HP Master ASE FlexNetwork Solutions

So I’m now a HP Master ASE! 🙂

Now that I’ve achieved this I figured it would be a good idea to write down my thoughts on the recommended training courses for the exam, my preparation for it and the exam itself as well as my wider views on the certification as it currently stands. I had originally hoped to blog the journey but a combination of work pressures and a compressed timescale for this has prevented me from doing so.

Overview

HP have replaced the old Master ASE – Network Infrastructure [2011] with the new HP Master ASE – FlexNetwork Solutions V1 as of late last year and I’m one of the first people to go through the process from what I’ve been told – indeed, I’ve heard that the number in Europe that have passed the exam is possibly in the very low tens. The content is significantly different and this has presented some challenges and frustrations during the process – more on that in a bit.

I was asked to go through the training and certification as part of work’s requirement to retain HP Platinum Partner status and although HP Networking is a much smaller part of my job now than it was, it still ties in with the wider DC solutions piece that I deal with. As such I didn’t have any issues agreeing to do it, figuring that it would be good to get a much better understanding of some technologies like SPB, TRILL and MPLS whilst also being better informed about the HP view of the more emerging technologies in the networking world.

To do this certification you either need to have one of the pre-requisite certs from other vendors (i.e. CCIE) or have either the HP ASE FlexNetwork Architect or HP ASE FlexNetwork Integrator certs, depending on which path you’ve taken. I’ve got both of these ASEs for one reason and another which actually turned out to be pretty helpful.

HP recommend three training courses for this certification:

And then there is a requirement for one exam:

I passed the exam at the end of the third week of training so all in it took me 5 calendar weeks to complete.

The Training Courses

I took all of the training at Host Computers, based in Shifnal near Telford in the UK. This totalled three four day weeks with a week off in between each.

All of the training was led by Lester Dias and I have to say, as an instructor he is absolutely superb. His knowledge, patience, teaching style and sense of humour has to be given a huge amount of credit for me completing the certification in the time I did.

For the first couple of weeks I stayed in the hotel that the training centre is part of – Haughton Hall. Unfortunately this turned out to be a bad move as the hotel is quite dated with back-breaking beds, painfully slow Wi-Fi, cold rooms, noisy radiators and mediocre food. I spent the last week commuting from the Premier Inn – Telford International Centre which was infinitely better.
HP Master ASE Books
The courses themselves were the usual classroom delivered PowerPoint slog with a hefty number of text books and remote labs provided by Computer Data. On the whole there was a huge amount of content to deal with each week and the labs were buggy and slow at times but overall it worked (sort of).

Course 1 – Building HP FlexFabric Data Centers

This was my favourite course of the three as it covered what are for me the most relevant technologies to the real world – MCE (VRFs), Multi-device Context (MDC), EVI, MPLS L2VPN, VPLS, SPBM, TRILL, DCB & FCoE and VEPA/EVB. The pace was pretty brisk but the labs were thorough enough although at times they felt like an exercise in retyping commands from the book without much understanding of what you were doing. For me the best bits were when the lab didn’t work and you got to apply the knowledge to troubleshoot the issue which very much aligns with how I learn. Finding a weird bug in SPBM doing load balancing of VRRP packets in a particular code version wasn’t much fun though.

The lab environment itself did have issues for me and others with code versions and default configurations missing, links between devices not working and certain scenarios broken due to issues with class-wide components such as shared core switches having incorrect configurations.

Depth wise, I feel I could implement these technologies in straightforward deployments (I’ve already done a couple of them to a level beyond the course) but there are a lot of knobs and features that we just didn’t cover. If I had a complex deployment I’d still be looking either for guidance from HP or to build a decent PoC before committing to a working design.

I was pretty disappointed that VXLAN, NVGRE, EIRF and MPLS L3VPN were all relegated to an appendix and not covered during the course (or the exam). These are incredibly important technologies today and I feel they have been unfairly side-lined in order to squeeze the course into 4 days and to make room for the SDN side of things. The first two also don’t quite align with HP’s SDN push which might also have something to do with it.

