Oracle – Overview

Oracle overview

What is an Oracle Database?

A database is a collection of data. An Oracle database holds its data in a coordinated set of files stored on disk, including following types:

Parameter Files

The Oracle Parameter File (PFILE or SPFILE) holds initialization parameters which indicate where the control files are, how memory is allocated, how logging is performed, and other characteristics of the Oracle instance.

You may want to tune various instance parameters for memory usage, etc., to do this you will have to change Oracle’s initialization parameter file.

Oracle offers two types of parameter files – INIT.ORA and SPFILE. Their default location on startup command is $ORACLE_HOME/dbs or %ORACLE_HOME%\database.

Parameter file types

INIT.ORA/ PFILEs – PFILEs are also know as INIT.ORA files. Characteristics of a PFILE:

  • Client side
  • Text file
  • Edit with text editor like vi or notepad

SPFILEs – Characteristics of an SPFILE:

  • Server side
  • Binary file
  • Edit by issuing ALTER SYSTEM SET commands
show parameter spfile; 

See what parameters are set

From SQL*Plus (connected with an account having SELECT ANY DICTIONARY privilege):

show parameters db_name  

As a query:

SELECT * FROM v$parameter;

Control Files

control file is a small binary file that is part of an Oracle database. The control file is used to keep track of the database’s status and physical structure.

Every Oracle Database must have at least one control file. However, it is recommended to create more than one, up to a maximum of 8. Each copy of a control file should be stored on a different disk drive. One practice is to store a control file copy on every disk drive that stores members of online redo log groups, if the online redo log is multiplexed. By storing control files in these locations, you minimize the risk that all control files will be lost in a single disk failure.

Contents – The control file contains information like:

  • Database name
  • Timestamp of database creation
  • Names and locations of Data Files
  • Names and locations of Redo Log files
  • The current log sequence number
  • Checkpoint information
  • Recent RMAN backups taken
  • Etc.

List control files in use

From SQL*Plus (connect SYS AS SYSDBA):

SHOW PARAMETERS control_files; 

As a query:

SELECT * FROM v$controlfile;

Control file contents
SELECT * FROM v$controlfile_record_section;

Backup

Backup the controlfile to UDUMP in text format:

ALTER DATABASE BACKUP CONTROLFILE TO TRACE; 

Make a binary copy of the control file:

ALTER DATABASE BACKUP CONTROLFILE TO '/tmp/control.bkp'; 

Generate an SQL file to create the control file:

ALTER DATABASE BACKUP CONTROLFILE TO TRACE AS '/tmp/create_control.sql'

Redo Log Files

redo log is a file that is part of an Oracle database. When a transaction is committed, the transaction’s details in the redo log buffer is written to a redo log file.

Redo log buffer – A circular buffer in the SGA that contains information about changes made to the database. The LGWR process writes information from this buffer to the redo log files.

Redo log files – A set of files that record all changes made to an Oracle database. A database MUST have at least two redo log files. Log files can be multiplexed on multiple disks to ensure that they will not get lost.

Query redo log details:

SELECT * FROM v$log; 

To see the logfile members:

SELECT * FROM v$logfile; 

Note that a redo log can have different states:

  • CURRENT: redo records are currently being written to the group. Only one group is current at a time.
  • ACTIVE: redo group that contains redo’s of a dirty buffer (not yet committed transaction).
  • INACTIVE: log that can be overwritten.
  • UNUSED: initial state after creation, when it’s still empty.

The point at which Oracle stops writing to one redo log and starts writing to another is called a log switch. You can force the log switch with:

SQL> ALTER SYSTEM SWITCH LOGFILE; 

Redo Log Writer process

SQL> select spid from v$process where program like '%LGWR%';
 
SPID
------------
29867
 
SQL> ! ps -ef | grep 29867
 oracle 29867     1  0   Sep 26 ?        7:59 ora_lgwr_o102

Find the database users that generate the most redo

It is sometimes necessary to find the processes that generate the most redo entries, as they may cause excessive database archiving. This query will help:

SELECT s.sid, s.username, s.program, t.value "redo blocks written"
  FROM v$session s, v$sesstat t
 WHERE s.sid = t.sid
   AND t.value != 0
   AND t.statistic# = (SELECT statistic# FROM v$statname
                        WHERE name = 'redo size')
ORDER BY 4
/

Data Files

data file is a file that is part of an Oracle database. Datafiles are used to store data – including user data and undo data. Data files are grouped together into tablespaces.

Data file structure

Query data file details:

SELECT * FROM v$datafile; SELECT * FROM dba_data_files; 

Create tablespace with datafile:

CREATE TABLESPACE ts1 DATAFILE '/u01/oradata/orcl_ts1_01.dbf' SIZE 100M; 

Create an UNDO tablespace with datafile:

CREATE UNDO TABLESPACE undots1 DATAFILE '/u01/oradata/orcl_undots1_01.dbf' SIZE 100M;
  • Temp Files – A tempfile is a file that is part of an Oracle database. Tempfiles are used with TEMPORARY TABLESPACES and are used for storing temporary data like sort spill-over or data for global temporary tables.

Using tempfiles

To see what tempfiles are used:

SELECT * FROM dba_temp_files; 

Create a tablespace with TEMPFILE:

CREATE TEMPORARY TABLESPACE temp1 TEMPFILE '/u01/oradata/orcl_temp1_01.dbf' SIZE 100M; 

Remove a tempfile from the database:

ALTER DATABASE TEMPFILE '/u01/oradata/orcl_temp1_01.dbf' DROP;

What is an Instance?

An instance is a collection of Oracle background processes and shared memory structures.

Memory Areas

SGA

The SGA (System Global Area) is an area of memory (RAM) allocated when an Oracle Instance starts up. The SGA’s size and function are controlled by initialization (INIT.ORA or SPFILE) parameters.

SGA Components

In general, the SGA consists of the following sub-components, as can be verified by querying the V$SGAINFO:

SELECT * FROM v$sgainfo;

The common components are:

  • Data buffer cache – cache data and index blocks for faster access.
  • Shared pool – cache parsed SQL and PL/SQL statements.
  • Dictionary Cache – information about data dictionary objects.
  • Redo Log Buffer – committed transactions that are not yet written to the redo log files.
  • JAVA pool – caching parsed Java programs.
  • Streams pool – cache Oracle Streams objects.
  • Large pool – used for backups, UGAs, etc.

SGA Size

Here are two methods that can be used to determine the current SGA’s size. All values are in bytes:

SQL> SHOW SGA
Total System Global Area  638670568 bytes
Fixed Size                   456424 bytes
Variable Size             503316480 bytes
Database Buffers          134217728 bytes
Redo Buffers                 679936 bytes
SQL> SELECT * FROM v$sga; 
NAME                      VALUE 
-------------------- ---------- 
Fixed Size               456424 
Variable Size         503316480 
Database Buffers      134217728 
Redo Buffers             679936

The size of the SGA is controlled by the SGA_TARGET and SGA_MAX_TARGET parameters.

SQL> select * from v$sgainfo;
NAME                             BYTES                  RESIZEABLE 
-------------------------------- ---------------------- ---------- 
Fixed SGA Size                   2109352                No   
Redo Buffers                     13533184               No    
Buffer Cache Size                3103784960             Yes 
Shared Pool Size                 822083584              Yes  
Large Pool Size                  67108864               Yes 
Java Pool Size                   134217728              Yes  
Streams Pool Size                134217728              Yes 
Shared IO Pool Size              0                      Yes 
Granule Size                     16777216               No 
Maximum SGA Size                 4277059584             No 
Startup overhead in Shared Pool  251658240              No 
Free SGA Memory Available        0      

Oracle 11g allows users to tune both PGA and SGA areas with a single parameter, called MEMORY_TARGET.

Dynamic sizing

When automatic shared memory management is enabled, Oracle will adjust the memory parameters on the fly. To see currently allocated sizes:

select * from v$sga_dynamic_components;

The SGA consists of the following four (five if MTS) parts:

  • Fixed Portion
  • Variable Portion
  • Shared pool
  • java pool

PGA

The PGA (Program or Process Global Area) is a memory area (RAM) that stores data and control information for a single process. For example, it typically contains a sort area, hash area, session cursor cache, etc.

Auto tuning

PGA areas can be sized manually by setting parameters like hash_area_size, sort_area_size etc.

To allow Oracle to auto tune the PGA areas, set the WORKAREA_SIZE_POLICY parameter to AUTO and the PGA_AGGREGATE_TARGET to the size of memory that can be used for PGA. This feature was introduced in Oracle 9i.

Oracle 11g allows users to tune both PGA and SGA areas with a single parameter, called MEMORY_TARGET.

Monitor

PGA usage statistics:

select * from v$pgastat; 

Determine a good setting for pga_aggregate_target:

select * from v$pga_target_advice order by pga_target_for_estimate; 

Show the maximum PGA usage per process:

select max(pga_used_mem), max(pga_alloc_mem), max(pga_max_mem) from v$process;

UGA

The User Global Area (UGA) is a memory area (RAM) that holds session-based information.

Dedicated Server

When running in Dedicated Server mode (one session = one dedicated process), the UGA is stored in the PGA (process global area).

Shared Server

When running in Shared Server mode (MTS with shared servers and dispatchers), sessions can be served by multiple server processes. As a result, the UGA cannot be stored in the PGA, and is moved to the SGA (shared global area).

Monitoring the UGA

SELECT s.sid, n.name, s.value/power(1024,2) MB 
  FROM v$sesstat s, v$statname n
 WHERE s.statistic# = n.statistic#
   AND n.name LIKE '%uga%';

Processes

Oracle uses many small (focused) processes to manage and control the Oracle instance. This allows for optimum execution on multi-processor systems using multi-core and multi-threaded technology. Some of these processes include:

PMON – Process Monitor

PMON (Process MONitor) is an Oracle background process created when you start a database instance. The PMON process will free up resources if a user process fails (eg. release database locks).

PMON normally wakes up every 3 seconds to perform its housekeeping activities. PMON must always be running for an instance. If not, the instance will terminate.

To speed-up housekeeping, one may also wake-up PMON (process 2 below) manually:

SQL> oradebug setmypid 
SQL> oradebug wakeup 2 

In Oracle releases prior to Oracle 12c, PMON also registered database serviced with the listener. This is now handled by the new LREG progress.

Check process – The following Unix/Linux command is used to check if the PMON process is running:

$ ps -ef | grep pmon
oracle   31144     1  0 11:10 ?        00:00:00 ora_pmon_orcl

SMON – System Monitor

SMON (System MONitor) is an Oracle background process created when you start a database instance. The SMON process performs instance recovery, cleans up after dirty shutdowns and coalesces adjacent free extents into larger free extents.

SMON wakes up every 5 minutes to perform housekeeping activities. SMON must always be running for an instance. If not, the instance will terminate.

Check process – The following Unix/Linux command is used to check if the SMON process is running:

$ ps -ef | grep smon
oracle   31144     1  0 11:10 ?        00:00:00 ora_smon_orcl

ARCn – Redo Log Archiver

ARCH (Oracle’s ARCHiver Process) is an Oracle background process created when you start an instance in ARCHIVE LOG MODE. The ARCH process will archive on-line redo log files to an archive destination, typically a directory on the database server.

Check process – The following Unix/Linux command is used to check if the ARCH process are running:

$ ps -ef | grep arc
oracle    4414     1  0 20:27 ?        00:00:00 ora_arc0_orcl
oracle    4416     1  0 20:27 ?        00:00:00 ora_arc1_orcl
oracle    4418     1  0 20:27 ?        00:00:00 ora_arc2_orcl
oracle    4420     1  0 20:27 ?        00:00:00 ora_arc3_orcl

LGWR – Redo Log Writer

LGWR (LoG WRiter) is an Oracle background process created when you start a database instance. The LGWR writes the redo log buffers to the on-line redo log files. If the on-line redo log files are mirrored, all the members of the group will be written out simultaneously.

Check process – The following Unix/Linux command is used to check if the LGWR process is running:

$ ps -ef | grep lgwr
oracle   31144     1  0 11:10 ?        00:00:00 ora_lgwr_orcl

DBWn – Database Writer

DBWR (DataBase WRiter) is an Oracle background process created when you start a database instance. The DBWR writes modified data (dirty buffers) from the SGA into the Oracle database files. When the SGA data buffer cache fills the DBWR process selects buffers using an LRU algorithm and writes them to disk. There can be multiple database writer processes named DBWn.

SQL> show parameters db_writer
NAME				     TYPE	 VALUE
------------------------------------ ----------- -----
db_writer_processes		     integer	 1
SQL> SELECT spid, pname, username, program, tracefile FROM v$process WHERE pname LIKE 'DBW%';
SPID PNAME USERNAME PROGRAM
---- ----- -------- -----------------------------------
TRACEFILE
---------------------------------------------------------------------
3035 DBW0  oracle  oracle@localhost.localdomain (DBW0)
/home/oracle/app/oracle/diag/rdbms/orcl/orcl/trace/orcl_dbw0_3035.trc
SQL> ! ps -f 3035
UID        PID  PPID  C STIME TTY      STAT   TIME CMD
oracle    3035     1  0 11:16 ?        Ss     0:00 ora_dbw0_orcl

CKPT – Checkpoint process

CKPT (Oracle Checkpoint Process) is an Oracle background process that timestamps all datafiles and control files to indicate that a checkpoint has occurred. The “DBWR checkpoints” statistic (v$sysstat) indicates the number of checkpoint requests completed.

History – The ckeckpoint process was optional in Oracle 7 (set CHECKPOINT_PROCESS=TRUE) and could be enabled to speed-up checkpointing on databases with a large number of files. Starting with Oracle 8i, the checkpoint process is automatically started with the other Oracle processes at instance startup.

Check process – The following Unix/Linux command is used to check if the CKPT process is running:

$ ps -ef | grep ckpt
oracle   31144     1  0 11:10 ?        00:00:00 ora_ckpt_orcl

RECO – Recoverer

RECO (Oracle RECOverer Process) is an Oracle background process created when you start an instance with DISTRIBUTED_TRANSACTIONS= in the initialization parameter file. The RECO process will try to resolve in-doubt transactions across Oracle distributed databases.

CJQn – Job Queue Coordinator

QMNn – Queue-monitor processes

Dnnn – Dispatcher Processes (multiplex server-processes on behalf of users)

Snnn – Shared server processes (serve client-requests)

MMAN – Memory Manager process which will help in automatic memory management when use sga_target,memory_target

MMAN (Memory Manager) is a background process that manages the dynamic resizing of SGA memory areas as the workload increases or decreases. This process was introduced in Oracle 10g.

LSP0 – Logical standby coordinator process (controls Data Guard log-application)

MRP – Media-recovery process (detached recovery-server process)

MMON – This is the process which will write to AWR base tables ie WR$ tables

MMON (Manageability Monitor) is a background process that gathers memory statistics (snapshots) and stores this information in the AWR (automatic workload repository). MMON is also responsible for issuing alerts for metrics that exceed their thresholds. This process was introduced in Oracle 10g.

MMNL – Memory monitor light (gathers and stores AWR statistics)

MMNL (MMON Lite) is a background process that assists the MMON process. This process will flush the ASH buffer to AWR tables when the buffer is full or a snapshot is taken. This process was introduced in Oracle 10g.

PSP0 – Process-spawner (spawns Oracle processes)

RFS – Remote file server process (archive to a remote site)

DBRM – DB resource manager (new in 11g)

DIAGn – Diagnosability process (new in 11g)

FBDA – Flashback data archiver process (new in 11g)

VKTM – Virtual Timekeeper (new in 11g)

Wnnn – Space Management Co-ordination process (new in 11g)

SMCn – Space Manager process (new in 11g)

An instance can mount and open one and only one database.

A database can normally only be mounted and opened by one instance. However, when using Real Application Clusters (RAC) a database can be mounted and opened by many instances.

What’s the relationship between database and instance?

  • An instance can mount and open one and only one database.
  • Normally a database is mounted and opened by one instance.
  • When using RAC, a database may be mounted and opened by many instances.

Tablespaces

Disk space needs to be allocated for certain database objects (like tables and indexes). In Oracle, disk space from the operating system is allocated to tablespaces. Database objects are then created within a tablespace.

To list all tablespaces:

SELECT tablespace_name FROM dba_tablespaces; 

Commands used to create new tablespaces:

CREATE TABLESPACE ts1 DATAFILE '/u01/oradata/orcl_ts1_01.dbf' SIZE 100M;
CREATE UNDO TABLESPACE undots1 DATAFILE '/u01/oradata/orcl_undots1_01.dbf' SIZE 100M;
CREATE TEMPORARY TABLESPACE temp1 TEMPFILE '/u01/oradata/orcl_temp1_01.dbf' SIZE 100M;

Database Users

A database consists of multiple users that one can connect to. Each user has its own namespaces – objects within it cannot share the same name.

