Archive for November, 2013

CCNA Data Center exam experience 640-911 DCICN

November 17th, 2013 3 comments

And another exam done last Friday.

This time it was not VMware but something different, as I kinda run out of VMware exams to take and need a new hobby to spend my time on. As the Microsoft route for certifications seems to get an overhaul every couple of years by now, I wanted to invest my learning in something a little bit more stable. Additionally I wanted to broaden my knowledge a little bit more on the actual infrastructure side than only dealing with the operation, guest OS and management side which I do in my day to day work.

The choice therefore easily was won by Cisco. As the data center track also includes virtualization I decided to start with that instead of going the classical routing and switching track. The CCNA data center is a 2 exam certification without any choice on exams, you will need to pass the 640-911 (which concentrates on data center networking concepts) and the  640-916 (which concentrates on unified computing, storage, virtualization and also some networking).

The exam blue print is extremely accurate and I did not get any bad surprises during the exam. If you have a look at the weight of the different topics on the overview page linked below you will notice that it is not as heavy on subnetting as one would imagine (every time I read of Cisco exams so far there was always some tips for subnetting in the posts and also some favourite links for the preparation, if you don’t like subnetting, this seems to be your track of choice).

A study tip from the training videos was to basically go through the blue print and look for technical terms, go to the Cisco documentation and read up the overview or summary of that term. I found that to be pretty accurate when comparing the depths of the topics asked, this is an entry level certificate therefore it requires a more broad than deep approach to certain topics. Still you should be able to configure everything that is asked in the blueprint and even more important be able to troubleshoot for misconfiguration (show commands are your friend).

One thing that really bugged me is the lack of a calculator during the exam, and yes while I agree that we should be able to do the maths by hand, it is tedious and error prone and no one does it in the real world, that is what calculators were invented for. So you should be decently fast with your binary math.

Overall if you prefer to have a compiled study guide I can only recommend the book authored by Todd Lammle and John Swartz, I highly enjoyed the writing style (while I also liked the technical style of Wendell Odom this is just completely different and enjoyable to read) and it covers all the exam topics with a lot of practices and exercises from cover to cover. If you are not in spending any money except the exam fee I also compiled some study resources for the more important topics below (this is not intended to be a complete list though).

Study resources:

Exam tutorial
Internetworking Technology Handbook
DCICN Overview
Data Center Training Videos
Nexus 5000 Security Configuration Guide
ACL examples – Just be sure to follow the NX-OS syntax as these examples are for IOS
Nexus 5000 Layer 2 Switching Configuration Guide
Nexus 5000 Unicast Routing Configuration Guide
CCNA Data Center – Introducing Cisco Data Center Networking Study Guide: Exam 640-911
A little bit of access to actual hardware doesn’t hurt either (or the simulator from Todd Lammle)

Categories: CCNA DC, Certification Tags:

VCAP-CID experience

November 11th, 2013 2 comments

At the end of October I took the VCAP-CID exam and as this is still the time right after vSphere 5.5 being released I didn’t actually study as hard for it as I wanted to (didn’t even find any time to actually read the blueprint properly, strongly advising people attempting to take the exam to do so nonetheless).

I was assured that the exam is based on version 5.1 of vSphere and vCloud Director.

This was my 4th VCAP exam so by now I am used to sit the exam for a long time and just powering through those 3 hours (I haven’t figured out on how to get the 30 minutes extra for not being a native English speaker even though I am residing in an English speaking country right now).

As with the VCAP-DCD you can not go back on questions, your answer is final and you will want to pace yourself through it as it is less time than the VCAP-DCD while still presenting more questions. You will also still face the 6 design tool questions.

As a rule of thumb I spent 12 minutes per Visio style question (maybe 30 seconds longer when I just needed some more connections) and then clicked next to see the full exam. Which left me with a little over one minute per drag and drop or multiple choice question. I felt that a lot of the hiccups I experienced in the VCAP-DCD  have been corrected for the Visio type of questions. I could move elements around without whole parts of the design going off screen and therefore having to start all over again. Also connecting the single elements seems to have improved a little (it still isn’t perfect though).

The only real study resource I used was the vCloud Architecture Toolkit (vCAT), a free download going through all. I also read the vCloud Director chapter in Scott Lowes vSphere Design 2nd Edition but that information is by no means intended to be a study resource for this specific exam.

Gregg Robertson put together a very decent list of resources for those who can put more time into studying which can be found at

For those who want some extra tips and tricks for studying.

  1. Know the VMware process of designing, you will be tested on this, your own process is no good in this exam if it differs from the VMware view
  2. Be able to distinguish between conceptual, logical and physical designs
  3. Know how changes in the vCloud Director layer actually translate to the vSphere layer
  4. Know how design decisions will affect availability, security, manageability, performance, recoverability
  5. Be familiar with disaster recovery concepts
  6. Be familiar with translating business needs into actual decisions while fulfilling the requirements, trying mitigate risks and work around constraints and be able to map those needs to the allocation models within vCloud Director
  7. Know all the different cloud concepts, there is more than one
  8. Be able to look at things from a business point of view and explain certain user roles involved in a cloud deployment
  9. Know the software minimum requirements, recommended configuration and configuration limits for the vCloud and vSphere stack
Categories: Certification, VCAP Tags:

Converting PKCS #12 files to be useful for the SSL Automation Tool

November 11th, 2013 No comments

Today I had a customer who had a rather unusual way (at least for me) to get his certificate from his CA.

They provided him with a PKCS #12 file instead of the usual PKCS #7 file and chain. And this would be the only way they could get the cert out of them.


So how would we get that format converted to the proper format used by the SSL Automation Tool?

OpenSSL actually does this with a one liner.

openssl pkcs12 -in rui.pfx -passin pass:testpassword -out chain.pem -nodes

This gives you one file containing the private key and PKCS #7 certificate chain. So all you need to do now is delete the additional attributes and cut and paste the key to a seperate file and you are good to go and replace your certificates with the SSL Automation Tool.


Categories: SSL Tags:

Why Sysprep is important …

November 2nd, 2013 No comments

Trying to be time and space efficient in a reproduction for a colleague I tried to set up a multi domain forest for some SSO issues a customer is experiencing.

The promote of the first domain controller went fairly smooth but 2 others experienced some issues during the promote process.


Simply clicking yes just brought up the same screen a few seconds later. As I had to change the computer name of that particular VM which I wanted to promote due to another error I tried to find out if an orphaned child domain was present due to the earlier failure but neither ldifde nor ntdsutil could find any existing child domains.



Clicking no in the installation wizard gave the clue I needed, I had used a duplicate SID for a computer.


That was when I remember that to save some space on the SSD I had used the linked clone feature of VMware Workstation. A quick check with PsGetsid from the sysinternals suite confirmed the issue.

After sysprepping the systems I could finally create the desired forest structure required by my colleague.

Categories: Homelab Tags: