HP Master ASE FlexNetwork Solutions

So I’m now a HP Master ASE! 🙂

Now that I’ve achieved this I figured it would be a good idea to write down my thoughts on the recommended training courses for the exam, my preparation for it and the exam itself as well as my wider views on the certification as it currently stands. I had originally hoped to blog the journey but a combination of work pressures and a compressed timescale for this has prevented me from doing so.

Overview

HP have replaced the old Master ASE – Network Infrastructure [2011] with the new HP Master ASE – FlexNetwork Solutions V1 as of late last year and I’m one of the first people to go through the process from what I’ve been told – indeed, I’ve heard that the number in Europe that have passed the exam is possibly in the very low tens. The content is significantly different and this has presented some challenges and frustrations during the process – more on that in a bit.

I was asked to go through the training and certification as part of work’s requirement to retain HP Platinum Partner status and although HP Networking is a much smaller part of my job now than it was, it still ties in with the wider DC solutions piece that I deal with. As such I didn’t have any issues agreeing to do it, figuring that it would be good to get a much better understanding of some technologies like SPB, TRILL and MPLS whilst also being better informed about the HP view of the more emerging technologies in the networking world.

To do this certification you either need to have one of the pre-requisite certs from other vendors (i.e. CCIE) or have either the HP ASE FlexNetwork Architect or HP ASE FlexNetwork Integrator certs, depending on which path you’ve taken. I’ve got both of these ASEs for one reason and another which actually turned out to be pretty helpful.

HP recommend three training courses for this certification:

And then there is a requirement for one exam:

I passed the exam at the end of the third week of training so all in it took me 5 calendar weeks to complete.

The Training Courses

I took all of the training at Host Computers, based in Shifnal near Telford in the UK. This totalled three four day weeks with a week off in between each.

All of the training was led by Lester Dias and I have to say, as an instructor he is absolutely superb. His knowledge, patience, teaching style and sense of humour has to be given a huge amount of credit for me completing the certification in the time I did.

For the first couple of weeks I stayed in the hotel that the training centre is part of – Haughton Hall. Unfortunately this turned out to be a bad move as the hotel is quite dated with back-breaking beds, painfully slow Wi-Fi, cold rooms, noisy radiators and mediocre food. I spent the last week commuting from the Premier Inn – Telford International Centre which was infinitely better.
HP Master ASE Books
The courses themselves were the usual classroom delivered PowerPoint slog with a hefty number of text books and remote labs provided by Computer Data. On the whole there was a huge amount of content to deal with each week and the labs were buggy and slow at times but overall it worked (sort of).

Course 1 – Building HP FlexFabric Data Centers

This was my favourite course of the three as it covered what are for me the most relevant technologies to the real world – MCE (VRFs), Multi-device Context (MDC), EVI, MPLS L2VPN, VPLS, SPBM, TRILL, DCB & FCoE and VEPA/EVB. The pace was pretty brisk but the labs were thorough enough although at times they felt like an exercise in retyping commands from the book without much understanding of what you were doing. For me the best bits were when the lab didn’t work and you got to apply the knowledge to troubleshoot the issue which very much aligns with how I learn. Finding a weird bug in SPBM doing load balancing of VRRP packets in a particular code version wasn’t much fun though.

The lab environment itself did have issues for me and others with code versions and default configurations missing, links between devices not working and certain scenarios broken due to issues with class-wide components such as shared core switches having incorrect configurations.

Depth wise, I feel I could implement these technologies in straightforward deployments (I’ve already done a couple of them to a level beyond the course) but there are a lot of knobs and features that we just didn’t cover. If I had a complex deployment I’d still be looking either for guidance from HP or to build a decent PoC before committing to a working design.

I was pretty disappointed that VXLAN, NVGRE, EIRF and MPLS L3VPN were all relegated to an appendix and not covered during the course (or the exam). These are incredibly important technologies today and I feel they have been unfairly side-lined in order to squeeze the course into 4 days and to make room for the SDN side of things. The first two also don’t quite align with HP’s SDN push which might also have something to do with it.

