Deploying SDWAN

Technologies
(DST)

Instructor-Led
Student and Lab Guide
INSTRUCTOR VERSION
Version 1.81 – February 2021
Based on Orchestrator v8.10.x and EdgeOS v8.3.1.x
 INSTRUCTOR VERSION

Deploying SDWAN Technologies (DST) ILT Student & Lab Guide

Based on Orchestrator v8.10.x and EdgeConnect OS v8.3.1.0_85068

Date: February 2021

Copyright © 2021 Silver Peak Systems, Inc. All rights reserved. Information in this document is
subject to change at any time. Use of this documentation is restricted as specified in the End
User License Agreement. No part of this documentation can be reproduced, except as noted in
the End User License Agreement, in whole or in part, without the written consent of Silver Peak
Systems, Inc.

Trademark Notification
The following are trademarks of Silver Peak Systems, Inc.: Silver Peak SystemsTM, the Silver
Peak logo, Network Memory™, Silver Peak NX-Series™, Silver Peak VX-Series™, Silver Peak
VRX-Series™, Silver Peak Unity EdgeConnect™, and Silver Peak Orchestrator™. All
trademark rights reserved. All other brand or product names are trademarks or registered
trademarks of their respective companies or organizations.

Warranties and Disclaimers

THIS DOCUMENTATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND,
EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT. SILVER PEAK SYSTEMS, INC. ASSUMES NO RESPONSIBILITY
FOR ERRORS OR OMISSIONS IN THIS DOCUMENTATION OR OTHER DOCUMENTS
WHICH ARE REFERENCED BY OR LINKED TO THIS DOCUMENTATION. REFERENCES
TO CORPORATIONS, THEIR SERVICES AND PRODUCTS, ARE PROVIDED “AS IS”
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED. IN NO EVENT
SHALL SILVER PEAK SYSTEMS, INC. BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES
WHATSOEVER, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM LOSS
OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF THE POSSIBILITY OF
DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT OF OR IN CONNECTION
WITH THE USE OF THIS DOCUMENTATION. THIS DOCUMENTATION MAY INCLUDE
TECHNICAL OR OTHER INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE
PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE
INCORPORATED IN NEW EDITIONS OF THE DOCUMENTATION. SILVER PEAK
SYSTEMS, INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S)
AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENTATION AT ANY TIME

Aruba, A Hewlett Packard Enterprise Company

6280 America Center Dr
Sunnyvale, CA 94089

+1.877.210.7325 (toll-free in USA)

+1.408.935.1850

http://training.silver-peak.com

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 2 of 155
 INSTRUCTOR VERSION

Table of Contents
Review #1: Terminology .................................................................................................................... 6
Review #2: Products and Licensing ................................................................................................ 7
LAB 1: Lab Familiarization and Orchestrator Installation ...................................................... 8
Task 1: Familiarize Yourself with the Lab Topology 8
Task 2: Topology Details (FYI only: Do not configure anything yet) 9
Task 3: Connect to the ReadyTech lab environment 10
Task 4: Check to make sure all VMs are deployed 11
Task 5: Access the Topology Diagram on the Student PC 13
Task 6: Install Orchestrator 13
Review #3: Orchestrator Setup Lab ............................................................................................... 17
Task 7: Configure Linux Admin and Root Passwords 17
Task 8: Configure Static Management IP & DNS Addresses 18

Review #4: Dynamic Path Control .................................................................................................. 20

Review #5: Path Conditioning ........................................................................................................ 21
Review #6: Boost ............................................................................................................................. 22
Review #7: Licensing Process ....................................................................................................... 23
LAB 2: Orchestrator Configuration and Licensing ................................................................ 24
Task 1: Verify Orchestrator IP Address 24
Task 2: Generate an Account Name and Key to use for all installations 25
Task 3: Configure License, Email and Backups with the GUI’s Getting Started Wizard 27

Review #8: Orchestrator Configuration and Licensing Lab ........................................................ 32

Review #9: Path Selection and Subnet Sharing ........................................................................... 33
Review #10: Router Mode ................................................................................................................. 34
Review #11: Bridge Mode ................................................................................................................. 35
Review #12: Server Mode .................................................................................................................. 36
Review #13: Data Security ................................................................................................................ 37
Review #14: Interface Labels and Deployment Profiles ................................................................. 38
Review #15: Template Groups .......................................................................................................... 39
LAB 3: Configuring Groups and Labels ................................................................................. 40
Task 1: Create Groups 40

LAB 4: Configure Deployment Profiles .................................................................................. 42

Task 1: Configure a Deployment Profile for a Hub Site 42
Task 2: Configure Deployment Profile for a Campus Site with 2 Data Centers 44
Task 3: Configure a Deployment Profile for a Branch Office 45
Task 4: Verify the correct Deployment Profiles were created 45

LAB 5: Template Groups Configuration ................................................................................. 46

Task 1: Create a template group 46

Review #16: Business Intent Overlays ............................................................................................ 49

LAB 6: Configuring Business Intent Overlays ....................................................................... 50
Task 1: Review BIO Main Screen 50

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 3 of 155
 INSTRUCTOR VERSION
Task 2: Configure the RealTime Overlay to Match CIFS Traffic 52
Task 3: Configure the rest of the RealTime Overlay 53
Task 4: Modify the CriticalApps Overlay 55

LAB 7: Completing Appliance Configuration ......................................................................... 57

Task 1: Familiarize Yourself with vSphere Virtual Networking 57
Task 2: Associate your lab Port Groups to their correct VMs 58
Task 3: Note the MAC Addresses of ECV-1 Interfaces 58
Task 4: Obtain IP Address and Log into ECV-1’s Appliance Manager 59
Task 5: Complete the Initial Configuration Wizard for ECV-1 60
Task 6: Configure mgmt0 Static IP Address for ECV-1 62
Task 7: Configure ECV-2 with Minimal Directions 63

Review #17: BIO and Appliance Configuration Labs ..................................................................... 65

LAB 8: Complete Registration of ECV-1 and ECV-2 in Orchestrator .................................. 66
Task 1: Confirm ECV-1 and ECV-2 have been discovered by Orchestrator and Approve them 66
Task 2: Complete Registration of ECV-2 in Orchestrator 70
Task 3: Verify the SD-WAN 73
Task 4: Test the connection between Sites 1 and 2 by connecting to TG-01 78
Review #18: Orchestrator Registration Lab .................................................................................... 81
LAB 9: Configure a Hub and Spoke Business Intent Overlay .............................................. 82
Task 1: Configure a New BIO using an ACL to match FTP traffic 82
Task 2: Configure Remaining BIO Settings 84
Task 3: Configure the Hub 86

Review #19: Automated Provisioning and Deployment ................................................................. 88

LAB 10: Complete ECV-3 Installation with the CampusNetwork Overlay ............................. 89
Task 1: Complete the Configuration of ECV-3 89
Task 2: Complete the Initial Configuration Wizard for ECV-3 89
Task 3: Configure mgmt0 Static IP Address for ECV-3 90
Task 4: Complete Registration of ECV-3 in Orchestrator 90
LAB 11: Zero-Touch-Configuration (ZTC) of ECV-4 .............................................................. 92
Task 1: Create and View a Preconfiguration File 92
Task 2: Replace the YAML code 93
Task 3: Install ECV-4 from an OVA file 96
Task 4: Add three additional Network Adapters for the ECV-4 VM. 100
Task 5: Configure mgmt0 Static IP Address for ECV-4 102
Task 6: Configure mgmt0 Static IP Address for ECV-4 104

LAB 12: Complete Registration of ECV-4 in Orchestrator .................................................... 106

Task 1: Review and Apply the Preconfiguration File for ECV-4 106
Task 2: Observe Overlay Construction 108

LAB 13: VRRP Configuration ................................................................................................... 114

Task 1: Configure VRRP on ECV-3 114
Task 2: Configure VRRP on ECV-4 115
Task 3: Check VRRP Operation 116

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 4 of 155
 INSTRUCTOR VERSION
Review #20: Quality of Service ....................................................................................................... 119
Review #21: Reporting and Monitoring ......................................................................................... 120
LAB 14: Basic Flow Monitoring ............................................................................................... 121
Task 1: View Underlay Traffic Between Sites 1 and 2 121

Review #22: Built in Diagnosis Tools ............................................................................................ 128

LAB 15: Reporting .................................................................................................................... 129
Task 1: Schedule a Custom Report 129
Task 2: Run a report on demand 131
Task 3: View Emailed Report 133

LAB 16: Troubleshooting Tools .............................................................................................. 134

Task 1: Ping ECV-2 134
Task 2: Traceroute to TG-03 135
Task 3: Link Integrity Test 135

Review #23: Business Intent Overlay Path Selection .................................................................. 137

Review #24: Boost and Asymmetry ............................................................................................... 138
Review #25: Flow Detail .................................................................................................................. 139
Review #26: Overlays & Tunnels .................................................................................................... 140
Review #27: Licensing .................................................................................................................... 141
Review #28: Routing and Reachability .......................................................................................... 142
Appendix A: Solutions to Common Issues .................................................................................... 143
Task 4: Issue #1 - Restarting Orchestrator 143
Task 5: Issue #2 - Resolving Issues with Non-US Keyboards 143

Appendix B: Configure Static Management IP Address via Linux GUI ....................................... 144
Appendix C: Lab 10: Step-By-Step Configuration for ECV-3 ....................................................... 146
Task 6: Complete the Configuration of ECV-3 146
Task 7: Configure mgmt0 Static IP Address for ECV-3 148
Task 8: Complete Registration of ECV-3 in Orchestrator 149

Appendix D: Virtual Lab Topology ................................................................................................. 154

Appendix E: Login Information and My Lab Access Code: ......................................................... 155

INSTRUCTOR TIP: Ask students to raise their hands in Zoom to indicate that they are working
on the lab exercises. Tell them to LOWER their hands when they have completed all the labs
to indicate they are finished. This lets you gauge if students have all completed the exercises
and it is ok to proceed earlier than allocated or to a lot more time if needed.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 5 of 155
 INSTRUCTOR VERSION

Review #1: Terminology

1) What term describes placing a packet into an IPsec tunnel?
Encapsulate
Encapsulation

2) Describe/define:
a) The Cloud Portal
licensing
The server
Licensing Server which needs to be reachable by the Orchestrator & Appliances

b) Orchestrator
management
Silver software
Peak’s SD-WAN management software, hosted on-premise by the customer or a hosted SaaS subscription

c) A Passthrough flow
flow which
Traffic that is isnotnot tunnelised
placed in an underlay to another EdgeConnect

d) A Stale flow
a flowthat
Flows thatstillstill work
exist andunder oldafter
are used rulea configuration change to that flow was done

e) Business Intent Overlay

Configuration
configurationparameters
template used as a template or profile to determine how Overlays are established over Underlay Tunnels
for overlay

f) Local Internet Breakout

thatsame
The trafficthing
broken out to Internet
as a Passthrough flow

3) True/False: An overlay tunnel can use one or more underlay tunnels to transport
packets that match a Business Intent Overlay.
true
True

4) How many Orchestrators would be used by a typical organization?

one
One

5) Given two tunnels named: “To_ECV-3_MPLS_MPLS” and “To_ECV-3_CriticalApps”,

a) Which do you think is an Overlay tunnel? Why?
To_ECV-3_CriticalApps
To_ECV-3_CriticalApps

b) Which do you think is an Underlay tunnel? Why?

To_ECV-3_MPLS_MPLS
To_ECV-3_MPLS_MPLS. Because it references MPLS which is a transport method

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 6 of 155
 INSTRUCTOR VERSION

Review #2: Products and Licensing

6) True/False: The Orchestrator is always hosted outside a customer’s network.
False.
false The Orchestrator is most often deployed as a VM in the customer’s network

7) True/False: The Cloud Portal automatically builds tunnels from a new device to existing
appliances, then tells the Orchestrator the device has been registered.
False – The cloud portal doesn’t build tunnels for the SD-WAN, EdgeConnects do.
false Peak’s WAN Optimization technology
Silver

8) True/False: A 100 Mbps license, or 1 block, is required to handle 75 Mbps of LAN traffic.
False
false in so many ways. No 100 Mbps tier, only 200 Mbps for WAN, not LAN traffic. Blocks apply to Boost licenses, not BW.

9) What is Boost?
wan optimization
Silver Peak’s WAN Optimization Technology

10) What Boost Feature reduces the bandwidth required using deduplication and
compression??
networkMemory
Network memory

11) Name the other Boost Feature.

TCPAcceleration
TCP acceleration

a) What does it do?

Mitigate the effects of distance and latency because the Edge Connect acts as a TCP Proxy

12) True/False: Boost is included with an Unlimited License.

False.
false Boost is not associated with any bandwidth tiers. Licensing is separate & an extra option available to purchase

13) How many blocks of Boost are needed for 4.15 Gb?
42
415

INSTRUCTOR REMINDER:
Prior to next lecture, or BEFORE 3 HOURS after Class starts
CANCEL UNUSED LAB CODES WITH READYTECH

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 7 of 155
 INSTRUCTOR VERSION

LAB 1: Lab Familiarization and Orchestrator

Installation
Overview
In this lab you will install an Orchestrator/GMS virtual machine in the VMware environment.

Objective
æ Become familiar with the lab environment and install the Orchestrator virtual machine to be used to
manage appliances in this course.

IMPORTANT LAB NOTES:

1. The course lab instructions are precise.
2. Follow the Step-by-Step Instructions.
3. Please read all notes below the lab steps.
4. This will help you avoid common error conditions.

Task 1: Familiarize Yourself with the Lab Topology

Note: A larger diagram along with device userids and passwords is on the last two pages of
this lab manual. You may find it useful to tear it out (or print it) for reference throughout this
course.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 8 of 155
 INSTRUCTOR VERSION
Task 2: Topology Details (FYI only: Do not configure anything yet)
1. All masks are 24 bit.
2. There is an out of band management network (dotted line) using the 192.168.1.0 subnet.
3. There are 3 sites.
4. Each site has a connection to a WAN emulator which provide simulated connections:
a. One over an MPLS network
b. One over a Broadband Internet network
5. Site 3 is a campus with 2 data centers, each with its own ECV appliance.
6. Devices have a connection in the management network, and in at least one other
subnet.
7. When you connect to devices from the Student PC, you will use the management
network.
8. When you connect devices over the data path, you’ll be using a 10.110.x.x network.

Addressing requirements table - all masks are 24 bit

Requirement ECV-1 ECV-2 ECV-3 ECV-4 Orchestrator

mgmt0 DHCP DHCP DHCP DHCP DHCP

(see console) then (see console) then (see console) then (see console) then (see console) then
IP address
192.168.1.4 192.168.1.5 192.168.1.6 192.168.1.7 192.168.1.254
wan0 10.110.11.100 10.110.21.100 10.110.31.100 10.110.31.101 n/a
IP address
wan1 10.110.12.100 10.110.22.100 10.110.32.100 10.110.32.101 n/a
IP address
lan0 10.110.10.100 10.110.20.100 10.110.30.100 10.110.30.101 n/a
IP address

Addressing Notes:

1. The default gateway (DG) address for the management network is 192.168.1.253.
2. The DNS server address is 8.8.8.8, reachable via the Default Gateway.
3. The NTP server address is 192.168.1.251 (it resides in the K1-MPLS VM) .
4. DHCP on the management network will assign addresses to the devices and inform
them of the Default Gateway (DG) and Domain Name Service (DNS) server addresses.
This will allow them to resolve the default name of the Silver Peak Cloud Portal
(cloudportal.silver-peak.com) so they can register themselves with the portal.

About Serial Numbers: A physical appliance would be able to use its unique burned-in serial
number to register since the Cloud Portal is aware which serial numbers are associated with
which accounts. Virtual appliances (such as we use in this course) must be given an account
name and account key to register and be associated with the correct account. The Cloud Portal
will generate a serial number and assign it to each registering virtual appliance and associate
the new serial number with the account.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 9 of 155
 INSTRUCTOR VERSION
Task 3: Connect to the ReadyTech lab environment
5. Obtain the access code from your instructor. Write down your access code here:

Access Code:
6. Connect to the training portal at: https://SilverPeak.InstructorLed.training
Note: The Lab was designed using Chrome Version 83.0.x. If your browser does not support
HTML5 you may see a message about upgrading your browser and the link to the non-HTML5
portal. If you decide to use the non-HTML5 portal follow the pre-testing instructions, there. We
have seen a couple of issues with a limited number of IE users, so if IE doesn’t work, try
Chrome or one of the other browsers.
a. On the Login page enter the access code your
instructor gave you from Step #1 above:
You may see a message about upgrading your browser
and the link to the non-HTML5 portal. If you decide to
use the non-HTML5 portal follow the pre-testing
instructions, there. We have seen a couple of issues with
a limited number of IE users, so if IE doesn’t work, try
Chrome or one of the other browsers.
7. Enter your first and last name.
a. Check the box to agree to terms.
b. Click OK.

