Today after a few months of off and on studying I’ve passed the Microsoft Certified: Azure Administrator Associate exam.
It was nice to get this behind me, onward to the 70-742 for the MCSA 2016.
Today after a few months of off and on studying I’ve passed the Microsoft Certified: Azure Administrator Associate exam.
It was nice to get this behind me, onward to the 70-742 for the MCSA 2016.
I was asked recently as how the VMware vExpert program has helped me and I had to only think for a little bit to come up with the the excerpt below:
The VMware vExpert program has enabled me to connect with my peers which has foster relationships thru channels such as VMUG which in turn enables me to talk about ideas, trends and solutions from the VMware ecosystem.
The many perks of the vExpert program such as VMware licensing and Freebies allows me to get creative with a complex home-lab that mirrors a setup of a enterprise environment which in turn gives me valuable hands-on experience that I would otherwise be gaining on a production environment that is less tolerant to production-down scenarios. This has saved my skin more times than I can remember.
The simple fact of this programs existence has propel my career in more ways than I can comprehend at this point. It’s why when I meet fellow VMware guys, I always tell them about the vExpert program and how it can help them too!
As aforementioned above there are many perks of the VMware vExpert program, including but not limited to the following:
I only ask that if find this interesting and you’d like to apply, use me as a reference: Trevor Smith, aka Mid_Hudson_IT.
Apply here: https://vexpert.vmware.com/apply
Hope you keep up the good fight, Cheers!
As some may or may not know I have a superpower. I was born several months premature and since my Dad’s exposure to Agent Orange in the 70’s I was born also with 30% brain damage.
Since I was little I was treat differently, I was told I’d never amount to anything, that I was a retard, stupid and such. Those year leading up to my 20’s are years I try to forget about.
I’ve known since I was a little kid I’m ADHD, Dyslexic, NVLD and I’m sure others I just can’t pronounce. For the longest time I knew I was different; I don’t think like normal people. I tend to see the world differently and also see technical problems in way most just don’t understand. I able to correlate things and put them together in ways others don’t think about. Thankfully, for my grammar there is grammarly and spellcheck.
But along the way while I struggle so many things on a daily basis one thing is very strong with me. Since I’m ADHD I’m very creative and able to figure out stuff like technology. Hence, lol, why I’m in IT.
But along the way I used to take Adderal XR and Ritalin but those had very bad side effects.
About 3 years ago I discovered Nootropics.
My daily nootropics stack is as follows:
1: 40 mg of Noopept
2: 750 mg of Aniracetam
3: 40 mg of Coluracetam
4: 6 g of Acetyl-L-Carnitine
5: 500 mg of Centrophenoxine
6: 850 mg of Omega 3, 6, and 9
7: 1000 mg of B Complex
This stack is my go-to-daily Smart stack. I swear by it and love it. It helps me in more ways than I can comprehend and lets me have insane focus, attention, rapid memory formation, short/long term memory, extensive vocabulary, Ease of public speaking, critical thinking, lots of energy for hours , and the complete elimination of brain fog.
This stack may not help you, but for me it makes me a true superhero. 🙂
Right now I’m studying for the Microsoft MCSA and will soon after that move into the 70-744 for the Security aspect of the MCSE.
I think my goal for the coming months is to get the MCSE behind me and wait for the MCSE 2019 upgrade exam. But I think in 2020, I want to push for the VCAP6.7-DCA and DCD exams.
I think after having done about 15+ green field VMware deployments under my belt that it’s time I move into a more advanced VMware certification.
After reading over the VCAP6.7-DCD book (Big Thanks to Mike Martino @wildcard78 and Anton Z @antonznyc for the NYC VMware VMUG chapter) from Packt I honestly didn’t find anything that was alarmingly hard to grasp or understand. So I think I just need a little bit of studying and go for it. After all the VCAP’s are just the technical hands-on aspect of VMware and since I’ve been deploying VMware solo along with the firewalls, networking, storage, servers, and deploying Windows Server, again all by myself, that this level knowledge is immensely useful.