Course 2 – HP Unified Wired-Wireless Networks and BYOD

This course broadly covers two parts; the first is a trip through all of the various aspects of wireless (and the Comware controllers with IMC WSM) and the second revolves around HP IMC User Access Manager [UAM].

The first half was pretty straightforward as it’s pretty much just book learning and if you’ve been dealing with HP wireless for a while, established knowledge.

The second half from a conceptual point of view generally makes sense although it took quite a bit to get there – it covers all of the different flavours of access that UAM can support from basic guest BYOD all the way through to EAP-TLS with self-service certificate enrolment. The labs though are where it all started to fall apart.

To start with, the environment was buggy and painfully slow (1 core and 4GB of RAM for an IMC server!) and the lab guides were very much an exercise in just adhering exactly to the book. Whilst this led to working configurations in the first course, UAM itself was unreliable with various issues including disconnecting a device, removing all access for it and reconnecting it to find it gets given full access!

Lab aside, I can’t believe how frustrating and unintuitive UAM as a product is to use. It is incredibly difficult to conceptualize how the building blocks of one endless configuration screen after another fit together, let alone how to troubleshoot it when things do go wrong (I ended up in the log files on a number of occasions). From what I have seen of it and heard from colleagues who have dealt with it, I would not want to put the solution in for a customer as whilst an experienced engineer may be able to navigate all of the options and coerce the system into doing what is required, a customer does not stand much chance operating the solution without issue and easily troubleshooting it if (when) something does go wrong.

I don’t have the space and patience here to go into depth on this here but if anyone from HP reads this, please do get in contact as myself and colleagues would love to sit down and look at this problem constructively and in contrast to the far better BYOD solutions out there.

Course 3 – Creating HP Software-defined Networks

This course started with a pretty detailed run down of OpenFlow-driven SDN and how it is implemented on HP switching and then went into the HP SDN Controller and some of its capabilities. It’s necessarily a huge amount of theory as it’s a new topic (labs weren’t involved until over halfway through) but to HP’s credit I did learn an awful lot from this, especially as I was completely new to OpenFlow.

The implementation of OpenFlow does seem pretty mature although there are the usual differences between Comware and ProVision to keep in mind. Unfortunately the HP SDN Controller isn’t brilliant; it just about functioned in the lab and requires a lot of command line to really get the most out of it. It also doesn’t really do very much. Path Daemon does give you a working topology by installing flows based on ARP as required but it has some scalability issues (no more than 200 endpoints) and doesn’t have much other functionality.

HP’s big sell is their SDN Appstore with the goal that it will offer a wide variety of controllers, applications and tools, both from a vendor and a community perspective. Unfortunately there’s not really much content there and few updates since it was launched which already make it feel a little stale. HP’s two flagship solutions are Net Optimizer for Microsoft Lync and Net Protector. The former integrates with the Lync front-end servers to understand Lync sessions on the network and dynamically install flows to prioritise this traffic whilst the latter pushes traffic (either DNS for blacklist checking or everything) through a tunnel into the app to run TippingPoint RepDV signatures against. They both feel like solutions looking for a problem and in the case of Net Protector, pales in comparison to other solutions on the marketplace.

Interestingly, the IMC VAN SDN module barely got a look-in during the course, other than a few screenshots in the textbook that show the monitoring capabilities. Clearly this isn’t quite as joined up yet as it should be.

I’ll probably do a separate post at some point covering why I’m not a big fan of HP’s SDN approach in general, particularly for the DC, but suffice to say that whilst I think it was technically interesting, I don’t see it being widely deployed.

Exam Preparation

Reading the sample questions in the exam prep guide scared me quite a lot as I was seeing questions about detail that was buried away in footnotes inside the massive pile of course books. This breadth and depth is pretty intimidating and an enormous mountain to climb. I’d taken pretty thorough notes throughout the courses but still found it helpful to re-read all of the books and double-check/update my notes as well as use the learning checks to test myself.