8. DO NOT configure a password.

9. Go to the Lab tab.

a. Verification: Your name and code should
be at the upper right of your screen.
If not, you need to logout and log in again…
£ Click on the dropdown and select Log out.
£ Repeat steps to log in with your correct code.
£ Verify the lab status is “Up”.
b. If the lab is not up, inform your instructor.

10. Make sure Ready Tech Viewer (HTML) is selected.

11. Click the thumbnail image Connect to the lab.
You should be automatically connected to the remote desktop, running
Windows Server 2008, which will show a larger version of the thumbnail
image and fill the browser window.
Note: If you are having keyboard issues with a non-US keyboard there
are special instructions in Appendix A.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 10 of 155
 INSTRUCTOR VERSION
12. Click the “X” to close the Windows
Activation Window, if it appears.

13. Desktop View Options:

a. It is possible to select Best Fit, Scale
to Fit or enter Full Screen Mode with
your browser window by selecting it from the Desktop dropdown
menu.
b. Use the Esc key to exit Full Screen mode.
c. If you need to enter commands in a VMware console window,
and you find that incorrect characters are displaying special
instructions can be found in Appendix A.
£ Foreign Keyboard setup can be found in Appendix A.
£ Using the On Screen Keyboard can be found in Appendix A.

When connecting to the appliance’s management interfaces in the Chrome

browser, make sure to put https:// before the address, otherwise it may refuse
to connect

14. If some screens or menu items won’t fit completely in your

browser window, and you can’t scroll to see the bottom and are
unable proceed because a button is off the screen, use the
Zoom out feature in the Chrome browser in your lab environment
to shrink the image and make it all fit into your browser window.
a. Click the 3 dots in the upper right of the browser to show
Zoom menu.

Task 4: Check to make sure all VMs are deployed

15. On the ReadyTech Student PC desktop, launch Chrome.

æ Note: A common error is to try to

connect to the Orchestrator via
the web browser running on your
computer. This will fail. For class,
you use the Chrome instance you
ran from the Student PC Desktop.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 11 of 155
 INSTRUCTOR VERSION

a. Click on the First tab, which should connect to:

https://esxihost.
If not, type in the URL.

æ You MUST use https, not http

If you get a Privacy Error: “Your connection is not Private”

…
1: Click on Advanced

2: Click Proceed to esxihost (unsafe)

16. Login:
a. User name: root
b. Password: Training1!

17. Click Virtual Machines.

admin

18. Click on the arrow in the header

Virtual machine and select
Sort ascending.

a. ECV-1 should be at the top of

the list.

19. Match the list of deployed VMs to

the list below:
a. There should be 10 items.

If any VMs are missing or grayed

out (indicating they are not
running) contact your instructor
immediately.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 12 of 155
 INSTRUCTOR VERSION

Task 5: Access the Topology Diagram on the Student PC

20. Click on (Show Desktop icon) to the right of the time and date at the bottom of the
taskbar to quickly look at the topology diagram on the wallpaper of the student PC.

21. To revert back to your open screens, Click on it again.

Task 6: Install Orchestrator

22. Select Create / Register VM.

23. Select Deploy a virtual machine from an OVF or OVA file.

24. Click Next.

25. Enter the name of

“Orchestrator” .

26. Click anywhere in the blue box

“Click to select files or drag/drop” .

Note: The filename displayed in the screenshot may be

OLD. You must pick the appropriate path and file
described in the step after next.

27. Navigate to Desktop à LabTG à SilverPeak à Orchestrator.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 13 of 155
 INSTRUCTOR VERSION
28. Select the file:
Orchestrator-
8.10.x_xxxxx.ova.
Confirm you are selecting the
Orchestrator file from the
\Orchestrator folder (and not the
EdgeConnect *.ova from the
\EdgeConnect folder)

29. Click Open.

30. Again confirm the correct *.ova file is listed in

the window.
a. It should begin with, “Orchestrator”

31. Click Next.

32. Click Next.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 14 of 155
 INSTRUCTOR VERSION

33. Configure the following parameters:

£ Network Mappings for VM Network: Management

This chooses the correct port group to attach the Orchestrator’s management interface.

£ Disk Provisioning: Thick

æ Always select Thick to avoid performance problems.

£ Power on automatically: Selected

34. Click Next.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 15 of 155
 INSTRUCTOR VERSION

35. Click Finish.

36. The deployment will run and display the status at the bottom of the Virtual Machines
window.

a. If you cannot see it, expand the window

by clicking on Recent tasks.

37. This will take about 10-12 minutes.

38. While waiting, continue with Review #3 below.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 16 of 155
 INSTRUCTOR VERSION

Review #3: Orchestrator Setup Lab

14) True/False: The lab steps are only a guideline. If you simply look at the screenshots, you
can get through the lab tasks much faster?
False. The lab is crafted to guide students step-by-step through each procedure. Skipping steps may get you lost.
true
IF THERE IS A DIFFERENCE between the screenshot and instructions, FOLLOW THE WRITTEN INSTRUCTIONS

15) True/False: I should have written down my ReadyTeach Lab Access Code.
true You will need it for tomorrow or if you want to access the lab outside class hours.
True.

16) Why should you select Thin as the Disk Provisioning option when installing the
Orchestrator?
should
You not select
should thinTHICK to avoid performance problems.
not. Select

17) True/False: RFC-1701 defines the Enterprise SD-WAN standard.

false SD-WAN is not an industry standard. Every vendor has its own implementation.
False.

18) How can you switch between your current window to easily view the lab topology?
desktop
Use iconDesktop icon at the bottom right of the windows taskbar.
the Show

Task 7: Configure Linux Admin and Root Passwords

39. Confirm the Orchestrator has been rebooted and deployed successfully. When
completed you should see “Completed Successfully” in the Result column.

40. From the esxihost – tab,

select the Orchestrator.

41. Click Console.

42. Select Open Console in new window.

If nothing shows up, click in the empty window and
press <enter>.

43. Log into the Orchestrator and configure both

the Admin and Root accounts:

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 17 of 155
 INSTRUCTOR VERSION
DO NOT BE CUTE AND USE
ANOTHER PASSWORD.
If you need assistance, the
Instructor must be able to log into
your Orchestrator.

£ Admin Login: admin

£ Admin Password: admin

£ Create New Admin Password:

Speak-123

£ Create New Root Password:

Speak-123

Task 8: Configure Static

Management IP & DNS Addresses
Note: The Instructor will go over this in more detail during the next lecture. We are getting a
head start since we need to reboot the Orchestrator a couple times.
44. Type cd gms to move to the install directory.
45. Type orch-setup -c to enter the CLI configuration wizard.
£ Enter the Root Password: Speak-123
£ Timezone: n
£ NTP Server Synchronization: y
£ NTP Server (IP/name): 192.168.1.251
£ Network Configuration and
Hostname via GUI: n
£ Orchestrator hostname: y
£ Enter the New hostname: Orchestrator
£ Change IP address? y
£ IP address: 192.168.1.254
£ Netmask: 255.255.255.0
£ Gateway: 192.168.1.253
£ Change DNS Servers to static: y
£ DNS Server1: 8.8.8.8
£ DNS Server2: (none – leave blank)

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 18 of 155
 INSTRUCTOR VERSION

INSTRUCTOR REMINDER:

Have you CANCELED UNUSED LAB

CODES WITH READYTECH?

46. Click the X to close the CLI window.

STOP HERE

Do not move on unless directed otherwise by your instructor

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 19 of 155
 INSTRUCTOR VERSION

Review #4: Dynamic Path Control

19) When using Business Intent Overlays, is load balancing flow-based or packet-based?
Packet based

20) What are Silver Peak’s three options for dynamically choosing a tunnel?
High
FEC,Availability Redundancy,
tunnel quality Quality, and Load-balance
and loadbalance

21) What four line characteristics are used to determine the quality of a tunnel?
Loss, Latency,jitter
loss latency Jitter, and MOS

22) Do you think local internet breakout traffic is:

a) Flow or packet based?
It’s
flowFlow based.

b) Why?
It has to be because if the traffic is being NAT’d, all the packets in the flow need to be NAT’d to the same interface address or
the
thisconnection will tunnelised.
traffic is not break. Packets of same session need to be exited from same wan link,

23) Can an appliance load-balance an overlay over the Red and Blue tunnels shown in the
diagram below?
No,
no because the two tunnels don’t terminate in the same pair of appliances.

a) Why or why not?

because
traffic is the
nottwo tunnels don’t
terminated terminate appliances
at different in the same pair of appliances
at site 2

Site 1

LAN

Site 2

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 20 of 155
 INSTRUCTOR VERSION

Review #5: Path Conditioning

24) When can FEC make a loss problem worse?
When
when there
thereisiscongestion
congestion

25) What is a typical WAN ISP SLA for loss for:

a) Internet?
Internet: 0.5 - 1%, but could be much worse.

b) MPLS?
MPLS: 0.1 - 0.5%

26) What is the impact of loss on throughput for:

a) TCP?
TCP slowsdown
will slow down because it has to retransmit.

b) UDP?
UDP
loss Doesn’t slow down because--no acknowledgement mechanism

27) True/False: The ratio of FEC packets to data packets is always a fixed ratio.
False
false – we send less FEC packets when the circuit has less loss, unless you are using 1:1 FEC

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 21 of 155
 INSTRUCTOR VERSION

Review #6: Boost

28) What are the two primary components of Boost?
TCP Acceleration helps
tcp acceleration mitigate the
nad network effects of latency & Network Memory provides deduplication, saving bandwidth.
memory

29) What three factors are primary contributors to latency?

Distance,
congestionhop count and loss/congestion.

30) How do we accelerate TCP flows?

The appliance is responding to the local device acting as a proxy on behalf of a remote device.
tcp proxy

31) Why does Asymmetry break TCP Acceleration?

The appliance
it cannot can’t
track see thepackets
proxied sequence numbers in both directions, so it can’t proxy.

32) What benefit does the Network Memory component of Boost provide?
BW reduction, and therefore reduced cost. May also improve transmission speed because less data has to be transmitted.

33) What does Network Memory send instead of duplicate data?

A fingerprint
finger print

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 22 of 155
 INSTRUCTOR VERSION

Review #7: Licensing Process

34) What is the first step in setting up your Silver Peak network?
Install the Orchestrator

35) True/False: There are unique license keys that are different for each EdgeConnect
appliance and the Orchestrator.
False
false – The orchestrator and all ECs use the same account name and account key

36) What is required for an appliance without direct Internet connectivity to register?
Itorchestrator
can use the Orchestrator as a proxy.

37) How long is a device’s license period?

A
30rolling
days30 day window

38) True/False: When the license period expires, the appliance will only forward traffic
through established tunnels using stale flows.
False.
false It will not forward anything without a valid license.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 23 of 155
 INSTRUCTOR VERSION

LAB 2: Orchestrator Configuration and

Licensing
Overview
In this lab, you will install an Orchestrator/GMS, then configure and register it with the cloud
portal.

Objective
æ Observe the Orchestrator self-registration with the Cloud Portal.
æ Verify whether the Orchestrator has registered or not.

Task 1: Verify Orchestrator IP Address

1. From the esxihost click on

Virtual Machines in the
Navigator window.

2. Click the box next to

Orchestrator in the list

3. Click Actions

4. Click Open in a new Window

5. The Orchestrator VM
page will open in a new
tab.

a. If it appears, click the X

on the error in the
middle of the screen to
ignore the guest OS
warning

6. Scroll down to confirm

that the IP address is
192.168.1.254

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 24 of 155
 INSTRUCTOR VERSION

Note: If your mouse ever gets frozen in the console window, use
<CTRL>+<ALT> to get cursor control back or
<CTRL>+<OPTION> on a Mac

Task 2: Generate an Account Name and Key to use for all installations
7. Generate a valid Account Name and Account Key
Note: For training, we have a script that generates these licenses. You would NOT do the
steps in a standard installation. Both the Account Name and Account Key would be provided to
you when you purchase equipment from Silver Peak

8. On the Student PC desktop, run (double-click on) the

DST ILT 8.10 Setup icon on the desktop.

Note: Only run the DST ILT 8.10 Setup script ONCE in this course

æ All the appliances and orchestrator will use the same Account Name and Key

9. The script runs and a Command Prompt window will open briefly, then the
License.txt file opens in a Notepad window. A copy is saved to the desktop.

10. Close the Command Prompt window but leave Notepad open for the next Task.

11. Open the Google Chrome browser window by double-clicking on the

icon on the desktop.
£ Create a new tab by pressing <CTRL>+T

12. Point your browser to Orchestrator’s new IP

address
£ https://192.168.1.254
You MUST use https, not http

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 25 of 155
 INSTRUCTOR VERSION

If you get a Privacy Error: “Your connection is not

Private” …
1: Click on Advanced

2: Click Proceed to 192.168.1.x (unsafe)

13. Login
to the

Orchestrator using the defaults

£ User name: admin
£ Password: admin
Remember when we configured the admin password from the
CLI that was for the Linux account. This is the 3rd password that
needs to be set for the GUI login.

14. Click Agree to accept the End User License Agreement

15. You will be prompted to create a unique Password

for the Orchestrator GUI login.
£ Use: Speak-123

16. Click Save Password

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 26 of 155
 INSTRUCTOR VERSION

17. Note if you see any warnings, click

Dismiss, Close or OK

18. Close the warning regarding key

regeneration. We will not do this in this lab.

19. If displayed, close any software release messages shown

by clicking Dismiss

Task 3: Configure License, Email and Backups with the GUI’s Getting
Started Wizard
20. The Getting Started Wizard will appear
If you need to, Click and Drag the bottom-right corner to expand the Chrome window
until you see the button at the bottom. Or you may have to zoom out your view.

21. Check the EdgeConnect box under Select Products

The EdgeConnect Registration options will appear

22. Enter the License information into Orchestrator.

a. Copy/Paste the information from the License.txt file on the Student desktop.
Do not enter the license keys shown in the screen captures.
b. From the License.txt file, Copy Account Name.
c. Paste to the Account Name field on the License and Registration screen.
d. From the License.txt file, Copy Account Key.
e. Paste to the Account Key field on the License and Registration screen.

23. After you enter the licenses, minimize (do not close) the Notepad window.
You will use this license information again in later labs when licensing appliances.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 27 of 155
 INSTRUCTOR VERSION

24. Return to the wizard and click Next.

25. Set up Email using the following

parameters:
þ

Hint: use the <TAB> key to navigate the

fields in the order below

£ Enable SSL: o (Uncheck)

£ Enable Authentication: þ (Check)
£ SMTP Server: 192.168.1.200
£ SMTP User: [email protected]
£ Email Sender: [email protected]
£ SMTP Password: Speak-123
£ Server Port: 25
£ Require Email Verification o (Uncheck)
£ Send a Test Email To: [email protected]
£ Email Alarms To: [email protected]

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 28 of 155
 INSTRUCTOR VERSION

26. Verify configuration

Click the Test button
a.
£ After a brief clock display, you should see a message appear that says ‘Successfully
sent test emails’ at the bottom of the page as shown

b. If you get an error message, recheck your configuration.

27. Return to the wizard and click Next

28. Configure the Orchestrator Backups with the following parameters:

£ Protocol: FTP
£ Hostname: 192.168.1.200
£ Username: anonymous
£ Password: Speak-123
£ Directory: /GMS
£ Port: 21
£ Max backups
to retain: 3

B.
29. Click the Test button

You should get a message in a green ribbon at the bottom of the screen telling you the test
was successful.

If it is not, recheck your configuration.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 29 of 155
 INSTRUCTOR VERSION

30. Click the Add button to add a

scheduled time to backup
31. Use the following parameters:

£ Frequency: Weekly
£ Day: Saturday
£ At: 08:00
32. Click OK
The schedule will appear in the Schedule
box

33. Click Apply to complete the Getting

Started Wizard

34. Click Close to confirm Changes Applied

35. Check the portal registration status. Select the

ORCHESTRATOR à ORCHESTRATOR SERVER
à LICENSING à Cloud Portal.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 30 of 155
 INSTRUCTOR VERSION

æ Registered = “Yes” means the Orchestrator was

able to reach the Cloud Portal on the internet.
æ It was also able to register, which means the
account name and account key matched an entry
in the database for your student account and the
Orchestrator can now manage appliances
associated with that account.
Remember: Appliances in your network will use the same
account name and account key

36. Close the dialog box by clicking Close

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 31 of 155
 INSTRUCTOR VERSION

Review #8: Orchestrator Configuration and

Licensing Lab
39) What is the default user name and password for the Orchestrator GUI?
admin for both
admin/admin

40) What is the filename extension of the Orchestrator installation file?

*.ova
ova

41) Select all the correct statements: On the Cloud Portal screen in Orchestrator,
Registered = Yes indicates:

A. The Orchestrator was able to reach the Cloud Portal on the internet.

B. The Orchestrator was recognized by the Cloud Portal to belong to your

company based on its serial number.

