free Windows Workstations Backup

    Free File Backup of Workstations

    Free Vembu Universal Explorer

    Free Vembu Recovery CD

    Product Presentations and Webinars:

    Download the following Whitepapers for Free:

  • How to spin up a Linux instance in AWS

    How to spin up a Linux instance in AWS

    Amazon Web Services (AWS) has more than a thousand services, much of them are free to try and cost very little once you start paying. There are a few programs like pay as you go and reserve resources, in other words, it is incredibly convenient. In this post, I will provide a step by step guide on how to launch a Linux virtual machine and how to connect to it. First of all head to https://aws.amazon.com and create an account, if you don’t already have one, and click on the “Create an AWS Account” or “Create a Free Account” button.

     

    This slideshow requires JavaScript.

    Follow the wizard entering all the information like name, address, and email address. You’ll need a credit card to finish the registration, but don’t worry, as long as you use the Free Tier you’ll be ok. The following slideshow contains all the necessary steps to create an instance. Keep reading after the slideshow for more detailed instructions.

    This slideshow requires JavaScript.

    1. Click “Launch a virtual machine.”
    2. Click “Get started” on the left EC2 Instance.
    3. Type in a name like “MyLinuxInstance” and click “Use this name.”
    4. Click or leave the “Amazon Linux AMI” selected because this is available for the free tier.
    5. Select the “t2”, which is eligible for free tier, and click “Next.”
    6. Create a key pair. You can leave the default name, but it is imperative that you download it to your local computer because you will not be able to do it later.
    7. Click the “Create this instance” button, and wait for a few seconds.
    8. Click the “Proceed to the EC2 console” button.

    Depending on how many times you’ve done this you may land on a slightly different page. The trick here is to navigate to the EC2 dashboard and click the link to the Running Instances.

    Screenshot 2018-02-08 14.56.27

    Once there you can select the newly created instance. Take note of the public IP address because you’ll need this to connect to Linux virtual machine.

    Screenshot 2018-02-08 12.09.09.png

    If you are on a mac or another Linux, change the permission on the Key Pair file to 600 with the following command:

    chmod 600 MyLinuxInstance.pem

    The file name (MyLinuxInstance.pem) will depend on the name you chose for your Key Pair. Then connect like this:

    Screenshot 2018-02-08 12.00.44

    You can use the Public DNS or the Public IP, and I tested the permissions with 600, and it worked too. You’ll always use ec2-user as the user. In case you are using PuTTY for Windows, there is a short procedure that you need to take care of.

    This slideshow requires JavaScript.

    1. Start the application PuTTYgen (PuTTY Key Generator) that is installed with PuTTY. In case you don’t have PuTTY you can download it here.
    2. Leave the RSA and 2048 bits default values and hit the “load” button.
    3. Change the type of file to “All files” and select the Key Pair file and click “Ok” in the confirmation window.
    4. The click Save Private Key, also click Yes to the Pop-up warning, and select the folder where you want to save the key.

    Now go ahead and close the PuTTY Key generator and start PuTTY. The following slideshow contains the steps to create a new session using the key previously generated and saved by PuTTYGen.

    This slideshow requires JavaScript.

    1. Start PuTTY
    2. In the Host Name enter the Public DNS or the Public IP
    3. On the left Category pane expand Connection -> SSH -> Auth
    4. Select the previously generated Key File clicking the “Browse” button.
    5. Save your session and launch it. You may have to click “Yes” to accept the signature if this is the first time login in.

    And that is how you can land on a Linux Virtual Machine in less time than installing your own locally.

  • CCNA Cyber Ops – SECOPS 1.0

    CCNA Cyber Ops – SECOPS 1.0

    I started the study guide for the first part of this certification last year. You can check it out here. After some great feedback, I’ve decided to start the Study Guide for the second part of the certification, Implementing Cisco Cybersecurity Operations (SECOPS).  I also was accepted on cohort 7 for the scholarship. The scholarship is still available at the time of this post, and it can be accessed here. I will try to follow the blueprint as close as possible, but I will leave some topics for later in the year after I learned a little more about them.

    1.0 Endpoint Threat Analysis and Computer Forensics

    1.1 Interpret the output report of a malware analysis tool such as AMP Threat Grid and Cuckoo Sandbox.

    1.2 Describe these terms as they are defined in the Common Vulnerability Scoring System (CVSS 3.0):

    a. Attack Vector (AV): This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the Base score) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable component. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across the Internet is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater score. The list of possible values is presented in Figure 1.

