Shailesh Kumar Tiwari

Hello, everyone. My name is. I'm living in Mumbai. I have completed my bachelor of engineering from Lokmanitilab College of Engineering, Navi, Mumbai, and I scored 8.28 as a CGPA. Coming to my family background, my family consists of 5 member, including me. My father is a hawker man, and my my mother is a housewife. I have total 7 years of experience in network security domain. Currently, I'm working working in Accenture India company. Uh, I I am working on different technologies like firewall, IPS, SD WAN, and the load balancing. Coming to my, uh, responsibilities, which I carried out is, like, doing implementation support and doing some POCs, uh, for the customer to understand, uh, their pain areas and to suggest them the proper solution. So this is all about myself.

yeah so by like if we if our organization have a setup on on-premises so to move from on-premises to AWS or SDN solution so we will migrate from on-premises network to a to AWS by by by using a different technologies like VPN and other sort of technologies which used to to easily migrated from on-premises to AWS and there we can give there we have a different stuff like network and DNA zones where it will use to to migrate all the data center on-premises data center to AWS so it is easy like hardware and all we do not have any headache to it so that is all all is automated on the cloud and their memory and CPU of the server or the hardware appliances are already maintained by them so it easy to means in a few step we can we can do any implementation and integration so yeah that is easy by using a different technologies we can we can able to we can able to migrate or we can rapidly migrate their network to SDN solution or in AWS cloud.

Yeah, so regarding the architecture of any of the enterprise, so we will segregate the subnet, I mean the IP based on the department, like sales team, HR team, technical team. So we will segregate by doing a VLAN. So that means there will be a segregation like from if the user in the technical department wants to communicate with the sales department, I mean for any reason. So it should it should use a different IP address and it should cross the security devices like firewall and other other technologies which comes in between. So by that it will segregate the traffic and also it will be easy to manage them. So let's suppose an entity has two segments, so we can segregate them by putting a firewall at the edge and then on the switches we will create a VLAN so that we will have a proper segregation to travel the traffic from south to north and from east to west. So that will be helped to to address this kind of architecture. So yeah, that is that is all about for this question.

So, yeah, for this kind of, uh, requirement, like, to have a VLAN segregation on AWS or Azure environment I mean, on the cloud cloud environment. So we will, uh, my means by segregating, uh, the the users app on it in different, uh, availability zone, I by using, uh, like, uh, we will we will segregate them the traffic, like, from from segment a to segment b if they wanted to communicate. So by putting a firewall in in that, it will be it will be easy to to mic it it is easy to to segregate them, and it is easy to manage. So it will be yeah. It means it it is very easy to, uh, handle And, uh, to automate the network deployment also, it it it will be it will be, uh, useful to segregate the VLAN segmentation in that case. So so yeah. Uh, so AWS and Azure environment, uh, we will create a VLANs, and, uh, under that, we will segregate that traffic based on their, uh, nature.

Yeah, so for any of the network, like if we have to create any of the network, so that need to be recommended from CISSP compliance, like if that design is appropriate and has a redundancy, like if any critical device goes down, so we should have a redundant device or redundant service which overtake when one of the service goes down. So the main idea behind for to validate from CISSP compliant is to verify the loopholes in the network to have a high availability, there should be a redundancy in terms of service, in terms of power supply, so that the service will not be disturbed, it will be running from 24 by 7 and also we will have a service contract with the vendor, like if any hardware appliance get damaged or got disturbed, so we should raise RMA and it will, I mean it will arrange immediately the RMA box, means I mean the faulty box to a data center, so that it will get replaced, so in the brief if we talk about the strategy, so the network strategy should be efficient, I mean in terms of different, in terms of the availability of the server, availability of any services which are hosted should be interrupt, should not be interrupted in any of the cases, like if any firmware upgradation or any patching or any vulnerability patching is need to be done, that need to be taken care as soon as possible without any service disturbance.

Yeah, so for this question, like from land and van infrastructure to distribute the workforce using Azure networking services. So in that case, we should have optimized solution to segregate the land and van zone, like whenever the user, whenever the cloud user wanted to communicate from land to van, the traffic should travel, travel it, travel it from different zone, like from land zone to towards the public, like on over the van zone. So it should be in optimized way. I mean, there should not be any complexity in the cloud network services. So it is always recommended to have optimized solution for the land and van infrastructure, so that the design should be should be simple and have have efficiency in that. And also, it should be integrated. I mean, there should not be any problem with the user services. So, so in Azure network services, we have we have many tools that that by using those we can we can optimize this infrastructure efficiently and and also the traffic also will not get interrupted if any of the devices have a problem.