C. The Account Name and Account Key were correctly entered.

D. The Orchestrator will now be able to manage any EdgeConnect clients associated
with that account
Correct
A, C, Danswers are A, C, and D. B is incorrect because the Orchestrator does not have a serial number recorded

42) True/False: The Account Name is always the same on the Orchestrator and the
EdgeConnects. The Account Key needs to be individually generated via a script.
False
False

STOP HERE

Do not move on unless directed otherwise by your instructor

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 32 of 155
 INSTRUCTOR VERSION

Review #9: Path Selection and Subnet Sharing

43) What does ‘Auto (system)’ in the route ‘Type’ field mean?
It is a locally attached subnet that has been added automatically

44) What does Subnet Sharing do?

It lets the appliances advertise local subnets to each other via a tunnel.

45) What must happen before subnets will be shared between appliances?
A tunnel must be up.

46) What happens to shared subnets if all tunnels to a site go down?

The shared subnets are lost and removed from the table

47) Besides Subnet Sharing, how else can an appliance dynamically learn routes?
Use a routing protocol like BGP or OSPF

48) What does FROM_WAN mean in the additional info column of the data path routing
table?
A tag thatfrom
arrived means
wantheside
route will only be used for traffic going WANàLAN

49) What is the management routing table used for?

Self originated
for self traffic traffic
originated

50) True/False: Syslog entries from an appliance will be reported to the Syslog server using
the main data path Routes table.
False,
false the management routing table will be used.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 33 of 155
 INSTRUCTOR VERSION

Review #10: Router Mode

51) What is the name of the Router Mode that is the recommended best practice?
In-Line Router Mode or ILRM

52) True/False: You must use mgmt0 out of band to manage the appliances.
False
false – they can be managed through data path connections

53) What are the 3 basic ILRM Reference Architectures?

Branch, Edge HA and Traditional HA

54) True/False: Router Mode cannot be deployed out of path.

False,
false it can be inline or out of path.

55) How many IP addresses do you need in router mode?

One
one for eachlogical
ip per interface, just like any router
interface

56) True/False: In Inline Router Mode, passthrough lan0 wan0

traffic that arrives on lan1 cannot be lan1 wan1 WAN
forwarded out lan0.
False
false – passthrough traffic can be forwarded between any local interfaces

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 34 of 155
 INSTRUCTOR VERSION

Review #11: Bridge Mode

57) How many IP addresses do you need in Bridge Mode?
One for each BVI

58) True/False: The lan0 and wan0 of an appliance in Bridge Mode connect to two different
subnets.
False – they connect to two segments of the same subnet

59) What is the failure mode of an appliance in Bridge Mode?

Fail to wire, it looks like a crossover cable connection

60) If you want an Inline appliance to use multicast, should an appliance be in Bridge or
Router Mode?
Either. Bridge mode will bridge the multicast packets. And an appliance in router mode supports PIM.

61) True/False: In Bridge Mode, you don’t have to use mgmt0 to manage the appliance, you
can use a data path interface.
False – you must be able to reach the management interface. If you want to use the data path, you must connect the appliance’s
mgmt0
false to one of the data path interfaces

62) True/False: In Bridge Mode, passthrough traffic arriving on lan0 can be forwarded out
wan1 (see picture below)
False
false – it must be in router mode to do this

lan0 wan0

lan1 wan1 WAN

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 35 of 155
 INSTRUCTOR VERSION

Review #12: Server Mode

63) True/False: Server mode is the default for freshly installed ECVs.
True
true

64) What is the difference between Server Mode and Router Mode?
Server
servermode has only
has one one interface – mgmt0. Router mode has additional data path interfaces.
interface

65) True/False: Server Mode can be Inline or Out-of-Path.

False
false – it can only be out of path because it only has one interface.

66) Why would you use server mode?

You probably
if need wouldn’t.
to setup edgeIf device
you onlywith
had one
onlyIPone
address
ip and you needed to deploy out of path might be the only use case.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 36 of 155
 INSTRUCTOR VERSION

Review #13: Data Security

67) True/False: To block all incoming connections from the internet, the Stateful Firewall
should be set to Harden on an interface.
False

68) True/False: The Stateful+SNAT interface firewall setting maps LAN addresses to WAN
addresses for packets being placed in a tunnel.
False
false – the SNATing applies to passthrough traffic

69) If you want to allow inbound connections from the Internet to only one LAN side server,
what feature should you use to permit connections ONLY to that server on the LAN?
Inbound
inboundport
portforwarding
forward

70) True/False: A Zone Based Firewall policy that permits connections initiated from zone A
to zone B, will also permit connections to be initiated from zone B to zone A.
False – the rules are stateful, so it is possible to allow connections to be initiated in one direction, but deny them in the reverse
direction.
false To allow connections to be initiated in both directions, you would need permit policies for both AàB and BàA.

71) What is required for us to de-duplicate SSL traffic and why do we need to do it?
The certificate and encryption keys so we can act as a man in the middle

72) What tunnel protocol is used by Silver Peak appliances by default?

IPSec_UDP
ipsec-udp

73) What type of encryption is used to secure Silver Peak tunnels?

256
256bit
bitAES
AES

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 37 of 155
 INSTRUCTOR VERSION

Review #14: Interface Labels and Deployment

Profiles
74) True/False: An interface labeled ‘Voice’ only allows VOIP traffic.
False – it’s only a label

75) True/False: A deployment profile defines how many interfaces and sub-interfaces will be
configured for an appliance.
True

76) Does a deployment profile…

a) Contain IP addresses?
No, these will be different for each site, so they must be filled in when the profile is applied

b) Include VLAN numbers?

Yes

c) Contain ZBF (Zone Based Firewall) security policies?

No. It does contain the zone label, but the policies are configured as part of a template group.

77) Customers need to access a LAN-side web server inside a branch office – see diagram.
What WAN-side (Internet) firewall settings and features should be used?
Stateful+SNAT and Inbound Port Forwarding. You could also set the interface to Allow All, but this should be avoided as a high
security risk.

lan0 wan0 wan0 lan0

Internet

78) What is the purpose of the NAT flag?

To tell orchestrator whether to build a tunnel to the internal or external NAT’d address of the device.

79) True/False: Your network branch offices have overlapping local subnet addresses in the
192.168.x.x space. Enabling Stateful+SNAT will hide the overlap because the tunnel
traffic will be NAT’d.
False – this only controls the mapping of internal LAN source addresses to external WAN addresses for passthrough traffic.
Tunnel
false traffic is never NAT’d.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 38 of 155
 INSTRUCTOR VERSION

Review #15: Template Groups

80) Why do we use Template Groups?
Simplify, savetasks,
simplifying time, reduce
reducerisk.
possibility of making mistake

81) Where can you get an explanation of template fields?

Click on the question mark help icon.

82) How do you determine where a template will be applied?

Select them in tree view.

83) How do you determine which template will be applied?

They are in the Active section.

84) Some templates replace all the configured entries on the appliance unless you select:
Merge

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 39 of 155
 INSTRUCTOR VERSION

LAB 3: Configuring Groups and Labels

Overview
Interfaces can be labeled with an arbitrary identifier like Voice or Data
æ LAN side interface labels can be used to route traffic into a specific overlay by matching packets
entering the appliance through a labeled interface to a designated overlay.
æ WAN side labels are used by Orchestrator to identify which interfaces should be connected via
tunnels. In a later lab, we’ll create Business Intent Overlays which will use the labels to identify how
traffic entering an appliance should be handled in the network, and Orchestrator will build the
appropriate tunnels
Groups are used to logically organize appliances for ease of management. Placing an appliance
in a group does not change its configuration or the way it functions

Objectives
æ Create interface labels to be used when creating a deployment profile and applying it to a site
æ Create Groups to organize your appliances as you install them

Task 1: Create Groups

1. In Orchestrator, right-click Group 1 in Tree View and select Rename

2. Change the name to “US-West”.

3. Click OK
Note: Pressing <Enter> will default
to cancel
4. Create two new groups under US-
West
a. From Tree View, Right-click US-
West
b. Select Add Group.
c. Name it “North Bay”.
d. Click OK

5. Click the arrow next to US-West to display the new group.

6. Repeat the steps to add another new group under US-West. Name this one “South
Bay”

We’ll organize our appliances under the new groups we just created when we install them.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 40 of 155
 INSTRUCTOR VERSION
7. Create a new label for a LAN interface in Orchestrator, by
selecting CONFIGURATION à OVERLAYS à Interface Labels.

8. Examine the pre-defined LAN and WAN interface labels.

9. Add a LAN label called “Campus”.

a. Click New Label.

b. Click lan.
c. Label Name: Campus
d. Click Done.
e. Click Save.
Note: If you click Close without saving
you will lose your work.

CONTINUE WITH NEXT LAB…

unless directed otherwise by your instructor

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 41 of 155
 INSTRUCTOR VERSION

LAB 4: Configure Deployment Profiles

Overview
In this lab you will create Deployment Profiles which determine the interface configuration and
more on the appliances. These are used like templates for appliances

Objectives
æ Learn the skills necessary to create and save a deployment profile
æ Make 3 types of profiles to apply to different types of sites in a later lab

Task 1: Configure a Deployment Profile for a Hub Site

All of our sites use both internet and
MPLS, so we’ll want to start by
customizing one of the pre-built
deployment profiles that uses that
configuration.

1. In Orchestrator, select
CONFIGURATION à
OVERLAYS à Deployment
Profiles

2. A default profile will be displayed, depending

on which version you are running.
Note that the profile defaults to “Router” (Inline
Router Mode), which use is recommended as a
best practice.

3. Click the Profile Name dropdown menu and

select MPLS + Internet Branch

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 42 of 155
 INSTRUCTOR VERSION

4. On the LAN-side, click +IP (under the “Interface” box).

Note: This adds sub-interfaces under the lan0 interface.
5. Repeat the above one more time to add a second sub-interface.

6. Configure a Deployment Profile for a Hub Site.

a. Select the appropriate drop-down interface Labels:
£ lan0: Voice ßPrimary (top)
£ lan0: Data ßSub-interface (middle)
£ lan0: Campus ßSub-interface (bottom)
£ wan0: MPLS1
£ wan1: INET1
b. Configure VLANs on LAN interfaces.
£ Set the lan0 sub-interface labeled Data to 131
£ Set the lan0 sub-interface labeled Campus to 132
c. Configure Firewall settings on the WAN interfaces by selecting, under FW Mode, the
following drop-down options:
£ wan0: Allow All
£ wan1: Stateful+SNAT
d. Set Bandwidth for both WAN interfaces (on right)
£ wan0: 4000 up, 4000 down
£ wan1: 4000 up, 4000 down
e. Click ‘∑Calc’
This adds the interface bandwidth settings to fill in the Total Outbound field to 8000
f. Confirm the NAT Flags settings under the Next Hop field is set as follows:

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 43 of 155
 INSTRUCTOR VERSION
£ wan0: Not behind NAT
£ wan1: Not behind NAT

g. Configure Boost: 8000

h. At the bottom-left of the window, click Save As.

You may have to scroll down if you window isn’t big enough or
zoom out your view.
Or, you may have to adjust the Zoom level of your browser to
90% or some other value see it.

i. Name the Deployment Profile Hub Site and remember to click Save.

Task 2: Configure Deployment Profile for a Campus Site

with 2 Data Centers

7. Create a new profile by altering the

existing one and saving it with a new
name
a. Bandwidth
£ wan0: 2000 up / 2000 down
£ wan1: 2000 up / 2000 down

8. Click ∑ Calc
This adds the interface bandwidth
settings to fill in the Total Outbound
field

9. Boost: 4000

10. Click Save As

11. Name the new profile “Campus” and
click Save.
Tip: Adjust Chrome’s zoom level if the
buttons are greyed out.

Note: For convenience we’ve kept the

interfaces, VLAN numbering etc the
same as the first site, but they could be
completely different from profile to profile.
The Labels on WAN interfaces are what will be mapped into the network fabric created by the
Orchestrator from the Overlays (which we’ll configure in a later step)

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 44 of 155
 INSTRUCTOR VERSION
Task 3: Configure a Deployment Profile
for a Branch Office
12. Remove a sub interface.
a. Click the X next to the right of the bottom lan
sub-interface (vlan 132) to remove it.
b. There should now be only 2 lan0 interfaces.

13. Click Save As

14. Name the site “Branch”, then click Save.

Task 4: Verify the correct Deployment Profiles were created

15. Confirm you have the following 3 profiles listed in the dropdown menu:
£ Campus
£ Hub Site
£ Branch

CONTINUE WITH NEXT LAB…

unless directed otherwise by your instructor

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 45 of 155
 INSTRUCTOR VERSION

LAB 5: Template Groups Configuration

Overview
Template groups allow you to configure and store common settings that can then be applied to
one or more appliances. Each template contains a set of related configuration settings of a
particular type, like SNMP or TACACS+. The collection of all the templates is called a template
group. Multiple template groups can store multiple sets of settings to be applied to appliances
with different configuration requirements across your network

Objective
This lab will teach you how to configure and store a template group and the associated settings.
These templates will be applied when installing appliances or can manually be applied at any
time

Task 1: Create a template group

1. Select CONFIGURATION tab à
TEMPLATES & POLICIES à Templates to open
the Templates tab.
2. Click Show All to display all the templates.

æ Active Templates listed will be applied to appliances.

æ Available Templates can be used and added as part of a Template group,
but and will be ignored when the template group is applied

IF YOU DO NOT SEE THE

AVAILABLE TEMPLATES ON
THE RIGHT OR ARE HAVING
TROUBLE DRAGING
TEMPLATES: Try widening your
browser window and/or modify the Chrome
zoom settings until it becomes visible.

3. Remove unneeded Active Templates.

a. Click and Drag all the templates to the Available
Templates column except
£ DNS
£ Date/Time
£ Session Management

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 46 of 155
 INSTRUCTOR VERSION
Note: It doesn’t matter where you drop the templates in the list, they will automatically arrange
themselves in the correct order

4. Add additional templates

a. From the Available Templates column, Click and Drag User Management to the Active
Templates column

5. Your list should now look like this:

6. Click Hide

7. Configure the Date/Time template.

a. Select the Date/Time template
£ Time Zone: US/Pacific
£ NTP Time Synchronization: þ (selected)
b. Click Add to add a new the NTP server
£ Server IP: 192.168.1.251
£ Version: 3
8. Delete any other servers with the X in the last
column

9. Select the
Session
Management
template
10. Configure the
Auto Logout to
60 minutes

11. Select the User Management template

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 47 of 155
 INSTRUCTOR VERSION

12. Click on the Password for the Admin account and set the password to Speak-123

13. Save As underneath the Active Templates

14. Name the group “Main”, then click Save.

æ We created a template group with only four active templates to illustrate how it
is done. Obviously you can control a number of different configuration
parameters with template groups using multiple active templates.

æ This is standard practice across our customer base and on Silver Peak’s internal
network.

STOP HERE

Do not move on unless directed otherwise by your instructor

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 48 of 155
 INSTRUCTOR VERSION

Review #16: Business Intent Overlays

85) What are the three match choices for placing incoming LAN traffic into an overlay?
Overlay
overlayACL,
acl, LAN Port, and
appliance aclAppliance ACL

a) Which is the most used?

Overlay
overlayACL
acl

86) What are the three Service Level Objective options?

Loss,
Loss,Latency andJitter
Latency, Jitter

87) How does an overlay treat a SLO parameter set to ‘0’?

Ignores
ignore it

88) In the overlay list, which Business Intent Overlay has the highest priority—the top or
bottom?
Top
top one

89) You have two Business Intent Overlays, shown in order. If IP phone traffic arrives on the
“Data” port, which BIO is used? :
• All - matches all traffic coming in on the LAN0 port labeled Data.
• VOIP - matches IP phone traffic based on an ACL.

The
all ALL BIO—It will be first in the list (highest priority) it matches everything. The VOIP BIO will never get any traffic.

90) If no overlays are matched, how will the packet be handled?

It will match the default route policy (65535). A subnet routing table lookup will be done. If there is a match, the packet will be
placed in an underlay tunnel to the destination. If there is no match, the fallback action for the default route policy will be
executed.
default policy

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 49 of 155
 INSTRUCTOR VERSION

LAB 6: Configuring Business Intent Overlays

Overview
æ A Business Intent Overlay (BIO) specifies how traffic with specific characteristics will be handled in
the network. Multiple Business Intent Overlays can be created for each type of traffic.
æ Which traffic matches a specific Business Intent Overlay is determined either by the label on the
interface through which it enters the appliance, or by matching traffic
to an access list.
æ The Business Intent Overlays control things like the WAN ports and
network types to transmit the traffic over, and what to do if the
preferred links go down or fail to meet specified performance
thresholds.
æ Orchestrator uses Business Intent Overlays to dynamically build and
maintain overlay networks, for example, which sites to build tunnels
between and how the network should update the routing of traffic
when conditions change

Objective
æ Configure the dynamic topology and behavior of the of the overlay network created by the
Orchestrator between appliances.
æ Create Business Intent Overlays that will apply to all the sites in your lab network.