So this is my goal: MCSE 2016 Core and then VCP6.7-DCV (to upgrade my VCP6.0-DCV) and move directly into VCAP6.7-DCD and DCA right after.
After many, many months of studying, labbing, making a complete inside/outside zone network with OSSIM SIEM and OSSEC, deploying as many of the concept required in the lab I finally passed.
My journey started after the CySA+ and after reaching out to Teresa Varela, (Director of IT Workforce Solutions/Skills Certification) about help with the CASP+, she put me in contact with Patrick Lane.
Patrick Lane (Director of the cybersecurity program), he’s the creator of the cybersecurity program in recent years with the CySA+, PenTest+, and CASP+. He felt inspired by my drive and determination to pass the exam and blessed me with a sponsorship thru the CASP+ certification program.
Patrick hooked me up with study material, CertMaster sims, and the best part, exam vouchers. I felt it was my purpose to live up to his vision of me as a CASP. But along the way, he was right there with me helping me in whatever way he could. He couldn’t really help me cause he made the program. BUT…he did one better…
He put me in contact with a industry leader, Anthony Sequeira, (CCIE No. 15626), who mentored me and helped me get the knowledge gaps that I was having, but in the end I just was determined to pass the exam.
I took the exam, the 1st attempt on June 26th, and I felt confident but the exam was a fail. I felt demoralized, deflated, but I was more determined to pass it. For 3 months I spent more time than I care to admit, my parents saw me less and less, the significant other was getting upset I wasn’t spending time with her, my dog started to rebel, my living space started getting messy, I was only sleeping 5 hours a day in the final weeks; I was utterly determined to pass! – cause I knew this material after reading the entire NIST SP 800 series numerous times.
In the final hour, in the last 3 weeks before the 2nd attempt the ITPro.TV just released an updated CAS-003 video series by Adam Gordon and it was rock solid. I finally understood the content I was missing. I spent over 50+ hours to study for 3 weeks, yes this meant less sleep.
I felt much more confident after doing that video series, and using the CASP Prep App, and lots of practice tests. When I sat the exam on October 2nd I felt much better.
Got to the exam about an hour early and took a nap and then went in 20 minutes earlier and had a good conversation with the proctor who was also a MCSE and then I was off.
I felt the exam was much easier now that I had time to review some weak points, for 3 months, lol. I went to the extent this time to setup a 3 tier PKI, setup a SSO with Federation Services with a token, Setup an inside and outside firewall setup in the home-lab, also setup a SIEM with log monitoring, deploy a Kali Linux box to be used as a penetration testing tool. I went all out…it paid off…
Now I’m going to finish up the MCSE: 2016, move onward into the CompTIA PenTest+, CompTIA Server+ (just so my server knowledge is neutral) then do another VMware VCP, and go for a VMware VCAP. Someplace in there I wanna get my CCNA renewed and then go for my CCNP: R&S to round out the mix. WE don’t use Cisco really, but I want to learn the advanced level networking that Cisco is really good at teaching you. 🙂
If anything this obvious, I WILL get all these, as I have the persistence, motivation, and determination to achieve.
Finding that using these commands on a daily basis help me troubleshoot issues and just wanted to share:
netstat -f = this command tried to resolve every connection to their FQDN
netstat -r = this command show the local routing tables on the PC
netstat -a = show all active TCP/IP connections on the PC
netstat -e = this shows any errors on the network adapters or lost packets
ping -t = this allows for a constant ping of an address
ipconfig = this show basic network configuration of the local adapter
ipconfig /all = this shows every detail about all network adapters on the local PC
arp -a = this show the mac address table on the local machine for the devices it’s “talked” to on the network and has saved in memory. Once you reboot this table clears.
nslookup [internal IP or external IP or FQDN] = this commands allow me to resolve internal or external dns names to see what address come back, if the response on local addresses comes back with a :unknown: this means that reverse DNS lookup is not setup.
Useful command on checking to see if a networks DNS server is secure:
Below is an example of what a blocked zone transfer looks like in a mock DNS server in the lab.
Zone Transfer Blocked!
