TheSaffaGeek

My ramblings about all things technical


Leave a comment

#vBrownbag #VCDX Series Follow Up

As people may or may not be aware the EMEA vBrownbag of which I am a co-host have been doing a VCDX series covering a number of topics around the VCDX and preparations for attempting it. We have done three sessions and all three recordings are below:

Next week we will have John Arrasjid and Mark Gabryjelski continuing the delivery of additional infrastructure architecture design advice and recommendations from a recent presentation John delivered at the Singapore vForum where he stated all three sessions of the presentation were full.

Also a special shout out and thanks to Rene van Den Bedem aka VCDX133 for co-hosting with me and supplying so many questions as well as answers on the VCDX Panel session. Go check out his VCDX series of postings if you want some of the best VCDX material available.

Koala can't believe it - Over VCDX 50 postings Still maintains a day job and wife?

Gregg


Leave a comment

VCDX Defences 2015

A very quick posting to alert people that the defence dates additional to PEX for 2015 have been released.

https://communities.vmware.com/thread/494802

Defences will be held simultaneously at Frimley (UK), Palo Alto (US) and Singapore (Asia) in June and October with more dates possibly created if there is additional demand.

I am personally looking at doing my second attempt for the June defences in Frimley and listed all the resources I’m using for my second attempt which I have been making my way through since late November 2014.

The EMEA #vBrownbag are also running a VCDX series which should be beneficial for those people thinking of defending or just wanting to know more about the certification.

Good luck to all of those looking to defend this year and let me know if you are defending as there is a VCDX study group running already for PEX and one slowly starting for the June defences.

Gregg


Leave a comment

Blog Sponsor – Pluralsight

I am pleased to announce the second sponsor of my blog: Pluralsight . I am really excited by this sponsorship as I have been a massive fan and user of Pluralsight’s and previously Trainsignal’s videos and online courses for years and they  have helped me pass all of my certifications within the last 7 years so you can understand how fond of the courses I am.

Pluralsight

Pluralsight’s purchase of Trainsignal has enabled the videos to now be available via your tablet and gives you the ability to download videos to your tablet so you can watch them without needing Wi-Fi like on a train or plane. I honestly can’t recommend them enough and would highly recommend you give them a try and sign up for their no obligation 10-day free trial. They have videos ranging from VMware technologies, learning programming languages from scratch or advanced courses , Windows technologies,hacking, A+ N+ , leadership courses and Scrum fundamentals to name but a fraction of the courses. For some of the certifications I have recommended and personally used Pluralsight courses for and will be using again in the future have a look at the following study resources pages and blog posting:

http://thesaffageek.co.uk/vsphere-5-study-resources/vcp5/

http://thesaffageek.co.uk/vsphere-5-study-resources/vcap5-dca-dcd/

http://thesaffageek.co.uk/vsphere-5-x-cloud-study-resources/vcp5-iaas-and-vcp5-cloud/

http://thesaffageek.co.uk/vsphere-5-x-cloud-study-resources/vcap5-cia-and-cid/

http://thesaffageek.co.uk/2014/04/28/vcdx-prep-round-2/

 

Gregg


Leave a comment

VCDX Spotlight: Joseph Griffiths

Name: Joseph Griffiths

Twitter Handle: @Gortees

Blog URL: http://blog.jgriffiths.org

Current Employer : IBM

VCDX #: 143

How did you get into using VMware?

I came into IT when virtualization was just getting started. The more time I spent on call in the middle of the night the more I became motivated to find solutions. Application clustering was too costly for the developers and no business unit would agreed to it. Then came VMware it provided a live solution to hardware failures and great manageability benefits. At first chance I encouraged a proof of concept using VMware. Within the next two years we were 90% virtualized.

What made you decide to do the VCDX?