Task 1: Review BIO Main Screen

1. In Orchestrator, select CONFIGURATION àOVERLAYS à Business Intent Overlays
2. At the top, notice options to jump to various BIO related screens
(orange box in diagram below)

There are four default overlays created for you, which are summarized in a table.

æ Rows denote indicate individual BIOs:

1: RealTime
2: CriticalApps
3: BulkApps
4: DefaultOverlay

æ Columns show a high-level view of the configured BIO options:

1: Priority
2: Overlay
3: SD-WAN Traffic to Internal Subnets
4: Breakout Traffic to Internet & Cloud Services

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 50 of 155
 INSTRUCTOR VERSION

3. PRIORITY Column – There are two options to configure:

a. Reorder
1: Click and Drag the == up to reorder DefaultOverlay
to priority 3 (above BulkApps).
Notice how the priority number changes when you let go of the
button
2: Move the DefaultOverlay back to its original
priority of 4 by dragging it back down
b. Delete

4. Clicking on each
remaining section
will bring you to a
specific area of the
Overlay Configuration
Page

5. Practice navigation
within the
RealTime Overlay
a. Click on the
Overlay box for
RealTime

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 51 of 155
 INSTRUCTOR VERSION
b. Click Cancel to go back to the Business Intent Overlays Screen

Task 2: Configure the RealTime Overlay to Match CIFS Traffic

6. Click on the RealTime overlay to edit the SD-WAN Traffic to Internal Subnets.

7. Click on the (Pencil icon)

to the the right of the list of
ACL application matches.

8. Click Add Rule.

A new rule will be added to the bottom with the
Match Criteria being Match Everything.
9. Click on the (Pencil icon) to the the
right of Match Everything.

10. Check the box next to Application.

11. Type CIFS.
12. Select Cifs_smb from the drop-down.
13. Click Save to close the Match Criteria
window.
14. Click Save to close the Associate ACL
window.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 52 of 155
 INSTRUCTOR VERSION
Task 3: Configure the rest of the RealTime Overlay

15. Configure the following parameters:

£ Topology: Mesh
£ Link Bonding Policy: High Availability

£ Primary WAN Links: MPLS1 and INET1

£ Cross Connect: None (all labels)
£ Backup WAN Links: None (empty)
£ Drag all other Interfaces to the Available Interfaces box

£ FW Zone: Default
£ Boost this Traffic: Disabled
£ Peer Unavailable Action: Drop
£ Traffic Class/DSCP: 1 (RealTime)
£ LAN DSCP: trust-lan
£ WAN DSCP: trust-lan

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 53 of 155
 INSTRUCTOR VERSION
16. Click on the Tab for Breakout Traffic to Internet & Cloud Services.

17. Drag Break Out Locally to the right under Available Policies.

18. The options for Break Out Locally Using These Interfaces will disappear.

19. Preferred Policy Order: Backhaul Via Overlay (only)

20. Click OK.

21. The Main Business Intent Overlay configuration should look like the following for
Realtime.

22. Review the changes outlined in gold.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 54 of 155
 INSTRUCTOR VERSION
Task 4: Modify the CriticalApps Overlay
23. Using the steps above configure the CriticalApps overlay’s SD-WAN Traffic to Internal
Subnets as follows…
£ Match Traffic: Overlay ACL
£ Application: accept defaults

£ Topology: Mesh
£ Link Bonding Policy: High Quality
£ Primary: MPLS1
£ Backup: INET1
£ Drag all other Interfaces to the Available Interfaces box

£ Add Backup if Above are: Not Meeting Service Levels (formally Brownout)
£ Cross Connect: None (for all labels)

£ Service Level Objective Loss = 5%

£ FW Zone: Default
£ Boost this Traffic: Enabled
£ Peer Unavailable Action: Drop
£ Traffic: 2 (CriticalApps)
£ LAN DSCP: trust-lan
£ WAN DSCP: trust-lan

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 55 of 155
 INSTRUCTOR VERSION
24. Configure Breakout Traffic to Internet & Cloud Services the same as RealTime…
25. Drag Break Out Locally to the right under Available Policies.
26. Preferred Policy Order: Backhaul Via Overlay (only)

27. Click OK.

28. The Main Business Intent Overlay configuration should look like the following for
CriticalApps.
29. Review the changes outlined in gold.

30. Click Save and Apply Changes to Overlay.

Note: We will make use of a 3rd Overlay in a later lab and will not configure the others at this
time.
31. Click Save.

CONTINUE WITH NEXT LAB…

unless directed otherwise by your instructor

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 56 of 155
 INSTRUCTOR VERSION

LAB 7: Completing Appliance Configuration

Overview
In this lab you will finish setting up two ECV VMs. These virtual appliances are partially installed.
You will complete basic configuration, register them with the cloud portal and add them to the
Orchestrator.

Objective
æ Familiarize yourself with the concept of Port Groups in VMware ESXi
æ Run through the appliance’s Initial Configuration Wizard
æ Observe the appliance self-registration with the cloud portal.
æ Obtains licenses and serial number from the portal.
æ Observe and complete the registration process with Orchestrator/GMS.
æ Learn to configure inline router mode

Task 1: Familiarize Yourself with vSphere Virtual Networking

For this next part, it is beneficial to understand a little bit about the VMware ESXi Virtual
Networking. Specifically, what Port Groups are and how they allow for the networking of the
various virtual machines. You will need to complete this to run the EdgeConnect’s Initial
Configuration Wizard.
1. This topology diagram
shows four network
connections from
ECV-65
2. VMware uses a
Virtual Switch
(vSwitch) to connect
Virtual NICs (vNICs).
3. Since the VMs are not
actually using
physical cables to
connect to a physical switch, we need to tell the vSphere Client how each interface is
virtually connected using
Port Groups.
4. Think of a Port Group as a virtual lan segment
5. Thus, a Port Group is a logical connection between multiple VMs.
6. The red circles above indicate Port Groups that ECV-65 is using for connectivity…
a. to TG-12 using its lan1.12 interface via Port Group #12
b. to PC1-2 and PC-2 using its lan0 interface via Port Group #11
c. to something off the top-right using the wan0 interface via Port Group #10
d. and to the Management Port Group off of mgmt0

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 57 of 155
 INSTRUCTOR VERSION
Task 2: Associate your lab Port Groups to their correct VMs
7. To do this we must associate the MAC addresses of the Virtual Network Interface Cards
(vNICs) on each Virtual Machine (VM).
8. Focus on the interface connections for ECV-1 from the LAB TOPOLOGY DIAGRAM and
notice the Port Group Numbers they are connecting with:
9. lan0 is connected via Port Group 2
10. wan0 is connected via Port Group 3
11. wan1 is connected via Port Group 4

Task 3: Note the MAC Addresses of ECV-1 Interfaces

12. From the ESXi browser window, Select ECV-1.

13. To the far right of the browser window will be the Hardware
Configuration section

14. Click the arrow next to Network Adapter 1 to expand its NIC properties.
15. This is the network adapter that goes to the management network.
16. Below that, other network adapters connect to Port Groups 2, 3 and 4.
17. Click on the arrows of the other three Network Adapters to expand their properties.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 58 of 155
 INSTRUCTOR VERSION
18. View each Network Adapter’s properties and record the last 2 digits of each MAC
address in the table below.

Note: The MAC addresses you see in your lab environment for the network adapters will
probably be different from the ones in the screen shots in these instructions.

ECV-1 PORT GROUP to INTERFACE MAC ADDRESSES

MAC address
Interface Summary Appliance Interface
(Last 2 digits)

Network Adapter 1 Management c4 mgmt0

Network Adapter 2 2 ce lan0

Network Adapter 3 3 d8 wan0

Network Adapter 4 4 e2 wan1

Task 4: Obtain IP Address and Log into ECV-1’s Appliance Manager

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 59 of 155
 INSTRUCTOR VERSION
The ECV-1 VM has already been installed, but not yet completely configured. The next few
steps illustrate an alternate method of determining the IP address of a device.

19. Click on Console

20. Click on Open in New Window
21. Locate the IP address assigned by DHCP.
(IP address may differ from screenshot).
22. List the appliance IP Address here:

192.168.1.41
__________________________

Remember: If your mouse gets stuck in the console window, use <CTRL>+<ALT>
( <CTRL>+<OPTION> on a Mac) to regain cursor control

23. Close the Console window

24. Connect to the Appliance Manager on ECV-1 by opening a new tab in your Chrome
browser (CTRL-T), and enter to the address of ECV-1 using the address documented in
the previous step.

a. Make sure to use https://<your address>

as shown in the example above.
Just using the IP address alone (without the https://)
may not work

b. Click through any browser security warnings as before.

Task 5: Complete the Initial Configuration Wizard for ECV-1

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 60 of 155
 INSTRUCTOR VERSION
25. Login as admin/admin
26. If present, click the Save Changes button at
the top of the screen.

27. The Initial Configuration Wizard should appear.

a. If it does not start, click on the CONFIGURATION tab à SYSTEM & NETWORKING à
Initial Config Wizard

28. Name the appliance ECV-1

29. Assign MAC addresses to each Hardware Interface

a. Click unassigned in the MAC column for lan0
b. Select the corresponding MAC address from the ECV-1 Port Group to Interface MAC
Addresses table above.

30. Repeat for mgmt0

31. Repeat for wan0

32. Repeat for wan1

Warning: The interface
names here are in a
different order than the
table you filled out above,
which is why we are using
the Table. Make sure you
match the correct MAC
addresses to the correct
Network Port Group!
• If you assign the
addresses incorrectly, your
appliance will not connect
to the network properly
and your browser
connection may stop
working!

33. Copy the Account Name from the License.txt file

AVOID ERRORS:
from the Notepad file.
Always COPY andPASTE
the Account Name and
34. Paste the Account Name into the Account Name Account Key
field in the Configuration Wizard

35. Repeat the steps for the Account Key

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 61 of 155
 INSTRUCTOR VERSION
Remember: You MUST use the same account name and key on the appliances and
Orchestrator, the cloud portal will think they belong to different accounts, and you will not be
able to register the appliance.

36. Click Save.

37. Click Yes, reboot Now.

Task 6: Configure mgmt0 Static IP Address for ECV-1

38. Log back into the EdgeConnect

£ Username: admin
£ Password: admin

39. The Configuration Wizard will still be showing, verify MAC address assignments and the
Account Name and Account Key are shown, per above image.
40. Click Cancel to close it.
41. At the top of the screen
click Save Changes.

42. Click on ADMINISTRAION à BASIC SETTINGS à Hostname/IP

The Hostname/IP window will open

43. Uncheck the box for DHCP

(it may take a couple of clicks)

44. Click in the cell for IP Address/Mask

Note: A DHCP address would work just fine, but as a best practice Silver Peak recommends
assigning a permanent IP address to avoid having to wait additional time for the network to
reconverge in event of a device reboot that resulted in it getting a different address.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 62 of 155
 INSTRUCTOR VERSION
45. IP Address/Mask:
192.168.1.4/24
46. Next-hop IP:
192.168.1.253
This is the Default Gateway

47. Click Apply

48. You will get a warning message.

Click Change Management
Address.
Your browser will be redirected to the new
management address you assigned.

49. Log back into ECV-1

50. Username/Password: admin/admin

51. At the top of the Appliance page, click Save

Changes.

Task 7: Configure ECV-2 with Minimal Directions

You will essentially complete the same steps for ECV-2 because like ECV-1, ECV-2 VM has
already been installed, but not yet configured. As an added challenge, this time, you will not
have Step-by-step instructions.
æ The next few steps illustrate an alternate method of determining the IP address of a device.
52. From the ESXi GUI, select ECV-2 from the list of Virtual Machines.
53. Click on the thumbnail image of the Console at the top-right of ECV-2’s Configuration
window.
54. Obtain the IP Address of ECV-2. Write it down here:

55. Log into ECV-2’s Appliance Manager.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 63 of 155
 INSTRUCTOR VERSION

Reminder: In this Task, you will PRACTICE

CONFIGURATION of ECV-2 WITH MINIMAL INSTRUCTIONS

As an added challenge, the rest of the ECV-2 configuration

will not be so step-by-step.
If you need get stuck, use the Tasks above as a guideline for
doing the exact same thing for ECV-2.

56. Here is the table to record the last 2 digits of each Network Adapter’s MAC address.
ECV-2 PORT GROUP to INTERFACE MAC ADDRESSES
MAC address
Interface Port Group Appliance Interface
(Last 2 digits)

Network Adapter 1 Management 2c mgmt0

Network Adapter 2 5 36 lan0

Network Adapter 3 6 40 wan0

Network Adapter 4 7 4a wan1

57. Complete the Initial Configuration Wizard.

58. Configure mgmt0 IP Address for ECV-2: 192.168.1.5/24
59. Configure Next-hop IP: 192.168.1.253

60. Log back into ECV-2 after being redirected to new IP Address.
61. If prompted, click Save changes and reboot.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 64 of 155
 INSTRUCTOR VERSION

Review #17: BIO and Appliance Configuration Labs

91) What are the four default Business Intent Overlays?
RealTime, CriticalApps, BulkApps, and DefaultOverlay
realtime, critical

92) What is the purpose of a Port Group?

To designate how virtual Network Adapters are connected to other devices

93) Describe how one can view the MAC addresses of the Network Adapters in ESXi:
Look at the settings of each appliance from the Hardware Configuration section in the VMware ESXi management GUI

94) True/False: It is best practice to use DHCP to assign the IP Address for mgmt0:
False
false

95) True/False: For licensing purposes, the Account Name used is always the same, but the
Account Key is different on each device:
False
false

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 65 of 155
 INSTRUCTOR VERSION

LAB 8: Complete Registration of ECV-1 and

ECV-2 in Orchestrator
Overview
Once an appliance has been correctly registered and MAC addresses have been associated to
network segments (for Virtual EdgeConnects), they should be detected by the Orchestrator.

Objectives
æ View and confirm ECV-1 and ECV-2 were discovered by Orchestrator
æ Approve ECV-1 and ECV-2 within Orchestrator
æ Complete the Registration of ECV-1 using the Step-by-Step instructions
æ Complete the registration of ECV-2 without Step-by-Step instructions

Task 1: Confirm ECV-1 and ECV-2 have been discovered by Orchestrator

and Approve them
1. In your browser, go to Orchestrator and login.
a. Close/Dismiss out any warning pop-ups
2. At the top of the Orchestrator page, you should see a green Appliances Discovered
message
This indicates that new machines have been found. The appliance that you configured,
reached the Cloud Portal, and the Cloud Portal told your Orchestrator about them
3. Click on the Appliances Discovered message.
This should open the DISCOVERED APPLIANCES tab.
a
4. Confirm IP Addresses for ECV-1 (192.168.1.4) and ECV-2 (192.168.1.5) are
correct.
a. If not, click on Refresh Discovery Information button
5. Click the Approve button for ECV-1.
Make sure you pick the correct appliance from the list by looking at its Hostname or IP
address. ECV-1 may not be on top.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 66 of 155
 INSTRUCTOR VERSION

6. If you get any prompts to Upgrade Appliance,

click Skip.

7. Complete the registration for ECV-1 using the

following parameters:
£ Hostname: ECV-1
£ Group: North Bay
£ Admin Password: Speak-123
£ City: San Francisco
£ State: California
£ ZIP Code: 94111
£ Country: US

8. Click Next.

9. From the dropdown menu, select the Hub Site Deployment Profile.

10. Configure the IP addresses for the LAN interfaces:

£ Voice: 10.110.10.100/24
£ Data: 10.110.13.100/24
£ Campus: 10.110.14.100/24

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 67 of 155
 INSTRUCTOR VERSION

11. Configure the IP addresses for the WAN interfaces:

£ MPLS: 10.110.11.100/24
Next Hop 10.110.11.1
£ Internet: 10.110.12.100/24
Next Hop 10.110.12.1
12. Click Next.

13. Screen #3 is
for setting up
Loopback
Interfaces.
We will not
configure any
Loopback
Interfaces in this
class.
14. Click Next.

15. Add Local Routes is for configuring additional subnets that the Silver Peak wasn’t
directly attached to. If you want to advertise them to peers, you would configure them
here.
They can also be added later if needed. We don’t have additional local subnets at this site.
16. Leave the box selected for Use shared subnet information þ (Selected)

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 68 of 155
 INSTRUCTOR VERSION
17. Check the box for Automatically advertise local LAN subnets þ (Selected)
18. Click Next.
19. Select the following Business
Intent Overlays boxes for this
site.
£ RealTime
£ CriticalApps

20. Unselect everything else.

21. Select the following Template

Group box for this site:
£ Main
22. Unselect everything else.
23. Click Apply.

You should get an indication of success for all the operations. If

everything looks ok, click Close.