Useful Website for looking up the security of a public website:
I hope this little write up is helpful to some. 🙂
SIEM systems are something more and more people are adopting to use with defense-in-depth and its a good move.
The company I work for partners with a SIEM solution provider called SocSoter and they have these affordable units that you deploy on a network and it has an interface in every network device you desire.
These device come in a few flavors, a VMS and SMA to name a couple. The SMA proactively monitors the network that it’s mirroring and allows for syslog monitoring of switches and storage appliances including taking Windows Server Event logs. On the flip side the VMS does proactive vulnerability scans of the network to find problems with the network/systems and provides steps on how to fix them.
These devices, when used in conjunction with directory services like Active Directory, Edge Firewalls, Next Generation AV, auditing policies, 802.1X, routing cryptography, and inline/at-rest encryption enables the deployment of a very comprehensive defense-in-depth approach to security. 🙂
I’d like to discuss a few things around the classification of data types coming thru a firewall or security device. I think pretty much even know the slang of false positives, but there is in-fact 4 types.
As a form of motivation and because I’m finding with work being so crazy busy I’m having less and less time to devote to studies. But I’ve made a plan for me (been working this plan for about a month now) to read 2 hours every day either in the morning or at night (considering most nights I don’t go to bed til 11 pm for either work projects or reading) and then wking up at 4 to 6 am to study takes it’s toll on me.
But I’m on the last 5 chapters of review with the CompTIA CASP+ exam and I plan on taking the exam in the last weeks of January, so I’m committed to this journey, not stopping now!
I know this has been a 5+ month charge but I had no idea the CASP book, CAS-003, would have so much technical knowledge in it, moreso than the CompTIA CySA+. I love reading the book but my brain feels like it’s going to explode.
I do feel more relevant and useful in my day-to-day though after reading, labbing, and studying the material and it’s funny all three of those doesn’t even touch that I do use 60% of the CASP’s content daily at my job. So that right there just goes to show how much of it is relevant information.
Recently went to a CompTIA CIO Roundtable discussion in NYC, yesterday in-fact, and it was very interesting to hear CISSP’s talk about cybersecurity and how I don’t really want to be in management-level cybersecurity but actually in the trenches doing the 1’s and 0’s and that is where the CompTIA CASP+ shines. I look forward to the journey in the technical side of cybersecurity.
So just want to share some things for you to make sure you have enabled to ensure the best possible security posture on your network, just a few tidbits.
1. Ensure in Windows Server DNS under Zone Transfers that you define your DNS Name Server that are allowed to make transfers and set it to allow only those servers. This way rogue attackers can’t seize your DNS records. Once you do with open up a Linux machine and type “dig afxr [your DNS server].yourdomain.com yourdomain.com” and see if you can or can’t get a zone transfer, the goal is for you to not have one. 😛
2. Make sure that your firewalls on the WAN/LAN ports block ICMP requests. This way when someone does a tracert of your DNS servers or network they can’t resolve any of your servers. Example: if you did a tracert of domain, typically the last two addresses are internal resources. if you do a tracert and then comes back with a * * then this means ICMP is blocked; this is what you want!
3. Make sure on routers that you have CHAP authentication enabled for all routers and L3 switches that share routing typically the command to enable this (like on Cisco) is “encapsulation ppp” and then the two modes are PAP which send the password in cleartext or with CHAP (the preferred method) which doesn’t send the password in the clear but instead salts the password so that routers and L3 switches with the CHAP can validate that the device is authorized to update the routes and routing tables, this way you can prevent routing tables from being poisoned with false routes from rogue routers and man-in-the-middle attacks.
4. A useful tool for malware sandboxing, vulnerability assessment and SIEM is a appliance provided by SocSoter and those interested should seek them out.