At some point every technical person is faced with the choice to specialize in their field. When I looked at my possible options I was faced with some tough options. I have to choose between operating systems (Linux), Storage or virtualization. It was the same year I had the opportunity to attend my first VMworld (2012). While attending the conference I really enjoyed being surrounded by such a great eco system and company. I was able to have some great technical discussions with people and I love the conference. It became clear to me that I wanted to specialize in VMware. I needed to learn a lot more about VMware. I have always found that certifications make me learn with purpose so I started setting certification goals for myself. Since I had been in a technical role the VCAP-DCA made sense. Once I passed that test I just kept going.

How long did it take you to complete the whole VCDX journey?

I got a VCP5 on Feb 2012. The certification journey really started with VMworld 2013 when I passed the VCAP-DCA and IaaS exams. This was followed up by the VCAP-DCD in Oct. 2013. I started on the VCDX on January of 2014 and submitted the design May 2014. The VCDX is not really a destination it’s really about becoming something not achieving it. I feel that my life’s experiences from a young child are part of my VCDX journey. I spent two years as a missionary for my church knocking on doors in Michigan. I like to think that really prepared me to stand my ground in a design defence better than any mock defence ever could. At the same time I feel like I am still trying to become a VCDX, I have a lot to learn.

What advice would you give to people thinking of pursuing the VCDX accreditation?

I have lots of advice and there is a write up on my blog (poorly written). The three largest pieces of advice I can give are the following:

  • Don’t kill yourself, set goals and keep them but keep balance don’t sacrifice the world for a cert. Lots of people think they are going to get it done by pulling all nighters… don’t it’s not going to end well.
  • Your design does not have to be perfect.. it’s not about perfect, nothing is perfect.
  • The key to school is figuring out what the teacher wants… read the blue print figure out what the teacher wants and do it… don’t try to outsmart the teacher.
  • Find a format for your documentation and stick with it.

If you could do the whole VCDX journey again what would you do differently?

Spend less time trying to figure out the format and more time on content.

Life after the VCDX?  How did your company respond?  Was it worth it?

LOL… well I switched jobs the week before my VCDX defence so the new employer was happy. I am still getting used to life after and a new job. Was the VCDX worth it? Yes, in fact even if I had not got the VCDX it was worth it. I learned so much about design… preparing for the VCDX forced me to learn more in six months than the last two years. If your desire to become a VCDX is purely in order to get a new job or more money you may not be on the right path.

What is next for you?

Great question. More certifications just don’t tell my wife… I already have the VCP-Cloud and I just finished a massive vCloud project and I am moving into a VCAC and NSX project so VCDX-Cloud might be in the future. Short term I think it’s time for a CCNA to help smooth over a rough bit in my knowledge.


Leave a comment

VCDX Spotlight: Magnus Andersson

Name: Magnus Andersson

Twitter Handle: @magander3

Blog URL: http://vcdx56.com

Current Employer : Nutanix

VCDX #: 56

How did you get into using VMware?

I start using VMware Workstation back in 2001 and the reason was to lower the number of physical desktops i had to use at the office. Worked for a service provider and different customers required different images when joining their network for administrative purposes.

I started with server virtualization about 10 years ago.

What made you decide to do the VCDX?

The reason for giving it a try all comes down to the personal challenge to see if i had what it takes to:

· Master the technical aspect of the VMware software, Virtual Infrastructure 3 at the time I started the VCDX journey.

· Putting my thoughts and decisions on paper in a structured way.

· Stand in front of a couple of very skilful persons and explain what i have done and why.

How long did it take you to complete the whole VCDX journey?

From the time I decided to give the VCDX certification a try it took 18 months before i completed the VCDX defence. I had already completed the VCP 3.0 so my first leg was the Enterprise-Level Systems Administration Exam, which is the VCAP-DCA these days. This was back in August 2009.

What advice would you give to people thinking of pursuing the VCDX accreditation?

Don’t rush and be prepared to put a lot a hours into this certification. In addition, take time to get experience in all the areas included in the VCDX path you’re interested in. Include as much customer facing activities as possible.

It’s not about creating the best design, it’s about showing you understand the customer needs and being able to explain why you chose one kind of component over another,”

Have fun!”

If you could do the whole VCDX journey again what would you do differently?