To list all the database users:

SELECT username FROM dba_users; 

To create a new user:

CREATE USER scott IDENTIFIED BY tiger;

Schema Objects

Schema objects are created within a schema (Oracle user). Here are some of the object types that can be created:

Table (heap, IOT, temporary, etc.)

table is a collection of computer data that is organized, defined and stored as rows and columns. In non-relational systems, a table is called a file. A table represents entities and relationships.

Examples

CREATE TABLE t2 (
        c1 NUMBER PRIMARY KEY,
        c2 NUMBER REFERENCES t1(c1),
        c3 VARCHAR2(30) );
CREATE TABLE t1 (c1 NUMBER PRIMARY KEY);

Index

An index is a special database object that lets you quickly locate particular records based on key column values. Indexes are essential for good database performance. The index creation process requires a temporary segment if the data cannot be sorted in memory. Indexes can be created with the nologging option.

Creating indexes

Normal indexes:

CREATE INDEX emp_ind1 ON emp(deptno);

Normal composite indexes:
CREATE INDEX emp_ind1 ON emp(empto, deptno);

Bitmap index:
CREATE BITMAP INDEX emp_ind2 ON bigemp(sex);

Function-based indexes (query rewrite must be enabled):
CREATE INDEX emp_ind3 ON emp(deptno*1.1);
CREATE INDEX emp_ind3 ON emp(deptno DESC);

View

view is a named and validated SQL query which is stored in the Oracle data dictionary. Views do not contain any data – it is just a stored query in the database that can be executed when called. One can think of a view as a virtual table or mapping of data from one or more tables.

Views are useful for security and information hiding, but can cause problems if nested too deeply. Some of the advantages of using views:

  • Reduce the complexity of SQL statements
  • Share only specific rows in a table with other users
  • Hide the NAME and OWNER of the base table

View details can be queried from the dictionary by querying either USER_VIEWS, ALL_VIEWS or DBA_VIEWS.

View types – Views can be classified as simple or complex:

Simple views – Simple views can only contain a single base table. Examples:

CREATE VIEW emp_view AS      
     SELECT * FROM emp;  
CREATE VIEW dept20      
     AS SELECT ename, sal*12 annual_salary           
          FROM emp          
        WHERE deptno = 20;  

One can perform DML operations directly against simple views. These DML changes are then applied to the view’s base table.

Complex views – Complex views can be constructed on more than one base table. In particular, complex views can contain:

  • join conditions
  • a group by clause
  • a order by clause

One cannot perform DML operations against complex views directly. To enable DML operations on complex views one needs to write INSTEAD OF triggers to tell Oracle how the changes relate to the base table(s).

Examples:

CREATE VIEW sample_complex_view AS 
SELECT emp.empno, emp.ename, emp.job, emp.deptno, dept.dname, dept.loc       FROM emp, dept; 
CREATE VIEW sample_complex_view AS   
SELECT emp.empno, emp.ename, emp.job, emp.deptno, dept.dname, dept.loc   FROM emp, dept  WHERE emp.deptno = dept.deptno; 

Read-only views – Users can only run SELECT and DESC statements against read only views. Examples: READ ONLY clause on a simple view:

CREATE VIEW clerk (id_number, person, department, position)     
         AS SELECT empno, ename, deptno, job           
              FROM emp           
              WHERE job = 'CLERK'   
         WITH READ ONLY;  

READ ONLY clause on a complex view:

CREATE VIEW sample_complex_view AS     
SELECT emp.empno, emp.ename, emp.job, emp.deptno, dept.dname, dept.loc       FROM emp, dept   
WITH READ ONLY;

WITH CHECK OPTION – The WITH CHECK OPTION clause specifies the level of checking to be done when doing DML against the view. If specified, every row that is inserted, updated or deleted through the view must conform to the definition of the view.

The problem:

SQL> CREATE VIEW d20 AS SELECT ename, sal, deptno FROM emp2 WHERE deptno = 20;
View created.
SQL> UPDATE d20 SET deptno = 10;
3 rows updated.

The solution:

SQL> CREATE VIEW d20 AS SELECT ename, sal, deptno FROM emp2 WHERE deptno = 20
  2  WITH CHECK OPTION;
View created.
SQL> UPDATE d20 SET deptno = 10;
UPDATE d20 SET deptno = 10
       *
ERROR at line 1:
ORA-01402: view WITH CHECK OPTION where-clause violation

Materialized View (snapshot)

materialized view (MV) is similar to a view but the data is actually stored on disk (view that materializes). Materialized views are often used for summary and pre-joined tables, or just to make a snapshot of a table available on a remote system. A MV must be refreshed when the data in the underlying tables is changed.

Examples – Create a MV:

CREATE MATERIALIZED VIEW my_test_mv AS SELECT * FROM scott.emp;

Refresh a MV:

EXEC dbms_mview.refresh('MY_TEST_MV', method=>'C');

Sequence

sequence is a database object that generates unique numbers, mostly used for primary key values. One can select the NEXTVAL and CURRVAL from a sequence. Selecting the NEXTVAL will automatically increment the sequence.

Examples – Create a simple sequence:

SQL> CREATE SEQUENCE emp_seq;
 Sequence created.

Selecting from the sequence:

SQL> select emp_seq.nextval from dual;
   NEXTVAL
----------
         1

SQL> select emp_seq.nextval from dual;
   NEXTVAL
----------
         2

Note that NEXTVAL and CURRVAL returns the same value for each row of a select:

SQL> select emp_seq.nextval, emp_seq.currval, emp_seq.nextval, emp_seq.currval from dual;
   NEXTVAL    CURRVAL    NEXTVAL    CURRVAL
---------- ---------- ---------- ----------
         3          3          3          3

SQL> select emp_seq.nextval, emp_seq.currval, emp_seq.nextval, emp_seq.currval 
  2  from (select 1 from dual union all select 2 from dual)
  3  /
   NEXTVAL    CURRVAL    NEXTVAL    CURRVAL
---------- ---------- ---------- ----------
         4          4          4          4
         5          5          5          5

Creating a more complicated sequence:

CREATE SEQUENCE my_sequence
   MINVALUE 1
   MAXVALUE 1000
   START WITH 1
   INCREMENT BY 2
   CACHE 5;

Reset a sequence to a predetermined value, say from 100 to 50:

SQL> ALTER SEQUENCE seq1 INCREMENT BY -50;
SQL> SELECT seq1.nextval FROM dual;
SQL> ALTER SEQUENCE seq1 INCREMENT BY 1;

Remove/delete a sequence:

DROP SEQUENCE my_sequence_name;

LAST_NUMBER – LAST_NUMBER is influenced by the CACHE size. I saw that my LAST_NUMBER was 21 (my cache was 20). When I ran NEXTVAL I was getting a number like 4, then 5. I went up past 20 and my LAST_NUMBER jumped to 41 so everytime the cached numbers ran out another group of cached numbers would be reserved and the LAST_NUMBER field would change, but this has no relation to the CURRVAL.

Synonym

synonym is an alternative name (or alias) for an object (like an table or view) in the database. Objects can have many synonyms. Use the CREATE SYNONYM SQL command to create synonyms and the DROP SYNONYM command to remove them. To get a list of synonyms, query the USER_SYNONYMS view.

Syntax and examples

Create a synonym – make emp an alias for the scott.employees table:

CREATE SYNONYM emp FOR scott.employees;

Create a public synonym (visible to all DB users):

CREATE PUBLIC SYNONYM dual FOR sys.dual;
CREATE PUBLIC SYNONYM emp FOR scott.employees;

Drop a synonym:

DROP SYNONYM emp;

Drop a public synonym:

DROP PUBLIC SYNONYM emp;

List synonyms in the current schema:

SELECT synonym_name, table_owner, table_name FROM user_synonyms;

Cluster

The term cluster can refer to either:

  • An Oracle object that allows one to store related rows from different tables in the same data block. Table clustering is very seldomly used by Oracle DBA’s and Developers.
  • Two or more computers that share resources and work together to form a larger logical computing unit. RAC and Oracle Parallel Server can be used to access Oracle from multiple nodes of a clustered system.

Trigger

trigger is a program in a database that gets called each time a row in a table is INSERTED, UPDATED, or DELETED. Triggers allow you to check that any changes are correct, or to fill in missing information before it is COMMITed. Triggers are normally written in PL/SQL or Java.

Examples

Audit logging:

CREATE TABLE t1 (c1 NUMBER);
CREATE TABLE audit_log(stamp TIMESTAMP, usr VARCHAR2(30), new_val NUMBER);

CREATE TRIGGER t1_trig
  AFTER INSERT ON t1 FOR EACH ROW
BEGIN
  INSERT INTO audit_log VALUES (SYSTIMESTAMP, USER, :NEW.c1);
END;
/

Prevent certain DML operations:

CREATE OR REPLACE TRIGGER t1_trig
  BEFORE INSERT OR UPDATE OR DELETE
  ON t1
BEGIN
  raise_application_error(-20001,'Inserting and updating are not allowed!');
END;
/

Procedure

procedure is a block of PL/SQL code named and stored within the database.

Example

CREATE OR REPLACE PROCEDURE raise_sal(i_empno NUMBER, i_newsal NUMBER)
AS
BEGIN
  UPDATE emp SET sal = i_newsal WHERE empno = i_empno;
END;

Function

function is a block of PL/SQL code named and stored within the database. A function always returns a single value to its caller.

Creating and dropping functions

Create a function:

CREATE OR REPLACE FUNCTION mult(n1 NUMBER, n2 NUMBER) RETURN NUMBER
AS
BEGIN
  RETURN n1 * n2;
END;
/

Remove the function from the database:

DROP FUNCTION mult;

Calling functions

Call the above function from SQL:

SQL>  SELECT mult(10, 2) FROM dual;
MULT(10,2)
----------
        20

Call the above function from SQL*Plus:

SQL> VARIABLE val NUMBER
SQL> EXEC :val := mult(10, 3);
PL/SQL procedure successfully completed.
SQL> PRINT :val
       VAL
----------
        30

Calling the function from PL/SQL:

DECLARE
  v_val NUMBER;
BEGIN
  v_val := mult(10, 4);
  Dbms_output.Put_Line('Value is: '|| v_val);
END;
/

Examples

Simple lookup function (lookup an employee’s salary):

CREATE OR REPLACE FUNCTION get_salary (p_empno NUMBER)
   RETURN NUMBER
AS
  v_sal emp.sal%TYPE;
BEGIN
  SELECT sal INTO v_sal FROM emp WHERE empno = p_empno;
  RETURN v_sal;
END;
/

Package (containing procedures and functions)

package is a collection of procedures and functions stored within the database.

A package usually has a specification and a body stored separately in the database. The specification is the interface to the application and declares types, variables, exceptions, cursors and subprograms. The body implements the specification.

When a procedure or function within the package is referenced, the whole package gets loaded into memory. So when you reference another procedure or function within the package, it is already in memory.

Example

CREATE OR REPLACE PACKAGE my_pack AS
  g_visible_variable VARCHAR2(20);
  FUNCTION calc(n1 NUMBER, n2 NUMBER) RETURN NUMBER;
END;
/
CREATE OR REPLACE PACKAGE BODY my_pack AS
  g_hidden_variable CONSTANT INTEGER := 2;
  FUNCTION calc(n1 NUMBER, n2 NUMBER) RETURN NUMBER AS
  BEGIN
    RETURN g_hidden_variable * n1 * n2;
  END;
END;
/

Ethernet cable basics

There are several different varieties of Ethernet cable that can be obtained: speed variations, crossover cables, Cat 1 to 5, Cat 5 e, Cat 6, Cat 6 a, Cat 7, Cat 8, etc.. What is CAT? Its an abbreviation of “Category“.

Ethernet cable

The Ethernet cables are available in a variety of lengths as patch cables, or the cable itself is available for incorporating into systems, buildings, etc. The terminations can then be made to the required connector using a crimp tool. These network cables are available in a variety of lengths – long Ethernet cables are available, some of the longest being up to 75 meters.

Earlier network cables were unshielded, but later ones were shielded to improve the performance. For example an unshielded twisted pair (UTP) cable may be satisfactory for a short run between a computer and router, but a foil shielded cable, FTP, is best longer runs or where the cable passes through areas of high electrical noise.

There are different methods that can be used for shielding Ethernet cables. The most common is to place a shield around each twisted pair. This not only provides shielding for the cable externally, but also reduces crosstalk between the internal twisted pairs as well. Manufacturers can further enhance the performance by placing shielding around all the wires in the cable just under the cable sheath. There are different codes used to indicate the differs types of shielding:

  1. U/UTP – Unshielded cable, unshielded twisted pairs
  2. F/UTP – Foil shielded cable, unshielded twisted pairs
  3. U/FTP – Unshielded cable, foil shielded twisted pairs
  4. S/FTP – braided shielded cable, foil shielded twisted pairs

TP = twisted pair, U = unshielded, F = foil shielded, S = braided shielding.

A further difference within the Ethernet cables whether Cat 5, Cat 5e, Cat 6, Cat 6e, or Cat 7 can be whether solid or stranded wires are used within the cable. As the description implies, a solid cable uses a single piece of copper for the electrical conductor within each wire of the cable whilst stranded wire uses a series of copper strands twisted together. Although when buying a patch cable, it may not be necessary to know this, when installing a long cable run it may be important as each type is slightly more suitable for different applications.

  • Stranded cable:   This type of wire is more flexible and it is more applicable for Ethernet cables where the cable may be moved – often it is idea for patch leads at desks or general connections to PCs, etc where some movement may be needed and expected.
  • Solid cable:   Solid cable is not as flexible as the stranded type, but it is also more durable. This makes it best for use in permanent installations like cable installations under floors, embedded in walls and the like.

Categories for Ethernet cables

A variety of different cables are available for Ethernet and other telecommunications and networking applications. These network cables that are described by their different categories, e.g. Cat 5 cables, Cat 6 cables, etc, which are often recognized by the TIA (telecommunications Industries Association) and they are summarized below:

  • Cat 1:     This is not recognised by the TIA/EIA. It is the form of wiring that is used for standard telephone (POTS) wiring, or for ISDN.
  • Cat 2:     This is not recognised by the TIA/EIA. It was the form of wiring that was used for 4 Mbit/s token ring networks.
  • Cat 3:     This cable is defined in TIA/EIA-568-B. It is used for data networks employing frequencies up to 16 MHz. It was popular for use with 10 Mbps Ethernet networks (100 Base-T), but has now been superseded by Cat-5 cable.
  • Cat 4:     This cable is not recognized by the TIA/EIA. However it can be used for networks carrying frequencies up to 20 MHz. It was often used on 16 Mbps token ring networks.
  • Cat 5:     This is not recognized by the TIA/EIA. This is the network cable that is widely used for 100 Base-T and 1000 Base-T networks as it provides performance to allow data at 100 Mbps and slightly more (125 MHz for 1000 Base-T) Ethernet. The Cat 5 cable superseded the Cat 3 version and for a number of years it became the standard for Ethernet cabling. Cat 5 cable is now obsolete and therefore it is not recommended for new installations.

NOTE: Cat 5 cable uses twisted pairs to prevent internal crosstalk, XT and also crosstalk to external wires, AXT. Although not standardized, the Cat 5 cable normally uses 1.5 – 2 twists per centimetre.

  • Cat 5e:     This form of cable is recognised by the TIA/EIA and is defined in TIA/EIA-568, being last revised in 2001. It has a slightly higher frequency specification that Cat-5 cable as the performance extends up to 125 Mbps.

Cat 5e can be used for 100 Base-T and 1000 Base-t (Gigabit Ethernet). Cat 5e standard for Cat 5 enhanced and it is a form of Cat 5 cable manufactured to higher specifications although physically the same as Cat 5. It is tested to a higher specification to ensure it can perform at the higher data speeds. The twisted pairs within the network cables tend to have the same level of twisting as the Cat 5 cables.

  • Cat 6:     This cable is defined in TIA/EIA-568-B provides a significant improvement in performance over Cat5 and Cat 5e. During manufacture Cat 6 cables are more tightly wound than either Cat 5 or Cat 5e and they often have an outer foil or braided shielding. The shielding protects the twisted pairs of wires inside the Ethernet cable, helping to prevent crosstalk and noise interference. Cat-6 cables can technically support speeds up to 10 Gbps, but can only do so for up to 55 metres – even so this makes them relatively long Ethernet cables.

The Cat 6 Ethernet cables generally have 2+ twists per cm and some may include a nylon spline to reduce cross talk, although this is not actually required by the standard.

  • Cat 6a:     The “a” in Cat 6a stands for “Augmented” and the standard was revised in 2008. The Cat 6a cables are able to support twice the maximum bandwidth, and are capable of maintaining higher transmission speeds over longer network cable lengths. Cat 6a cables utilise shielded which is sufficient to all but eliminate crosstalk. However this makes them less flexible than Cat 6 cable.
  • Cat 7:     This is an informal number for ISO/IEC 11801 Class F cabling. It comprises four individually shielded pairs inside an overall shield. It is aimed at applications where transmission of frequencies up to 600 Mbps is required.
  • Cat 8:     Cat 8 cables have now been released and provide a huge step up in data rate / bandwidth. Accordingly these Cat 8 cables are generally more expensive than the older versions like Cat 6, or even Cat 7.

