Om Prakash

Hello? I'm on Zoom. I'm currently working in telecommunications limited as a senior manager. So basically, my current file is just for doing a network configuration as routers, which is firewalls and doing all the kind of, uh, network related steps. Okay? And monitoring the firewalls and, uh, monitoring the logs and, uh, providing the solutions for l three, l two escalated ticket. Okay. And also doing the day to day basis ticket review and also doing the network management, network configurations, and, uh, providing the design for advanced solutions related to networks. Okay. Also, doing the SIC and GTN related configurations. So I am handling with the GT and Gscaler. So it's providing the g routers network solutions and also doing the day to day basis tickets review and doing the meeting with the customers and, uh, our l two team and providing the best solutions based on the requirements. That is my day to day task that currently I'm doing with the company. So hopefully.

I'm not much about the COVID framework, so it is new for me. So sorry.

BRRP is providing the virtual router redundancy protocols. So it is related to the providing the gateway redundancy from, uh, LAN to WAN. So when any traffic going from LAN to WAN, so we provided the virtual gateway, okay, which has the virtual, uh, MAC address. So once traffic initiated from inside to outside, so that will get all the resolutions from, uh, this, uh, VRRP virtual life. So So we have to configure the priority. Higher priority will be the active, and lower priority will be the passive. We can track the WAN interface based on the tracking of the LAN interface or IPSLE. So we have to put the command BRRP and group number and then try try interface. So we provide the the tracking so that if when interface will be up, so it will get the particular parity, whatever we said. If that drive wheel goes down, it will decrease the your parity, and that particular router will goes into passive state. So that your forwarder will be your backup router. So MAC address will resolve accordingly. So this virtual MAC address will be virtual MAC address for VRRP will be your group ID of your VRRP and also the group address of the both as active and vice. So that's why this is the doing. Hope it's just

This scaling is, uh, Citrix NetScaler load balance based on the source and destination basis of the HTTPS traffic. So it will form the clusters between the servers. Okay? So it will be assigned the priority, like, uh, how much HTTP traffic will goes from, uh, this server to, like, in the particular node 1, node 2, node 3. So based on that, we'll be providing the, uh, round robin or first in first out or pair TV series or so many methods we can do the load balancing based on the traffic loads. So if you so based on if higher loads will be distributed between 5 node, 6 node, and we can configure the reality that which one will be the first, which one will be second, and so soon will be the third. So we have to set the all those parameters, therefore, It can mean traffic and outgoing traffic. So based on the that, the setup will be released. So there are 3 kinds of load balancing. 1 is the network load balancer. 1 is the application load balancer. Another is the classical load balancer. So in the network, load balancer is doing the based on your, uh, virtual IP and your physical IP of the server. So it will load balance only with the public one virtual IP and the load balance with all those servers. The application load balance and that will happen through HTTP and HTTPS. So it will provide the load balancing based on your, uh, topics and your HTTPS, SSL app, t s TLS topics.

So ISPF is the, like, link state protocol. Okay. So it's providing the dynamic routing. So, basically, this is related to so this is related to the routings is the from interface to interface. So this is basically NLRI, okay, network level receivability information. So for that, uh, you have to configure the network interface. Either you can enable with the, like, IPOSP of area 0 over the interface or either you have to go for a OSPF process and then do the network statement. Okay? And you have to provide the address and also you provide the submit mask. Submit mask will be in the wildcard switch way. So, like, network, uh, 1, 2, 3, 4, and then wild card will be 0 and then provide the area so that it will cover your floor full of your interface address. So you can also do, like, uh, put full address in the OSP 3, like network 0 0 0, 255, 255, 255, 255, and area 0. So it will cover full of your address of your router. So if you want to exclude some routers, so you have to put IP by same interface, particular interface so that it should not perform the, uh, uh, never look up and hollow packet to that interface. So OSPF is basically is providing the cost based routing. So it will calculate the path cost, so which is the so this path based on that, it will choose the, um, choose the routes. So it has 5 kind of, uh, LSA, like, uh, hello database description, LSA, LSE, LSR. And it has, uh, uh, 4 kinds of network interfaces, like a point to point, point to multipoint, and non broadcast multiexis and broadcast multiexis. So for non broadcast multi access, you have to configure the never statement. And for point to point, this, uh, hello and dead interval will be 10 and a 100 10 and 30 40. And for, um, point to multipoint, our versus And for non broadcast, multi access is 40 to 1 20 seconds for the calculation of the hello and the holdout time intervals. So that is for OSPF. And for other routing protocols, like, uh, EICRP is doing an equal path cache load balancing, which is OSPF is not doing for OSPF is doing the equal path cache load balancing between the equal metrics. So if we unequal metrics, it will not bring the load balance. So OSPF is providing the whole LSA update within 30 second. And for, uh, like, EIGRP and RIP, it has some limitations like in RIP, it has only up to 15 hope if we count. And for this is the limitations for class full, class list in the but, uh, OSPF is like, uh, this is the hybrid protocols, which is contained the dis distance vector and linked state while, uh, this one, OSP is only link state protocols. So it's providing the major difference, like, uh, how you can configure the network and other stuff. Focus.