Note: Occasionally an operation will time out. If this happens,

click Go Back, and then after 30 seconds or so, or if the
appliance is rebooting, after it finishes, click Apply again.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 69 of 155
 INSTRUCTOR VERSION

Task 2: Complete Registration of ECV-2 in Orchestrator

24. Click the Approve button for ECV-2.

25. Repeat the same steps from the previous task; with the following parameters:
£ Hostname: ECV-2
£ Group: North Bay
£ Admin Password: Speak-123
£ Address 1: 1 Centennial Drive
£ City: Berkeley
£ State: California
£ ZIP Code: 94720
£ Country: US

26. Deployment Profile: Branch

27. Voice IP: 10.110.20.100/24
28. Data IP: 10.110.23.100/24

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 70 of 155
 INSTRUCTOR VERSION
29. MPLS1 IP: 10.110.21.100/24
30. MPLS1 Next Hop: 10.110.21.1

31. INET1 IP: 10.110.22.100/24

32. INET1 Next Hop: 10.110.22.1

33. Click Next.

34. Click Next.

We will not configure any Loopback Interfaces in this class.

35. Add Local Routes:

a. Leave the box selected for Use shared subnet information þ (Selected)
b. Check the box for Automatically advertise local LAN subnets þ (Selected)

36. Click Next.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 71 of 155
 INSTRUCTOR VERSION

37. Select Business Intent Overlays:

£ RealTime
£ CriticalApps
38. Select Template Groups:
£ Main

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 72 of 155
 INSTRUCTOR VERSION

39. Click the arrow next to the North Bay group in Tree View to
expand it if is not already showing.

Take a 10-minute break. You should see the new

appliances listed after you return.

Note: When the devices come up, you may see different errors and
alarms come and go while they are rebooting and Orchestrator is configuring underlay and
overlay tunnels.

40. You may also see NTP

warning messages from
an appliance saying it
can’t reach the NTP
server (192.168.1.251).
If you have correctly
configured the NTP
server address, these
are nothing to worry
about and will clear
eventually. It can take
15 minutes or more for
the appliances to sync
to the server and alarms to clear.

NOTE: There is a cosmetic bug in this version of code that indicates a missing hub for mesh
overlays when none are required. This can safely be ignored.

Task 3: Verify the SD-WAN

41. Locate the topology diagram on the DASHBOARD tab (MONITORINGà SUMMARY à
Dashboard).

By default, the map

server view is
displayed. They have
been placed on the
map at the physical
addresses you entered
during the installation.
Depending on your
screen resolution
and/or browser zoom
settings, the default
view may show the appliances too close together to resolve them into separate sites.
You can zoom in or out using the + and – buttons until you can see the devices you added.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 73 of 155
 INSTRUCTOR VERSION
42. Click on the gear icon at the upper right corner of the map for settings.
43. The settings for map
type, grouping radius
etc., are displayed,
along with a legend
that shows the
meanings of the
different colors that
are used to show
appliance and tunnel
status. You can use
the vertical slider on
the right to see the
rest of the color
explanations.
a. If not already, Drag the Grouping Radius slider all the way to the left to separate the
appliances in the display
44. Click the settings icon again to hide the legend/settings pop up.
45. At the bottom-right, you can also adjust the zoom level directly from the Topology
widow.
a. You can zoom in or out using the + and - buttons.
Zoom in (+) and drag the map around if needed to display the diagram as shown below.
Note: After the appliances finish booting, since both appliances are part of the Data and Voice
overlays, the Orchestrator will build tunnels between them. This will be shown as a green line
connecting them. This might take a while.

46. Observe the color changes in the appliance outlines and the tunnels that connect them
as the appliances go through the various stages of reboot, reconnection and
synchronization.

While one or both are rebooting and/or resyncing, the Orchestrator may show different color
outlines around the appliances. Red (shown above) means the Orchestrator can’t talk to the
appliances. This should clear after the appliance finishes booting and resumes communication
with the Orchestrator. The color of the tunnels will also change to a color other than green if any
connectivity issues are detected.

Take a 10-minute break. It will take a while for the tunnels to stabilize.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 74 of 155
 INSTRUCTOR VERSION
Note: If it takes too long for the tunnel to turn green (you’ve been waiting more than ten
minutes since the appliances reconnected and no longer have colored outlines around them), it
can be simply because the Orchestrator hasn’t updated its status. You can select both
appliances in Tree View on the left and then go to ADMINISTRATION à TOOLS à
Synchronize to force an immediate resynch.

You might also need to refresh the browser by clicking the

refresh button.

47. Make sure All Overlays is selected as shown in the

picture above.

æ Notice there are four underlay tunnels – one in

each direction for each appliance for each
overlay. The suffix in each tunnel name identifies
which wan connections it is associated with. Remember we set up an ‘MPLS’
label and an ‘Internet’ label for the two WAN interfaces in our deployment
profiles.

Note: If Cross Connect had been checked in the Business Intent Overlays, and the network
connections supported it (not possible in our lab), then MPLS-Internet and Internet-MPLS
connections might have been brought up too.

48. Hover your mouse over the tunnel connection (the

green line) until the line appears to thicken.

49. Click on the tunnel and you should get information as shown below:
It is OK if ECV-1 and ECV-2 are on opposite sides as shown.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 75 of 155
 INSTRUCTOR VERSION
a. A representation of the connection of the tunnel you clicked on is shown with the
perspective of the Local Appliance being ECV-1 and the Remote Appliance being
ECV-2.
£ If we had more devices you can change the information displayed in the table below
via a drop-down selection.
b. The top-left of the screen shows that there are 12 tunnels and only 2 of them are
currently displayed.
c. Click on the Plus sign to expand the tunnels for each Overlay.

You should
now be
able to see
a row for
each
individual
tunnel.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 76 of 155
 INSTRUCTOR VERSION

50. Click on the Charting Icon in the Live View column next to one of the tunnels.
After a minute or so, you should see something like this:

æ Orchestrator will immediately begin creating a real-time chart for bandwidth

usage. Several charting options are available. We are not moving any data at
this point, so all that show are keepalive packets. The color coding indicates
status of the overlay and underlay tunnels. Green is good. The graph shows BW
usage.

51. Close the Live View window.

52. Close the Tunnels window.

53. Select both Appliances in Tree View by clicking on

the group North Bay.

54. In the Search Menu next to Support, Type

Tunnels.

55. Click on CONFIGURATION à NETWORKING à TUNNELS à Tunnels.

æ This is a nice shortcut to get to a particular configuration area quickly.
Here, you can find more information that is available about each tunnel.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 77 of 155
 INSTRUCTOR VERSION
56. Underlay tunnels are shown by default. If they are not shown, click Underlay now.

Remember that Underlay tunnels carry the logical connections in the overlays. Note that all
tunnels use IPSec_UDP encapsulation. The full length of the tunnel names that are too long to
display, can be moused over to display complete information. Columns can be resized, but the
effect is only temporary while the tab is being viewed.

57. You can also see which Overlays

are associated with the underlay
tunnels.

58. Click on the Charting Icon in

the in the Traceroute column on the
right side of the table. You’ll see
latency hop by hop for the path the
tunnel takes.
59. Click Overlay. Notice the names of
all the tunnels contain a suffix
associated with the names of the
Business Intent Overlays we
configured which caused these
logical connections to be made.

On the right side is a list of

associated Underlay Tunnels used by each overlay tunnel. Mouse over the name to
show the full list if it doesn’t all fit in the column.

Task 4: Test the connection between Sites 1 and 2 by connecting to TG-

01

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 78 of 155
 INSTRUCTOR VERSION

60. Open an RDP session by clicking the RDP-mstsc client icon on your
Desktop.

61. Connect to TG-01 using IP Address 192.168.1.10

a. Username: Administrator
b. Password: Speak-123

Again, click Cancel to close any Windows Activation or

Shutdown Event Tracker windows that may appear.

62. In Orchestrator, make sure all the North Bay appliances are
selected in Tree View.

63. Select MONITORING à FLOWS à Active and Recent Flows to

open the Flows tab.

64. Go back to your RDP session to TG-01. Open a

CIFs session to TG-02 (10.110.20.11).

65. Double-click the TG-02

Files icon on the desktop.

66. A file explorer window will

open showing the file share
on TG-02.

67. Go back to Orchestrator and

Examine the Flows tab.
a. Click (the refresh
button).

68. There are flows on ECV-1 and ECV-2. Look at your topology diagram to understand why
these appliances are carrying the flows. The name of Outbound Tunnels are to_ECV-
1_RealTime and to_ECV-2_RealTime.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 79 of 155
 INSTRUCTOR VERSION

These automatically created name will carry a suffix (_RealTime) that indicates the name of
the associated Business Intent Overlay: the RealTime overlay.

Hint: Sort the most recent flows to the top by clicking on the Uptime column heading.

Warning: If you don’t see flows, they might have timed out. Try going back to the RDP session
where you have the CIFS connection open, right-clicking on the file share window and select
Refresh. Then come back to the flows window and click on the refresh icon (next to the Clear
button above).

Note: If you see flows using port 443, you can ignore them. They probably have a local source
address on the appliance and if so, they are just the appliance trying to establish a connection
to the Cloud Portal via the data path interfaces, which isn’t possible in our environment.

We’ll look at flows more deeply in a later lesson.

69. Close the CIFS connection on TG-01 by closing the window.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 80 of 155
 INSTRUCTOR VERSION

Review #18: Orchestrator Registration Lab

96) Name some things that could prevent the Appliance Discovered button from showing:
Wrong or missing license name or key; Next-hop address not configured properly for mgmt0; not clicking Save Changes

97) True/False: Appliances must always be manually approved by an Administrator:

False. Using Zero Touch Provisioning, there is an option to “Automatically Approve”

98) Why might the wrong IP Address show up in the Appliances Discovered tab?
The Orchestrator may have the previous dynamic IP in its table.

99) What should you do if this is the case?

Click on the
wait for Refresh Discovery
refreshing the cachedInformation
info button

CONTINUE WITH NEXT LAB…

unless directed otherwise by your instructor

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 81 of 155
 INSTRUCTOR VERSION

LAB 9: Configure a Hub and Spoke Business

Intent Overlay

Overview
ACLs can be used to identify sources of traffic to be directed into a particular overlay. The first
thing we’ll do in this lab is modify an ACL we can use to direct a particular type of traffic into an
overlay. Then we’ll create a Hub & Spoke overlay that makes use of the ACL as a traffic source
using ECV-1 as the Hub.

Objective
æ Practice creating a Hub & Spoke overlay.
æ Create, configure and apply ACLs in a Business Intent Overlay.
æ Configure a BIO with a Hub and Spoke Topology.
æ Apply the Hub to the BIO.

Task 1: Configure a New BIO using an ACL to match FTP traffic

1. Go to the Business Intent Overlays tab.
(CONFIGURATION à OVERLAYS à Business Intent Overlays)
2. Click the +New button at the bottom of the Overlays list.

3. Name the new overlay “CampusNetwork”

(no space), then click Add.

4. Your list should now have a 5th overlay

named CampusNetwork at the bottom:

5. Click anywhere in the 2nd or 3rd column for CampusNetwork to configure your new
BIO.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 82 of 155
 INSTRUCTOR VERSION
6. In the Match dropdown menu,
select Overlay ACL.
Appliance ACLs are configured as part
of a template group that is pushed to
appliances separately, but we will not
do that in this class.
Overlay ACLs are configured right inside the BIO, and the ACLs for matching traffic to this
overlay are pushed to appliances by Orchestrator automatically when the overlay is applied.
7. Click on (the pencil icon) to edit the ACL.

8. Click Add Rule.

9. By Default, rules match

everything. We only want FTP
traffic to go to this overlay.
10. Click on (the pencil
icon) next to Match
Everything to edit the Match
Criteria column.

An editing dialog window will open.

11. Click More Options to configure

the rule to match FTP traffic.

Note: As you can see, it’s possible to

create very specific match criteria.
You can check multiple boxes and
configure combinations of things to
match on. We will just use a simple
rule for this lab, however.

12. Check Application.

13. Type “ftp” in the input field.

A list of items matching that string will appear.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 83 of 155
 INSTRUCTOR VERSION
14. Click Ftp to select it.
15. Click Save.
16. Click Save to close the Associate ACL window.
You can have many rules in an ACL, and you can
add additional rules by clicking Add Rule again. You
can renumber rules by clicking on the Priority field
for the rule. Just like any ACL, the rules are
matched from the top down.
17. The Match Traffic section should now show
information from the ACL.

Task 2: Configure Remaining BIO Settings

18. From the Topology section of the BIO, click on the drop-down triangle.
19. Select Hub and Spoke.
20. Configure the Build SD-WAN Using These
Interfaces as follows:
a. Primary WAN Link: INET1
b. Backup WAN Link: MPLS1
c. Cross Connect: None
(for all labels)
d. Add Backup if Above Are: Down
e. Link Bonding Policy: High Quality
f. FW Zone: Default
g. Boost: Enabled
h. Peer Unavailable Option: Drop
i. Traffic Class: 3 (BulkApps)
j. LAN DSCP: trust-lan
k. WAN DSCP: trust-lan

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 84 of 155
 INSTRUCTOR VERSION

l. Click OK.

21. At the top of the BIO Configuration screen, click Save and Apply Changes to
Overlays.

As you can see, we configured a Hub and Spoke Business Intent Overlay. However, there is one
crucial piece yet to configure. We need to specify one or more hubs as part of the Hub and
Spoke overlay.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 85 of 155
 INSTRUCTOR VERSION

22. Click Save to

confirm changes.

Task 3: Configure the Hub

23. From Tree View, select only ECV-1.

24. At the top of the BIO Configuration screen, click Hubs.

25. Click in the box under the Hubs Configurations screen title that says, Type to select.

26. Click on ECV-1.

27. Click on the Add Hub button.

28. ECV-1 should now be listed as a Hub in the list.

29. At the top of

the Hubs tab,
click on Edit
Overlays.

30. At the top of the Business Intent Overlays tab, click on Apply Overlays.

31. Under the Add column, select the box for CampusNetwork.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 86 of 155
 INSTRUCTOR VERSION
32. You should see CampusNetwork listed at the right under Overlay Changes.

33. Click Apply.

34. Click Apply Overlays.

35. Verify

CampusNetwork is now listed in the Overlays Present column for ECV-1.

STOP HERE

Do not move on unless directed otherwise by your instructor

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 87 of 155
 INSTRUCTOR VERSION

Review #19: Automated Provisioning and

Deployment

100) What matches a physical device with a preconfiguration file?

The burned
serial in serial number
number

101) What matches a virtual appliance with a preconfig YAML file?

The tag configured
appliance tag on the appliance license page

102) True/False: A preconfig file cannot assign IP addresses to interfaces because they are
different at every site.
False
false – You can have a different YAML file for every appliance and IP addresses for every interface can be included.

103) True/False: The network architect and/or administrator needs to commit to using the
Preconfiguration file because there is no way to avoid it once the appliance has been
discovered by the Orchestrator.
False.
false There is an option to opt out, or choose a different YAML file in the Apply Appliance Preconfiguration screen

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 88 of 155
 INSTRUCTOR VERSION

LAB 10: Complete ECV-3 Installation with the

CampusNetwork Overlay
Overview
At this point you should be comfortable with installing and configuring a Virtual Appliance without
a helping hand. This lab will not only test your progress thus far, but also highlight what you may
need to remember more of. In this lab, you will practice completing the appliance installation and
approving it in Orchestrator without step-by-step instructions.

If you get stuck or need the step-by-step instructions, you can find them in:
æ Appendix C: Lab 10 Step-By-Step Configuration for ECV-3.

Objective
æ Review and familiarization of installing a virtual appliance, given only configuration parameters.
æ Review and practice approving an appliance from the Orchestrator GUI without Step-by-step
instructions.
æ Apply the CampusNetwork Overlay to an appliance.