For regarding this, uh, import 3 configuration, large configuration, DRAM, config, large updated version, host name, router c. Dev get router match host names in a shell. Config with merge, return merge group, else return none. Name, get host Get host name. Host name is equals to this will get host name. That's called group. It's match. It's on match group. Print print host name. Here, the match condition, whatever it mentioned, it's, uh, host name slash s and then bracket slash s. So that is, uh, not a good way to match the the the criteria because host name and then there is a space. So after that, only the the host name of the router is mentioned. So to get this detail, uh, I mean, to print that particular host name, uh, that, uh, uh, slashes is not recommended means by removing that particular, uh, point here. So by doing that, uh, without that, it will be easy easy to get it. Means we can able to get it.

Examining the JavaScript function, that should print ping. If a network request takes less than 200 minutes, pong if it is more than 200. This there seems to be a logic error about what is it and how it should be corrected. Here, the exclamation mark, uh, is not recommend is not required because it, uh, at it it is it is a kind of not symbol, which, uh, which, uh, which is showing, uh, the response time is not less than 200 MS, uh, it will ping. Else, it will. So that is the issue here. So that need to be rectified.

Yeah. So for, uh, this question, uh, for a network architecture, uh, that support AWS and AWS, you are adhering to CCI network standard, we should have a prop, uh, a proper CCI network, uh, architecture where, uh, it it it defines the, uh, different zones in that. Like, a land zone is different, DMZ zone is different, and, uh, cloud, uh, sorry. DMZ and production, reproduction, uh, development zone. So that kind of zone should be segregated in both of the scenario, uh, uh, along with, uh, along with that, the traffic flow need to be segregated, uh, whenever the traffic is coming from a land zone towards the zone that need to be inspected before it will come in and out. Uh, that is also, uh, adhering to our CCI network standard. Uh, along with that, uh, we should have approach to, uh, deploy global architecture, uh, for Azure and AWS connectivity. So it's always always recommended to, uh, have the CCI network standard based on AWS and Azure. So this is, uh, going to be this is going to be AWS and Azure that need to be, uh, that need to be get deployed on on global network architecture that, uh, that is being used in AWS and Azure.

How would you leverage script Python to automate network configuration task on both end? So by taking Python script, we can automate the configuration of the task, like doing a backup. Uh, we will run a a script that need to be taken care. And, also, uh, based on their requirement, uh, we can use Python script, and we can we can like a Sorry. Configuration of task for both AWS and Azure. So, uh, means there are, uh, many Python scripts we can, like, we can give a static IP address to AWS and Azure, and, uh, we can run a backup backup script. And, uh, yeah. So that is all about.

Yeah, so this is a very interesting question. So monitoring tool is always necessary in the in the network in the network team in the network like to to have a protect proactive information from the network perspective. Like if there is any issue with any of the devices like if the devices is down or any of the interface is down or any CPU or CPU utilization is high your memory utilization high. So like let's suppose in the network. We have hundred plus devices. So it is not possible to monitor all of the all of the devices all of the devices in a same time. So it always better to to have a one monitoring tool like a solar wind which may which monitor the device health status it alarm us when whenever there is a issue in the device so that we can prove we can take action against them before before to have a big issue with that particular device. So as per as per network perspective it always good to have any monitoring tool so that a network or administrator team can take a proactive step before there is a serious issue happen. So there are there are many things we can monitor through that as I told like a device status up and down the interface status CPU performance status CPU memory utilization and also if there is a load balancer so we can monitor the the virtual server status also and if there is any any VPN device in our network so that VPN status also we can monitor like if the VPN is down or up so that kind of and also we can monitor the link bandwidth as well like a supposing in the network. We have one gig link and we observed that the traffic is is going through that particular link beyond 1 Gbps. So so it is kind of if the traffic is comes come come or it come in a huge amount. So that should be get triggered like before to have any performance degradation on that particular link. So it always as I said is always recommended to have a good monitoring tool which trigger before any big issue in the network. So yeah.