At the beginning of the last course I decided to try the exam at the end of the week so my evenings in the hotel were spent revising the previous two weeks while trying not to forget everything I’d learnt that day. This turned out to be a pretty big undertaking as physically reading that much in a week is massive ask. I also had to spend a decent amount of time making sure I was happy with how the building blocks for the configuration of each technology fit together (i.e. VSIs in SPBM and VPLS, X-Connect groups in L2VPN, etc.) as I knew from the guide that this would be tested.

I didn’t spend any time doing lab work to revise as although I’ve got a decent Simware environment at home I knew that there wouldn’t be any simulations in the exam and that it’d be a lot of theory. I’d also just about had enough of labs after the frustrating experiences during the course.

Exam

I’m not going to say too much about the exam because obviously there’s the NDA in place when you take it but I will say that I found it did cover the breadth and depth that I was expecting but as I went through it I felt pretty confident. HP have a wonderful habit of putting in a “destructor” into the possible answers – an answer that looks close enough to be correct but isn’t and so trips you up – and there were a number of these but overall I finished the exam in a little over an hour through the 1 hour 55 minutes allowed.

The pass mark for the exam is 65% which I’ll admit was reassuringly low as it meant I could get 21 of the 60 questions wrong and still pass but in the end I scored 85% which I’m really pleased with.

Afterthoughts

I’ve had a long weekend and a good few glasses of wine since I did this to relax and mull on it somewhat and I feel pretty ambivalent about it now.

On the one hand, I’ve wanted to achieve this for a while and I’m really glad that I have and amazed that I managed to do it in the timescales I did. It’s a great thing to add to my CV, regardless of its direct relevance to my current day job and it’s also taught me some new technologies and cemented my knowledge of some old ones.

Oh the other, I went into this feeling apprehensive about the change from pure routing and switching into the amalgamation of three very different technologies and I do still feel that this is a mistake. It is far too much content to push into one certification and much of it isn’t relevant to most people’s world. Those who are looking to demonstrate their depth of experience in datacentre R&S for example are going to be switched off by SDN and wireless and similarly vice versa.

It also suffers from being unable to go into the proper depth on any of the technologies as a result of the amount of content it tries to fit in. Whereas certifications like the CCNP and CCIE will actually test detailed understanding of the implementation of the technologies in that world, this felt at times like a glorified marketing exercise; attempting to teach us about the HP things that people don’t know about.

Perhaps this is a symptom of HPN having a much smaller market share and maybe HP feel that this is what’s required to help grow that (I don’t think it is) but I don’t feel that the Master ASE is the accomplishment it should be.

That said, it’s still an accomplishment and still not an easy one at that which I’m proud to have achieved. I look forward to seeing how others get on with this as they recertify when their 2011 certs come up for renewal.

Microsoft TechEd Europe 2014 Day 1

I’m fortunate to be at TechEd Europe this year (at slightly short notice) and wanted to share some of the things that I’m picking up on at the event. There’s a few topics I’ll do specific blog posts about but here’s a general overview of Day 1 and some of the bits I’ve seen.

Themes:

The keynote was good; couple of hours but kept reasonably fast paced with some interesting announcements and demos. What was interesting was the areas that were touched on and what was left out. The key areas are:

  • Data
  • Consistent Device Experience
  • Cloud (Hybrid and Public)
  • Software Defined Datacentre

There was nothing really on traditional on-premises systems such as Exchange, SharePoint, etc which depending on your perspective is either because we’ve just gone through a major release of these products or because it’s a strong focus on cloud.

Data:

People who don’t understand the value of data often fail to understand why Microsoft is playing in the search space with Bing when Google has so much of the market covered however this is extremely short sighted. As pointed out in the keynote, there are now more connected devices on the planet than people and with the Internet of Things taking off, the ability for Microsoft to understand the internet and the huge amount of data contained becomes really crucial to delivering valuable services to users and this is what Bing enables. Cortana’s brain, for example, is effectively Bing.

Consistent Device Experience:

Obviously there’s a lot of information coming out about Windows 10 and Joe Belfiore did a great job of showing some of the features there and it’s a good middle ground between Windows 7 and 8. It’s also worth noting that security was a huge part of this. The subtext though is that Microsoft is clearly trying to push the experience right across the device spectrum from phones to the largest PCs. This also encompasses other breeds of devices including iOS and Android; Office is a good example.