Ethernet Cable – Performance Summary

Ethernet cable performance summary

Network Firewall

What is Firewall in Networking?

A firewall is a security device that monitors network traffic. It protects the internal network by filtering incoming and outgoing traffic based on a set of established rules.

How Does a Firewall Work?

A firewall is placed on the hardware or software level of a system to secure it from malicious traffic. Depending on the setup, it can protect a single machine or a whole network of computers. The device inspects incoming and outgoing traffic according to predefined rules.

Communicating over the Internet is conducted by requesting and transmitting data from a sender to a receiver. Since data cannot be sent as a whole, it is broken up into manageable data packets that make up the initially transmitted entity. The role of a firewall is to examine data packets traveling to and from the host.

Types of Firewalls

Basically there are three types of firewalls – software firewalls, hardware firewalls, or both. The remaining types of firewalls specified in this list are firewall techniques which can be set up as software or hardware.

Software Firewalls

A software firewall is installed on the host device. Accordingly, this type of firewall is also known as a Host Firewall. Since it is attached to a specific device, it has to utilize its resources to work. Therefore, it is inevitable for it to use up some of the system’s RAM and CPU.

If there are multiple devices, you need to install the software on each device. Since it needs to be compatible with the host, it requires individual configuration for each. Hence, the main disadvantage is the time and knowledge needed to administrate and manage firewalls for each device.

On the other hand, the advantage of software firewalls is that they can distinguish between programs while filtering incoming and outgoing traffic. Hence, they can deny access to one program while allowing access to another.

Hardware Firewalls

Hardware firewalls are security devices that represent a separate piece of hardware placed between an internal and external network (the Internet). This type is also known as an Appliance Firewall.

Unlike a software firewall, a hardware firewall has its resources and doesn’t consume any CPU or RAM from the host devices. It is a physical appliance that serves as a gateway for traffic passing to and from an internal network.

They are used by medium and large organizations that have multiple computers working inside the same network. Utilizing hardware firewalls in such cases is more practical than installing individual software on each device. Configuring and managing a hardware firewall requires knowledge and skill, so make sure there is a skilled team to take on this responsibility.

Packet-Filtering Firewalls

When it comes to types of firewalls based on their method of operation, the most basic type is the packet-filtering firewall. It serves as an inline security checkpoint attached to a router or switch. As the name suggests, it monitors network traffic by filtering incoming packets according to the information they carry.

As explained above, each data packet consists of a header and the data it transmits. This type of firewall decides whether a packet is allowed or denied access based on the header information. To do so, it inspects the protocol, source IP address, destination IP, source port, and destination port. Depending on how the numbers match the access control list (rules defining wanted/unwanted traffic), the packets are passed on or dropped.

If a data packet doesn’t match all the required rules, it won’t be allowed to reach the system.

A packet-filtering firewall is a fast solution that doesn’t require a lot of resources. However, it isn’t the safest. Although it inspects the header information, it doesn’t check the data (payload) itself. Because malware can also be found in this section of the data packet, the packet-filtering firewall is not the best option for strong system security.

Packet-Filtering Firewalls
Packet-Filtering Firewalls

Circuit-Level Gateways

Circuit-level gateways are a type of firewall that work at the session layer of the OSI model, observing TCP (Transmission Control Protocol) connections and sessions. Their primary function is to ensure the established connections are safe.

In most cases, circuit-level firewalls are built into some type of software or an already existing firewall.

Like pocket-filtering firewalls, they don’t inspect the actual data but rather the information about the transaction. Additionally, circuit-level gateways are practical, simple to set up, and don’t require a separate proxy server.

Circuit-Level Gateways
Circuit-Level Gateways

Stateful Inspection Firewalls

A stateful inspection firewall keeps track of the state of a connection by monitoring the TCP 3-way handshake. This allows it to keep track of the entire connection – from start to end – permitting only expected return traffic inbound.

When starting a connection and requesting data, the stateful inspection builds a database (state table) and stores the connection information. In the state table, it notes the source IP, source port, destination IP, and destination port for each connection. Using the stateful inspection method, it dynamically creates firewall rules to allow anticipated traffic.

This type of firewall is used as additional security. It enforces more checks and is safer compared to stateless filters. However, unlike stateless/packet filtering, stateful firewalls inspect the actual data transmitted across multiple packets instead of just the headers. Because of this, they also require more system resources.

Stateful Inspection Firewalls
Stateful Inspection Firewalls

Proxy Firewalls

A proxy firewall serves as an intermediate device between internal and external systems communicating over the Internet. It protects a network by forwarding requests from the original client and masking it as its own. Proxy means to serve as a substitute and, accordingly, that is the role it plays. It substitutes for the client that is sending the request.

When a client sends a request to access a web page, the message is intersected by the proxy server. The proxy forwards the message to the web server, pretending to be the client. Doing so hides the client’s identification and geolocation, protecting it from any restrictions and potential attacks. The web server then responds and gives the proxy the requested information, which is passed on to the client.

Proxy Firewalls
Proxy Firewalls

Next-Generation Firewalls

The next-generation firewall is a security device that combines a number of functions of other firewalls. It incorporates packet, stateful, and deep packet inspection. Simply put, NGFW checks the actual payload of the packet instead of focusing solely on header information.

Unlike traditional firewalls, the next-gen firewall inspects the entire transaction of data, including the TCP handshakes, surface-level, and deep packet inspection.

Using NGFW is adequate protection from malware attacks, external threats, and intrusion. These devices are quite flexible, and there is no clear-cut definition of the functionalities they offer. Therefore, make sure to explore what each specific option provides.

Next-Generation Firewalls
Next-Generation Firewalls

Features that historically were handled by separate devices are now included in many NGFWs and include:

Intrusion Prevention Systems (IPS)

Whereas basic firewall technologies identify and block certain types of network traffic, IPSes use more granular security such as signature tracing and anomaly detection to prevent threats from entering networks. Once separate platforms, IPS functionality is more and more a standard firewall feature.

Deep packet inspection (DPI)

Deep packet inspection is a type of packet filtering that looks beyond where packets are coming from and going to and inspects their content, revealing, for example, what application is being accessed or what type of data is being transmitted. This information can make possible more intelligent and granular policies for the firewall to enforce. DPI could be used to block or allow traffic, but also restrict the amount of bandwidth particular applications are allowed to use. It could also be a tool for protecting intellectual property or sensitive data from leaving a secure network.

SSL/TLS termination

SSL-encrypted traffic is immune to deep-packet inspection because its content cannot be read. Some NGFWs can terminate SSL traffic, inspect it, then create a second SSL connection to the intended destination address. This can be used to prevent, for instance, malicious employees from sending proprietary information outside the secure network while also allowing legitimate traffic to flow through. While it’s good from a data-protection point of view, DPI can raise privacy concerns. With the advent of transport layer security (TLS) as an improvement on SSL, this termination and proxying can apply to TLS as well.

Sandboxing

Incoming attachments or communications with outside sources can contain malicious code. Using sandboxing, some NGFWs can isolate these attachments and whatever code they contain, execute it and find out whether it’s malicious. The downside of this process is this can consume a lot of CPU cycles and introduce noticeable delay in traffic flowing through the firewall.

There are other features that could be incorporated in NGFWs. They can support taking in data gathered by other platforms an using it to make firewall decisions. For example, if a new malware signature has been identified by researchers, the firewall can take in that information and start filtering out traffic that contains the signature.

Gartner, which once used the term NGFW, now says that previous incarnations of firewalls are outmoded and that they now call NGFWs simply enterprise firewalls.

Cloud Firewalls

A cloud firewall or firewall-as-a-service (Faas) is a cloud solution for network protection. Like other cloud solutions, it is maintained and run on the Internet by third-party vendors.

Clients often utilize cloud firewalls as proxy servers, but the configuration can vary according to the demand. Their main advantage is scalability. They are independent of physical resources, which allows scaling the firewall capacity according to the traffic load.

Businesses use this solution to protect an internal network or other cloud infrastructures (Iaas/Paas).

Cloud Firewalls
Cloud Firewalls

Which Firewall Architecture is Right for Your Business?

When deciding on which firewall to choose, there is no need to be explicit. Using more than one firewall type provides multiple layers of protection. Also, consider the following factors:

  • The size of the organization. How big is the internal network? Can you manage a firewall on each device, or do you need a firewall that monitors the internal network? These questions are important to answer when deciding between software and hardware firewalls. Additionally, the decision between the two will largely depend on the capabilities of the tech team assigned to manage the setup.
  • The resources available. Can you afford to separate the firewall from the internal network by placing it on a separate piece of hardware or even on the cloud? The traffic load the firewall needs to filter and whether it is going to be consistent also plays an important role.
  • The level of protection required. The number and types of firewalls should reflect the security measures the internal network requires. A business dealing with sensitive client information should ensure that data is protected from hackers by tightening the firewall protection.

Network Routers

A router is a networking device that forwards data packets between computer networks. Routers represents “traffic cops” for your small business network. They keep data moving efficiently among multiple network sites as well as to your Internet service provider (ISP), and “translate” different media types and protocols.

Network routers
Routers

Use of Router

To keep networks up and running, routers connect computers and other devices such as printers, allowing them to “talk” to each other. They analyze the data that’s sent over networks, change how it’s packaged, and then send it to another network or over a different type of network.

Features of Routers

  • Works on the network layer of the OSI reference model and communicate with neighbor devices on the concept of IP addressing and sub netting.
  • The main components of routers are the central processing unit (CPU), flash memory, non-volatile RAM, RAM, network interface card, and console.
  • Routers have a different kind of multiple ports like fast-Ethernet port, gigabit, and STM link port. All ports support high-speed network connectivity.
  • Depending upon the type of port needed in the network the user can configure them accordingly.
  • Routers carry out the data encapsulation and decapsulation process to filter out the unwanted interference.
  • Routers have the inbuilt intelligence to route traffic in a big networking system by treating the sub-networks as an intact network. They have the capability to analyze the type of next link and hop connected with it which makes them superior to other layer-3 devices such as switch and bridges.
  • Routers always work in master and slave mode thus provides redundancy. Both routers will have the same configurations at the software and hardware level if the master fails then the slave will act as Master and perform its entire tasks. Thus saves the complete network failure.

Types of routers

There are three types of routers in the market. These types are the main categories.

Broadband Routers

Broadband routers can do different types of things. Broadband routers can be used to connect computers or to connect to the Internet.

If you connect to the internet through phone and using Voice over IP technology (VOIP) then you need broadband router. These are often a special type of modem (ADSL) that will have both Ethernet and phone jacks.

Subscriber Edge Routers

This type of router belongs to an end user (enterprise) organization. It’s configured to broadcast external BGP to its provider’s AS(s).

Inter-provider Border Routers

This type of router is for Interconnecting ISPs. This is a BGP speaking router that maintains BGP sessions with other BGP speaking routers in other providers’ ASes.

Wired and wireless routers

These routers are mostly used in homes and small offices. Wired routers share data over cables and create wired local area networks (LANs), while wireless routers use antennas to share data and create wireless local area networks (WLANs).  

Edge routers

This is a wired or wireless router that distributes data packets between one or more networks but not within a network. As their name indicates, edge routers are placed at the edge or boundary of networks, and typically connect to Internet service providers (ISPs) or other organizations’ networks. Their job is to keep your network communicating smoothly with other networks. 

Core routers

These wired or wireless routers distribute data packets within networks, but not between multiple networks. They’re designed to become the backbone of your network and do the heavy lifting of data transfer, which is why they’re usually high-performance.   

Virtual routers

Unlike physical routers, virtual routers are pieces of software that allow computers and servers to operate like routers. They’ll share data packets just as physical routers do. They can offer more flexibility than physical devices since they can be scaled as the business grows; they can also help get remote offices up and running on your network more quickly. 

How do businesses use routers?

Routers manage all kinds of business communications, from data and voice to video and Wi-Fi access. How routers can help:  

Sharing business applications – Routers can help you share business applications with workers, even those in different locations, so that everyone has equal access to critical tools and can improve their productivity. Routers can also provide access to advanced applications and enable useful business services, such as IP voice and videoconferencing.

Improving access to information – Workers need fast access to information so they can make better decisions. Routers help provide access, so workers have visibility into business data.  

Enhancing customer service – Today’s customers expect fast responses to their questions as well as personalized service. To meet these demands, businesses need responsive and reliable networks, which routers can provide.  

Reducing operating costs – Routing technology can positively impact your business’s bottom line–for example, saving money by using shared printers and servers that can be accessed by everyone on the network. With routers and a reliable network, you can grow your small business infrastructure without constantly replacing technology.

Network Switches

To built network, switch is an essential component in their networking building plan. In a network deployment, switch channels incoming data from any of multiple input ports to the specific output port that will take the data toward its intended destination. Besides, to achieve high performance level, there are different types of switches in networking. This article will introduce different types of switches in networking to help you choose a suitable one for your networking.

Types of network switches
Modular switches
Fixed-configuration switches
Unmanaged switches
Smart switches
Managed switches
Types of network switches

Modular switches

Modular switches let you add expansion modules into the switches as needed, giving you flexibility if your network needs change. Examples of expansion modules are application-specific (such as firewall, wireless, or network analysis) and modules for additional interfaces, power supplies, or cooling fans.

Fixed configuration ethernet switches

Fixed configuration switches are switches with a fixed number of ports and are typically not expandable. The fixed configuration switch category is further broken down into unmanaged switches, smart switches, and managed L2 and L3 switches.

Unmanaged switches

An unmanaged switch is designed so that you can simply plug them in and they work, no configuration required. Unmanaged switches are typically for basic connectivity. You’ll often see them used in home networks or wherever a few more ports are needed, such as at your desk, in a lab, or in a conference room.

UnManaged Switches
unManaged Switches

This category of switch is the most cost effective where only basic layer 2 switching and connectivity is required. For example, they fit well when you need a few extra ports on your desk, in a lab, in a conference room, or even at home.

With some unmanaged switches in the market, you can even get capabilities such as cable diagnostics, loop detection, prioritization of traffic using default QoS settings, Energy savings capabilities using EEE (Energy Efficient Ethernet) and even PoE (Power over Ethernet). However, as the name implies, these switches generally cannot be modified/managed. You simply plug them in and they require no configuration at all.

Smart switches

This category of switches is evolving. The general rule here is that these switches offer some management, QoS, and security, but they are “lighter” in capabilities and less scalable than managed switches. They can be a cost-effective alternative to managed switches. They can be deployed at the edge of a large network (with managed switches being used in the core), as the infrastructure for smaller networks, or for low complexity needs.

The capabilities available for this smart switch category vary widely. All of these devices have an interface for management that is typically more simplified than what managed switches offer.

Smart Switches
Smart Switches

Smart switches allow you to segment the network into workgroups by creating VLANs, though with a lower number of VLANs and nodes (MAC addresses) than you’d get with a managed switch.

They also offer some levels of security, such as 802.1x endpoint authentication, and in some cases with limited numbers of ACLs (access control lists), though the levels of control and granularity would not be the same as a managed switch.

In addition, smart switches support basic quality-of-service (QoS) that facilitates prioritization of users and applications based on 802.1q/TOS/DSCP, adding to the versatility of the solution.

Fully managed L2 and L3 switches

Managed switches are designed to deliver the most comprehensive set of features to provide the best application experience, the highest levels of security, the most precise control and management of the network, and offer the greatest scalability in the fixed configuration category of switches. As a result, managed switches are usually deployed as aggregation/access switches in very large networks or as core switches in relatively smaller networks. Managed switches should support both L2 switching and L3 IP routing though you’ll find some with only L2 switching support.

From a security perspective, managed switches provide protection of the data plane (User traffic being forwarded), control plane (traffic being communicated between networking devices to ensure user traffic goes to the right destination), and management plane (traffic used to manage the network or device itself). Managed switches also offer network storm control, denial-of-service protection, and much more.

The Access Control List capabilities allows for flexibly dropping, rate limiting, mirroring, or logging of traffic by L2 address, L3 address, TCP/UDP port numbers, Ethernet type, ICMP or TCP flags, etc.

Fully Managed Switches
Fully Managed Switches

Managed switches are rich in features that enable them to protect themselves and the network from deliberate or unintended Denial of Service attacks.  It includes Dynamic ARP Inspection, IPv4 DHCP snooping, IPv6 First Hop Security with RA Guard, ND Inspection, Neighbor Binding Integrity, and much more.

Additional security capabilities may include Private VLANs for securing communities of users or device isolation, Secure Management (downloads through SCP, Web-based Authentication, Radius/TACACS AAA, etc.), Control Plane Policing (CoPP) for protecting the CPU of the switch, richer support for 802.1x (time-based, Dynamic VLAN Assignment, port/host-based, etc)

From a scalability perspective, these devices have large table sizes so that you can create large numbers of VLANs (for workgroups), devices (MAC table size), IP routes, and ACL policies for flow-based security/QoS purposes, etc.