    Figure 1: Attack Vector

    Screenshot 2018-01-02 11.55.38

     

    b. Attack Complexity (AC): This metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. As described below, such conditions may require the collection of more information about the target, the presence of certain system configuration settings, or computational exceptions. Importantly, the assessment of this metric excludes any requirements for user interaction in order to exploit the vulnerability (such conditions are captured in the User Interaction metric). This metric value is largest for the least complex attacks. The list of possible values is presented in Figure 2.

    Figure 2: Attack Complexity

    Screenshot 2018-01-02 12.18.58

    c. Privileges Required (PR): This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. This metric is greatest if no privileges are required. The list of possible values is presented in Figure 3.

    Figure 3: Privileges Required

    Screenshot 2018-01-02 12.13.05.png

    d. User interaction (UI): This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. This metric value is greatest when no user interaction is required. The list of possible values is presented in Figure 4.

    Figure 4: User Interaction

    Screenshot 2018-01-02 12.23.42

    e. Scope (S): An important property captured by CVSS v3.0 is the ability for a vulnerability in one software component to impact resources beyond its means or privileges. This consequence is represented by the metric Authorization Scope, or simply Scope. Formally, Scope refers to the collection of privileges defined by a computing authority (e.g., an application, an operating system, or a sandbox environment) when granting access to computing resources (e.g., files, CPU, memory, etc.). These privileges are assigned based on some method of identification and authorization. In some cases, the authorization may be simple or loosely controlled based on predefined rules or standards. For example, in the case of Ethernet traffic sent to a network switch, the switch accepts traffic that arrives on its ports and is an authority that controls the traffic flow to other switch ports. When the vulnerability of a software component governed by one authorization scope can affect resources governed by another authorization scope, a Scope change has occurred. Intuitively, one may think of a scope change as breaking out of a sandbox, and an example would be a vulnerability in a virtual machine that enables an attacker to delete files on the host OS (perhaps even its own VM). In this example, there are two separate authorization authorities: one that defines and enforces privileges for the virtual machine and its users, and one that defines and enforces privileges for the host system within which the virtual machine runs. A scope change would not occur, for example, with a vulnerability in Microsoft Word that allows an attacker to compromise all system files of the host OS, because the same authority enforces privileges of the user’s instance of Word, and the host’s system files. The Base score is greater when a scope change has occurred. The list of possible values is presented in Figure 5.

    Figure 5: Scope

    Screenshot 2018-01-02 12.28.06

    1.3 Describe these terms as they are defined in the Common Vulnerability Scoring System (CVSS 3.0):

    a. Confidentiality Impact (C): This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The list of possible values is presented in Figure 6. This metric value increases with the degree of loss to the impacted component.

    Figure 6: Confidentiality Impact

    Screenshot 2018-01-02 12.38.24.png

    b. Integrity Impact (I): This metric measures the impact on the integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. The list of possible values is presented in Figure 7. This metric value increases with the consequence to the impacted component.

    Figure 7: Integrity Impact

    Screenshot 2018-01-02 12.39.55

    c. Availability Impact (A): This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the impacted component, this metric refers to the loss of availability of the impacted component itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of an impacted component. The list of possible values is presented in Figure 8. This metric value increases with the consequence to the impacted component.

    Figure 8: Availability Impact

    Screenshot 2018-01-02 12.43.23

    1.4 Define these items as they pertain to the Microsoft Windows file system

    a. FAT32: is an updated version of the FAT (File Allocation Table) file system created in 1977 by Microsoft. It is a computer file system architecture and a family of industry-standard file systems utilizing it. With FAT32 you’re limited to 2TB FAT32 partitions and 4GB maximum size files.

    b. NTFS (New Technology Files System): is a proprietary file system developed by Microsoft.

    c. Alternative data streams:Alternate Data Streams (ADS) is a file attribute only found on the NTFS file system. You’ll need a tool like streams to view this data. Here is an example.

    d. MACE: NTFS keeps track of lots of time stamps. Each file has a time stamp for ‘Create’, ‘Modify’, ‘Access’, and ‘Entry Modified’. The latter refers to the time when the MFT entry itself was modified. These four values are commonly abbreviated as the ‘MACE’ values. Note that other attributes in each MFT record may also contain timestamps that are of forensic value.