SSL VPN is like a TLS VPN who's providing the remote access to connect your, uh, office network to from home or any remote locations. So SSL VPN is like you have to configure your certificate from the servers, and then you have to upload the CSR and assign the certificate and then upload in the firewall, then you have to get your certificate. And once you get the certificate, then you have to also assign your pool IP from which pool your customer will get IP and also assign the interfaces, like, which trust interface that traffic will initiate and what will be the destination address, what will be the gateway. So everything you have to configure and you have to configure certificate. You have to configure the user user detail, like, how it will get us integrated, whether it will go for LDAP, like, active directory or local authentication, or it will go for ISE, or it will go for any kind of, uh, radius and. So it will be based on the measure profile. So for parameters, you have to configure. 1st, you have configure interface, then you have to configure the SSL certificate, and then you have to configure the crypto profile. And then you have to configure the, uh, trusted zone, which will be inside and outside. And then you have to configure the proxy IP, like which remote IP people, and then initiate the policies service policy that, uh, what kind of traffic it will initiate source to destination destination to source. So everything you have to initiate, and then you have to put the client and also put the what, uh, kind of VPN they want to install. So based on that, you have to provide in that link. So once the client will go for SSL VPN, they have to upload the they have to browse the site and then they have to upload the certificate. So for uploading the certificate, they have to do with the 3 kinds of certifications. I mean, uh, firstly, the private key, public key, and then CSR. So once certificate signed by the customer, it will go and touch with your root c s r d. So from, uh, route c, it will validate and get the certificate. And once you will get certificate, then you have to upload your certificate to uh, VPNs. And, uh, once it will get uploaded, we'll validate it with your public key and your organization's detail and your and your serial number, IP's, uh, public key is what's set for once it will get nice, then it will validate, and it will forward URL too. It will validate, and it will allow that, yes, you are the right person, so you can go ahead and proceed to access the sites. So, basically, the TLS connection will happen. Okay. So k taking very important roles to doing the communications privately, public key. So you have to make sure that you have to always keep your private key with yourself. You it should not explode to to the Internet or anywhere. So only private key, you have to do the sign with CSR, and it will go to validate with the root c. So that is the considerations you have. But the private key will be where You have to keep yourself, and it will use to decrypt your certificate or this CSR. So this is the key.

So there is many way you can check the network hybrid license. There could be either there some PC has been affected with your, uh, virus. It's and which is sending the so many, uh, topics. So based on the how it get affected some ports that may be open and it will try to send your unlimited traffic. So and, uh, also, if you get that high load high traffic on them, you have to apply the QS policy, and let's see that which kind of traffic that you want to prioritize. Like, UIP, you have to provide the highest priority and, like, file and other stuff that you have to put into a normal traffic and, like, some, CPU and other, uh, like, server traffic, and other stuff. So you have to provide the bandwidth. Okay. So, like, class based with the fair key, you have to configure. And, uh, based on that, you have to provide the service policy, class map, policy map, and service pro policy, and you have to apply that policy over the interfaces. So, also, if possible, you have to check the graph that how much bandwidth with this peaking and, uh, what will be the source and or from which source this topic is connected. So you have to use your NetFlow or, uh, this network NMS tool. So you can check from which topic this topic is spiking. So you have to tell that particular customer because you have to control your topic. Either you have to check your PC, see anything. Unusual activity is going on either. Maybe some virus affected or something in your tag like datas or other stuff. So you have to check that PC and resolve or remove from the system. So if you need a tag, something like that. So 4, 5 steps that you have to take. So 3 major steps that I told. 1st, you have to check with the affected PC, and you have to check the network logs from which PC the log is coming, and then you have to install antivirus r remote from the PC. First, you have to fix the every antivirus patch and update it, then you have to connect back into the remote. And, also, if some backup and other stuff is going on, so I have to tell the customer that take the backup on off time, like, uh, not in production also that it will be not a professional, uh, Raul's. So many steps that you have to take before is, uh, traffic going into people. And, also, check with the provider that if any have link utilizations issue. Like, in the customer side, there may be a high link latency. Are there maybe some issue with the fiber cards? Or if they are using 2, 3 link, 2, 3 link are in one link going down, so they are using backup links. So in that scenario, we have to check the customer, and we have to tell that, please, uh, provide the proper services so that traffic should not get disturbed. So so major steps basically like that. We have to contact the providers. And, also, we have to check inside the LAN if there are any loops out there. So if any LAN loop is there, so we'll also we create high traffic inside the LAN. And, also, one side, we have to check-in any unusual activity going on. Our loop happens so that whatever traffic going out, same things the receiving. So it will create also low. So low situation is also great, heavy traffic on. So many factors here that people know.