For highest network availability and uptime, managed switches support L3 redundancy using VRRP (Virtual Router Redundancy Protocol), large numbers of Link Aggregation groups (which is used both for scalability and resiliency), and capabilities for protecting L2 such as Spanning Tree Root Guard and BPDU Guard.

For QoS and Multicast features, the richness of capabilities goes far beyond what is available in a smart switch. Managed switches support  IGMP and MLD Snooping with functions for optimizing IPv4/v6 multicast traffic in the LAN, TCP Congestion Avoidance, 4 or 8 queues to treat traffic differently by importance, setting/tagging traffic by L2 (802.1p) or L3 (DSCP/TOS), and rate limiting traffic.

Power over Ethernet (PoE) versus non-PoE

Power over Ethernet is a capability that facilitates powering a device (such as an IP phone, IP Surveillance Camera, or Wireless Access Point) over the same cable as the data traffic. One of the advantages of PoE is the flexibility it provides in allowing you to easily place endpoints anywhere in the business, even places where it might be difficult to run a power outlet. One example is that you can place a Wireless Access Point inside a wall or ceiling.

Switches deliver power according to a few standards – IEEE 802.3af delivers power up to 15.4 Watts on a switch port whereas IEEE 802.3at (also known as PoE+) delivers power up to 30 Watts on a switch port. For most endpoints, 802.3af is sufficient but there are devices, such as Video phones or Access Points with multiple radios, which have higher power needs. Select Cisco switches also support Universal Power over Ethernet (UPoE) or 60W PoE that delivers up to 60 Watts on a switch port. A new PoE standard, 802.3bt, delivers even high levels of power for future applications.

To find the switch that is right for you, choose a switch according to your power needs. When connecting to desktops or other types of devices which do not require PoE, the non-PoE switches are a more cost-effective option.

Stackable vs. standalone switches

As the network grows, you will need more switches to provide network connectivity to the growing number of devices in the network. When using standalone switches, each switch is managed and configured as an individual entity.

In contrast, stackable switches provide a way to simplify and increase the availability of the network. Instead of configuring, managing, and troubleshooting eight 48-port switches individually, you can manage all eight like a single unit using a Stackable Switches. With a true stackable switch, those eight switches (total 384 ports) function as a single switch – there is a single SNMP/RMON agent, single Spanning Tree domain, single CLI or Web interface – i.e. single management plane. You can also create link aggregation groups spanning across multiple units in the stack, port mirror traffic from one unit in the stack to another, or setup ACLs/QoS spanning all the units. There are valuable operational advantages to be gained by this approach.

Be careful about products in the market which are sold as “stackable” when they merely offer a single user interface, or central management interface, for getting to each individual switch unit. This approach is not stackable, but really “clustering”. You still have to configure every feature such as ACLs, QoS, Port mirroring, and more individually on each switch.

There are other advantages of true stacking as well. You can connect the stack members in a ring such that, if a port or cable fails, the stack will automatically route around that failure, many times at microsecond speeds. You can also add or subtract stack members and have it automatically recognized and added into the stack.

Feature Options – Four switch options to opt

In addition to evaluating switch categories, you should also consider network switch speeds, number of ports, power-over-Ethernet features, and stacking capabilities.

  1. Switch Speeds – Switches are available in different throughputs or speeds, the rate they transmit data in megabits per second (Mbps). For example, fixed-configuration switches can provide Fast Ethernet (10/100 Mbps), Gigabit Ethernet (10/100/1000 Mbps), Ten Gigabit (10/100/1000/10000 Mbps), and even 40/100 Gbps (gigabits per second) speeds. The switch speed you choose depends on the type of throughput you need. If, for example, you need to move large data files on a regular basis, you should consider a Gigabit Ethernet switch.
  2. Number of ports – As is the case with switch speed, the number of ports available in a switch can vary. The bigger your small business and the more network users you have, the more ports you’ll need. Fixed-configuration switches are usually available with five, eight, 10, 16, 24, 28, 48, or 52 ports.

In contrast, stackable switches can be connected to increase the capacity and availability of your network. Rather than configuring, managing, and troubleshooting each switch, you can treat the “stack” as a single unit. This means that if any part of the stack fails, the stack will route around the failure, so your network keeps running.

Which switch is right for your needs?

  • Cloud-managed – A cloud-managed switch can simplify your network management. You get a simple user interface, multisite full-stack management, and automatic updates delivered directly to the switch.
  • Premise-Based / On-device management – A managed on-premises switches lets you configure and monitor your LAN. If you want to connect networks, you’ll need a managed switch with Layer 2 or Layer 3 capabilities.
  • Managed and unmanaged – A managed switch gives you the ability to configure and monitor your LAN. If you want to connect multiple networks, you want a managed switch with Layer 2 or Layer 3 capabilities.

How to license SQL Server and Pricing

Overview

SQL Server 2019 is offered in two main commercial editions to accommodate the unique feature, performance and price requirements of organizations and individuals:
Enterprise Edition is ideal for applications requiring mission critical in-memory performance, security and high availability.
Standard Edition delivers fully featured database capabilities for mid-tier applications and data marts.

The editions are offered in a straight forward, tiered model that creates greater consistency across the product editions, features and licensing. Enterprise Edition includes all the capabilities available in SQL Server 2019.

SQL Server 2019 now comes with Apache Spark and Hadoop Distributed File System (HDFS) for intelligence over all your data. With SQL Server 2019 Enterprise and Standard edition, customers can deploy Big Data Clusters. SQL Server 2019 Big Data Clusters makes it easier to manage a big data environment. It provides key elements of a data lake—Hadoop Distributed File System (HDFS), Spark, and analytics tools—deeply integrated with SQL Server and fully supported by Microsoft. SQL Server 2019 Big Data Clusters can be easily deployed using Linux containers on a Kubernetes-managed cluster. A SQL Server 2019 Big Data Cluster consists of two distinct components:
SQL Server Master Instance is SQL Server 2019 Enterprise or Standard Edition on Linux with all the typical features.
Big Data Nodes are the worker nodes with HDFS, Spark and SQL Server engine for scale-out storage and compute.

Comparison of key capabilities across the main SQL Server 2019 editions.

SQL Server 2019 new featuresStandardEnterprise
Compute and storage
Maximum number of cores 24OS Max
Maximum memory utilized per instance128 GBOS Max
Maximum size524 PB524 PB
Intelligence over all your data
SQL Server 2019 Big Data Clusters with Apache Spark and HDFS built into SQL Server engineXX
Data virtualization using PolyBase (including additional data sources like Oracle, Teradata,
MongoDB, and other SQL Server databases) 
XX
Unified AI platform to train and operationalize models with SQL Server ML Services XX
Choice of  language and platform
Compatibility certificationXX
UTF-8 supportXX
Support for SQL Server Java extensionXX
Industry leading  performance and availability
Free DR replicas in Azure and on-premisesXX
Intelligent Query processing: Scalar UDF inlining, table variable deferred compilation, approximate count distinctXX
Intelligent Query processing features: row mode memory grant feedback, batch mode for row store and automatic tuningX
Automatic read-write connection re-routingX
In-Memory Database: memory-optimized tempdbX
In-Memory Database: Persistent Memory supportXX
Accelerated Database recoveryXX
Secure and reliable
Always Encrypted with secure enclavesXX
Transparent database encryption XX
Data classification and auditing XX
Vulnerability assessment XX
Quick business insights
Azure Data Studio to manage SQL Server including support for T-SQL using NotebooksXX
SQL Server Analysis Services Direct QueryXX

Other specialty editions of SQL Server 2019 include Developer Edition, which is licensed for non-production use; the freely downloadable and distributable Express Edition. SQL Server Web Edition remains available only under the Microsoft Services Provider License Agreement (SPLA).

Comparison of the key capacity limits across the SQL Server 2019 editions

Database Engine (DBE) capacity limits

SQL Server
2019 Edition
Max compute capacityMax memory utilization – DBEMax DB Size
Enterprise Per CoreOS max12 TB524 PB
Standard Per CoreLesser of 4 sockets or 24 cores128 GB524 PB
Standard Server + CAL24 core limit128 GB524 PB
ExpressLesser of 1 socket or 4 cores1 GB10 GB
DeveloperOS maxOS maxOS max

Analysis Services (AS) and Reporting Services (RS) capacity limits

SQL Server
2019 Edition
Max compute capacityMax memory utilization – DBEMax DB Size
Enterprise Per CoreOS maxOS maxOS max
Standard Per CoreLesser of 4 sockets
or 24 cores
64 GB (MOLAP)
16 GB (Tabular)
64 GB
Standard Server + CALLesser of 4 sockets
or 24 cores
64 GB (MOLAP)
16 GB (Tabular)
64 GB
ExpressLesser of 1 socket
or 4 cores
N/A4 GB (Advanced
Services Ed.)
DeveloperOS maxOS maxOS max

SQL Server 2019 – Pricing

EditionsOpen no level price (US$)Licensing modelChannel availability
Enterprise$13, 748*2 core packVolume licensing, hosting
Standard – per core$3,586*2 core packVolume licensing, hosting
Standard – server$899*ServerVolume licensing, hosting
Standard – CAL$209CALVolume licensing, hosting
DeveloperFreePer userFree download
WebSee your hosting partner for pricingNot applicableHosting only
ExpressFreeNot applicableFree download
* – Pricing represents open no level (NL) estimated retail price. For your specific pricing, contact your Microsoft reseller.

Subscriptions and add-ons

Subscriptions and add-onsPrice (US$)Licensing modelChannel availability
SQL Server Enterprise5,434 USD/year2 core packVolume Licensing
SQL Server Standard1,418 USD/year2 core packVolume Licensing
Big data node cores*400 USD/year*2 core packVolume Licensing
* –  Big data nodes can only be used with Enterprise and Standard editions, are purchased separately and priced per two-core pack.

SQL Server 2019 – Licensing Models

Server+CAL licensing model provides the option to license users and/or devices and then have low-cost access to incremental SQL Server deployments.

Core-based licensing gives customers a more precise measure of computing power and a more consistent licensing metric, regardless of whether solutions are deployed on physical on-premises servers, or in virtual or cloud environments.

Compares the licensing options for each of the main SQL Server 2019 editions:

SQL Server 2019Server+CALPer Core
EnterpriseYes
StandardYesYes

Core-based licensing – Under the Per Core licensing model, each server running SQL Server 2019 software or any of its components (such as Reporting Services or Integration Services) must be assigned an appropriate number of SQL Server 2019 core licenses. The number of core licenses needed, depends on whether customers are licensing the physical server or individual virtual operating system environments (OSEs).

Core-based licensing
Core-based licensing

Server+CAL licensing – When licensing the SQL Server 2019 Standard Edition software under the Server+CAL model, customers purchase a server license for each server, and a client access license (CAL) for each device (Device CAL) and/or user (User CAL) accessing SQL Server or any of its components. A CAL is not software; it is a license granting users and devices access to the SQL Server software.

Server+CAL licensing
Server+CAL licensing

Licensing SQL Server 2019 in a virtualized environment

Microsoft SQL Server is increasingly being deployed in virtualized environments, which enable running instances of SQL Server concurrently in separate virtual OSEs (or virtual machines).
SQL Server 2019 offers expanded virtualization rights, options and benefits to provide greater flexibility for customers deploying in virtual environments. When deploying SQL Server 2019 software in virtualized environments, customers have the choice to license either individual virtual machines as needed, or to license for maximum virtualization in highly virtualized, private cloud, or dynamic environments. Maximum
virtualization can be achieved by licensing the entire physical server with Enterprise Edition core licenses and covering those licenses with Software Assurance (SA).

Licensing SQL Server 2019 in a virtualized environment
This figure depicts two virtual machines, each containing two virtual cores.

How to license individual virtual machines using the Per Core licensing model

Similar to the Per Core licensing model in physical OSEs, all virtual cores (v-cores) supporting virtual OSEs that are running instances of SQL Server 2019 software must be licensed accordingly.

To license individual VMs using the Per Core model, customers must purchase a core license for each v-core (or virtual processor, virtual CPU, virtual thread) allocated to the VM, subject to a four-core license minimum per VM. For licensing purposes, a v-core maps to a hardware thread.

Note: Licensing individual VMs is the only licensing option available for SQL Server 2019 Standard Edition customers who are running the software in a virtualized environment under the Per Core model.

For customers with highly virtualized environments who want to move VMs dynamically across servers to reallocate resources as needed, Microsoft permits License Mobility as an exclusive SA benefit available for all SQL Server editions. For more information on licensing for application mobility, refer to the Advanced licensing scenarios section of this guide.

  1. License the virtual cores in each virtual machine
  2. There is a minimum of four core licenses required for each virtual machine
How to license individual virtual machines using the Per Core licensing model
How to license individual virtual machines using the Per Core licensing model

How to license individual virtual machines using the Server+CAL licensing model

To license individual VMs using the Server+CAL model, customers simply purchase one server license for each VM running SQL Server software, regardless of the number of virtual processors allocated to the VM.

For example, a customer who wants to deploy Standard Edition running in six VMs, each allocated with four vcores, would need to assign six SQL Server 2019 Standard server licenses to that server.

Note: Each user or device accessing SQL Server 2019 software, regardless of a virtual or physical deployment, requires a SQL Server 2019 CAL.

How to license individual virtual machines using the Server+CAL licensing model
License individual virtual machines using the Server+CAL licensing model

Microsoft Certifications

Microsoft certifications

Microsoft has certification paths for many technical job roles.

Fundamentals certifications

ExamCertification name
PL-900Microsoft Certified: Power Platform Fundamentals
AI-900Microsoft Certified: Azure AI Fundamentals
MB-910Microsoft Certified: Dynamics 365 Fundamentals Customer Engagement Apps (CRM)
MB-920Microsoft Certified: Dynamics 365 Fundamentals Finance and Operations Apps (ERP)
MS-900Microsoft 365 Certified: Fundamentals
AZ-900Microsoft Certified: Azure Fundamentals
DP-900Microsoft Certified: Azure Data Fundamentals
MB-901Microsoft Certified: Dynamics 365 Fundamentals

Role based Certifications

Developer

Exam Certification Name
AZ-204Microsoft Certified: Azure Developer Associate
Azure Developers design, build, test, and maintain cloud applications and services.
MB-300MB-500Microsoft Certified: Dynamics 365: Finance and Operations Apps Developer Associate
Developers who work with Finance and Operations apps in Microsoft Dynamics 365 implement and extend applications to meet the requirements of the business.
MS-600Microsoft 365 Certified: Developer Associate
Microsoft 365 Developers design, build, test, and maintain applications and solutions that are optimized for the productivity and collaboration needs of organizations using the Microsoft 365 platform.
PL-400Microsoft Certified: Power Platform Developer Associate
Candidates for the Microsoft Power Platform Developer Associate certification design, develop, secure, and troubleshoot Power Platform solutions.
AZ-220Microsoft Certified: Azure IoT Developer Specialty
Azure IoT Developers develop cloud and edge components of an Azure IoT solution.

Administrator

ExamCertification Name
AZ-104Microsoft Certified: Azure Administrator Associate
Azure Administrators implement, manage, and monitor an organization’s Microsoft Azure environment.
AZ-120Microsoft Certified: Azure for SAP Workloads Specialty
Architects or engineers for Microsoft Azure for SAP Workloads have extensive experience and knowledge of the SAP system landscape and industry standards that are specific to the long-term operation of an SAP solution on Azure.
AZ-600Microsoft Certified: Azure Stack Hub Operator Associate
Candidates for the Azure Stack Hub Operator Associate certification are Azure administrators or Azure Stack Hub operators who provide cloud services to end users or customers from within their own datacenter using Azure Stack Hub.
MS-203Microsoft 365 Certified: Messaging Administrator Associate
Microsoft 365 Messaging Administrators deploy, configure, manage, troubleshoot, and monitor recipients, permissions, mail protection, mail flow, and public folders in hybrid and cloud enterprise environments.
MD-100MD-101Microsoft 365 Certified: Modern Desktop Administrator Associate
Modern Desktop Administrators deploy, configure, secure, manage, and monitor devices and client applications in an enterprise environment.
MS-500Microsoft 365 Certified: Security Administrator Associate
Microsoft 365 Security Administrators proactively secure Microsoft 365 enterprise and hybrid environments, implement and manage security and compliance solutions, respond to threats, and enforce data governance.
MS-100MS-101Microsoft 365 Certified: Enterprise Administrator Expert
Microsoft 365 Enterprise Administrators evaluate, plan, migrate, deploy, and manage Microsoft 365 services.
MS-700Microsoft 365 Certified: Teams Administrator Associate
Microsoft Teams Administrators configure, deploy, and manage Office 365 workloads for Microsoft Teams that focus on efficient and effective collaboration and communication in an enterprise environment.