    1. MFT (Master File Table): The NTFS file system contains a file called the master file table, or MFT. There is at least one entry in the MFT for every file on an NTFS file system volume, including the MFT itself. All information about a file, including its size, time and date stamps, permissions, and data content, is stored either in MFT entries, or in space outside the MFT that is described by MFT entries.

    e. EFI: The EFI system partition (ESP) is a partition on a data storage device (usually a hard disk drive or solid-state drive) that is used by computers adhering to the Unified Extensible Firmware Interface (UEFI).

    1. 1. UEFI: The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware.

    f. Free space: See File system, it refers to the unallocated space in a file system.

    g. Timestamps on a file system: File properties in regards of date and time.

    1.5 Define these terms as they pertain to the Linux file system

    a. EXT4: The ext4 or fourth extended filesystem is a journaling file system for Linux, developed as the successor to ext3.

    b. Journaling: A journaling file system is a file system that keeps track of changes not yet committed to the file system’s main part by recording the intentions of such changes in a data structure known as a “journal”, which is usually a circular log.

    c. Master Boot Record (MBR): is a special type of boot sector at the very beginning of partitioned computer mass storage devices like fixed disks or removable drives intended for use with IBM PC-compatible systems and beyond. The MBR holds the information on how the logical partitions, containing file systems, are organized on that medium. The MBR also contains executable code to function as a loader for the installed operating system—usually by passing control over to the loader’s second stage, or in conjunction with each partition’s volume boot record (VBR). This MBR code is usually referred to as a boot loader.

    d. Swap filesystem: Swap space in Linux is used when the amount of physical memory (RAM) is full. If the system needs more memory resources and the RAM is full, inactive pages in memory are moved to the swap space. While swap space can help machines with a small amount of RAM, it should not be considered a replacement for more RAM. Swap space is located on hard drives, which have a slower access time than physical memory.

    e. MAC: In cryptography, a message authentication code (MAC), sometimes known as a tag, is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed. The MAC value protects both a message’s data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content.

    1.6 Compare and contrast three types of evidence

    a. Best evidence: Original, unaltered evidence. In court, this is preferred over secondary evidence.The best evidence rule is a legal principle that holds an original copy of a document as superior evidence.

    b. Corroborative evidence: (or corroboration) is evidence that supports a proposition already supported by initial evidence, therefore confirming the original proposition.

    c. Indirect Evidence (Circumstantial): Circumstantial evidence is evidence that relies on an inference to connect it to a conclusion of fact—like a fingerprint at the scene of a crime. By contrast, direct evidence supports the truth of an assertion directly—i.e., without need for any additional evidence or inference.

    1.7 Compare and contrast two types of image (both refer to Integrity, see above)

    a. Altered disk image: A system image with a compromised integrity.

    b. Unaltered disk image: An image that has not been tampered with and that will provide the same result as the original when applied a hash algorithm like MD5.

    1.8 Describe the role of attribution (“action of bestowing or assigning”) in an investigation. (Cyber attribution is the process of tracking, identifying and laying blame on the perpetrator of a cyberattack or other hacking exploit). This  a nice read on the problem of attribution.

    a. Assets: In information security, computer security and network security, an asset is any data, device, or other component of the environment that supports information-related activities.

    b. Threat actor: Responsible for the cyberattack.

    In future posts I will try to cover the following topics:

    • Network Intrusion Analysis
    • Incident Response
    • Data and Event Analysis
    • Incident Handling
  • Mi Camino

    Mi Camino

    Llevo mucho tiempo pensando en como hacer el Camino de Santiago (Francés). Yo quiero empezar en St. Jean Pied dePort en Francia, y caminar las 515 millas hasta Santiago, y si tengo tiempo llegar al fin del mundo (Finisterre).

    camino-frances-map

    El primer paso en tan grande aspiración es el plan. Como todo en la vida se necesita salud, dinero y tiempo. Confiado en Dios que dará salud para llegar, y dado que me va a tomar unos años ir (lo que significa que tengo tiempo para ahorrar dinero), vamos a hablar del tiempo.

    Estoy planificando mi Camino para terminar en Santiago el 25 de junio del 2021, en este año la fiesta de Santiago es celebrada en domingo. Tomando en cuenta que son 515 millas (830km) y que tengo 26 días (36 con los fines de semana) de vacaciones (que las pueda tomar todas de corrido será una lucha para otro día), tendría que caminar 16-18 millas (25 – 28 km) diarias. Esto tomando en consideración dos días al principio y dos días al final para viajar y dejando un día realengo para algún evento sorpresa. La distancia actual con la que me siento cómodo es de 7 a 12 millas, y nunca he caminado por varios días de corrido. Así que una vez tenga el equipo tengo que ponerme a entrenar.