Course 2 – HP Unified Wired-Wireless Networks and BYOD

This course broadly covers two parts; the first is a trip through all of the various aspects of wireless (and the Comware controllers with IMC WSM) and the second revolves around HP IMC User Access Manager [UAM].

The first half was pretty straightforward as it’s pretty much just book learning and if you’ve been dealing with HP wireless for a while, established knowledge.

The second half from a conceptual point of view generally makes sense although it took quite a bit to get there – it covers all of the different flavours of access that UAM can support from basic guest BYOD all the way through to EAP-TLS with self-service certificate enrolment. The labs though are where it all started to fall apart.

To start with, the environment was buggy and painfully slow (1 core and 4GB of RAM for an IMC server!) and the lab guides were very much an exercise in just adhering exactly to the book. Whilst this led to working configurations in the first course, UAM itself was unreliable with various issues including disconnecting a device, removing all access for it and reconnecting it to find it gets given full access!

Lab aside, I can’t believe how frustrating and unintuitive UAM as a product is to use. It is incredibly difficult to conceptualize how the building blocks of one endless configuration screen after another fit together, let alone how to troubleshoot it when things do go wrong (I ended up in the log files on a number of occasions). From what I have seen of it and heard from colleagues who have dealt with it, I would not want to put the solution in for a customer as whilst an experienced engineer may be able to navigate all of the options and coerce the system into doing what is required, a customer does not stand much chance operating the solution without issue and easily troubleshooting it if (when) something does go wrong.

I don’t have the space and patience here to go into depth on this here but if anyone from HP reads this, please do get in contact as myself and colleagues would love to sit down and look at this problem constructively and in contrast to the far better BYOD solutions out there.

Course 3 – Creating HP Software-defined Networks

This course started with a pretty detailed run down of OpenFlow-driven SDN and how it is implemented on HP switching and then went into the HP SDN Controller and some of its capabilities. It’s necessarily a huge amount of theory as it’s a new topic (labs weren’t involved until over halfway through) but to HP’s credit I did learn an awful lot from this, especially as I was completely new to OpenFlow.

The implementation of OpenFlow does seem pretty mature although there are the usual differences between Comware and ProVision to keep in mind. Unfortunately the HP SDN Controller isn’t brilliant; it just about functioned in the lab and requires a lot of command line to really get the most out of it. It also doesn’t really do very much. Path Daemon does give you a working topology by installing flows based on ARP as required but it has some scalability issues (no more than 200 endpoints) and doesn’t have much other functionality.

HP’s big sell is their SDN Appstore with the goal that it will offer a wide variety of controllers, applications and tools, both from a vendor and a community perspective. Unfortunately there’s not really much content there and few updates since it was launched which already make it feel a little stale. HP’s two flagship solutions are Net Optimizer for Microsoft Lync and Net Protector. The former integrates with the Lync front-end servers to understand Lync sessions on the network and dynamically install flows to prioritise this traffic whilst the latter pushes traffic (either DNS for blacklist checking or everything) through a tunnel into the app to run TippingPoint RepDV signatures against. They both feel like solutions looking for a problem and in the case of Net Protector, pales in comparison to other solutions on the marketplace.

Interestingly, the IMC VAN SDN module barely got a look-in during the course, other than a few screenshots in the textbook that show the monitoring capabilities. Clearly this isn’t quite as joined up yet as it should be.

I’ll probably do a separate post at some point covering why I’m not a big fan of HP’s SDN approach in general, particularly for the DC, but suffice to say that whilst I think it was technically interesting, I don’t see it being widely deployed.

Exam Preparation

Reading the sample questions in the exam prep guide scared me quite a lot as I was seeing questions about detail that was buried away in footnotes inside the massive pile of course books. This breadth and depth is pretty intimidating and an enormous mountain to climb. I’d taken pretty thorough notes throughout the courses but still found it helpful to re-read all of the books and double-check/update my notes as well as use the learning checks to test myself.