Solutions Architect

ExamCertification Name
AZ-303AZ-304Microsoft Certified: Azure Solutions Architect Expert
Azure Solutions Architects design and implement solutions that run on Microsoft Azure, including aspects like compute, network, storage, and security.
MB-700Microsoft Certified: Dynamics 365: Finance and Operations Apps Solution Architect Expert
Solution Architects for Finance and Operations apps in Microsoft Dynamics 365 are trusted advisors who understand business recommended practices and software capabilities. They lead team members to implement Dynamics solutions that can achieve the predefined implementation goals.
MB-600Microsoft Certified: Dynamics 365 + Power Platform Solution Architect Expert
Solution Architects for Microsoft Dynamics 365 + Power Platform lead successful implementations and focus on how solutions address the broader business and technical needs of organizations.
AZ-120Microsoft Certified: Azure for SAP Workloads Specialty
Architects or engineers for Microsoft Azure for SAP Workloads have extensive experience and knowledge of the SAP system landscape and industry standards that are specific to the long-term operation of an SAP solution on Azure.

Data Engineer

ExamCertification name
DP-200DP-201Microsoft Certified: Azure Data Engineer Associate
Azure Data Engineers integrate, transform, and consolidate data from various structured and unstructured data systems into structures that are suitable for building analytics solutions.

Data Scientist

ExamCertification name
DP-100Microsoft Certified: Azure Data Scientist Associate
The Azure Data Scientist applies their knowledge of data science and machine learning to implement and run machine learning workloads on Azure; in particular, using Azure Machine Learning Service.

AI Engineer

ExamCertification name
AI-100Microsoft Certified: Azure AI Engineer Associate
Azure AI Engineers build, manage, and deploy AI solutions that leverage Azure Cognitive Services, Azure Cognitive Search, and Microsoft Bot Framework.

DevOps Engineer

ExamCertification name
AZ-400Microsoft Certified: DevOps Engineer Expert
Microsoft DevOps professionals combine people, process, and technologies to continuously deliver valuable products and services that meet end user needs and business objectives.

Security Engineer

ExamCertification name
AZ-500Microsoft Certified: Azure Security Engineer Associate
Azure Security Engineers implement security controls and threat protection, manage identity and access, and protect data, applications, and networks in cloud and hybrid environments as part of an end-to-end infrastructure.

Functional Consultant

ExamCertification name
MB-200MB-230Microsoft Certified: Dynamics 365 Customer Service Functional Consultant Associate
Microsoft Dynamics 365 Customer Service Functional Consultants build CX solutions that are fast, agile, and leverage AI to drive actionable insights that anticipate customer needs.
MB-200MB-240Microsoft Certified: Dynamics 365 Field Service Functional Consultant Associate
Microsoft Dynamics 365 Field Service Functional Consultants configure the Field Service application, implement solutions that manage the field service lifecycle, and deploy the Connected Field Service (IoT) solution.
MB-300MB-310Microsoft Certified: Dynamics 365 Finance Functional Consultant Associate
Dynamics 365 Finance Functional Consultants unify global financials and operations; automate tasks and workflows; and streamline customer ordering, selling, invoicing, and reporting.
MB-300MB-320Microsoft Certified: Dynamics 365 Supply Chain Management, Manufacturing Functional Consultant Associate
Dynamics 365 Supply Chain Management, Manufacturing Functional Consultants integrate digital and physical systems; improve visibility, manufacturing efficiency, and flexibility; and lower costs for their clients.
MB-200MB-220Microsoft Certified: Dynamics 365 Marketing Functional Consultant Associate
Microsoft Dynamics 365 Marketing Functional Consultants implement solutions that attract and convert leads, build brand awareness, standardize omnichannel messaging, and deliver marketing insights.
MB-200MB-210Microsoft Certified: Dynamics 365 Sales Functional Consultant Associate
Microsoft Dynamics 365 Sales Functional Consultants implement solutions that anticipate and plan customer connections, manage deals through processing and closing, and accelerate sales team performance using data analytics.
MB-300MB-330Microsoft Certified: Dynamics 365 Supply Chain Management Functional Consultant Associate
Dynamics 365 Supply Chain Management Functional Consultants streamline cost accounting, inventory management, master planning, and warehouse management for their clients.
PL-200Microsoft Certified: Power Platform Functional Consultant Associate
As a functional consultant, use this certification to market yourself more effectively for projects and other engagements. The Microsoft Power Platform Functional Consultant Associate certification lets organizations know that—with no code or low code—you can build solutions that would normally require developer expertise.
MB-800Microsoft Certified: Dynamics 365 Business Central Functional Consultant Associate
Dynamics 365 Business Central Functional Consultants are responsible for implementing core application setup processes for small and medium businesses.

Red Hat Certification

Red Hat Certifications
Red Hat Certifications

Certifying with Red Hat can help individuals, teams, and organizations validate the knowledge needed to stay ahead of the technology curve. Whether you’re looking to take the next step in your career or trying to fill skills gaps in your company, we have certifications and exams that match your needs.

Certification by Role

Administrators
Red Hat Certified System Administrator (RHCSA) – An IT professional who has earned the Red Hat Certified System Administrator (RHCSA®) is able to perform the core system administration skills required in Red Hat Enterprise Linux environments. The credential is earned after successfully passing the Red Hat Certified System Administrator (RHCSA) Exam (EX200).
EX200 – Red Hat Certified System Administrator (RHCSA) exam
The performance-based Red Hat Certified System Administrator (RHCSA) exam (EX200) tests your knowledge and skill in areas of system administration common across a wide range of environments and deployment scenarios.
You must be an RHCSA to earn a Red Hat Certified Engineer (RHCE®) certification.
 
Red Hat Certified Engineer (RHCE) – A Red Hat® Certified Engineer (RHCE®) is a Red Hat Certified System Administrator (RHCSA) who is ready to automate Red Hat® Enterprise Linux® tasks, integrate Red Hat emerging technologies, and apply automation for efficiency and innovation.
 
Red Hat Certified Specialist in OpenShift Administration – An IT professional who is a Red Hat Certified Specialist in OpenShift Administration has demonstrated the skills, knowledge, and abilities needed to create, configure, and manage a cloud application platform using Red Hat® OpenShift.
The Red Hat Certified Specialist in OpenShift Administration exam (EX280) will test your ability. In preparation to becoming a Red Hat Certified Specialist in OpenShift Administration, Red Hat recommends the following courses:
Red Hat OpenShift I: Containers & Kubernetes (DO180)
Red Hat OpenShift Administration II: Operating a Production Kubernetes Cluster (DO280)
 
Red Hat Certified Specialist in Ceph Storage Administration – A Red Hat Certified System Administrator in Red Hat OpenStack is able to create, configure, and manage private clouds using Red Hat® Enterprise Linux® and Red Hat® OpenStack Platform.
Red Hat Certified System Administrator in Red Hat OpenStack exam (EX210)
We recommend these courses to help you prepare to become a Red Hat Certified System Administrator in Red Hat OpenStack:
Red Hat OpenStack Administration I: Core Operations for Cloud Operators (CL110)
Red Hat OpenStack Administration II: Day 2 Operations for Cloud Operators (CL210)
 
Red Hat Certified System Administrator in Red Hat OpenStack – A Red Hat Certified System Administrator in Red Hat OpenStack is able to create, configure, and manage private clouds using Red Hat® Enterprise Linux® and Red Hat® OpenStack Platform.
Red Hat Certified System Administrator in Red Hat OpenStack exam (EX210)
We recommend these courses to help you prepare to become a Red Hat Certified System Administrator in Red Hat OpenStack:
Red Hat OpenStack Administration I: Core Operations for Cloud Operators (CL110)
Red Hat OpenStack Administration II: Day 2 Operations for Cloud Operators (CL210)
 
Red Hat Certified Specialist in Linux Diagnostics and Troubleshooting – An IT professional who is a Red Hat Certified Specialist in Linux Diagnostics and Troubleshooting has demonstrated the skills, knowledge, and abilities needed to diagnose and correct common issues that affect Red Hat® Enterprise Linux® systems.
Red Hat Certified Specialist in Linux Diagnostics and Troubleshooting exam (EX342)
 
Red Hat Certified Specialist in Gluster Storage Administration – An IT professional who is a Red Hat Certified Specialist in Gluster Storage Administration has demonstrated the skills, knowledge, and abilities needed to implement flexible storage solutions for on-premise and hybrid clouds using Red Hat® Gluster Storage.
A candidate must pass the following exam to become a Red Hat Certified Specialist in Gluster Storage Administration:
Red Hat Certified Specialist in Gluster Storage Administration exam (EX236)
In preparation to become a Red Hat Certified Specialist in Gluster Storage Administration, Red Hat recommends the following courses:
Red Hat Gluster Storage Administration (RH236)
 
Red Hat Certified Specialist in Security: Linux – A Red Hat Certified Specialist in Security: Linux has demonstrated the knowledge, skills, and abilities needed to secure Red Hat® Enterprise Linux® systems and to enforce compliance with security policies.
Red Hat Certified Specialist in Security: Linux (EX415)
An IT professional who passes this exam will earn a Red Hat Certified Specialist endorsement that also counts toward earning the RHCA credential.
We recommend this course to help you prepare to earn a Red Hat Certified Specialist in Security: Linux credential: Red Hat Security: Linux in Physical, Virtual, and Cloud (RH415)
 
Red Hat Certified Specialist in Identity Management – A Red Hat Certified Specialist in Identity Management has demonstrated the knowledge, skills, and ability to create, configure, and manage Red Hat® Enterprise Linux® authentication services and integrate those services with a variety of Red Hat and non-Red Hat products and technologies.
Red Hat Certified Specialist in Identity Management exam (EX362)
To help you prepare to become a Red Hat Certified Specialist in Directory Services and Authentication, Red Hat recommends these courses:
Red Hat Security: Identity Management and Active Directory Integration (RH362)
Red Hat Satellite 6 Administration (RH403)
 
Red Hat Certified Specialist in Enterprise Application Server Administration – A Red Hat Certified Specialist in Enterprise Application Server Administration possesses the skills, knowledge, and abilities required to install, configure, and manage Red Hat® JBoss® Enterprise Application Platform (EAP) and to deploy and manage applications on that platform.
EX248 – Red Hat Certified JBoss Administrator (RHCJA) exam
The Red Hat Certified Specialist in Enterprise Application Server Administration exam is a performance-based exam that tests ability to manage applications on Red Hat JBoss Enterprise Application Platform. In preparation to become a Red Hat Certified Specialist in Enterprise Application Server Administration, Red Hat recommends the following:
Courses: JBoss Application Administration I (AD248)
 
Red Hat Certified Specialist in Containers and Kubernetes – A Red Hat Certified Specialist in Containers and Kubernetes has demonstrated a basic understanding of Kubernetes, containers, and Red Hat® OpenShift® and can use this knowledge to run, find, and manage containerized services, deploy single- and multiple-container applications, and create custom containers.
Red Hat Certified Specialist in Containers and Kubernetes exam (EX180)
We recommend this course to help you prepare to become a Red Hat Certified Specialist in Containers and Kubernetes:
Red Hat OpenShift I: Containers & Kubernetes (DO180)
 
Developers
Red Hat Certified System Administrator (RHCSA) – An IT professional who has earned the Red Hat Certified System Administrator (RHCSA®) is able to perform the core system administration skills required in Red Hat Enterprise Linux environments. The credential is earned after successfully passing the Red Hat Certified System Administrator (RHCSA) Exam (EX200).
EX200 – Red Hat Certified System Administrator (RHCSA) exam
The performance-based Red Hat Certified System Administrator (RHCSA) exam (EX200) tests your knowledge and skill in areas of system administration common across a wide range of environments and deployment scenarios. You must be an RHCSA to earn a Red Hat Certified Engineer (RHCE®) certification.
We recommend these courses to help you prepare to become a Red Hat Certified System Administrator.
For Windows system administrators or candidates with minimal experience with Red Hat Enterprise Linux:
Red Hat System Administration I (RH124)
Red Hat System Administration II (RH134)
For Linux or UNIX administrators:
RHCSA Rapid Track course with exam (RH200)
 
Red Hat Certified Specialist in OpenShift Application Development – A Red Hat Certified Specialist in OpenShift Application Development is able to deploy new or existing applications, as well as perform other DevOps-related tasks using the Red Hat® OpenShift® Container Platform.
Red Hat Certified Specialist in OpenShift Application Development exam (EX288)
We recommend these courses to help you prepare to become a Red Hat Certified Specialist in OpenShift Application Development:
Red Hat OpenShift I: Containers & Kubernetes (DO180)
Red Hat OpenShift Development II: Containerizing Applications (DO288)
 
Red Hat Certified Enterprise Application Developer – The Red Hat Certified Enterprise Application Developer exam (EX183) is designed for experienced JSE developers who wish to extend and test their knowledge and skills as applied to modern enterprise Java development. The test gauges your understanding of the core enterprise Java APIs that are required to implement modern, stateless business services.
EX183 – Red Hat Certified Enterprise Application Developer Exam
If you’re preparing to become a Certified Enterprise Application Developer, Red Hat recommends this course:
Red Hat Application Development I: Programming in Java EE (AD183)
 
Red Hat Certified Specialist in Business Rules – An IT professional who is a Red Hat Certified Specialist in Business Rules has demonstrated the knowledge, skills, and abilities needed to perform a number of tasks involving the implementation and management of business logic using the Red Hat® JBoss® BRMS.
EX465 – Red Hat Certified Specialist in Business Rules exam
An IT professional who passes this exam becomes a Red Hat Certified Specialist in Business Rules. Red Hat recommends the following to help you prepare for the Red Hat Certified Specialist in Business Rules exam:
Courses:
Red Hat Decision Manager and Process Automation Manager for Business Users (AD371)
Red Hat Decision Manager and Process Automation Manager for Developers (AD373)
 
Red Hat Certified Specialist in Camel Development – A Red Hat Certified Specialist in Camel Development is able to create and maintain enterprise integration services based on Red Hat® Fuse, Camel, and APIs.
Red Hat Certified Specialist in Camel Development exam – EX421
We recommend this course to help you prepare to become a Red Hat Certified Specialist in Camel Development:
Camel Integration and Development with Red Hat Fuse (AD421)
 
Red Hat Certified Enterprise Microservices Developer – A Red Hat Certified Enterprise Microservices Developer is a Red Hat Certified Enterprise Application Developer (RHCEAD) who is able to develop reliable, performant JEE applications in a microservice-style environment and use Microprofile APIs to develop microservices enterprise Java applications.
Red Hat Certified Enterprise Application Developer exam (EX183)
Red Hat Certified Enterprise Microservices Developer exam (EX283)
We recommend these courses to help you prepare to become a Red Hat Certified Enterprise Microservices Developer:
Red Hat Application Development II: Implementing Microservice Architectures (DO283)
Red Hat Application Development I: Programming in Java EE (AD183)
 
Operators
Red Hat Certified System Administrator in Red Hat OpenStack – A Red Hat Certified System Administrator in Red Hat OpenStack is able to create, configure, and manage private clouds using Red Hat® Enterprise Linux® and Red Hat® OpenStack Platform.
Red Hat Certified System Administrator in Red Hat OpenStack exam (EX210)
We recommend these courses to help you prepare to become a Red Hat Certified System Administrator in Red Hat OpenStack:
Red Hat OpenStack Administration I: Core Operations for Cloud Operators (CL110)
Red Hat OpenStack Administration II: Day 2 Operations for Cloud Operators (CL210)
 
Red Hat Certified Specialist in Ceph Storage Administration
 
Engineers
Red Hat Certified Engineer in Red Hat OpenStack – An IT professional who becomes a Red Hat Certified Engineer in Red Hat OpenStack has the ability to configure advanced networking in a director-based Red Hat OpenStack environment. The credential is earned after successfully passing the Red Hat Certified Engineer in Red Hat OpenStack exam (EX310).
Red Hat Certified Engineer in Red Hat OpenStack exam (EX310)
To prepare for becoming a Red Hat Certified Engineer in Red Hat OpenStack, Red Hat recommends these courses:
Red Hat OpenStack Administration I (CL110)
Red Hat OpenStack Administration II (CL210)
Red Hat OpenStack Administration III: Networking & Foundations of NFV (CL310)
 
Red Hat Certified Engineer (RHCE) – A Red Hat® Certified Engineer (RHCE®) is a Red Hat Certified System Administrator (RHCSA) who is ready to automate Red Hat® Enterprise Linux® tasks, integrate Red Hat emerging technologies, and apply automation for efficiency and innovation.
 