Just some security minded pointers. 🙂
So I did it, I stopped procrastinating the reading and I hunkered down for two month and passed the exam. I even cancelled my World of Warcraft Subscription that I reactivated for some reason for a month??? O.o .. maybe I was bit nostalgic of years past… 😛 — But I wanted to focus so I didn’t renew it, glad I did! 🙂
Honestly going into the exam I thought I flunked it. But after just 40 minutes I got done with all of the questions, I had all of the simulation in the beginning and from past experience flagged them all and went on-to the questions. This saved me a bunch of time, but time I actually didn’t need. They were easy simulations, I just hyped myself thinking they were harder.
I really enjoyed the prep work and exam, I feel much better about security and now being 3 years since I took the Security+, it was a nice fresher.
The knowledge gained for the prep and learning I’ve been applying in my day-to-day and I want to go onward into the CompTIA CASP and the newly drafted PenTest+ course. For now since the PenTest+ is so new, as in this month, I’m going onward into CASP. I think that cyber security is a big issue in IT and I felt the need to get my foot in the door. If I want to work in the cloud, I really need to make solutions that accomplish the results customers need and at the same time have the level of security required to protect assets from external attackers and to mitigate these threats, the CompTIA CySA+ helped me in this area.
I already have the CAS-002 and just got the CAS-003 books from Amazon. I’m already up to chapter 3 in the CAS-003 book and plan to attempt the exam the end of September. 😛
My goal for the rest of 2018 is to pass the CASP and the Microsoft 70-413 exam. This way I get a VCP6-NV, CompTIA CySA+, CompTIA CASP, and a Microsoft MCSA: 2012 for 2018. In 2019 I’ll wrap up with the MCSE: 2012 and then recertify the VCP6 to VCP6.5-DCV.
My goals for 2019 are: VCP6.5-DCV, MCSE: 2012, MCSE:2016, and VCP7-CMA. Maybe someplace in there I’ll do CompTIA Pentest+. 2020 will be CISSP, CCNA: R&S v3 and a VMware vCAP (undecided which one).
So with me taking the CySA+ exam in a little over 2 weeks after many months now of studying and bringing myself up to speed with Kali Linux, I feel the need to make a new title for upcoming pages. All pages that are Cyber Security oriented will start with the tag “Cyber Security:”.
I feel that in order for me to really stay relevant in the cloud that I really needed an intermediate to advanced knowledge of “Defense in Layers” and then how to penetrate those “Layers of Defense” so that I can provide defense from said attacks as I go about making cloud solutions moving forward.
The biggest concern of all customers and providers alike is not only the cost of the cloud, moving to the cloud but more-so than ever the security around the cloud.
Well I did it, passed the VCP6-NV exam. it’s been an adventure and a journey. After failing the exam in January I was to be honest very disheartened by that loss and I was slow to get back on the bandwagon. Took me nearly 3 weeks to pony up the energy to study again. But study I did, from 2 am til 7 am every morning for 2 months after working out on the Bowflex Xtreme 2 SE I would study: labs, watch Pluralsight, read VMware press micro-books on NSX, and the official VCP6-NV book over and over again. Also read all of the NSX guides on the Kindle that I could muster.
I’d like to personally thank Chris McCann who with Eva Leong at VMware the were gracious enough to provide me resources and voucher for me to take the exam, after all they did bestow upon me the VMUG NV package back in May of last year; it’s been a long journey, but fun along the way.
I plan on now finishing up my MCSE:2016 track as I got some more to take, but I’d like to pursue the VCAP6-NV track or is it VCIX? O.o dunno the names keep changing.
So my next goal is the MCSE, the the CompTIA CSA+, then back to VCAP6-NV. I’d like to dabble into VCP7-DTM too. Maybe I’ll aim for all 4 of them. 😉
I will admit, having my Cisco background did help a little bit but more-so having an actual home-lab with Cisco and Netgear switches was even more useful, having those 10G switches and 10G CNA’s really paid off for labbing.
My only advice for anyone planning on taking the exam themselves: study the NSX design guide, get the 5 book bundle of NSX VMware Press mini books, watch videos on Pluralsight and then this is key, after you study take a 23 minute nap to retain the knowledge. Drink plenty of water and eat clean. 🙂
Persistence is key..