At the beginning of the last course I decided to try the exam at the end of the week so my evenings in the hotel were spent revising the previous two weeks while trying not to forget everything I’d learnt that day. This turned out to be a pretty big undertaking as physically reading that much in a week is massive ask. I also had to spend a decent amount of time making sure I was happy with how the building blocks for the configuration of each technology fit together (i.e. VSIs in SPBM and VPLS, X-Connect groups in L2VPN, etc.) as I knew from the guide that this would be tested.

I didn’t spend any time doing lab work to revise as although I’ve got a decent Simware environment at home I knew that there wouldn’t be any simulations in the exam and that it’d be a lot of theory. I’d also just about had enough of labs after the frustrating experiences during the course.

Exam

I’m not going to say too much about the exam because obviously there’s the NDA in place when you take it but I will say that I found it did cover the breadth and depth that I was expecting but as I went through it I felt pretty confident. HP have a wonderful habit of putting in a “destructor” into the possible answers – an answer that looks close enough to be correct but isn’t and so trips you up – and there were a number of these but overall I finished the exam in a little over an hour through the 1 hour 55 minutes allowed.

The pass mark for the exam is 65% which I’ll admit was reassuringly low as it meant I could get 21 of the 60 questions wrong and still pass but in the end I scored 85% which I’m really pleased with.

Afterthoughts

I’ve had a long weekend and a good few glasses of wine since I did this to relax and mull on it somewhat and I feel pretty ambivalent about it now.

On the one hand, I’ve wanted to achieve this for a while and I’m really glad that I have and amazed that I managed to do it in the timescales I did. It’s a great thing to add to my CV, regardless of its direct relevance to my current day job and it’s also taught me some new technologies and cemented my knowledge of some old ones.

Oh the other, I went into this feeling apprehensive about the change from pure routing and switching into the amalgamation of three very different technologies and I do still feel that this is a mistake. It is far too much content to push into one certification and much of it isn’t relevant to most people’s world. Those who are looking to demonstrate their depth of experience in datacentre R&S for example are going to be switched off by SDN and wireless and similarly vice versa.

It also suffers from being unable to go into the proper depth on any of the technologies as a result of the amount of content it tries to fit in. Whereas certifications like the CCNP and CCIE will actually test detailed understanding of the implementation of the technologies in that world, this felt at times like a glorified marketing exercise; attempting to teach us about the HP things that people don’t know about.

Perhaps this is a symptom of HPN having a much smaller market share and maybe HP feel that this is what’s required to help grow that (I don’t think it is) but I don’t feel that the Master ASE is the accomplishment it should be.

That said, it’s still an accomplishment and still not an easy one at that which I’m proud to have achieved. I look forward to seeing how others get on with this as they recertify when their 2011 certs come up for renewal.

HP IMC Firewall Rules

I use HP’s Intelligent Management Center a reasonable amount as I often install it as the NMS of choice for HP network deployments. As a result, I’m often caught by problems with things hitting the Windows Firewall and breaking.

Here’s a list of the exceptions that you need to add to the Windows Firewall for IMC. This list is incomplete but I’ll add to it as I find more:

Base Platform:

  • HTTPS – TCP 443 – This is assuming you’ve changed from the default of 8443 which I recommend
  • SNMP Traps – UDP 162 – <ServerInstallDir>\server\bin\imcfaultdm.exe
  • TFTP – <ServerInstallDir>\server\bin\tftpserver.exe – This fixes issues such as IMC not being able to back up HP ProCurve switch configurations

Wireless Services Manager [WSM]:

  • WLAN – (<ServerInstallDir>\server\bin\imcwlandm.exe) – This fixes a MSM not being able to connect to the Mobility Manager IP set in the Web Administration. For reference, this port is TCP 7668.

If you know of any others, please do let me know!

Updates:

2014-01-17 – SNMP Traps