Task 1: Complete the Configuration of ECV-3

1. Install the Account License.
2. Assign the correct interface mac address to the correct port group.

ECV-3 PORT GROUP to INTERFACE MAC ADDRESSES

MAC address
Interface Summary Appliance Interface
(Last 2 digits)

Network Adapter 1 Management mgmt0

Network Adapter 2 8 lan0

Network Adapter 3 9 wan0

Network Adapter 4 10 wan1

Task 2: Complete the Initial Configuration Wizard for ECV-3

£ Appliance Hostname: ECV-3
£ Dynamic IP Address of ECV-3:

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 89 of 155
 INSTRUCTOR VERSION
Task 3: Configure mgmt0 Static IP Address for ECV-3
£ IP Address/Mask: 192.168.1.6 /24
£ Next-hop IP: 192.168.1.253

Task 4: Complete Registration of ECV-3 in Orchestrator

1. If a field or parameter is not listed below, assume you can leave it at default for this
Task.
£ Hostname: ECV-3
£ Group: South Bay
£ Admin Password: Speak-123
£ Address 1: 450 Serra Mall
£ City: Stanford
£ State: California
£ Zip Code: 94305
£ Country: US

£ Deployment Profile: Campus

2. IP addresses for the LAN Interfaces

£ Voice: 10.110.30.100/24
£ Data: 10.110.131.100/24
£ Campus: 10.110.132.100/24

3. Configuration of the First WAN Interface (top)

£ IP/Mask: 10.110.31.100/24
£ Next Hop: 10.110.31.1
£ Label: MPLS1
£ FW Mode: Allow All
£ Interface: wan0

4. Configuration of the Second WAN Interface (bottom)

£ IP/Mask: 10.110.32.100/24
£ Next Hop: 10.110.32.1
£ Label: INET1
£ FW Mode: Stateful+SNAT
£ Interface: wan1

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 90 of 155
 INSTRUCTOR VERSION
5. Add Local Routes:
£ Use shared subnet information: þ (Selected)
£ Automatically advertise local LAN subnets: þ (Selected)

6. Use ONLY the following Business Intent Overlays:

£ RealTime
£ CriticalApps
£ CampusNetwork

7. Use ONLY the following Default Template Group:

£ Main

8. Verify the ECV-3 appliance has been added to the group

South Bay in Tree View.

a. It will take a few minutes for ECV-3 to synchronize its

configuration with Orchestrator.

You can ignore any warning message that an IP SLA monitor is in the Down state.

CONTINUE WITH NEXT LAB…

unless directed otherwise by your instructor

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 91 of 155
 INSTRUCTOR VERSION

LAB 11: Zero-Touch-Configuration (ZTC)

of ECV-4
Overview
The Orchestrator can be used to create a Preconfiguration file for an appliance. This file,
formatted using YAML, contains almost every parameter accessible in the UI. Each
Preconfiguration file contains match criteria, either the serial number (for physical appliances) or
an Appliance Tag (for virtual appliances) which allows automatic discovery by the Orchestrator.

Objective
æ View and edit a Preconfiguration file.
æ Use a Preconfiguration file to automate the installation of ECV-4.
æ Apply the Preconfiguration file instead of having to go through the wizard.
æ Configure the Preconfiguration file to run automatically or manually.

Task 1: Create and View a Preconfiguration File

1. On Orchestrator, Click CONFIGURATION à OVERLAYS à DISCOVERY à
Preconfiguration.

2. Click New.

3. This opens a new YAML Preconfiguration file. Configure the

following:
£ Name: ECV-4 Config
£ Appliance Tag: ECV-4_spoke
æ Case sensitivity is important! Type it in exactly as above. Do not rely on any drop
down choices that may appear.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 92 of 155
 INSTRUCTOR VERSION

4. Scroll up and down to see

what’s in the file.

5. Observe that the files are

broken up into sections,
and that each section is
preceded by comments
starting with ‘#’ that
describe the valid entries for
the parameters that follow.

Task 2: Replace the YAML code

6. On your student PC
open the file called
ECV-4_YAML.txt
by double clicking on
it from your Desktop.
7. Click anywhere in the file code
text.

8. Use <CTRL>+A to select all

the text in the new file.
All the text should highlighted as
shown.
9. Use <CTRL> +C to copy the
text.
Alternatively you can use EDIT à
COPY from the menu.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 93 of 155
 INSTRUCTOR VERSION

10. Go back to the Appliance Preconfiguration window in Orchestrator.

11. Click anywhere in the YAML code.
12. Use <CTRL>+A to select all the text in the new file.
13. Press the Delete key on your keyboard. You should now have an empty file.
14. Use <CTRL>+V to paste the content copied from the text file into Orchestrator.
Or you could right click in the dialog window and select Paste.

15. Let’s quickly search for fields in the file by using the Find feature:

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 94 of 155
 INSTRUCTOR VERSION
a. Press CTRL-F to
pop-up a search
window.

b. Type 10.
æ Notice that
Deployment
parameters such
as IP addresses,
Labels, Next-
hop, Boost, etc.
have already
been pre-
populated.

c. Search for the

following fields and determine if they have already been configured in the YAML file.
Check the appropriate box.
£ Hostname: ECV-4 o Yes o No Yes

£ Group: South Bay o Yes o No Yes

£ Account Name: o Yes o No No

£ Account Key: o Yes o No No

16. Which Business Intent Overlays have also been configured?
RealTime, CriticalApps, and CampusNetwork

17. Close the Search Window by clicking on the X.

18. Edit the file to include the account name and key:

If present, be aware that you need to replace any existing Account Name and Key in the YAML
Preconfiguration file. Failure to do so will result in the appliance not being recognized by the Cloud
Portal and thus won’t be discovered in Orchestrator.
£ Line 358:
Copy/paste your Account Name from the license.txt file on your desktop that
you used to license your Orchestrator and other appliances.
£ Line 359:
Copy/paste your Account Key from the license.txt file on your desktop that
you used to license your Orchestrator and other appliances.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 95 of 155
 INSTRUCTOR VERSION

19. Click Validate to make

sure there are no errors.
You should see a green
validation box at the

bottom.

20. Click Save.

21. Your file will appear

on the Appliance
Preconfiguration
page.
Note: The status is
“Pending
Discovery”. This
means the appliance
hasn’t connected to
the Cloud Portal and
Orchestrator yet.

Task 3: Install ECV-4 from an OVA file

22. From Chrome, log into the VMWare ESXi GUI.

23. Click on the Virtual Machines link to

view the list of VMs.

24. Click on the Create / Register VM

button.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 96 of 155
 INSTRUCTOR VERSION

25. Click on Deploy a

virtual machine
from an OVF or
OVA file.

26. Click Next.

27. Enter ECV-4 as the name for

the virtual interface.

28. Click within the blue box to

select files.

29. Navigate to Desktop\LabTG\SilverPeak\EdgeConnect.

a. Select the Installation file: ECV-8.3.1.0_xxxxx.ova
b.

30. Click Open.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 97 of 155
 INSTRUCTOR VERSION

31. Confirm the correct *.ova file

is listed in the blue box.

32. Click Next.

33. Press Next to select the

default Storage options.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 98 of 155
 INSTRUCTOR VERSION

34. From the Deployment Options screen

£ Network mappings: Management
£ Disk provisioning: Thin

æ IN A REAL DEPLOYMENT, always choose Thick to avoid performance

problems after the VM is deployed. We are selecting the Thin option only
because of limited resources in the training environment.

£ Power on automatically: o (Uncheck)

Note: DO NOT check Power on automatically. If you do, the Initial
Configuration Wizard will not find the additional virtual interfaces we are going to add
in a later step.

35. Click on Next.

36. Review the summary

screen, then click
Finish.

37. Progress can be

viewed in the bottom window.
Click Recent tasks to expand the pane.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 99 of 155
 INSTRUCTOR VERSION
38. Click on Virtual Machines at the top of the Tree View to see the list of Virtual Machines
in the right pane.
a. If you cannot see ECV-4, it may be off screen, lower down in the list. Click on the
arrow to the left of the Status column and select Sort Ascending until ECV-1 is listed
at the top.

39. Confirm ECV-4 is listed and is Powered Off as indicated by the light blue colored
icon next to its name.
a. If it is not Powered Off, click on at the top of the screen.

40. After a few minutes the Result should be Completed successfully.

Task 4: Add three additional Network Adapters for the ECV-4 VM.
By default, the device boots the first time with only a single interface. We require an additional
LAN interface and 2 WAN interfaces, so we must add three more.

41. From the list of Virtual machines, right-click on ECV-4 and

select Edit Settings.

42. Click Add network adapter THREE times.

Three new Network Adapters should appear in the list.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 100 of 155
 INSTRUCTOR VERSION
43. Refer to the excerpt below of the topology diagram for ECV-3 and ECV-4:

We need to assign the port numbers to each new network adapter.

44. Click on the arrows next to each New Network Adapter to expand it’s configuration
options and configure the Network Adapters as follows:

a. Network Adapter 1
£ Port Group: Management
£ Adapter Type: VXMNET 3
£ Connect at power on: þ

b. 2nd New Network Adapter

£ Port Group: 8
£ Adapter Type: VXMNET 3
£ Connect at power on: þ

c. 3rd New Network Adapter

£ Port Group: 9
£ Adapter Type: VXMNET 3
£ Connect at power on: þ

d. 4th New Network Adapter

£ Port Group: 10
£ Adapter Type: VXMNET 3
£ Connect at power on: þ

45. Click Save.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 101 of 155
 INSTRUCTOR VERSION

46. At the top, click Power on button.

47. The window above should refresh

with dashboard type information for ECV-4.

48. Look in the Hardware Configuration section and click on the arrows to the left of
the four Network adapters.
49. Port numbers may NOT be in descending order which is why the Network Adapter
# column below is blank.
You will have to manually determine the actual Network adapter number and match it to the
correct Connected Network (Port Group).

50. This time, make note of the last two digits of each
MAC Address and corresponding Network
Adapter Number in the table below:

ECV-4 PORT GROUP to INTERFACE MAC

ADDRESSES
Network Connected MAC address Appliance
Adapter # Network (Last 2 digits) Interface

1 Management ? mgmt0

? 8 ? lan0

? 9 ? wan0

? 10 ? wan1

Task 5: Configure mgmt0 Static IP Address for ECV-4

51. At the top of the window, click on the thumbnail for the Console tab of ECV-4.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 102 of 155
 INSTRUCTOR VERSION
If your mouse gets stuck in the console window, use
<CTRL>+<ALT> to get cursor control back.

52. Write down the appliance IP Address here:

_________________________________

53. Close the console window.

54. Open a Chrome browser tab, navigate to the
address you recorded above for ECV-4 and
login:
£ Username: admin
£ Password: admin

Remember to use https://<your address>

It can take a few minutes for the VM to finish internal housekeeping before the browser will
connect.

55. Open the Configuration Wizard by clicking on CONFIGURATION tab à

SYSTEM & NETWORKING à Initial Config Wizard

56. Configure the following:

£ Hostname: ECV-4

MAC addresses for:

£ lan0
£ mgmt0
£ wan0
£ wan1

b. Configure the
Registration settings:

£ Copy/paste the
Account Name.

£ Copy/paste the
Account Key.

£ Appliance Tag: ECV-4_spoke

æ This must exactly match the tag you configured for the Preconfiguration file we
created earlier.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 103 of 155
 INSTRUCTOR VERSION

57. Click Save.

58. You will be prompted to

reboot. Click Yes, reboot
Now.

59. After the reboot completes, log back into ECV-4.

a. Username: admin
b. Password: admin

60. The Configuration Wizard

screen should reappear.
£ Confirm MAC addresses
were assigned correctly.
£ Confirm the Appliance
Tag is correctly spelled:
ECV-4_spoke
Remember, it is case-sensitive.
Also verify the hyphen and
underscore is correctly entered.

61. Click Cancel to Close the

Configuration Wizard window.

62. At the top of the Appliance

page, click Save Changes.

63. You can close the Notepad window. You will not need the License.txt file again.

Task 6: Configure mgmt0 Static IP Address for ECV-4

64. Click on the ADMINISTRATION tab à BASIC SETTINGS à Hostname/IP.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 104 of 155
 INSTRUCTOR VERSION
65. Configure the following:
£ DHCP: o (Uncheck)
£ IP Address/Mask: 192.168.1.7 /24
£ Next-hop IP: 192.168.1.253

66. Click Apply.

You will get a message that it is Applying Hostname/IP changes….

67. Click Change Management Address.

68. Your browser will be redirected to the new
management address you assigned.

69. Log back into ECV-4

a. Username: admin
b. Password: admin

70. If it appears at the top of the Appliance

page, click Save Changes.

CONTINUE WITH NEXT LAB…

unless directed otherwise by your instructor

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 105 of 155
 INSTRUCTOR VERSION

LAB 12: Complete Registration of ECV-4 in

Orchestrator
Overview
In this lab, you will observe that the approval of ECV-4 is slightly different when using ZTC and a
Preconfiguration file as that for manually configuring a Virtual Appliance.

Objective
æ Observe how the Appliance Tag was matched by Orchestrator to the Preconfiguration file.
æ Apply the Preconfiguration file and observe there is an option to Run Manual Configuration Wizard in
the event something in the Preconfiguration files is not correct.

Task 1: Review and Apply the Preconfiguration File for ECV-4

1. In your browser, go to the Orchestrator.

2. You should see the button displayed at the top.

3. Click the button. This should open the Discovered Appliances tab.
a. Refresh Discovery Information if the IP Address is not 192.168.1.7
æ Note the Tag field says ECV-4_spoke, matching our Preconfiguration file.
æ This lets us know that ECV-4 reached the Cloud Portal, and the Cloud Portal told
your Orchestrator about them.

4. Click the Approve button for ECV-4.

5. If prompted to Upgrade Appliance, click Skip.

6. This time instead of the Configuration Wizard, the

Apply Appliance Preconfiguration dialog opens.
a. This is because Orchestrator noticed the tag that we
configured on the license page in the appliance, matched a Preconfiguration YAML
file.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 106 of 155
 INSTRUCTOR VERSION
7. If you wanted to skip using the configuration file and run the wizard, you could click
“Run Manual Configuration Wizard” in the lower left, but DO NOT do that here. We
want to use the Preconfiguration file we edited.

8. If the Tag matches a Preconfiguration file, you will see the contents appear in the Apply
Appliance Preconfiguration window in GREEN text.
a. If nothing shows up, verify the Tag matches with that of the Tag specified on the
Orchestrator.

9. Click Apply Preconfiguration.

Observe the process as nearly the same steps are

taken as when you did the manual wizard.
This takes a bit longer, however as a mid-process
reboot has to complete before the installation can
complete.

10. When all tasks are complete and showing

Success click Close.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 107 of 155
 INSTRUCTOR VERSION

11. ECV-4 will appear, dimmed out, in the South Bay

group in Tree View while Synchronization is in
progress.

You may also see some Alarms appear as tunnels will

start to build between ECV-4 and the other
EdgeConnects in the network. This is normal.

Task 2: Observe Overlay Construction

12. Set tree view to display the management addresses.
a. Click the gear icon to change the settings for tree view.

13. Check the box for Show IP.

Take note of some of the options for
filtering the appliances that appear in
the list in tree view, but for this course,
we always want to take the default of
All. Note also that you can sort the
appliances in the groups by IP or
Hostname.

14. Click ‘x’ to close the settings dialog.

15. In Orchestrator, view the Topology window of the Dashboard tab (MONITORING à
SUMMARY à Dashboard).
This will give you a map view of your appliances.
a. If ECV-4 is still booting or being incorporated into the overlays, it will look something
like the screenshot below or some other combination of red, orange, and green lines
from ECV-4 to the other appliances:
b. After a while the appliance will reconnect, and Orchestrator will build tunnels as
displayed in the next step. This may take several minutes due to the resource
constraints of the training environment.
c. You can try to force a resync if you get impatient. Select the US-West group in Tree
View, and go to ADMINISTRATION à TOOLS à Synchronize.
This does not always produce any faster results. But it cannot hurt.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 108 of 155
 INSTRUCTOR VERSION

16. Select the All Overlays (the default) option in the map.

17. After about 5-10 minutes with All Overlays selected, you should see something like this:

This view will show you a composite view of all the overlay tunnels that were built between the
machines. It can be difficult to see all the tunnels at this scale.
18. Click the double chevron next to Topology above the map.
a. This will open the full Topology tab.

19. Mouse over the link between ECV-4 and ECV-2 until it thickens, then click on it.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 109 of 155
 INSTRUCTOR VERSION

20. The Tunnels Tab will open and you can see the Local Appliance is ECV-4 and the
Remote Appliance is ECV-2. Or it could be reversed...

21. Displayed are two of twelve (2/12) rows of tunnels.

£ Click on the to expand the lists of Overlay Tunnels for CriticalApps and
RealTime.

22. This will bring up a display that shows you 12 total links exist between the two
appliances.
The column on the right it shows the status of each connection, which is useful for
troubleshooting.

23. Right-click anywhere on the Header Row and make sure all Columns are selected to
view.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 110 of 155
 INSTRUCTOR VERSION

24. Look at the RealTime overlay. There are 6 links associated with this overlay – three in
each direction.

æ Two of the 3 in the list are underlay tunnels that were built across the physical
network.
æ The third one is the overlay itself, the logical connection that uses those tunnels as
primary and backup, or to load balance.

25. Because tunnels and overlays are displayed as a unidirectional pair, there are 3 more in
the other direction per overlay (two underlay tunnels and one overlay logical connection).
If you had more than just Internet and MPLS connections (e.g. LTE), you would find an
additional underlay connection in each direction for each of the overlays.

26. Click Close to hide the Tunnels detail display.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 111 of 155
 INSTRUCTOR VERSION
27. Click on the list of overlays and select CampusNetwork.