Cloud:

Microsoft is showing a clear commitment to making every part of the software defined datacentre integrate with the public cloud as much as possible and to make that as easy as possible, whether it’s backup or remote desktop. Here are the areas from the Keynote:

  • Management
  • Virtualisation
  • Identity
  • Networking
  • Data
  • Development

SDDC:

Given my focus, this one has me really excited. The next versions of Windows Server and the System Center suite will have significantly enhanced capabilities in many areas, building on foundations that have been laid already. Of particular note:

I’ll be posting my thoughts about CPS in the next day or as I think it’s a very strategic play by Microsoft. More to come!

HP IMC Firewall Rules

I use HP’s Intelligent Management Center a reasonable amount as I often install it as the NMS of choice for HP network deployments. As a result, I’m often caught by problems with things hitting the Windows Firewall and breaking.

Here’s a list of the exceptions that you need to add to the Windows Firewall for IMC. This list is incomplete but I’ll add to it as I find more:

Base Platform:

  • HTTPS – TCP 443 – This is assuming you’ve changed from the default of 8443 which I recommend
  • SNMP Traps – UDP 162 – <ServerInstallDir>\server\bin\imcfaultdm.exe
  • TFTP – <ServerInstallDir>\server\bin\tftpserver.exe – This fixes issues such as IMC not being able to back up HP ProCurve switch configurations

Wireless Services Manager [WSM]:

  • WLAN – (<ServerInstallDir>\server\bin\imcwlandm.exe) – This fixes a MSM not being able to connect to the Mobility Manager IP set in the Web Administration. For reference, this port is TCP 7668.

If you know of any others, please do let me know!

Updates:

2014-01-17 – SNMP Traps

HP MSM720 Wireless Controller Factory Reset & Firmware Bug

I couldn’t find any correct documentation about how to actually reset the configuration of a HP MSM720 Wireless Controller without using the web interface and I had to figure it out for myself – the issue that caused me needing to do this is in the second half of this post. Here’s how you do it:

Connect via serial to console port

Here’s a screenshot from PuTTY with everything you need to know:

MSM 720 Serial Settings

Reset the configuration

Type in the following commands to clear the configuration and reboot the device:

enable
config
factory settings

What doesn’t work

The documentation talks about using the Reset and Clear buttons together to return the device to factory defaults. Here’s a picture of the device:

MSM 720 Front Panel Features

What you actually find when you try it is that there isn’t a clear button, only a hole. I’ve seen this on at least two different controllers so this definitely isn’t a manufacturing fault but I’ve no idea why. What this means, of course, is that you have to use the CLI method above to reset the device.

The original issue

I install a lot of HP MSM equipment and am used to the more than occasional idiosyncrasy (more on that another time) but by and large they do what you tell them to do. This one had me stumped. Consider the following:

Access Network VLAN IP: 10.100.1.10/24
Internet Network VLAN IP: 10.100.99.10/24
Default Gateway IP: 10.100.99.254
Static Route: Destination 10.0.0.0/8, next-hop 10.100.1.254

Here you have the basic information for the initial configuration of an MSM720 with an “inside” and “outside” network assuming that the internal LAN/WAN is based on 10.x.x.x addresses and the internet is available through the gateway on the Internet VLAN at 10.100.99.254. You need the static route as you can’t have two default gateways and need the controller to be able to talk to the APs across the internal networks. All completely textbook.

Unfortunately, when configuring these settings, in this order, on a controller that came out of the box running version 5.7.1.1 – the controller stopped responding when applying the static route. Power cycling the box would appear to work but I couldn’t ping the device on the LAN or Internet VLANs but the console was perfectly responsive once I’d figured out the very odd serial settings.

After resetting the box, I upgraded it to V6.0.0.1 and went through the above steps with no issues this time. It’s also my understanding that this issue is fixed in 5.7.3.0 but I’ve not fully tested this.