Decided to apply an SSL certificate, get premium DNS, and Mcafee Secure virus protection (you’ll see it in the bottom right of the page). Wanted to increase the blog security and sustainability and provide some reassurance to viewers that this site is protected. 🙂
So my goals for 2018 are smaller that 2017 but none the less intense.
I currently working on the VCP6-NV study, after failing the exam last month by about 20 points. So I’m working very hard at studying to pass the exam in a litter over 5 weeks.
After that I’ll be studying for the CompTIA CSA+ and MCSE: SI 2016, if I have time the AWS:SA. That’s my goal for 2018. it’s a smaller list than last year but no less focused. Once I get those 3 exams after NSX I’ll decide the path I’ll take next.
I think VCIX-NV is my next goal with VCIX-DCA shortly afterwards.
Sometime down the road CompTIA CASP and CISSP are on my roadmap but I need a few more years, for me, before I decide ot go down that path.
I’d like to make a fresh attempt at my CCNA: R&S and DC at some point and perhaps a CCNP just to have the knowledge when designing VMware infrastructures.
On a personal note, my goal fiscally is to get 30k into savings and to invest 15k. For my health, I bought a Bowflex Total Gym and my goals with that is to get into fit and trimmed shape.
I’d like to keep journaling daily, working on reading a leisure book a week, keep saving money, building my credit score upwards to 775, blogging on here more often, getting a few modifications for my new Subaru WRX, spending more time with my parents and dog, spending more time with my friends and doing a little bit of traveling. I’ve recently got into cooking, painting, and playing my grandfather guitar, so my list of hobbies just seems to keep on growing….
somewhere along the lines I hope to meet an amazing woman again after now being single for almost 2 years in April. But my goals aren’t on that part of my life as my life is very busy and focused and that’s most important to me. My goal by 2020 is to strongly consider buying a house.
But this is my outlook for 2018.
so wanted to update the blog. Passed the 70-410 and 411 recently and onward to 412, then 413 and 414 for MCSE 2012.
I felt it was needed for me to get a MCSE since I’m a VCP and they go hand-n-hand. Plus I wanted to have the credential to back me up so I can no longer have people judge me by what I say. 😛
So take that judgemental fellow IT people, take that and shove it up you a**! 😉
So today I got a nice email:
So now I can start using the VMUG NSX training and I’m stoked! – going to get deep into the books now and study even harder. Want to take exam in two weeks now that I got some ICM love and official training on-top of the Synex book I’ve read over and the labbing in the home-lab. This is just more icing on the cake!
Lets get this party started!
Check back soon in a few weeks to see this:
I was on the VMware forums on Wednesday and one of the biggest names in Software Defined Networking at VMware made a posting about a offering VMware was giving away in regards to training for VMware’s Software-Defined Networking for the datacenter and for vCloud, the software behind what makes the ‘cloud’ a reality for MSP industry who are “in-deep” as they say, so I was like sure why not I’ll make a post about my career and see what happens…
I feel that for the MSP world to really work, there needs to be a shift from private clouds to a hybrid with a public to public IaaS fabric that solves one of the biggest problems in IT right now, Security. VMware NSX is one of the most secure public to public frameworks I have ever seen. It solves the problems we, as IT professionals face, in regards to the concerns of customers around security and this was expressed in the posting.
Well, I was a little shocked this morning, as I got selected!
Here is what the reward was and what they asked. 🙂
Well after a few months of studying and failing the exam the end of December I wanted to pass it this time, so I blew away my home-lab like 5 times and did it in 4 different ways to make sure I knew the content. Took the exam on March 25th and passed the exam with a score of 383.
Now onto the road towards the following exams:
So over the weekend I was labbing as per normal and I’ve been running into contention issues with my network and I think my tested and true Cisco 3750G’s are finally meeting their makers. The bonded Quad 1G connections over a vDS are starting to show slowness. I am kind of hammering the crap out of the lab. It gets very slow when I set DRS/SDRS to fully automatic and the whole backup storage goes to a crawl once those 1G links are saturated.
So I think I’m upgrading the Dell R610’s to 10G for ISCSI and LAN traffic.