Don’t think I would change much in the actual process but obviously in the design choices because other alternatives are available today. I would try to connect with other VCDX candidates, which I didn’t back in 2010, and join study groups or at least find someone to discuss my design with. Now, VMware also offers a VCDX mentor program, which I would definitely sign up for.

Life after the VCDX?  How did your company respond?  Was it worth it?

The VCDX journey was totally worth it, no question about that.

I think I’m a better architect now and during the certification I improved my skills to document, present and defend my thoughts. The VCDX certification was not that known in Sweden back in 2010 when I completed my first VCDX so it actually didn’t impact my daily job that much in terms of customer assignments. My company benefited from my VCDX certification a couple of times when a potential customer requested it.

After my second VCDX (Cloud) certification there was a lot more recognition via social media e.g. twitter and I was also interviewed by VMware Certification regarding my double VCDX.


Leave a comment

VCDX Spotlight: Harsha Hosur

Name: Harsha Hosur

Twitter Handle: @harsha_hosur

Blog URL: harshahosur.com

Current Employer: VCE

VCDX #: 135

How did you get into using VMware?

I started using VMware back in 2004/5 when I was working for HP. My first vMotion experience was incredible. Started designing and managing VMware environments since 2008.

What made you decide to do the VCDX?

I attended a VMUG session, which was spearheaded by Andrew Mitchell (#30) back in 2009 about VCDX. He spoke about this certification I never knew about and how there were only (at that point) 50 people in the world that had it. I wanted to be one of those who have this certification. One could call it an aspiration to be one. Like when you look at a pilot when young and think “I want to be one”.

Andrew Mitchell, Josh Odgers, Scott Lowe, Duncan Epping, Frank Denneman, Michael Webster and all the other VCDXs are the inspiration to “prove to myself” that I have what it takes to achieve this.

How long did it take you to complete the whole VCDX journey?

I did my VCP 4 in early 2009. Did my VCAPs in 2010 and again in 2012. I started working very seriously on VCDX only in 2013. I would say it was done over a year. VCDX is only the start of the journey to excellence. You never stop learning.

What advice would you give to people thinking of pursuing the VCDX accreditation?

Plan your certifications. It’s a big investment in time and effort. Don’t rush. Form a study group. Ask current VCDXs for help with mock panels. Without help from Josh Odgers and others I wouldn’t have been able to do it. Do lots of mock defence panels including design and TS scenarios. Be open to feedback. Learn from your mistakes. Be prepared to spend a lot of nights studying. I mean a lot of nights J.

Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better.

If you could do the whole VCDX journey again what would you do differently?

Injure my leg and have a head full of painkillers during my first defence J. On a serious note, I would do nothing differently. I should probably have done this a lot sooner.

Life after the VCDX?  How did your company respond?  Was it worth it?

Life hasn’t changed much, except I get to sleep a lot earlier now. And have a few new followers on twitter. My company responded well. Haven’t changed what I am doing yet. It was worth doing VCDX as it’s now given me a solid platform to learn more. VCDX is only the beginning of the journey not the destination.


Leave a comment

VCAP-CID Objective 1.5 – Determine Security and Compliance Requirements for a Conceptual Design

Knowledge

Identify relevant industry security standards.

  • For security standards there are a few and for these they are normally for government,finance,military and telecommunications. There are a few standards each of these keep to and they largely overlap into the next point of compliancy. For example here in the United Kingdom there are a few cloud vendors who run community clouds where they assure they meet business impact levels and each of these levels determines the requirements for protection. A really good article straight from the UK government is here where information security is defined based on a number of criteria. A lot of government and military companies keep data in IL2 or IL3 and vSphere 4.0 and 4.1 were actually verified to meet IL3 compliancy. Recently they are still EAL4+ and FISMA certified.
  • For your conceptual design you will need to know what abstraction is required based on whatever the relevant security standard is and most likely have to sit down with the compliancy officer and determine what they feel is required for them to approve your solution meets their security standards.

Identify relevant industry compliance standards.