28. Notice the display has changed and only two links are
shown.

æ Remember the CampusNetwork Business Intent Overlay

you configured was Hub & Spoke with ECV-1 as the hub
for this overlay. As a result, Orchestrator only built tunnels
to ECV-1 from ECV-3 and ECV-4.

29. Click on the link

between ECV-4 and
ECV-1.
æ Notice that there
are 6 links. That’s
because we are
looking at the links
for only one
overlay
associated with
this pair of
machines.

30. Close the window.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 112 of 155
 INSTRUCTOR VERSION

31. Now select the CriticalApps overlay from the dropdown in the Topology tab.

The CriticalApps overlay is a full mesh applied to all the machines, so Orchestrator
built tunnels between each and every pair of machines.

STOP HERE

Do not move on unless directed otherwise by your instructor

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 113 of 155
 INSTRUCTOR VERSION

LAB 13: VRRP Configuration

Overview
Site 3 is configured in a traditional data center HA pair, with two appliances each having a
connection to both the MPLS and broadband Internet networks. In order to make traffic flow
deterministic and avoid asymmetry (we’ll talk more about this later), in this lab you will configure
VRRP on the LAN at Site 3.

Objective
æ Learn how to configure VRRP to make traffic flow deterministic and symmetric at Site 3 using an
Active/Backup pair of Silver Peak appliances

Task 1: Configure VRRP on ECV-3

1. From Orchestrator, select the South Bay group of
appliances

2. Go to CONFIGURATION à NETWORKING à VRRP.

3. On the VRRP tab that opened, click on the edit icon

next to ECV-3.

4. In the dialog box that opens, click

Add VRRP.

5. Configure VRRP for ECV-3

£ Group ID: 1
£ Interface: lan0
£ Virtual IP:
10.110.30.254
£ Priority: 128
£ Preemption: þ

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 114 of 155
 INSTRUCTOR VERSION
6. Click Apply

Task 2: Configure VRRP on ECV-4

7. Click on the edit icon

next to ECV-4.

8. In the dialog box that

opens, click Add VRRP.

9. Configure VRRP for ECV-4

£ Group ID: 1
£ Interface: lan0
£ Virtual IP: 10.110.30.254
£ Priority: 127
£ Preemption: þ

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 115 of 155
 INSTRUCTOR VERSION
10. Click Apply. You should see two VRRP configurations. Once each for ECV-3 and ECV-
4.

Task 3: Check VRRP Operation

11. Wait a minute or so for the VRRP connections to stabilize

12. Click the down arrow next to the refresh icon, then click Refresh from appliance
ECV-3 should be the master (meaning it is processing traffic sent to the VIP). Because we
have enabled preemption and ECV-3 has a higher priority, it should always be the master
when its lan0 interface is up and active. If ECV-3 were to go down, ECV-4 would become the
master

13. On Orchestrator, go to the Flows tab: MONITORINGà FLOWS à Active and Recent
Flows

14. Select the South Bay group in tree view.

15. We will filter our view on any traffic that contains the VIP IP address of 10.110.30.254.
16. In the IP/Subnet box, enter the VIP Address of 10.110.30.254.
17. Under Flow Characteristics, click the Include Built-in checkbox.
Normally when monitoring your SD-WAN, interesting traffic is usually ones that pass from the
LAN-side to the WAN-side or vice-versa. However, we need to select Include Built-in in order
to view any packets destined for the device itself, namely the VIP.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 116 of 155
 INSTRUCTOR VERSION

18. Open an RDP window to TG-03 from

the Student PC desktop, double click
on the RDP-mstsc client icon.

19. Use the dropdown list and select the management IP

address of TG-03. (192.168.1.30) and click
Connect.

20. If prompted, enter a password of

Speak-123 and click OK.

21. Close any warning or event

tracker dialog boxes

22. Open a command window on TG-03 by double clicking the Command Prompt
icon.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 117 of 155
 INSTRUCTOR VERSION
23. Ping from TG-03 to the VIP (10.110.30.254) of the VRRP group.

24. Now on Orchestrator, refresh the display on the Flows tab (Hint: click on the uptime
column to bring the most recent flows to the top) .
You should see an ICMP flow (your ping) from TG-03’s data path address (10.110.30.11) to
the VIP (10.110.30.254).
The flow is hitting ECV-3 because it is the master for the VRRP group.

STOP HERE

Do not move on unless directed otherwise by your instructor

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 118 of 155
 INSTRUCTOR VERSION

Review #20: Quality of Service

104) What determines which traffic class a packet is placed in?
The BIO created QOS policy, or manual QoS policy.

105) What determines the behavior of an individual traffic class?

The shaper determines the behavior of the traffic class.

106) In order to avoid starving any traffic class, the sum of shouldn’t
exceed ?
Traffic
100% class minimums defined in the shaper shouldn’t exced Max outbound, or Max WAN Bandwidth

107) True/False: The Shaper ID column defines the order in which classes are serviced.
False. The Priority determines the processing order/priority.

108) How can you use weights only (ignore priority and min BW) to allocate traffic in all
tunnels equally (assuming traffic mix to all sites is the same)?
Set all the priorities to 1, set the traffic class mins all to ‘0’, and weights equal.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 119 of 155
 INSTRUCTOR VERSION

Review #21: Reporting and Monitoring

109) What 3 lines commonly appear on most Silver Peak statistical graphs?
LAN, WAN, Ratio

110) What are the Line colors for those lines?

LAN – Light Blue, WAN – Dark Blue, Ratio - Green

111) Why is the Ratio usually useful?

It gives you a comparison as a multiplier, e.g. 20x reduction

112) On an appliance, what single page shows Bandwidth Usage, Top Applications, Latency,
Loss and Top flows?
Network View on an appliance

113) Where should you check first when troubleshooting a problem happening ‘now’?
Current flows - your best friend.

114) How can you tell if a flow is being optimized?

Look at the flow detail. Remind students there are filter buttons that will display Asymmetric flows & you can search for various
things.

115) What will tell you which QoS Policy rule matched to cause a flow to end up in a
particular shaper traffic class?
The QoS section of the flow detail.

116) What are the 5 main sections of a Flow Detail?

Stats, Routing, Optimization, Security and QoS.

117) Where can you find information about any NAT applied to a flow?
On the NAT tab of the flow detail.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 120 of 155
 INSTRUCTOR VERSION

LAB 14: Basic Flow Monitoring

Overview
In this lab, you will open a CIFS share between TG-01 and TG-02 and move a file between the
sites. You will then chart the bandwidth usage as data flows.

Objectives
æ Learn to use the current flow listing and tunnel tabs to identify which overlays and underlay tunnels a
flow is traversing.
æ Learn to use the built-in trend charting functions and usage displays.

Task 1: View Underlay Traffic Between Sites 1 and 2

1. Connect to TG-01 if the window is not still open.
2. On Student PC desktop, open an RDP session by clicking the RDP icon.

3. Connect to TG-01 (192.168.1.10)

£ User name: Administrator
£ Password: Speak-123

Note: Click Cancel to close any Windows Activation or

Shutdown Event Tracker windows that may appear.

4. Open a CIFs session to TG-02 (10.110.20.11)

5. Double-click the TG-02 Files icon on the desktop.

6. A file explorer window will open showing the file share on TG-02.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 121 of 155
 INSTRUCTOR VERSION

7. Go back to the Orchestrator select all the appliances in Tree

View.

8. Go back to the the Flows tab.

9. Click on the Refresh button to display current flows.

10. View the Flows on ECV-1 and ECV-2.

æ This time, the name of Outbound Tunnel is to_ECV-1_RealTime. This

automatically created name will carry a suffix (_RealTime) that indicates the
name of the associated Business Intent Overlay: the RealTime overlay.

11. The flow on Host ECV-2 is using an overlay tunnel called to_ECV-1_RealTime.

12. What if you wanted to know which underlay tunnel or tunnels it used?
a. Select only ECV-2 in Tree View.
b. Go to the Tunnels tab (CONFIGURATION à NETWORKING à TUNNELS à Tunnels)
c. Click Overlay to view only Overlay tunnels.
Note: right hand column will display the underlay tunnel list associated with this overlay tunnel.

æ The automatically created name of each tunnel has a suffix that indicates the
outbound WAN link labels associated with the underlay tunnels. In this case,
there are two underlay tunnels; one that goes over MPLS (MPLS-MPLS suffix)
and one that goes over the Internet (Internet-Internet suffix). .

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 122 of 155
 INSTRUCTOR VERSION
Note that cross
connect tunnels,
had we checked
the box and
creation was
possible (it’s not
in our
environment)
might have had
suffixes of
MPLS-Internet
or Internet-
MPLS.

13. In Orchestrator, select the North Bay group (ECV-1 and

ECV-2) in Tree View.

14. Select MONITORINGà BANDWIDTH à APPLIANCES à

Trends to open the Bandwidth Trends tab.

15. Select Real Time statistics for All Traffic and

Outbound traffic by clicking on their respective boxes.
Note: We’ll go back and look at this a little later.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 123 of 155
 INSTRUCTOR VERSION
16. Open the Tunnel Bandwidth
Trends tab. In Orchestrator, select
MONITORING à BANDWIDTH à
TUNNELS à Trends.

17. We are interested in Real Time,

outbound traffic for the RealTime overlay so:
a. Select the Real Time box.
b. Select RealTime from the dropdown.
c. Select the Outbound box to indicate direction.

18. We also want to see graphical data for LAN, WAN and Ratios.
19. Click on the boxes to make sure they are not grayed out.

20. We’ll start a file transfer now, and then come back and look at these charts.

21. Return to the RDP window to TG-01.

22. In the open CIFs share window drag the file 5_trading.mdb onto TG-01’s desktop
inside the RDP window.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 124 of 155
 INSTRUCTOR VERSION

23. If prompted, select Copy and Replace

24. Go back to the Tunnel Bandwidth Trends

tab in Orchestrator.

You should see something like this:

Although your printed manual might not be in color, you can see in the actual appliance that
the line for LAN traffic is light blue, and WAN is dark blue.

a. ECV-1 is receiving the traffic from across the wan because TG-02 is transmitting data
through ECV-2 (see Topology).
b. ECV-2 forwards it to ECV-1 where TG-01 is located. So you’ll see traffic charting on
ECV-2 (right graph) much greater than on ECV-1 (left graph).

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 125 of 155
 INSTRUCTOR VERSION

æ The file is being transferred from ECV-2 à ECV-1 so notice the dark blue line
is charting at about 4Mbps (you can mouse over this for an accurate reading).
This is the Total Outbound combined bandwidth you configured for the two
wan interfaces on ECV-2.
25. Why do you suppose the bandwidth usage is different for the LAN and WAN?
This is because traffic is being compressed a bit. You are seeing the benefits of compression
and reducing the amount of data being transmitted across the WAN. Boost is off for the
RealTime overlay, however, so the reduction Ratio is not large.

26. Now click the Show Underlays link in the lower left of the chart.
Remember that the RealTime overlay uses a Link Bonding Policy of High Availability.

27. You can see that the

traffic is using both
underlay tunnels equally
on both appliances.

Of course ECV-2 (on the

right) is using more
bandwidth because the file
is going ECV-2àECV-1.

28. Click Close in the

Underlay Tunnels window.

29. Select
MONITORING à
BANDWIDTH à
APPLIANCES à
Trends to open
the Bandwidth
Trends tab.

This will show the

overall bandwidth
usage on the
appliances.

æ One of Silver
Peak’s strengths is Orchestrator has a lot of charting options that give you many
views of the data including charts that provide longer trend analysis.
Note that some of them don’t have real-time charting options, and depending on the
granularity of charting, might not display any data for an hour or more.
30. Click Close in the Tunnel Bandwidth Trends window.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 126 of 155
 INSTRUCTOR VERSION
31. Return to the RDP session to TG-01.

a. Cancel the file transfer of

5_Trading.mdb to
TG-02.
b. Close the CIFS
connection by closing the
window.

c. Do not close the RDP

session window itself.

32. Return to Orchestrator and clear the network memory on all appliances.
Note: You would probably never want to do this in a production network because it will negatively
affect performance until the disk cache is rebuilt. It is primarily a tool for establishing baseline
performance against which the performance of a populated disk cache can be measured.

33. In Tree View, Select all

appliances.

34. Go to ADMINISTRATION à
TOOLS à Erase Network
Memory.

35. Click Erase Network Memory.

Note: Just to reiterate, you would not

ordinarily do this in a production network as
it will empty the disk caches and impact
performance for boost until the caches are
rebuilt.

36. Click Close when the task completes.

STOP HERE

Do not move on unless directed otherwise by your instructor

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 127 of 155
 INSTRUCTOR VERSION

Review #22: Built in Diagnosis Tools

118) What option is required to make sure a Ping is sourced from the correct interface or IP
address when testing reachability?
-I (upper case)

119) What options can be used to make sure a traceroute is sourced from the correct IP
address or interface when testing reachability?
-s or -i (lower case)

120) How do you display the options available for running the ping and traceroute commands
from the UI?
Question mark help

121) True/False: Iperf is always safe to run on a production network.

False – it will use all the BW on the network

122) What tools can be used to read traffic capture done on an appliance?
Any tools that can read a standard PCAP file, like WireShark.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 128 of 155
 INSTRUCTOR VERSION

LAB 15: Reporting

Overview
In this lab, you will schedule a Custom Report.

Objectives
æ Apply your knowledge to create a custom report and examine its results.
æ Observe the contents of standard reports.
æ View the results in the context of the labs you’ve previously completed.

Task 1: Schedule a Custom Report

1. Select all appliances in the Tree View of the Orchestrator.

2. In Orchestrator, select MONITORING à REPORTING à
Schedule & Run Reports to set up a custom report to
show all information for your sites.

3. Click New Report on the Schedule & Run Reports tab.

4. Name the report “Training”.

5. Click Save.

6. Verify all appliances are selected and

configure the report.

7. Click Use Tree Selection.

All appliances should be added to the list.

8. Configure Data Granularity.

£ Daily: o (Uncheck)
£ Hourly: þ
£ Email Recipients:
[email protected]
£ Traffic Type: All Traffic
£ Tunnel Charts: þ Health Map þ Flow Counts þLoss
þ Latency
£ Appliance Charts: þ Top Talkers þ Top Domains þ Top Countries

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 129 of 155
 INSTRUCTOR VERSION
9. Configure Scheduled or Single Report settings.
10. Choose Run Scheduled Report.

11. Click Edit.

12. Configure this report to run Every Day,

starting 10 minutes from now.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 130 of 155
 INSTRUCTOR VERSION
Tip: Click the calendar icon to the right of Starting On, select today’s date (the default) and
adjust the sliders to select the time to 10 minutes from now.

13. Click OK.

14. Click Save to save the report configuration.
Note: You’ll check your email in a few minutes to see the report was mailed.

Task 2: Run a report on demand

15. Click Run Single Report with Custom Time

Range.
16. Set the Start Time to 8 AM yesterday.
17. Set the End Time to now .
Hint: There is a Now button at the bottom of the
dialog box that appears when you click in the end
time field.

18. Click Run Now on the bottom of the page.

This can take more than 5 minutes to run.

19. While running you will see a progress circle and

an option to Stop the report generation.

20. A notice will appear at the

bottom of the browser
window when the report is
complete.

21. View the report data:

a. On the Schedule and Run Reports tab,
click View Reports near the top of the
page.
b. View the <date-ranges>-Hourly-
Training_Report.pdf report.
Find the most recent hourly report (probably at the bottom of the page)
c. Click the (download icon) on the far right.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 131 of 155
 INSTRUCTOR VERSION
22. Right-click on and Open the *.pdf file icon at the bottom of the browser. The file should
open in a new browser tab.

23. What was the Top Application for…

a. Outbound LAN? Probably ICMP
b. Outbound WAN? Probably ICMP
Answers may vary depending on the student. The idea is to be able to view the Report.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 132 of 155
 INSTRUCTOR VERSION
24. Which were the top two talkers on the network? In this example it is the Internet
Gateway (192.168.1.254) and the host at 192.168.1.41. Your second top talker may be
the Cloud Portal. But again, answers may vary slightly, depending on the amount of time
and things you did during the lab.

Task 3: View Emailed Report

25. On the student desktop, open the Windows Live Mail client.

26. Open the most recent email,

which should be Silver Peak
Orchestrator Report: Training.

27. Scroll up and down the email to view the report.

28. Click on any of the sections.
29. A browser window to the Orchestrator page should have opened up in the browser.

CONTINUE WITH NEXT LAB…

unless directed otherwise by your instructor

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 133 of 155
 INSTRUCTOR VERSION

LAB 16: Troubleshooting Tools

Overview
In this lab, you will use Orchestrator to verify the performance of a link between two appliances
using the Link Integrity Test. You will also perform ping and traceroute from the appliance UI.

Objective
Learn to use the following basic, but critical tools:
æ Ping
æ Traceroute
æ Link Integrity Test

Task 1: Ping ECV-2

1. In Orchestrator, right-click on ECV-1 in Tree View and

select Appliance Manager.