I already have a Cisco 3750E as the core switch, and (4) Cisco 3750G’s in the rack and the (4) Cisco 3750E’s have just arrivedm just waiting for the 10G X2 cards to arrive. 😀
The additional Sonicwall TZ 210 arrived on Wednesday, snagged it for $50, I think I’ll use one of the 3750G slim (1U) as the DMZ switch.
I already have a QNAP TS-531X as my 10G-ready NAS, that is just being used at 1G on a dual bond. However I did kind of make an impulsive move with work and bought a TS-831X as-well as we get a steep QNAP discount at work. I think I might use the TS-531X as the new backup appliance and/or plex server.
Did some research and I think I’m going with these, as the most cost effective manner to go 10G:
The plan, for now, is to go solo 10G connections for both iSCSI/vSAN and for LAN traffic on both of the 10G ports on the 57711’s. I’ll setup Network I/O in Enterprise Plus 6.5 to manage the traffic. The pre-existing Dual Quad nic’s will be setup on the Storage 3750E’s in a Quad LACP bond as a standby link in the event the 57771 goes offline and like-wise for the LAN traffic. Each of the Quad LACP links for LAN and Management will most likely also be split 2-n-2 per Quad Nic so there isn’t only a Quad LACP but the traffic is balanced 2-by-2 across both Quad Nic’s. I like redundancy.
As for the 10G links well maybe at a later date I’ll snag another 3750E and another 57771 per host and reconfigure traffic flows so storage will have redundant 10G.
This network and storage fabric will be in two different stacks and the network will be a collapsed core.
I feel that this is the ideal setup as I’m going more towards a VMware NSX setup and I’d like to make the physical networking fabric as simple and as fast as possible. 🙂
I think I’ll keep the 3750G and 2960G around, as they might come in handy later on. 😀
Lastly, I still have these two Brocade 6610’s I got off ebay last month, that I may just use them as the Storage switches, but what is sad is I still need one more 10G license for the 2nd 6610 and it’s $650 off ebay. It’s still cheaper @ $105 per for two more Cisco 3750E’s of ebay. So I’m perplexed. I’ll use these 6610’s for something, maybe use one as a overkill replacement to the DMZ 2960G. 😀
Here is the design idea. 🙂
What is vExpert you might be asking yourself, and it’s a very valid question. It’s an offering from VMware to people that follow the VMware community and are supportive of the products they provide. It’s also for people that speak of VMware products at events, in blogs, on forums, and in social media.
Now you all are probably like kool so it’s a neat looking title, but it’s so much more than that, namely speaking VMware provides licensing for their VMware products for the entire year of the title.
This licensing if you bought it would cost 10’s of thousands of dollars retail, what this allows you to do in make a home-lab, like the one on my blog, so you can play with VMware products in the comfort of your home and not with screaming end-user complaining about something you broke. Additionally, VMware vExpert gives you access to free licensing and other offers from countless VMware Industry partners like Veeam, Trend Micro, Symantec, Brocade, etc; all of which if you didn’t apply for this free-to-join community would cost you out-of-pocket.
It’s truly a no brainer, apply today!
Took the CompTIA Storage + exam on Saturday and passed, it was a pretty straightforward exam, I enjoyed it quite a bit. The study prep for it was also nice to learn, learned a number of things that will follow me through in my datacenter and system administration roles. Will use the knowledge from it to make effective datacenter decision moving forward, and I will have ap lan on my shelf for the book for reference.
Study Material Used:
Onward to the Cisco CCNA:R&S (ICDN2) pursuit to finish up that certification. I will either do VCP6-DCV after that or do Project + or possible both if I’m crazy enough. 🙂
Reading an article online today about a fix to an issue involving Windows Server 2008 R2 and it’s write performance to a Back-End SAN it made me curious. Since in a VMware world, especially, your always looking for way to improve back-end performance for SQL and other write intensive servers/applications and bleed as much perofrmance as possible.
After applying this hotfix perofrmance improved for Writes as-well as on reads.
Hopefully this hotfix helps other as it has helped me. 🙂