So for migrating to enterprise system AWS Cloud, so you have to take, uh, many steps. Okay. First things, you have to see your Internet speed and Internet bandwidth that you should have proper bandwidth. And then you have to, uh, check that, uh, your all the network infrastructures, all IP, and all your servers and everything, they have taken proper backup, and you have to take the schema for that, like, every IP details, every network details, every server details. Okay? And, uh, you have proper license. So every backup you have to take, and once you have taken, then you have to migrate 1 by 1 in the sequence. Right? So that it should not get impacted, like, if anything goes wrong or any unusual things happen so that you can revert with your existing server. So you have to migrate finally, like, 1 by 1. So once, like, 2 server, you have to first upgrade it and you have to disconnect and then check if everything goes perfectly in the AWS. Then you have to remove 2 server and then start other 2. Like, same way you have to do for other migrations, for network migration or load balance or whatever steps. So you have to migrate step by step. So take precautions, take backup, and move to EC 2 instances. And, uh, you have to configure there. You have to configure the IP schema so that it should not get class with your internal network. So many factors you have to take consideration before migrating the AWS cloud. So security parameter also like that. You should have proper groups. You should have proper service group. You should have proper access list. So they have proper, um, policy in the security so that that your IP or your networks would not leak into the Internet. Because of Internet, because you are exposing your the your infrastructure to public cloud or private cloud. So it may get hacked by somebody because if they may be get data or a virus or they can refresh your data. So you have to take consideration. Like, basically, if you are moving your private steps, so you can use your private cloud. And, also, if you're using waves and DNS or maybe which is related to public, you can put wave server and the servers on the public, and you have to provide the proper security like you. You have to take the, uh, certificates. You have to take the Jira's trust like SAML IDPPS authentication so that user can go for private report w four to sign in to. And, uh, for the web security, like, you have to check the the SSL inspections and, uh, deal sorry. Um, that is the advanced private label inspections and URL filterings and, uh, file file blocking steps and which file they can access, access. So a lot of these steps that you have to keep in mind. And the virus will be updated if you are migrating. So license should be upgraded, and, also, you have to use valid license. So so many steps that you have to take precautions before migrating to cloud. Hope this

Yeah. For MSA MSA, that is taking a very important role and crucial to providing the security because financial and other data are the steps. So if you are using just for pre shared key or just to using simple username and password because username and password can be shared by otherwise so that they can use it. Uh, other guys are if you store in the system, they can use your username and password, and they will crack your financial systems. Okay? So for that, you have to use MFA and, uh, so many stuff. So, like, IDP. Okay? So IDP will provide your identity protocols. Okay. And, also, you have to use channel. So channel will be like it will provide you the metadata, and you have to upload the metadata to the security, uh, this simple and assessment markup language. So you have to upload there, and then, again, you have to download the the same metadata file and upload in your instance so that both should be synced up. And, uh, also, in the IDP provider, like so I mean, like, password 0 and others company. So they are doing the IDP management. So on the IDP steps, you can also use your active directory and your, like, Azure ADS. Okay? So you can integrate your, uh, this, uh, IDP with them, and you can provide the certificates so that certificates should be you have to also sign certificate, and you have to download certificate and upload in the servers so that if they want to communicate, they have to use the proper certificate and also using the proper metadata file for SAML communications, email ID should be correct. Roles and usernames should be properly authenticated with each other. And, uh, whatever role you assign in the active directory or whatever username you assign, whatever email ID configured in active directory are in the Azure active Azure radius. So it should be sync up, and it should be matched with your local, uh, local credential is in the that is existing in the servers. So, like, you have to do multifactor authentication. 1st, we'll be we'll authorize with your username in first username and password. Once it'll be authenticated, then it will ask your email ID. Once it will go for email ID, it will send the OTP in with your email address. Are you also, you can provide your mobile number so OTP will go to your mobile number. So voice down the configurations, it will go OTP will go to either email ID or It will go to your mobile. So once you will authenticate it with one time password, so it will go for next table and you can access. So overriding the OTP one time password, you can also configure the Duo service. So that one is providing the one time password authentication with your with your mobile device. So mobile token one time token will generate every 1 minute. So that token also you can reconfigure so that that token only will be valid for 1 minute, and you can pull that OTP and it will work. So based on the requirement, you can configure.