Architects
Red Hat Certified Enterprise Microservices Developer – A Red Hat Certified Enterprise Microservices Developer is a Red Hat Certified Enterprise Application Developer (RHCEAD) who is able to develop reliable, performant JEE applications in a microservice-style environment and use Microprofile APIs to develop microservices enterprise Java applications.
Red Hat Certified Enterprise Application Developer exam (EX183)
Red Hat Certified Enterprise Microservices Developer exam (EX283)
We recommend these courses to help you prepare to become a Red Hat Certified Enterprise Microservices Developer:
Red Hat Application Development II: Implementing Microservice Architectures (DO283)
Red Hat Application Development I: Programming in Java EE (AD183)
 
Red Hat Certified Specialist in Linux Performance Tuning – A Red Hat Certified Specialist in Performance Tuning has demonstrated the skills, knowledge, and abilities needed to monitor performance metrics on Red Hat® Enterprise Linux® systems and configure performance enhancements suitable for various production workloads.
Red Hat Certified Specialist in Linux Performance Tuning exam (EX442)
We recommend this course to help you prepare to become a Red Hat Certified Specialist in Performance Tuning:
Red Hat Performance Tuning: Linux in Physical, Virtual, and Cloud (RH442)
 
Red Hat Certified Specialist in Identity Management – A Red Hat Certified Specialist in Identity Management has demonstrated the knowledge, skills, and ability to create, configure, and manage Red Hat® Enterprise Linux® authentication services and integrate those services with a variety of Red Hat and non-Red Hat products and technologies.
Red Hat Certified Specialist in Identity Management exam (EX362)
To help you prepare to become a Red Hat Certified Specialist in Directory Services and Authentication, Red Hat recommends these courses:
Red Hat Security: Identity Management and Active Directory Integration (RH362)
Red Hat Satellite 6 Administration (RH403)
 
Red Hat Certified Specialist in Security: Containers and OpenShift Container Platform – A professional who has earned a Red Hat Certified Specialist in Security: Containers and OpenShift Container Platform credential can create, configure, and manage secure containers using Red Hat® OpenShift® Container Platform.
Red Hat Certified Specialist in Security: Containers and OpenShift Container Platform exam (EX425)
We recommend these courses to help you prepare to earn a Red Hat Certified Specialist in Security: Containers and OpenShift Container Platform credential:
Red Hat Security: Securing Containers and OpenShift (DO425)
Red Hat OpenShift I: Containers & Kubernetes (DO180)
Red Hat OpenShift Administration II: Operating a Production Kubernetes Cluster with exam (DO281)
 
Red Hat Certified Specialist in OpenShift Application Development – A Red Hat Certified Specialist in OpenShift Application Development is able to deploy new or existing applications, as well as perform other DevOps-related tasks using the Red Hat® OpenShift® Container Platform.
Red Hat Certified Specialist in OpenShift Application Development exam (EX288)
We recommend these courses to help you prepare to become a Red Hat Certified Specialist in OpenShift Application Development:
Red Hat OpenShift I: Containers & Kubernetes (DO180)
Red Hat OpenShift Development II: Containerizing Applications (DO288)

Certification by Technology

Management
Red Hat Certified Specialist in API management
Red Hat Certified Specialist in Ansible Automation
Storage
Red Hat Certified Specialist in Gluster Storage Administration
Red Hat Certified Specialist in Ceph Storage Administration
Virtualization
Red Hat Certified Specialist in Virtualization
Cloud Computing
Red Hat Certified Engineer in Red Hat OpenStack
Red Hat Certified System Administrator in Red Hat OpenStack
Red Hat Certified Specialist in Security: Containers and OpenShift Container Platform
Red Hat Certified Specialist in Linux Performance Tuning
Red Hat Certified Specialist in Containers and Kubernetes
Linux
Red Hat Certified Specialist in Deployment and Systems Management
Red Hat Certified Specialist in Configuration Management
Red Hat Certified Specialist in Security: Linux
Red Hat Certified Specialist in High Availability Clustering
Red Hat Certified Specialist in Linux Diagnostics and Troubleshooting
Red Hat Certified Specialist in Security: Containers and OpenShift Container Platform
Red Hat Certified Engineer (RHCE)
Red Hat Certified Specialist in Linux Performance Tuning
Red Hat Certified System Administrator (RHCSA)
Red Hat Certified Specialist in OpenShift Administration
Red Hat Certified Specialist in Containers and Kubernetes
Middleware
Red Hat Certified Enterprise Microservices Developer
Red Hat Certified Specialist in Business Process Design
Red Hat Certified Specialist in Enterprise Application Server Administration
Red Hat Certified Specialist in Camel Development
Red Hat Certified Specialist in Business Rules
Red Hat Certified Specialist in Messaging Administration
Red Hat Certified Enterprise Application Developer

Retired Certifications

Red Hat Certified Specialist in Seam
Red Hat Certified Specialist in Directory Services and Authentication
Red Hat Certified Specialist in Security: Network Services
Red Hat Certified Specialist in SELinux Policy Administration
Red Hat Certified Specialist in ESB
Red Hat Certified Specialist in Application Server Management
Red Hat Certified Specialist in Persistence
Red Hat Certified Specialist in Containerized Application Development
Red Hat Certified Specialist in Container Management
Red Hat Certified Specialist in Server Security and Hardening
Red Hat Certified JBoss Developer (RHCJD)
Red Hat Certified Specialist in Data Virtualization
Red Hat Certified Specialist in Hybrid Cloud Management

Cisco Certification Path and Retired Exam in 2020

Cisco Certifications

Cisco offer five levels of network certification: Entry, Associate, Professional, Expert and Architect, the highest level of accreditation within the Cisco Career Certification program.

Entry Associate Professional Expert Architect

Starting point for individuals interested in starting a career as a networking professional.

Master the essentials needed to launch a rewarding career and expand your job possibilities with the latest technologies.Select a core technology track and a focused concentration exam to customize your professional-level certification.

This certification is accepted worldwide as the most prestigious certification in the technology industry.

The highest level of accreditation achievable and recognizes the architectural expertise of network designers.

CCTDevNet AssociateDevNet ProfessionalCCDECCAr
 CCNACCNP EnterpriseCCIE Enterprise Infrastructure 
CCIE Enterprise Wireless
 CyberOps AssociateCyberOps Professional  
  CCNP CollaborationCCIE Collaboration 
  CCNP Data CenterCCIE Data Center 
  CCNP SecurityCCIE Security 
  CCNP Service ProviderCCIE Service Provider 

CISCO Certifications – Career Path

Entry Level

Cisco Certified Technician (CCT)

Cisco Certified Technicians have the skills to diagnose, restore, repair, and replace critical Cisco networking and system devices at customer sites. Technicians work closely with the Cisco Technical Assistance Center (TAC) to quickly and efficiently resolve support incidents.

Cisco authorized training is available online and can be completed in multiple short sessions, enabling technicians to stay productive in the field. Cisco Certified Technician (CCT) certification is available in multiple technology tracks, providing an opportunity for Cisco support technicians to expand their area of expertise.

Collaboration100-890 CLTECHSupporting Cisco Collaboration System Devices (CLTECH) v1.0
Data Center010-151 DCTECHSupporting Cisco Data Center System Devices (DCTECH) v3.0
Routing and Switching100-490 RSTECHSupporting Cisco Routing and Switching Network Devices v3.0

Prerequisites
There are no formal prerequisites to earn these certifications, but you should have an understanding of the exam topics before taking any of the exams.

Recertification
CCT certifications are valid for three years.

Associate Level

CCNA Certification and Training

Achieving CCNA certification is the first step in preparing for a career in IT technologies. To earn CCNA certification, you pass one exam that covers a broad range of fundamentals for IT careers, based on the latest networking technologies, software development skills, and job roles. CCNA gives you the foundation you need to take your career in any direction.

The CCNA certification validates your skills and knowledge in network fundamentals, network access, IP connectivity, IP services, security fundamentals, and automation and programmability.

CCNA Certification and Training200-301 CCNAImplementing and Administering Cisco Solutions (CCNA)

Prerequisites
There are no formal prerequisites for CCNA certification, but you should have an understanding of the exam topics before taking the exam.

CCNA candidates often also have:

  • One or more years of experience implementing and administering Cisco solutions
  • Knowledge of basic IP addressing
  • A good understanding of network fundamentals

Professional Level

CCNP Enterprise Certification and Training

Prove your skills with Enterprise networking solutions

Achieving CCNP Enterprise certification proves your skills with enterprise networking solutions. To earn CCNP Enterprise certification, you pass two exams: one that covers core enterprise technologies and one enterprise concentration exam of your choice, so you can customize your certification to your technical area of focus.

To earn CCNP Enterprise, you pass two exams: a core exam and an enterprise concentration exam of your choice. And every exam in the CCNP Enterprise program earns an individual Specialist certification, so you get recognized for your accomplishments along the way.

  • The core exam focuses on your knowledge of enterprise infrastructure including dual-stack (IPv4 and IPv6) architecture, virtualization, infrastructure, network assurance, security, and automation. The core exam is also the qualifying exam for CCIE Enterprise Infrastructureand CCIE Enterprise Wireless Passing the core exam will qualify candidates to schedule and take the CCIE lab within the validity of their core exam.
  • Concentration exams focus on emerging and industry-specific topics such as network design, SD-WAN, wireless, and automation. You can prepare for concentration exams by taking corresponding Cisco training courses.

Learn more about our CCNP certifications:

CCNP Enterprise

To earn CCNP Enterprise, you pass two exams: a core exam and an enterprise concentration exam of your choice. And every exam in the CCNP Enterprise program earns an individual Specialist certification, so you get recognized for your accomplishments along the way.

  • The core exam focuses on your knowledge of enterprise infrastructure including dual-stack (IPv4 and IPv6) architecture, virtualization, infrastructure, network assurance, security, and automation. The core exam is also the qualifying exam for CCIE Enterprise Infrastructureand CCIE Enterprise Wireless Passing the core exam will qualify candidates to schedule and take the CCIE lab within the validity of their core exam.
  • Concentration exams focus on emerging and industry-specific topics such as network design, SD-WAN, wireless, and automation. You can prepare for concentration exams by taking corresponding Cisco training courses.
Required exam Recommended training
Core exam:
350-401 ENCORImplementing and Operating Cisco Enterprise Network Core Technologies (ENCOR)
Concentration exams (choose one):
300-410 ENARSIImplementing Cisco Enterprise Advanced Routing and Services (ENARSI)
300-415 ENSDWIImplementing Cisco SD-WAN Solutions (SDWAN300)
300-420 ENSLDDesigning Cisco Enterprise Networks (ENSLD)
300-425 ENWLSDDesigning Cisco Enterprise Wireless Networks (ENWLSD)
300-430 ENWLSIImplementing Cisco Enterprise Wireless Networks (ENWLSI)
300-435 ENAUTOImplementing Automation for Cisco Enterprise Solutions (ENAUI)

Prerequisites
There are no formal prerequisites for CCNP Enterprise, but you should have a good understanding of the exam topics before taking the exam. CCNP candidates often also have three to five years of experience implementing enterprise networking solutions.

Recertification
CCNP Enterprise certification is valid for three years.

CCNP Data Center

To earn CCNP Data Center, you pass two exams: a core exam and a data center concentration exam of your choice. And now every exam in the CCNP Data Center program earns an individual Specialist certification, so you get recognized for your accomplishments along the way.

  • The core exam focuses on your knowledge of data center infrastructure. The core exam is also the qualifying exam for CCIE Data Center certification. Passing the core exam will qualify candidates to schedule and take the CCIE labwithin the validity of their core exam.
  • Concentration exams focus on emerging and industry-specific topics. You can prepare for concentration exams by taking their corresponding Cisco training courses.
Required examRecommended training
Core exam:
350-601 DCCORImplementing and Operating Cisco Data Center Core Technologies (DCCOR)
Concentration exams (choose one):
300-610 DCIDDesigning Cisco Data Center Infrastructure (DCID)
300-615 DCITTroubleshooting Cisco Data Center Infrastructure (DCIT)
300-620 DCACIImplementing Cisco Application Centric Infrastructure (DCACI)
300-625 DCSANConfiguring Cisco MDS 9000 Series Switches (DCMDS)
300-635 DCAUTOImplementing Automation for Cisco Data Center Solutions (DCAUI)

Prerequisites
There are no formal prerequisites for CCNP Data Center, but you should have a good understanding of the exam topics before taking the exam. CCNP candidates often also have three to five years of experience implementing data center solutions.

Recertification
CCNP Data Center certification is valid for three years.

CCNP Security

To earn CCNP Security, you pass two exams: a core exam and a security concentration exam of your choice. And now every exam in the CCNP Security program earns an individual Specialist certification, so you get recognized for your accomplishments along the way.

  • The core exam focuses on your knowledge of security infrastructure. The core exam is also the qualifying exam for CCIE Security certification. Passing the core exam will qualify candidates to schedule and take the CCIE labwithin the validity of their core exam.
  • Concentration exams focus on emerging and industry-specific topics. You can prepare for concentration exams by taking their corresponding Cisco training courses.
Required examRecommended training
Core exam:
350-701 SCORImplementing and Operating Cisco Security Core Technologies (SCOR)
Concentration exams (choose one):
300-710 SNCFSecuring Networks with Cisco Firepower Next Generation Firewall (SSNGFW)
Securing Networks with Cisco Firepower Next-Generation IPS (SSFIPS)
300-715 SISEImplementing and Configuring Cisco Identity Services Engine (SISE)
300-720 SESASecuring Email with Cisco Email Security Appliance (SESA)
300-725 SWSASecuring the Web with Cisco Web Security Appliance (SWSA)
300-730 SVPNImplementing Secure Solutions with Virtual Private Networks (SVPN)
300-735 SAUTOImplementing Automation for Cisco Security Solutions (SAUI)

Prerequisites
There are no formal prerequisites for CCNP Security, but you should have a good understanding of the exam topics before taking the exam. CCNP candidates often also have three to five years of experience implementing security solutions.

Recertification
CCNP Security certification is valid for three years.

CCNP Service Provider

To earn CCNP Service Provider, you pass two exams: a core exam and a service provider concentration exam of your choice. And now every exam in the CCNP Service Provider program earns an individual Specialist certification, so you get recognized for your accomplishments along the way.

  • The core exam focuses on your knowledge of service provider infrastructure. The core exam is also the qualifying exam for CCIE Service Provider certification. Passing the core exam will qualify candidates to schedule and take the CCIE labwithin the validity of their core exam.
  • Concentration exams focus on emerging and industry-specific topics such as advanced routing, VPN services, and automation. You can prepare for concentration exams by taking their corresponding Cisco training courses.
Required examRecommended training
Core exam:
350-501 SPCORImplementing and Operating Cisco Service Provider Network Core Technologies (SPCOR)
Concentration exams (choose one):
300-510 SPRIImplementing Cisco Service Provider Advanced Routing Solutions (SPRI)
300-515 SPVIImplementing Cisco Service Provider VPN Services (SPVI)
300-535 SPAUTOImplementing Automation for Cisco Service Provider Solutions (SPAUI)

Prerequisites
There are no formal prerequisites for CCNP Service Provider, but you should have a good understanding of the exam topics before taking the exam. CCNP candidates often also have three to five years of experience implementing service provider solutions.

Recertification
CCNP Service Provider certification is valid for three years.

CCNP Collaboration

To earn CCNP Collaboration, you pass two exams: a core exam and a collaboration concentration exam of your choice. And now every exam in the CCNP Collaboration program earns an individual Specialist certification, so you get recognized for your accomplishments along the way.

  • The core exam focuses on your knowledge of collaboration infrastructure. The core exam is also the qualifying exam for CCIE Collaboration certification. Passing the core exam will qualify candidates to schedule and take the CCIE labwithin the validity of their core exam.
  • Concentration exams focus on emerging and industry-specific topics. You can prepare for concentration exams by taking their corresponding Cisco training courses.
Required examRecommended training
Core exam:
350-801 CLCORImplementing and Operating Cisco Collaboration Core Technologies (CLCOR)
Concentration exams (choose one):
300-810 CLICAImplementing Cisco Collaboration Applications (CLICA)
300-815 CLACCMImplementing Cisco Advanced Call Control and Mobility Services (CLACCM)
300-820 CLCEIImplementing Cisco Collaboration Cloud and Edge Solutions (CLCEI)
300-825 CLCNFImplementing Cisco Collaboration Conferencing (CLCNF)
300-835 CLAUTOImplementing Automation for Cisco Collaboration Solutions (CLAUI)

Prerequisites
There are no formal prerequisites for CCNP Collaboration, but you should have a good understanding of the exam topics before taking the exam. CCNP candidates often also have three to five years of experience implementing collaboration solutions.

Recertification
CCNP Collaboration certification is valid for three years.

Cisco Certified CyberOps Professional

Traditional information security is no match for the expanding cybercrime ecosystem; therefore, security measures must evolve to intelligent security rather than information security. Achieving the Cisco Certified CyberOps Professional certification elevates your skills to meet that demand and confirms your abilities as an Information Security analyst in incident response roles, cloud security, and other active defense security roles.

To earn Cisco Certified CyberOps Professional certification, you pass two exams: one that covers core technologies and one concentration exam. And every exam in the program earns an individual Specialist certification, so you get recognized for your accomplishments along the way.