    El segundo punto en la planificación es el equipo. Mi equipo lo estoy adquiriendo poco a poco, entre Walmart, Amazon y REI. Pienso que los mas importante son los zapatos y las medias. Luego de hacer un estudio de las opciones encontré dos zapatos que me funcionan. Estos son:

    • Salomon Men’s XA Pro 3D CS WP Trail Running Shoe ($115)

    salomon

    • La Sportiva Synthesis Mid GTX Men’s Ultralight Hiking Boot ($186)

    lasp

    Me gusta mas La Sportiva porque se vé menos bodrogo, ambos son muy cómodos, resistentes al agua y tienen el sistema de amarrar que es fácil.

    Las medias que me han funcionado mejor hasta ahora son las “WRIGHTSOCK CoolMesh“, también estoy experimentando con “Merino Wool“, y un día me puse la de lana sobre la Wrightsock, pero el zapato me apretó un poco, así que si encuentras que esa es la solución para evitar la lesiones entonces planifica comprar el zapato un poco mas grande. La ventaja de comprar en REI es que tiene garantía y los puedes llevar a cambiar.

    El próximo artículo que es bien importante es el backpack. Hay tantas opciones y tantos blogs que al final del día decidí ir personalmente a REI y pedir consejo. Esto fue lo mejor que hice porque allí me midieron el torso y pude probar varios modelos. Recuerda que aunque es un largo caminar, es diario. Es decir, que al final del día tienes todo lo que necesitas como comida, cama y puedes lavar tu ropa de ser necesario. Luego de explicarle al encargado la razón por la que quería adquirir un backpack, llegamos a un modelo de tamaño correcto. El backpack debe ser liviano, de 35 a 45 L, donde se pueda cargar como de 20 a 30 libras (aproximadamente el 10% de tu peso). Este fue el modelo que llenó los requisitos y que también esta en mi presupuesto: Osprey Stratos 36 Pack junto con el aditamento para el agua: Osprey Hydraulics LT Reservoir – 2.5 Liters

    back

    Bueno hasta ahora eso es lo que tengo, voy a probarlo con un par de caminatas de mas de 10 millas a ver como me va. La ropa debe ser de secado rápido y muy liviana, encontré que la ropa interior, camisas y pantalones Under Armour pesan sólo onzas y es muy cómoda. Compré en amazon una toalla de microfibra (Beach Towel) para probar como se siente y como seca.

    Es bien importante que al escoger el resto de equipo siempre tener en cuenta que mientras más liviano mejor. Entre el agua y en backpack ya son 8 libras, solo me quedan 12-20 libras más y todavía no he contado la cámara o el teléfono. Esta es una lista que todavía tengo en proceso de lo que necesito:

    • Pasaporte, tarjeta de crédito, cash.
    • Bolsas impermeables: para organizar dentro del backpack
    • Bolsa para Laundry: por si comparto la lavadora con otros caminantes.
    • Adaptador para el teléfono (o la cámara).
    • Kit para dormir: no puedo dormir cuando la gente esta roncando a mi lado 🙂
    • Jabón, cepillo de dientes y pasta, desodorante, etc.
    • Aleve, Advil o Tylenol.
    • Jacket que sea impermeable y también proteja del frío en las mañanas.
    • Sunscreen
    • Gorra o sombrero impermeable
    • Sleeping Bag Liner con protección contra insectos: chinches en los albergues es común, según lo que he leído.
    • Algún tipo de prevención de ampollas (blisters) en los pies.
    • Pequeña linterna.

    Poco a poco iré modificando la lista y espero algún día escribir una pequeña reseña sobre qué funcionó o que me hizo falta.

    UPDATE

    Cumplí mi sueño, caminé a Santiago de Compostela en Agosto del 2018. Viajé de Baltimore (BWI) a Paris haciendo escala en Iceland y de vuelta fue Madrid-Germany-BWI. Desde Paris viajé a Biarritz en avión usando Easyjet y luego nos fuimos en taxi de Biarritz a SJPP. EL viaje en taxi para tres costó 99 euros. Caminamos desde SJPP al pié de los Pirineos en Francia hasta una etapa antes de Logroño en el mapa que está al principio de este post. De Logroño tomamos transportacion en bus y tren hasta Piedrafita (la parada del bus antes de O’Cebreiro) y luego caminamos hasta Santiado de Compostela. También pasamos un día en Madrid al final. La pregrinación fué mágica, la mejor experiencia de mi vida. Usé las zapatillas La Sportiva y no tuve problemas, siempre usaba Leukotape cuando sentia “hot spots”. Pienso que me hicieron flata unos buenos Walking Poles, me dolian (duelen 6 meses después) las rodillas mientras bajaba. Todo el equipo que llevé fué muy útil, excepto la linterna y los libros guía. En agosto no necesitaba el jacket porque estaba super caliente y además tuve la suerte de que nunca llovió. Me gasté menos de $3000 por persona, incluyendo toda la transportacion, visitas al Prado, un tatuaje de $240 y una glotonería increible porque fuí con mis hijos adolescentes que comían cinco veces al día. Viví una fantasía en la tierra, no puedo esperar a volver.

  • CCNA Cyber Ops – 6.0 Attack Methods

    CCNA Cyber Ops – 6.0 Attack Methods

    This is the last of a series of posts about the CCNA Cyber Ops certification, you can find the fifth part here.

    6.1 Compare and contrast an attack surface and vulnerability: The attack surface of a software environment is the sum of the different points (the “attack vectors”) where an unauthorized user (the “attacker”) can try to enter data to or extract data from an environment. A vulnerability is a weakness which allows an attacker to reduce a system’s information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.

    6.2 Describe these network attacks

    • 6.2.a Denial of service: (DoS attack) is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
    • 6.2.b Distributed denial of service: A distributed denial-of-service (DDoS) is a cyber-attack where the perpetrator uses more than one, often thousands of, unique IP addresses.
    • 6.2.c Man-in-the-middle: an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

    6.3 Describe these web application attacks

    • 6.3.a SQL injection: is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
    • 6.3.b Command injections: Command injection is an attack in which the goal is the execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell.
    • 6.3.c Cross-site scripting: (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites.

    6.4 Describe these attacks

    • 6.4.a Social engineering: An attack based on deceiving end users or administrators at a target site. Social engineering attacks are typically carried out by email or by contacting users by phone and impersonating an authorized user, in an attempt to gain unauthorized access to a system or application.
    • 6.4.b Phishing: Phishing is misrepresentation where the criminal uses social engineering to appear as a trusted identity.
    • 6.4.c Evasion methods: bypassing an information security device in order to deliver an exploit, attack, or another form of malware to a target network or system, without detection.

    6.5 Describe these endpoint-based attacks

    • 6.5.a Buffer overflows: is an anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations.
    • 6.5.b Command and control (C2): the term refers to the influence an attacker has over a compromised computer system that they control.
    • 6.5.c Malware: short for malicious software, is any software used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising.
    • 6.5.d Rootkit: is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.
    • 6.5.e Port scanning: probing a server or host for open ports.
    • 6.5.f Host profiling: Identifying groups of Internet hosts with a similar behavior or configuration.

    6.6 Describe these evasion methods

    • 6.6.a Encryption and tunneling: One common method of evasion used by attackers is to avoid detection simply by encrypting the packets or putting them in a secure tunnel.
    • 6.6.b Resource exhaustion: A common method of evasion used by attackers is extreme resource consumption, though this subtle method doesn’t matter if such a denial is against the device or the personnel managing the device. Specialized tools can be used to create a large number of alarms that consume the resources of the IPS device and prevent attacks from being logged.
    • 6.6.c Traffic fragmentation: Fragmentation of traffic was one of the early network IPS evasion techniques used to attempt to bypass the network IPS sensor.
    • 6.6.d Protocol-level misinterpretation: Attackers also evade detection by causing the network IPS sensor to misinterpret the end-to-end meaning of network protocols.
    • 6.6.e Traffic substitution and insertion: is when that attacker attempts to substitute payload data with other data in a different format, but the same meaning. A network IPS sensor may miss such malicious payloads if it looks for data in a particular format and doesn’t recognize the true meaning of the data.
    • 6.6.f Pivot: refers to a method used by penetration testers that use the compromised system to attack other systems on the same network to avoid restrictions such as firewall configurations, which may prohibit direct access to all machines.

    6.7 Define privilege escalation

    Privilege Escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

    6.8 Compare and contrast remote exploit and a local exploit

    A remote exploit works over a network and exploits the security vulnerability without any prior access to the vulnerable system. A local exploit requires prior access to the vulnerable system and usually increases the privileges of the person running the exploit past those granted by the system administrator.

    Well, that is all for now and please, don’t open that link on your inbox if you don’t know who the sender is.