2. Go to MAINTENANCE àTOOLS à Ping / Traceroute.

3. Perform a ping from ECV-1 to ECV-2 over the MPLS

network:
a. Click on the Ping box.
£ IP/Hostname: 10.110.21.100 (ECV-2)
£ Options: -I 10.110.11.100 (Sourced from MPLS interface)

4. Click Start.

5. View Output to verify connectivity.

6. Click Stop.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 134 of 155
 INSTRUCTOR VERSION
Task 2: Traceroute to TG-03
7. Use Traceroute to test connectivity to TG-03 from the lan0 interface of ECV-1.
a. Click the Traceroute box.
£ IP/Hostname: 10.110.30.11 (TG-03)
£ Options: -s 10.110.10.100 (Source from MPLS interface)

8. Click Start .

Task 3: Link Integrity Test

The link integrity test is essentially a GUI for an
iperf test between two appliances. It will use all
the bandwidth between the sites, so it is service
affecting and should only be used during a
maintenance window in your network

9. From Orchestrator, select the North Bay

appliances (ECV-1 and ECV-2) in Tree View.

10. Choose ADMINISTRATION à TOOLS à Link Integrity Test.

11. Run the test through the Internet Internet underlay tunnel.
£ Bandwidth à: 2000
£ Bandwidth ß: 2000
£ Duration: 10
£ DSCP: any
£ Mode: to_ECV-2_INET1- INET1– to_ECV-1_ INET1- INET1
This selects the underlay tunnel over the Internet connection
£ Test Program: iperf

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 135 of 155
 INSTRUCTOR VERSION
12. Click Start. The tool will stop when it has data to display.
Note: You may need to wait over 20 seconds for data to display.

13. Examine the results.

a.Traffic will be sent in each direction.
b. Results display for each 1 second interval, and tell you…
£ The amount of data sent in that second
£ The transmission speed attained
£ The measured jitter
£ The amount of loss
14. Each section has a summary (Server Report) for each direction.

REMEMBER: This test is service impacting. In a production network you should only do this during
a maintenance window!

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 136 of 155
 INSTRUCTOR VERSION

Review #23: Business Intent Overlay Path Selection

123) A packet matches a Business Intent Overlay. There's a Routes (subnet) table match
with a destination that is part of the overlay. Is the first packet (SYN) sent through a
tunnel or not?
Yes
yes

124) Same scenario as above, but there is no match in Routes table?.

The Peer Unavailable action will be executed

125) True/False: Once the traffic is matched to an overlay, a determination needs to made as
to if it will:
a) be backhauled through an IPSec tunnel to a non-Silver-Peak device at a different
site,
FALSE: It will go to a Silver-Peak device

b) broken out locally direct to the internet,

TRUE

c) sent through a secure tunnel to an external service like Zscaler on the internet.
TRUE

126) True/False: The above depends on the what is defined as internal vs. internet traffic as
well as the configuration of the overlay that is matched.
TRUE

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 137 of 155
 INSTRUCTOR VERSION

Review #24: Boost and Asymmetry

127) What is TCP asymmetry?
A flow doesn’t traverse both of the same pair of appliances.

128) What is a good indicator of asymmetry?

Flow byte counts will be zero in one direction

129) What are some causes of TCP asymmetry?

Misconfigured routing in the network. Misconfigured route policies. Misconfigured firewalls.

130) What are some possible solutions?

Flow redirection

131) True/False: You should always prefer flow redirection over deterministic design that
avoids asymmetry.
False - fix underlying routing problems if possible.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 138 of 155
 INSTRUCTOR VERSION

Review #25: Flow Detail

132) What is your best friend when troubleshooting a connection between two endpoints that
transits an appliance?
The flow table

133) How do you display the Flow Detail?

Click on the detail icon for that flow in the flow table

134) What are the 5 main sections of the Flow Detail?

Statistics, Routing, Optimization, QoS and Security

135) What section will tell you if an overlay or the default route policy was matched?
The Routing section

136) How can you see the external (upstream) source address of an outbound flow when the
interface is set to Stateful+SNAT?
The NAT tab in the detail

137) A user is complaining that they are unable to establish a connection to a server at a
different site. How you can tell if a Zone Based Firewall security policy is permitting or
denying the connection?
Look at the security section of the flow detail

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 139 of 155
 INSTRUCTOR VERSION

Review #26: Overlays & Tunnels

138) What are some reasons a tunnel might not come up?
Incorrect BIOs, unlabeled interfaces, IP reachability, bad next hop router address… to name a few. With manually created
tunnels you can add encapsulation mismatch, but with Orchestrator created tunnels, this won’t be an issue.

139) Can a user configure a Business Intent Overlay from the appliance's web interface?
No, only from Orchestrator

140) What effect does the order of overlays in the list on the BIO page have on it’s priority?
The one on top has the highest priority and will be matched against first.

141) If you delete a BIO created tunnel on an appliance, what will happen within 5 minutes?
Orchestrator will try to rebuild it

142) If you apply a BIO to an appliance without a matching label or ACL, will traffic be routed
into the associated overlay tunnels?
Of course not. Labels must match

143) How many active primary links do you need for a Link Bonding Policy of “High
Availability”?
At least 2 primary links

144) Which ports are used to build the IPSec_UDP tunnels between appliances?
They are in the 12,000 range

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 140 of 155
 INSTRUCTOR VERSION

Review #27: Licensing

145) How long is an appliance license lease?
30-day rolling window.

146) What protocol and port number do the Appliances and Orchestrator use to talk to the
Cloud Portal?
HTTPS port 443

147) Does the Orchestrator require Internet connectivity to register with the Cloud Portal?
Yes.

148) Does an appliance require direct internet connectivity to the Cloud Portal to register? If
not, what would need to be configured?
You can configure the appliance to use the Orchestrator as a proxy.

149) True/False: An unlicensed appliance will send all incoming traffic Passthrough Shaped.
False. It will policy drop all traffic.

150) True/False: It is possible to revoke a base license from an appliance and apply it to a
new one.
True – this is done from the licensing tab

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 141 of 155
 INSTRUCTOR VERSION

Review #28: Routing and Reachability

151) True/False: If you are doing internet breakout on a WAN interface, it should be set to
‘Harden’
False – you should probably use Stateful or Stateful+SNAT, unless there is an upstream firewall, then Allow All could work.

152) True/False: CDP (Cisco Discovery Protocol) tests Layer 3 connectivity

False – it operates at layer 2

153) What is a common misconfiguration when redirecting traffic out of path?

Failure to use a wild card mask (using a subnet mask instead)

154) How do the Silver Peaks attract traffic via a routing protocol when the local OEM routers
are learning the same subnets via a different path?
They advertise a prefix with the best metric and become the preferred next hop

155) What should the local devices point to when redundant Silver Peaks are using VRRP on
the LAN side of the network to deterministically route traffic?
The VIP

156) A data center appliance is BGP peered to local routers and is learning routes from them.
The branch appliances can’t reach the subnets beyond the routers. What might be the
problem?
Assuming that the BGP routers are advertising the unreachable subnets to the data center Silver Peak and the tunnels are up,
you might have failed to enable redistribution of BGP routes into subnet sharing.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 142 of 155
 INSTRUCTOR VERSION

Appendix A: Solutions to Common Issues

Issue #1 - Restarting Orchestrator
Only do these steps if the Orchestrator fails to load in the browser. Ask your instructor for
assistance if needed.
a. Open the VMware vSphere Client.
b. Reboot the Orchestrator VM.
Note: Wait at least 3 minutes for the Orchestrator to reboot.
c. Refresh your browser to verify the Orchestrator login screen is displayed.
d. If the logon screen does not appear, contact your instructor.

Issue #2 - Resolving Issues with Non-US Keyboards

1. If you find that incorrect characters are displaying, you might need to use the onscreen
keyboard.
a. Use the DESKTOP menu in the ReadyTech Instructor-Led Portal and choose Enable
Viewer Toolbar.
b. From the viewer toolbar, click on the Keys dropdown button
c. Click Open onscreen keyboard
‘Drag the keyboard over the console window
It may be necessary to position the keyboard so the letter you want to type is directl0y over the
active area of the console window
d. From the viewer toolbar, enable the onscreen keyboard.
e. Drag the keyboard over the console window. It may be necessary to position the
keyboard so the letter you want to type is directly over the active area of the console
window.
f. You may need to adjust the settings on the Student PC.
g. When you connect to the Student PC, you may use the Windows Control Panel to
adjust the keyboard settings.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 143 of 155
 INSTRUCTOR VERSION

Appendix B: Configure Static Management IP

Address via Linux GUI

1. Type: su -c “nmtui” <enter>

2. Type admin password: Speak-123

3. Press: <enter> to Edit a Connection

4. Press: <enter> to configure System

mgmt0

5. Press down arrow key THREE times to select

<Automatic>
6. Press: <enter>

7. Press DOWN arrow

key TWICE to select
Manual
8. Press: <enter>

9. Press RIGHT arrow

key to select <Show>
10. Press: <enter>

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 144 of 155
 INSTRUCTOR VERSION
11. Use the down arrow and
enter keys to configure the
following parameters:
a. IP address
192.168.1.254/24
b. Gateway
192.168.1.253
c. DNS Server
8.8.8.8

12. Leave all other options at

their
defaults and select <Ok>
13. Press: <enter>

14. Use the RIGHT arrow key to

Select <Back>
Press: <enter>
15. Use arrow keys to Select
<Quit>

16. Press: <enter>

17. Type
reboot

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 145 of 155
 INSTRUCTOR VERSION

Appendix C: Lab 10: Step-By-Step

Configuration for ECV-3
Task 6: Complete the Configuration of ECV-
3
1. Return to the VMWare management tab that is
connected to: https://esxihost

2. Login again, if needed.

a. Username: admin
b. Password: Speak-123

3. From the ESXi browser window, Select ECV-3.

4. To the far right of the browser

window will be the Hardware
Configuration section

5. View each Network Adapter’s

properties and record the last 2
digits of each MAC address in the
table below.

Note: The MAC addresses you see in

your lab environment for the network
adapters will probably be different from
the ones in the screen shots in these
instructions.

6. Record the last 2 digits of each Network Adapter’s MAC address for later reference in
the table below.

ECV-3 PORT GROUP to INTERFACE MAC ADDRESSES

Interface Summary MAC address Appliance Interface
(Last 2 digits)

Network Adapter 1 Management mgmt0

Network Adapter 2 8 lan0

Network Adapter 3 9 wan0

Network Adapter 4 10 wan1

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 146 of 155
 INSTRUCTOR VERSION

7. Click Cancel to
close the window

8. Click on the
Console thumbnail
button

9. Locate the IP address assigned by

DHCP. It may be different than the
one shown here.

10. List the appliance IP Address here:

________________________

11. Close the console window

12. From the Student PC, open a new

tab in your Chrome browser, and navigate to the address of
ECV-3 using the address you documented above.
a. Click past any security warnings

13. Log in to ECV-3

a. Username: admin
b. Password: admin

14. The Initial Configuration Wizard should start and the

Welcome screen should be displayed.
a. If it does not start, click on the CONFIGURATION tab à
SYSTEM & NETWORKING à Initial Config Wizard

15. Configure the Appliance Hostname to: ECV-3

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 147 of 155
 INSTRUCTOR VERSION
16. Select the matching corresponding
MAC addresses for each interface
using the Table above.

17. Copy and Paste the Account Name

and Account Key from the
License.txt file on the Student
Desktop.
18. Click Save

19. You will be prompted to reboot.

Click Yes, reboot Now

20. After the reboot completes, log back

into ECV-3.
a. Username: admin
b. Password: admin

21. The Configuration Wizard screen should reappear.

22. Confirm MAC addresses were assigned correctly.
23. Click Cancel to Close the Configuration Wizard window.

Task 7: Configure mgmt0 Static IP Address for ECV-3

24. Click on the ADMINISTRATION tab à BASIC SETTINGS à
Hostname/IP
25. Configure the following:
£ DHCP: o (Uncheck)
£ IP Address/Mask: 192.168.1.6 /24
£ Next-hop IP: 192.168.1.253
This is the Default Gateway

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 148 of 155
 INSTRUCTOR VERSION

26. Click Apply

You will get a
warning
message.

27. Click Change Management Address.

28. Your browser will be redirected to the new
management address you assigned.

29. Log back into ECV-3

a. Username: admin
b. Password: admin

30. At the top of the Appliance page,

click Save Changes

Task 8: Complete Registration of ECV-3 in Orchestrator

31. Login to the Orchestrator page from your browser.
a. Username: admin
b. Password: Speak-123
32. Close out any alert messages.

33. At the top of the Orchestrator page, you should see a green Appliances Discovered
message
This indicates that new machines have been found. The appliance that you configured,
reached the Cloud Portal, and the Cloud Portal told your Orchestrator about them.

34. Click the Appliances Discovered message.

35. This should open the DISCOVERED APPLIANCES tab.

36. Confirm the static IP Address for ECV-3 is 192.168.1.6

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 149 of 155
 INSTRUCTOR VERSION
a. If not, click on Refresh Discovery Information button

37. Click Approve to approve ECV-3

38. Click Skip to clear the Upgrade
Appliance message

39. The Appliance Wizard should start.

40. Configure the group, password, address and site information:

£ Hostname: ECV-3
£ Group: South Bay
£ Admin Password: Speak-123
£ Address 1: 450 Serra
Mall
£ City: Stanford
£ State: California
£ Zip Code: 94305
£ Country: US

41. Click Next

42. The Deployment Profile will appear…

a. Choose a Deployment Profile of Campus.

43. Configure the IP addresses for the LAN Interfaces

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 150 of 155
 INSTRUCTOR VERSION
a. Voice: 10.110.30.100/24
b. Data: 10.110.131.100/24
c.Campus: 10.110.132.100/24
44. Configure the First WAN Interface (top)
a. IP/Mask: 10.110.31.100/24
b. Next Hop: 10.110.31.1
c. Label: MPLS1
d. FW Mode: Allow All
e. VLAN: (leave blank)
f.Interface: wan0
45. Configure the Second WAN Interface (bottom)
a. IP/Mask: 10.110.32.100/24
b. Next Hop: 10.110.32.1
c. Label: INET1
d. FW Mode: Stateful+SNAT
e. VLAN: (leave blank)
f. Interface: wan0

46. Click Next

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 151 of 155
 INSTRUCTOR VERSION
47. Screen #3 is for
setting up
Loopback
Interfaces.
We will not
configure any
Loopback Interfaces
in this class.
48. Click Next

Add Local Routes is for configuring additional subnets that the Silver Peak wasn’t directly
attached to. If you want to advertise them to peers, you would configure them here.

They can also be added later if needed. We don’t have additional local subnets at this site.

49. Leave the box selected for Use shared subnet information þ (Selected)
50. Check the box for Automatically advertise local LAN subnets þ (Selected)
51. Click Next

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 152 of 155
 INSTRUCTOR VERSION

52. Configure the Business Intent Overlays and Template Groups.

a. RealTime: þ
(Selected)
b. CriticalApps: þ
(Selected)
c. Bulk Apps o
(Uncheck)
d. DefaultOverlay: o
(Uncheck)
e. CampusNetwork: þ
(Selected)
f. Default Template
Group: o (Uncheck)
g. Main: þ (Selected)

53. Click Apply

54. You should get an indication of success

for all the operations. If everything
looks ok, click Close.

55. At the top of the Appliance page,

click Save Changes

56. Click the arrow next to the group South Bay in Tree View to see the ECV-3 appliance
has been added to the group.

a. It will take a few minutes for ECV-3 to synchronize its

configuration with Orchestrator.

You may see a Warning message that an IP SLA monitor is in

the Down state. This is ok to ignore for now.

DST 8.10.x-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 153 of 155
Appendix D: Virtual Lab Topology
This diagram shows the topology of your virtual lab environment. The out of band management network uses 192.168.1.0. All masks
are 24 bit (255.255.255.0). Next hop router addresses for each subnet are shown above or below each router interface (actually in a
WAN emulator). Site 3 is a campus with 2 data centers, each with its own appliance.
Appendix E: Login Information and My Lab Access Code:

System/Platform User Password Notes

Student PC Administrator Speak-123 Virtual PC hosted at ReadyTech

VMware vSphere Client admin Speak-123 Via Chrome on Student PC

Orchestrator admin Speak-123 Default password initially: admin

EdgeConnect
admin Speak-123 Default password initially: admin
(ECV-1, ECV-2, ECV-3, ECV-4)

TG-01, TG-02, TG-03 Administrator Speak-123 The PCs at the 3 sites.

Use the Quickconnect button

FTP Servers on TG-0x anonymous Speak-123

Cisco CSR 100v Router This password is used after executing

None
the enable command.

hMail Server
Speak-123 Ask the instructor if this is required.

Kwanem root silverpeak

DST 8.10.13-8.3.1.x INSTRUCTOR-LED Student & Lab Guide v1.81 page 155 of 155