The core exam focuses on your knowledge of core cybersecurity operations including cybersecurity fundamentals, techniques, processes, and automation.

The concentration exam focuses on incident response and digital forensics. Incident response is the process of detecting, responding to, and eradicating cyber-attacks. Digital forensics is the collection and examination of digital evidence residing on electronic devices and the subsequent response to threats and attacks.

Required examRecommended training
Core exam:
350-201 CBRCORPerforming CyberOps Using Cisco Security Technologies (CBRCOR)
Concentration exams (choose one):
300-215 CBRFIRConducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps (CBRFIR)

Prerequisites
There are no formal prerequisites for Cisco Certified CyberOps Professional, but you should have a good understanding of the exam topics before taking the exam. Candidates often also have three to five years of experience implementing enterprise networking solutions.

Recertification
Cisco Certified CyberOps Professional certification is valid for three years.

Cisco Certified DevNet Professional

Achieving Cisco Certified DevNet Professional certification proves your skills in developing and maintaining applications built on Cisco platforms. To earn DevNet Professional certification, you pass two exams: one that covers core software development and design for Cisco platforms, and one software developer concentration exam of your choice, so you can customize your certification to your area of focus.

To earn DevNet Professional, you pass two exams, a core exam and a software developer concentration exam of your choice. And now every exam in the DevNet Professional program earns an individual Specialist certification, so you get recognized for your accomplishments along the way.

  • The core examfocuses on your knowledge of software development and design including using APIs, Cisco platforms, application deployment and security, and infrastructure and automation. The core exam earns a specialist certification, so you get recognized for your accomplishments along the way.
  • Concentration exams focus on emerging and industry-specific topics such as enterprise automation, collaboration automation, data center automation, service provider automation, security automation, DevOps automation, IoT, and Cloud.
Required examRecommended training
Core exam:
350-901 DEVCORDeveloping Applications Using Cisco Core Platforms and APIs (DEVCOR)
Concentration exams (choose one):
300-435 ENAUTOImplementing Automation for Cisco Enterprise Solutions (ENAUI)
300-835 CLAUTOImplementing Automation for Cisco Collaboration Solutions (CLAUI)
300-635 DCAUTOImplementing Automation for Cisco Data Center Solutions (DCAUI)
300-535 SPAUTOImplementing Automation for Cisco Service Provider Solutions (SPAUI)
300-735 SAUTOImplementing Automation for Cisco Security Solutions (SAUI)
300-910 DEVOPSImplementing DevOps Solutions and Practices using Cisco Platforms (DEVOPS)
300-915 DEVIOTDeveloping Solutions using Cisco IoT and Edge Platforms (DEVIOT)
300-920 DEVWBXDeveloping Applications for Cisco Webex and Webex Devices (DEVWBX)

Prerequisites
There are no formal prerequisites for DevNet Professional certification, but you should have a good understanding of the exam topics before taking the exam. Ideally, DevNet Professional candidates also have three to five years of experience with software development including Python programming.

Recertification
DevNet Professional certification is valid for three years.

Expert Level

We designed our expert certifications to validate your end-to-end IT lifecycle skills from planning and design to operating and optimizing. Among the industry’s most widely recognized and respected certifications, Cisco expert certifications tell the world in no uncertain terms that you know what you’re talking about.

CCIE Enterprise Infrastructure

Achieving CCIE Enterprise Infrastructure certification proves your skills with complex enterprise infrastructure solutions. To earn CCIE Enterprise Infrastructure certification, you pass two exams: a qualifying exam that covers core enterprise infrastructure technologies, and a hands-on lab exam that covers enterprise networks through the entire network lifecycle, from designing and deploying to operating and optimizing.

Step 1: Pass the qualifying exam

Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR 350-401)

The qualifying exam, Implementing and Operating Cisco Enterprise Network Core Technologies, focuses on your knowledge of enterprise networking infrastructure.

The qualifying exam earns a specialist certification, so you can get recognized for your accomplishments along the way.

Recommended training:
Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR)

Step 2: Pass the lab exam

CCIE Enterprise Infrastructure v1.0

This 8-hour hands-on lab exam covers the end-to-end lifecycle of complex enterprise networks, from designing and deploying to operating and optimizing.

Prerequisites
There are no formal prerequisites for CCIE Enterprise Infrastructure, but you should have a thorough understanding of the exam topics before taking the exam. CCIE candidates are recommended to have five to seven years of experience with designing, deploying, operating and optimizing enterprise networking technologies and solutions prior to taking the exam.

Recertification
CCIE Enterprise Infrastructure certification is valid for three years.

CCIE Enterprise Wireless

Achieving CCIE Enterprise Wireless certification proves your skills with complex enterprise wireless solutions. To earn CCIE Enterprise Wireless certification, you pass two exams: a qualifying exam that covers core enterprise technologies, and a hands-on lab exam that covers enterprise wireless networks through entire network lifecycle, from designing and deploying to operating and optimizing.

Step 1: Pass the qualifying exam

Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR 350-401)

The qualifying exam, Implementing and Operating Cisco Enterprise Network Core Technologies, focuses on your knowledge of enterprise networking technologies.

The qualifying exam earns a specialist certification, so you can get recognized for your accomplishments along the way.

Recommended training:
Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR)

Step 2: Pass the lab exam

CCIE Enterprise Wireless v1.0

This 8-hour hands-on lab exam covers the end-to-end lifecycle of complex enterprise wireless networks, from designing and deploying to operating and optimizing.

Prerequisites
There are no formal prerequisites for CCIE Enterprise Wireless, but you should have a thorough understanding of the exam topics before taking the exam. CCIE candidates are recommended to have five to seven years of experience with designing, deploying, operating and optimizing enterprise wireless technologies and solutions prior to taking the exam

Recertification
CCIE Enterprise Wireless certification is valid for three years.

CCIE Data Center

Achieving CCIE Data Center certification proves your skills with complex data center solutions. To earn CCIE Data Center certification, you pass two exams: a qualifying exam that covers core data center technologies, and a hands-on lab exam that covers data center networks through the entire network lifecycle, from designing and deploying to operating and optimizing.

Step 1: Pass the qualifying exam

Implementing and Operating Cisco Data Center Core Technologies (DCCOR 350-601)

The qualifying exam, Implementing and Operating Cisco Data Center Core Technologies, focuses on your knowledge of data center infrastructure.

The qualifying exam earns a specialist certification, so you can get recognized for your accomplishments along the way.

Recommended training:
Implementing and Operating Cisco Data Center Core Technologies (DCCOR)

Step 2: Pass the lab exam

CCIE Data Center v3.0

This 8-hour hands-on lab exam covers the end-to-end lifecycle of complex data center networks, from designing and deploying to operating and optimizing.

Prerequisites
There are no formal prerequisites for CCIE Data Center, but you should have a good understanding of the exam topics before taking the exam. CCIE candidates are recommended to have five to seven years of experience with designing, deploying, operating and optimizing data center technologies and solutions prior to taking the exam.

Recertification
CCIE Data Center certification is valid for three years.

CCIE Security

Achieving CCIE Security certification proves your skills with complex security solutions. To earn CCIE Security certification, you pass two exams: a qualifying exam that covers core security technologies, and a hands-on lab exam that covers security technologies and solutions through the entire network lifecycle, from designing and deploying to operating and optimizing.

Step 1: Pass the qualifying exam

Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

The qualifying exam, Implementing and Operating Cisco Security Core Technologies, focuses on your knowledge of data center infrastructure.

The qualifying exam earns a specialist certification, so you can get recognized for your accomplishments along the way.

Recommended training:
Implementing and Operating Cisco Security Core Technologies (SCOR)

Step 2: Pass the lab exam

CCIE Security v6.0

This 8-hour hands-on lab exam covers the end-to-end lifecycle of complex security solutions and technologies, from designing and deploying to operating and optimizing.

Prerequisites
There are no formal prerequisites for CCIE Security, but you should have a good understanding of the exam topics before taking the exam. CCIE candidates are recommended to have five to seven years of experience with designing, deploying, operating and optimizing security technologies and solutions prior to taking the exam.

Recertification
CCIE Security certification is valid for three years.

CCIE Service Provider

Achieving CCIE Security certification proves your skills with complex security solutions. To earn CCIE Security certification, you pass two exams: a qualifying exam that covers core security technologies, and a hands-on lab exam that covers security technologies and solutions through the entire network lifecycle, from designing and deploying to operating and optimizing.

Step 1: Pass the qualifying exam

Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

The qualifying exam, Implementing and Operating Cisco Security Core Technologies, focuses on your knowledge of data center infrastructure.

The qualifying exam earns a specialist certification, so you can get recognized for your accomplishments along the way.

Recommended training:
Implementing and Operating Cisco Security Core Technologies (SCOR)

Step 2: Pass the lab exam

CCIE Security v6.0

This 8-hour hands-on lab exam covers the end-to-end lifecycle of complex security solutions and technologies, from designing and deploying to operating and optimizing.

Prerequisites
There are no formal prerequisites for CCIE Security, but you should have a good understanding of the exam topics before taking the exam. CCIE candidates are recommended to have five to seven years of experience with designing, deploying, operating and optimizing security technologies and solutions prior to taking the exam.

Recertification
CCIE Security certification is valid for three years.

CCIE Collaboration

Achieving CCIE Collaboration certification proves your skills with complex collaboration solutions. To earn CCIE Collaboration certification, you pass two exams: a qualifying exam that covers core collaboration technologies, and a hands-on lab exam that covers enterprise collaboration solutions through the entire network lifecycle, from designing and deploying to operating and optimizing.

Step 1: Pass the qualifying exam

Implementing and Operating Cisco Collaboration Core Technologies (CLCOR 350-801)

The qualifying exam, Implementing and Operating Cisco Collaboration Core Technologies, focuses on your knowledge of collaboration infrastructure.

The qualifying exam earns a specialist certification, so you can get recognized for your accomplishments along the way.

Recommended training:
Implementing and Operating Cisco Collaboration Core Technologies (CLCOR)

Step 2: Pass the lab exam

CCIE Collaboration v3.0

This 8-hour hands-on lab exam covers the end-to-end lifecycle of complex collaboration infrastructure, from designing and deploying to operating and optimizing.

Prerequisites
There are no formal prerequisites for CCIE Collaboration, but you should have a thorough understanding of the exam topics before taking the exam. CCIE candidates are recommended to have five to seven years of experience with designing, deploying, operating and optimizing collaboration technologies and solutions prior to taking the exam.

Recertification
CCIE Collaboration certification is valid for three years.

Cisco Certified Design Expert (CCDE)

The Cisco Certified Design Expert (CCDE) is for expert-level network design engineers, expert-level network leads of IT infrastructure teams, and expert-level network leads of architecture teams working in job roles that require them to translate business needs, budget, and operational constraints into the design of a converged solution. The CCDE curriculum prepares designers to develop design solutions at the infrastructure level for large customer networks. Network engineers holding an active CCDE certification are recognized for their expert-level knowledge and skills in network infrastructure design. The deep technical networking knowledge that a CCDE brings ensures that they are well qualified to address the most technically challenging network infrastructure design assignments.

Step 1: Pass the qualifying exam – CCDE written exam (CCDE 352-001)

Last date to test: November 1, 2021

The 2-hour, written qualification exam covers network design in the areas of routing, tunneling, Quality of Service (QoS), management, cost, capacity, and security. You must pass the written exam before you are eligible to schedule the CCDE practical exam.

352-001 CCDE exam topics

Step 2: Pass the lab exam –CCDE practical exam v2.0

Last date to test: October 26, 2021

The 8-hour practical exam tests your ability to perform design analysis, justify design requirements, and develop a design implementation based on best practices. Only candidates that have a passing score on the CCDE Written Exam may register for the CCDE Practical Exam.

Prerequisites
There are no formal prerequisites for CCDE. No specific training or other professional certifications are required.

Recertification
Your CCDE certification is valid for three years.

On November 2, 2021, Cisco will release v3.0 of the CCDE certification. With this update, CCDE practical exams will be administered at Cisco testing centers.

CCDE Certification Program

Your license to design

Version 3.0 exams go live on November 2, 2021

The CCDE certification program prepares you for expert-level job roles in network architecture and designs. These roles often include integrating many different networking elements into a sustainable, manageable, and scalable architecture that supports the ever-growing needs of enterprises and customers. As one of the industry’s most respected certifications, the CCDE certification distinguishes you as a leader in designing complex network solutions.

Introducing the updated CCDE

Achieving the updated CCDE certification proves your skills designing and architecting complex Enterprise network solutions. To earn your CCDE, you pass two exams: first, a qualifying exam that covers core technologies and competencies required by every network designer, then an 8-hour practical exam that covers designing and architecting Enterprise networking solutions by analyzing business requirements and technical requirements and making design decisions based on many factors such as resiliency or cost.

  • First, take the qualifying exam, CCDE Written (400-007), which focuses on your understanding and skills within the realms of network design, technologies, translation of business and technical requirements into functional specifications, and business strategies.
    • The qualifying exam earns a Specialist certification, so you can get recognized for your accomplishments along the way.
  • Second, take the 8-hour, practical exam, CCDE Practical exam v3.0. This exam covers network design and architecture from both a business and technical perspective through highly involved scenarios, that aims to mimic real-life. In the v3.0 exam, you choose an area of expertise from a list of focus areas which are available on the CCDE Practical exam page.

New exams go live on November 2, 2021:

Step 1: Take the qualifying exam, CCDE Written exam (CCDE 400-007)

Step 2: Take the practical exam, CCDE Practical exam

Migrating to the new program

On November 2, 2021, the new CCDE v3.0 certification will replace the current CCDE v2.0.

If you have started working toward the current CCDE certification, keep going. In the new program, you’ll receive credit for work you’ve completed in the current certification.

  • If you pass the current CCDE Written v2.1 exam before November 2, 2021, you will be eligible to take the new CCDE Practical v3.0 exam after November 2, 2021.
  • After November 2, 2021, the CCDE Written v2.1 exam (352-001) will be replaced with CCDE Written v3.0 exam (400-007). After you pass the CCDE Written exam, you will earn the Cisco Certified Specialist – Design Core badge.
  • If you are CCDE certified by November 2, 2021, then as of November 2, 2021, you’ll maintain your CCDE certification as per the new recertification guidelines, and you will also receive the Cisco Certified Specialist – Design Core badge.

Architect Certification

Cisco Certified Architect is the highest level of accreditation achievable within the Cisco Certification program. It is the pinnacle for individuals wishing to show formal validation of their knowledge of Cisco technologies and infrastructure architecture.

Cisco Certified Architect (CCAr)

CCAr is the highest level of accreditation achievable within the Cisco certification program.

The Cisco Certified Architect (CCAr) certification is for senior network infrastructure architects who produce technical specifications for the network to support business objectives. The curriculum focuses on understanding the business strategy and translating it into technical infrastructure requirements.

Prerequisites
Valid Cisco CCDE certification can act as a prerequisite, along with a thorough understanding of networking infrastructure principles. There are no formal training programs available for the CCAr certification. However, candidates wishing to attain their CCAr certification must meet before an in-person board made of Cisco-appointed exam committee members, during which the candidate defends their proposed network solution.

Cisco Learning Network resources

To earn this Cisco certification, you must complete the following:

CCAr Board Exam

The CCAr Board Exam requires qualified candidates to develop and defend a network architecture that can effectively support a given set of realistic business requirements. Candidates first submit an application summarizing their project experience and other qualifications and are interviewed by the Cisco-designated Architecture Board team members. Candidates shall not submit project experience related to any classified projects. Submission of classified project information will be cause for immediate disqualification. Once approved, candidates will be given an architecture challenge and will meet live with Board members to answer questions and defend their design.

Recertification

Cisco Certified Architect (CCAr) certifications are valid for five years. CCAr will remain certified as long as they continue to contribute to maintaining the Cisco Certified Architect Certification program. Current recertification policies require Cisco Certified Architects to complete qualifying events within the 24 months preceding the expiration deadline.

Qualifying events include:

  • Contribution to the development lifecycle
    • Significant participation in the creation of new exam content or
    • Significant review/refinement of existing content or
    • Involvement in future direction of the program
  • Participation as a judge in a candidate evaluation
  • Application review/interview for TWO (2) candidates (in the case where the candidate’s application IS NOT approved to progress to the board review) or
  • Application review/interview and in-person board review for ONE (1) candidate (in the case where the candidate’s application IS approved to progress to the board review)

A valid CCAr will automatically recertify all other Cisco Certifications. When using a higher level of certification to extend other certifications, the expiration date of other certifications will extend to the expiration date of the higher certification (i.e.: If you have one year left on your CCNA certification and you earn a CCIE certification (which has a two-year certification life) then both your CCIE certification and your CCNA certification will expire two years from the date you achieved the CCIE certification).

 

Technical Specialist certifications

Collaboration

Cisco Unified Contact Center Enterprise Specialist

Enterprise-level contact centers utilizing the Cisco Unified Contact Center Enterprise (CCE) solution require highly skilled support engineers to design, deploy, configure, and troubleshoot for maximum performance and minimal downtime.