  • There are a number of compliance standards that are used  from various companies who process credit cards, hospitals who keep peoples personal data to companies who have to keep to specific regulations. There are a number of these and some are only applicable in specific countries but the ones I think are the most likely to be seen in a vCloud environment are:
    • Sarbanes-Oxley
    • Health Insurance Portability and Accountability Act (HIPAA)
    • Federal Financial Institutions Examination Council (FFIEC)
    • Payment Card Industry Data Security Standard (PCI DSS)
    • International Organization for Standardization (ISO) 17799
    • National Institute of Standards and Technology (NIST)
    • International Organization for Standardization (ISO) 27001
  • A really great example of this is the Architecture Design Guide for Payment Card Industry (PCI) document by VMware. This is PERFECT in showing the kinds of things you need to keep in mind and the varying mechanisms to achieve this. The document goes much deeper than conceptual but seeing as you will have to go from conceptual to logical and then to physical it makes sense to learn it now.
  • Another great document by VMware that is mentioned on the blueprint is the Infrastructure Security: Getting to the Bottom of Compliance in the Cloud document.

Explain vCloud security capabilities.

  • This along with the two points above are covered  perfectly in appendix B of the vCAT Architecting a VMware vCloud pdf. For the conceptual design this is more around isolation and multi-tenancy but the whole of appendix B gives a great break down of the kinds of security that is possible within vCloud and the mechanisms and products that can be used to achieve this.

Identify the auditing capabilities of vCloud technologies.

  • This is the vast mechanisms such as logging,log retention, syslog shipping and firewall logging via vCNS to name but a few that are possible via vCloud. Appendix B of the vCAT covers these off really well and the retention policies mentioned in the Architecture Design Guide for Payment Card Industry (PCI) document cover off the kinds of auditing you may be requested to do. For conceptual this isn’t very applicable and I’m amazed it is actually mentioned here.

Skills and Abilities

Based on customer requirements, determine auditing requirements for a vCloud conceptual design.

  • These would be determined in design workshops and discussions with different subject matter experts within the customer around what they are looking to audit/log and if there are any compliancy standards they needs to meet. If they are a service provider who provides public cloud to the general public then there is a very good chance they have to meet PCI compliancy for example and so retain logs and do auditing to ensure security and allow retrospective inspection. For a conceptual design auditing isn’t something you would put in your “napkin” design but knowing if you need additional auditing does mean you have to design to be prepared for this in the logical and physical designs.

Based on customer requirements, determine security requirements for a vCloud conceptual design.

  • A large portion of this is the same as above as with security requirements around compliancy includes auditing also.  For example if it is a private cloud that is being designed but it is for a hospital, then HIPAA standards need to be met and so certain security measures need to be applied. For conceptual this is mainly around separation, defence in depth and usage of two factor authentication to name a few off my head. How different zones within the cloud offering are separated and secured also need to be planned for and conceptually designed.

Based on customer requirements and vShield Edge security capabilities, determine the impact to a vCloud conceptual design.

  • For this you need to know what vShield Edge is capable of doing and in what use cases each of these would be used. A perfect document that describes this is the vShield Edge Design Guide Whitepaper. The actual impact to a conceptual design is mainly that vShield Edge allows isolated virtual datacentre’s hosted on a common physical infrastructure instead of needing siloed physical infrastructures. The separation via the vShield Edge firewall is in most cases more than sufficient but knowing where physical separation is required (PCI for example) is also very important.
  • vShield Edge also provides IPSec VPN capabilities which are very important for the security of your cloud infrastructure. Knowing that the vShield edge can provide this along with NAT,Load balancing and most importantly for this section firewall capabilities via one device means you don’t need multiple devices like in a traditional multitenant design.

Explain the logging capabilities of the various VMware products.

If you feel I have covered something incorrectly please let me know as I’m learning like everyone else and I certainly don’t claim to be perfect (near it but not perfect Winking smile ). Also the vBrownbag covered the whole of objective 1 here.

Gregg

Follow

Get every new post delivered to your Inbox.

Join 71 other followers