It all gets his control. If we provide the if we provide the full, uh, access list and it will will provide the your user ID details. It will provide the your network, uh, application ID, location ID, and the user ID. So NAG will provide the full integration with the username and passwords. Okay? So, like, you can integrate with your active directory. Either you can integrate with the ISC servers, Arthakas, ADS server so that it will provide the proper access with your organizations and to your users. Okay. So network and text control, like, it will configure with the access list based on your IP requirement, traffic, source traffic, destination traffic. And you can configure the policy based on your user ID, based on your user group, based on your application ID, based on your location ID, based on your, uh, which kind of traffic that you want. So it will provide the full full fledged security so that no traffic can initiate from outside and hide your server or either, uh, whatever from inside to outside. They cannot access until the analyst. It will be based on your NS. Okay. Network access system. So that will provide a kind of security so that, uh, whatever inside and outside outside to inside, everything should be trusted, and this will be checked from your inspection list. So it will be based on your requirement. You can configure advanced access controls. Okay? So you have to first make the address groups. Okay? IP groups, and you have to make the application ID application group. You have to make your this attack us and radius server which should be synced with your user ID. Yeah. And user ID too. So that whenever you want to configure and assign, you have to particularly assign that things in the security policy. And, uh, make sure that it should be match each parameter. Otherwise, it will get, uh, unexpected. Is it like if all user ID mismatched, source IP mismatched, source group mismatched, source source zone mismatch, this nation zone mismatch. So everything should be matched. Then only we'll get authorized. Okay. And protocols would match probably. That's it.

Basically, I work for solution to BevTail. So this is the worst I haven't much work. But, yeah, if you tell about the certification steps, I can tell how it will get managed. So, like, same certifications part that we are going in the data, same things we have to do in the, uh, this was some part also. So first things, you have to get the certificate. Uh, first things you have to from the root c are like root c could be your um, NAT and SD or maybe some, um, 3rd party third party. Any party which you were providing the root certificates. So there, you have to first create your private key and, uh, CSR, and then then one PEM file will generate and, uh, so that will be your public key. So you have to generate public key and private key from the root c. And then, uh, from that public key, you you have to do the certificate signing request from your, uh, like, other devices, like, bebvis or whatever, like, devices that you have. You have to generate yourself private key and public key. With your public key, you have to sign the certificate. Okay? So once you sign the certificate, then you have to again upload the same certificate too. Same CSR too. Your root CA from the root CA, they will validate with his public key, and they will create the certificate. Then once certificate created, then you have to again download that certificate and upload the same certificate in your v outer or v manage or v smarts, and you have to upload and then validate with your key private key. So once it will validated, then it will form the connections from your, uh, CS server to your client. So these things you have to repeatedly configure in all the ACE routers and ACE devices. So that is the part of certifications, communications from road CA to 3rd party CA. So this take very important roles for to the communications between smart controllers and smart devices to your edge devices. Because if certificate will mismatch, it will decline the first communications and that communication will not happen. So make sure that whatever you are doing with certificates assigning request, you have to provide your proper serial number, chassis ID, and, uh, if that will matter, then only it will create the certificate based on whatever chassis ID and everything you configure. So there is 6 systems that involved in this certificate. Okay. First steps that we go to rule c, you have to create public key, private key, and then that public key, you have to download and then again configure CSR based on your devices. When you sign the CSR, you have to put your put the other organization ID, serial, and my secrets, and I see other ID. So CSR will generate it, then upload the CSR on road c and get the certificate. Once you will get certificate, you have to download the certificate from the OC and upload in your device and validate with the URL and upload it and then so that's it.