The Cisco Unified Contact Center Enterprise Specialist certification ensures that you have the expertise needed to enable optimal solution performance.

NOTE: The 600-455 UCCED and 600-460 UCCEIS exams have been renumbered to 500-440 UCCED and 500-450 UCCEIS, respectively. This is an exam number change only. The exam names and exam blueprints are not affected by this change.

Required ExamRecommended Training
500-440 UCCEDDeploying Cisco Unified Contact Center Enterprise (DUCCE)
500-450 UCCEISAdministering Cisco Unified Contact Center Enterprise, Part 1 (AUCCE1)
Administering Cisco Unified Contact Center Enterprise, Part 2 (AUCCE2)

Prerequisites
No prerequisites

Recertification
The Cisco Unified Contact Center Enterprise Specialist certification is valid for two years.

Data Center

Cisco and NetApp FlexPod Design Specialist

The Cisco and NetApp FlexPod Design Specialist is for storage and data management professionals including systems engineers, field engineers, professional services consultants, and channel partners who are focused on FlexPod solution enablement.

This FlexPod certification is the first jointly-developed, global, multi-vendor technical certification that delivers in-depth knowledge of the tools and standards to assess performance characteristics and requirements of the FlexPod integrated solution.

Required ExamRecommended Training
500-173 FPDESIGNDesigning the FlexPod Solution v2.0 (FPDESIGN)

Prerequisites
No prerequisites

Recertification
Cisco Specialist certifications are valid for three years.

Cisco and NetApp FlexPod Implementation and Administration Specialist

The Cisco and NetApp FlexPod Implementation and Administration Specialist is for storage and data management professionals including systems engineers, field engineers, professional services consultants, and channel partners who are focused on FlexPod solution enablement.

This FlexPod certification is the first jointly-developed, global, multi-vendor technical certification that delivers in-depth knowledge of the tools and standards to assess performance characteristics and requirements of the FlexPod integrated solution.

Required ExamRecommended Training
500-174 FPIMPADMImplementing and Administering the FlexPod Solution v2.0 (FPIMPADM)

Prerequisites
No prerequisites

Recertification
Cisco Specialist certifications are valid for three years.

Cisco Meraki Solutions

Cisco Meraki Solutions Specialist

The Cisco Meraki Solutions Specialist certification validates your ability to design, implement, and operate Meraki technologies.

Cisco Meraki is your complete IT solution, so go ahead and earn the complete Meraki certification. Then link your digital certification badge to your social media profiles to tell the world what you’ve achieved.

Required ExamRecommended Training
500-220 ECMSEngineering Cisco Meraki Solutions Part 1 (ECMS1)
Engineering Cisco Meraki Solutions Part 2 (ECMS2)

Recertification
Cisco Specialist certifications are valid for three years.

Retired Exams

ExamCertificationsTrainingRetired On
100-105 ICND1Cisco Certified Entry Networking Technician (CCENT)Interconnecting Cisco Networking Devices Part 1 (ICND1)February 24, 2020
200-310 DESGNCCDADesigning for Cisco Internetwork Solutions (DESGN)February 24, 2020
210-060 CICDCCNA CollaborationImplementing Cisco Collaboration Devices (CICD)February 24, 2020
210-065 CIVNDImplementing Cisco Video Network Devices, Part 1 (CIVND1)
Implementing Cisco Video Network Devices, Part 2 (CIVND2)
February 24, 2020
210-451 CLDFNDCCNA CloudUnderstanding Cisco Cloud Fundamentals (CLDFND)February 24, 2020
210-455 CLDADMIntroducing Cisco Cloud Administration (CLDADM)February 24, 2020
200-150 DCICNCCNA Data CenterIntroducing Cisco Data Center Networking (DCICN)February 24, 2020
200-155 DCICTIntroducing Cisco Data Center Networking Technologies (DCICT)February 24, 2020
200-601 IMINS2CCNA IndustrialManaging Industrial Networking for Manufacturing with Cisco Technologies (IMINS2)February 24, 2020
200-125 CCNACCNA Routing and SwitchingInterconnecting Cisco Networking Devices: Accelerated (CCNAX)February 24, 2020
100-105 ICND1
And
200-105 ICND2
Interconnecting Cisco Networking Devices Part 1 (ICND1)
AND
Interconnecting Cisco Networking Devices Part 2 (ICND2)
February 24, 2020
210-260 IINSCCNA SecurityImplementing Cisco Network Security (IINS)February 24, 2020
640-875 SPNGN1CCNA Service ProviderBuilding Cisco Service Provider Next-Generation Networks, Part 1 (SPNG1)February 24, 2020
640-878 SPNGN2Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2)February 24, 2020
200-355 WIFUNDCCNA WirelessImplementing Cisco Wireless Network Fundamentals (WIFUND)February 24, 2020
300-101 ROUTECisco Certified Design Professional (CCDP)Implementing Cisco IP Routing (ROUTE)February 24, 2020
300-115 SWITCHImplementing Cisco IP Switched Networks (SWITCH)February 24, 2020
300-320 ARCHDesigning Cisco Network Service Architectures (ARCH)February 24, 2020
300-460 CLDINFCCNP CloudImplementing and Troubleshooting the Cisco Cloud Infrastructure (CLDINF)February 24, 2020
300-465 CLDDESDesigning the Cisco Cloud (CLDDES)February 24, 2020
300-470 CLDAUTAutomating the Cisco Enterprise Cloud (CLDAUT)February 24, 2020
300-475 CLDACIBuilding the Cisco Cloud with Application Centric Infrastructure (CLDACI)February 24, 2020
300-070 CIPTV1CCNP CollaborationImplementing Cisco IP Telephony and Video, Part 1 (CIPTV1)February 24, 2020
Implementing Cisco IP Telephony and Video, Part 2 (CIPTV2)February 24, 2020
Troubleshooting Cisco IP Telephony and Video (CTCOLLAB)February 24, 2020
Implementing Cisco Collaboration Applications (CAPPS)February 24, 2020
300-175 DCUCICCNP Data CenterImplementing Cisco Data Center Unified Computing (DCUCI)February 24, 2020
300-165 DCIIImplementing Cisco Data Center Infrastructure (DCII)February 24, 2020
300-170 DCVAIImplementing Cisco Data Center Virtualization and Automation (DCVAI)February 24, 2020
300-160 DCID
OR
300-180 DCIT
Designing Cisco Data Center Infrastructure (DCID)
OR
Troubleshooting Cisco Data Center Infrastructure (DCIT)
February 24, 2020
300-101 ROUTECCNP Routing and SwitchingImplementing Cisco IP Routing (ROUTE)February 24, 2020
300-115 SWITCHImplementing Cisco IP Switched Networks (SWITCH)February 24, 2020
300-135 TSHOOTTroubleshooting and Maintaining Cisco IP Networks (TSHOOT)February 24, 2020
300-208 SISASCCNP SecurityImplementing Cisco Secure Access Solutions (SISAS)February 24, 2020
300-206 SENSSImplementing Cisco Edge Network Security Solutions (SENSS)February 24, 2020
300-209 SIMOSImplementing Cisco Secure Mobility Solutions (SIMOS)February 24, 2020
300-210 SITCSImplementing Cisco Threat Control Solutions (SITCS)February 24, 2020
642-883 SPROUTECCNP Service ProviderDeploying Cisco Service Provider Network Routing (SPROUTE)February 24, 2020
642-885 SPADVROUTEDeploying Cisco Service Provider Advanced Routing (SPADVROUTE)February 24, 2020
642-887 SPCOREImplementing Cisco Service Provider Next-Generation Core Network Services (SPCORE)February 24, 2020
642-889 SPEDGEImplementing Cisco Service Provider Next-Generation Edge Network Services (SPEDGE)February 24, 2020
300-360 WIDESIGNCCNP WirelessDesigning Cisco Wireless Enterprise Networks (WIDESIGN)February 24, 2020
300-365 WIDEPLOYDeploying Cisco Wireless Enterprise Networks (WIDEPLOY)February 24, 2020
300-370 WITSHOOTTroubleshooting Cisco Wireless Enterprise Networks (WITSHOOT)February 24, 2020
300-375 WISECURESecuring Cisco Wireless Enterprise Networks (WISECURE)February 24, 2020
400-051CCIE CollaborationStep One: CCIE Collaboration written examFebruary 24, 2020
Step two: CCIE Collaboration lab examApril 26, 2020
400-151CCIE Data CenterStep One: CCIE Data Center written examFebruary 24, 2020
Step two: CCIE Data Center lab examApril 26, 2020
400-101CCIE Routing and Switching certificationStep one: CCIE Routing and Switching written examFebruary 24, 2020
Step two: CCIE Routing and Switching lab examApril 26, 2020
400-251CCIE Security certificationStep one: CCIE Security written examFebruary 24, 2020
Step two: CCIE Security lab examApril 26, 2020
400-201CCIE Service Provider certificationStep One: CCIE Service Provider Written ExamFebruary 24, 2020
Step Two: CCIE Service Provider Lab ExamApril 26, 2020
400-351CCIE Wireless certificationStep one: CCIE Wireless written examFebruary 24, 2020
Step two: CCIE Wireless lab examApril 26, 2020

What is Amazon VPC?

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS. Hence the users can customize their virtual networking environment as they like, such as selecting own IP address range, creating subnets, and configuring route tables and network gateways.

Amazon VPC

Amazon VPC concepts

The following are the key concepts for VPCs:

  • Virtual private cloud (VPC) — A virtual network dedicated to your AWS account.
  • Subnet — A range of IP addresses in your VPC.
  • Route table — A set of rules, called routes, that are used to determine where network traffic is directed.
  • Internet gateway — A gateway that you attach to your VPC to enable communication between resources in your VPC and the internet.
  • VPC endpoint — Enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.

Accessing Amazon VPC

You can create, access, and manage your VPCs using any of the following interfaces:

  • AWS Management Console — Provides a web interface that you can use to access your VPCs.
  • AWS Command Line Interface (AWS CLI) — Provides commands for a broad set of AWS services, including Amazon VPC, and is supported on Windows, Mac, and Linux.
  • AWS SDKs — Provides language-specific APIs and takes care of many of the connection details, such as calculating signatures, handling request retries, and error handling.
  • Query API — Provides low-level API actions that you call using HTTPS requests. Using the Query API is the most direct way to access Amazon VPC, but it requires that your application handle low-level details such as generating the hash to sign the request, and error handling.

Amazon VPC quotas

There are quotas on the number of Amazon VPC components that you can provision. You can request an increase for some of these quotas.

The following tables list the quotas, formerly referred to as limits, for Amazon VPC resources per Region for your AWS account. For some of these quotas, you can view your current quota using the Limits page of the Amazon EC2 console.

VPC and Subnets

ResourceDefaultComments
VPCs per Region5The quota for internet gateways per Region is directly correlated to this one. Increasing this quota increases the quota on internet gateways per Region by the same amount.
You can have 100s of VPCs per Region for your needs even though the default quota is 5 VPCs per Region.
Subnets per VPC200
IPv4 CIDR blocks per VPC5This primary CIDR block and all secondary CIDR blocks count toward this quota. This quota can be increased up to a maximum of 50.
IPv6 CIDR blocks per VPC1
This quota cannot be increased.

Create the VPC

In this step, you’ll use the Amazon VPC wizard in the Amazon VPC console to create a VPC. The wizard performs the following steps for you:

  • Creates a VPC with a /16 IPv4 CIDR block (a network with 65,536 private IP addresses).
  • Attaches an internet gateway to the VPC.
  • Creates a size /24 IPv4 subnet (a range of 256 private IP addresses) in the VPC.
  • Creates a custom route table, and associates it with your subnet, so that traffic can flow between the subnet and the internet gateway.

To create a VPC using the Amazon VPC Wizard

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. In the navigation bar, on the top-right, take note of the AWS region in which you’ll be creating the VPC. Ensure that you continue working in the same Region for the rest of this exercise, as you cannot launch an instance into your VPC from a different Region.
  3. In the navigation pane, choose VPC dashboard. From the dashboard, choose Launch VPC Wizard.

NOTE: Do not choose Your VPCs in the navigation pane; you cannot access the VPC wizard using the Create VPC button on that page.

  1. Choose VPC with a Single Public Subnet, and then choose Select.
  2. On the configuration page, enter a name for your VPC in the VPC name field; for example, my-vpc, and enter a name for your subnet in the Subnet name field. This helps you to identify the VPC and subnet in the Amazon VPC console after you’ve created them. For this exercise, leave the rest of the configuration settings on the page, and choose Create VPC.
  3. A status window shows the work in progress. When the work completes, choose OK to close the status window.
  4. The Your VPCs page displays your default VPC and the VPC that you just created. The VPC that you created is a nondefault VPC, therefore the Default VPC column displays No.

View information about your Created VPC

To view information about your VPC

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. In the navigation pane, choose Your VPCs. Take note of the name and the ID of the VPC that you created (look in the Name and VPC ID columns). You will use this information to identify the components that are associated with your VPC.
  3. In the navigation pane, choose Subnets. The console displays the subnet that was created when you created your VPC. You can identify the subnet by its name in Name column, or you can use the VPC information that you obtained in the previous step and look in the VPC column.
  4. In the navigation pane, choose Internet Gateways. You can find the internet gateway that’s attached to your VPC by looking at the VPC column, which displays the ID and the name (if applicable) of the VPC.
  5. In the navigation pane, choose Route Tables. There are two route tables associated with the VPC. Select the custom route table (the Main column displays No), and then choose the Routes tab to display the route information in the details pane:
    • The first row in the table is the local route, which enables instances within the VPC to communicate. This route is present in every route table by default, and you can’t remove it.
    • The second row shows the route that the Amazon VPC wizard added to enable traffic destined for the internet (0.0.0.0/0) to flow from the subnet to the internet gateway.
  6. Select the main route table. The main route table has a local route, but no other routes.

Creating a subnet in your VPC

To add a new subnet to your VPC, you must specify an IPv4 CIDR block for the subnet from the range of your VPC. You can specify the Availability Zone in which you want the subnet to reside. You can have multiple subnets in the same Availability Zone.

You can optionally specify an IPv6 CIDR block for your subnet if an IPv6 CIDR block is associated with your VPC.

To add a subnet to your VPC using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. In the navigation pane, choose SubnetsCreate subnet.
  3. Specify the subnet details as necessary and choose Create.
    • Name tag: Optionally provide a name for your subnet. Doing so creates a tag with a key of Name and the value that you specify.
    • VPC: Choose the VPC for which you’re creating the subnet.
    • Availability Zone: Optionally choose a Zone in which your subnet will reside, or leave the default No Preference to let AWS choose an Availability Zone for you.For information about the Regions and Zones, see Regions and zones in the Amazon EC2 User Guide for Linux Instances.
    • IPv4 CIDR block: Specify an IPv4 CIDR block for your subnet, for example, 10.0.1.0/24. For more information, see VPC and subnet sizing for IPv4.
    • IPv6 CIDR block: (Optional) If you’ve associated an IPv6 CIDR block with your VPC, choose Specify a custom IPv6 CIDR. Specify the hexadecimal pair value for the subnet, or leave the default value.
  4. (Optional) If required, repeat the steps above to create more subnets in your VPC.

Associating a secondary IPv4 CIDR block with your VPC

To add a CIDR block to your VPC using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. In the navigation pane, choose Your VPCs.
  3. Select the VPC, and choose ActionsEdit CIDRs.
  4. Choose Add IPv4 CIDR, and enter the CIDR block to add; for example, 10.2.0.0/16. Choose the tick icon.
  5. Choose Close.

Associating an IPv6 CIDR block with your VPC

To associate an IPv6 CIDR block with a VPC using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. In the navigation pane, choose Your VPCs.
  3. Select your VPC, choose ActionsEdit CIDRs.
  4. Choose Add IPv6 CIDR.
  5. Choose Add IPv6 CIDR.
  6. For IPv6 CIDR block, choose one of the following, and then choose Select CIDR:
    • Amazon-provided IPv6 CIDR block: Requests an IPv6 CIDR block from Amazon’s pool of IPv6 addresses.
    • IPv6 CIDR owned by me: (BYOIP) Allocates an IPv6 CIDR block from your IPv6 address pool. For Pool, choose the IPv6 address pool from which to allocate the IPv6 CIDR block.
  7. If you selected Amazon-provided IPv6 CIDR block, from Network Border Group, select the group from where AWS advertises the IP addresses.
  8. Choose Select CIDR.
  9. Choose Close.

Associating an IPv6 CIDR block with your subnet

To associate an IPv6 CIDR block with a subnet using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. In the navigation pane, choose Subnets.
  3. Select your subnet, choose Subnet ActionsEdit IPv6 CIDRs.
  4. Choose Add IPv6 CIDR. Specify the hexadecimal pair for the subnet (for example, 00) and confirm the entry by choosing the tick icon.
  5. Choose Close.