BlueCat eLearning Curriculum

INTEGRITY ESSENTIAL TRAINING

Overview:
An introduction to the core features and functions of Integrity. Provides an overview of the Address Manager interface and how to accomplish core DDI tasks, such as network modelling, configuring and deploying DNS and DHCP, server management and role-based access control .    

INTRODUCTION TO INTEGRITY

TOPICS:

1- Overview: An introductory tour of the core features and functions of Integrity.

2- What is Integrity: DDI, DNS, DHCP, IPAM, BAM, BDDS

3- BAM Object Model & Configuration: Inheritance, unique IPv4/IPv6 address space, multiple configurations

4- How Deployment Works: Deployment Roles and options, zone transfer

5- Data Management & Built-in Automation: Centralized point of management, create/control DHCP service settings, inheritance, links related records, data verification, Distributed Deployment, BAM API, Network Templates, Zone Templates, IPAM Modelling tools, Gateway workflows and Adaptive Apps and Plugins

6- Protecting Data with Redundancy & Security: XHA (Crossover High Availability), Anycast DNS, DNS Zone transfers, DHCP Failover, Automatic Continual Service Protection, Database replication, redundant servers, Threat Protection with Security Feed, DNSSEC, Systems Hardening, Identity and Access Management (IAM) with SAML-based SSO and OAuth 2.0 and federated identity

7- Monitoring, Tracking, Reporting & User Access Rights: Monitoring Service, SNMP MIBs and Traps, syslog redirection, Event List, Transaction History, Reports, Event Notification, User Accounts, Workflow Change Requests

8- Navigating in Address Manager: Login, My IPAM Page, Widgets, Dashboard, Main Navigation, Primary tabs, Configuration-specific tabs, Configuration selector, Global tabs, Secondary tabs, Breadcrumbs, Child Objects, Table View, Filters, UDF (User Defined Field), Customize Table, Tree View, DNS, Servers, Devices, TFTP, Groups, Administration, Quick Search, Advanced Search, Data Restore, Help, Change Password

9- Automating with Gateway: workflows, Adaptive Applications, Cloud Discovery & Visibility for AWS, Azure & Google Cloud, Global Server Selector, Device Registration Portal, Overlay for Microsoft, Adaptive Plugins

10- Review

Time to complete: 30 minutes

LAB- Integrity Lab 1: Getting Started (60 minutes)

IPv4 ADDRESS MANAGEMENT

TOPICS:

1- Overview: A look at the structure of IPAM data in Address Manager and learn how to easily manipulate IP objects like blocks, networks and IP addresses.

2- Blocks and Networks: Block definition, assignments, inheritance, network definition, assignments, Object Type Information, nestable, user-defined fields (UDFs), Child Objects.

3- Creating Blocks and Networks: Add a Block, object page, range link, breadcrumbs, show names in breadcrumbs, split a block, create partitions, data check, create a network, custom gateway, default gateway, delete network (any object).

4- Modeling Blocks & Networks: Resize block or network, restrictions with resizing, split block, split network, preserve gateway, default gateway per network, network list, move blocks & networks, tree view.

5- Grouping Blocks & Networks: Add a parent block, merge blocks, merge selected, merge networks, restrictions with merging networks, merge with parent blocks or networks.

6- Managing IP Space: Find first available IPv4 block, reuse existing unused ranges, find first available network, IP space use statistics, usage by IP allocation, usage by network allocation, define IP space statistics settings.

7- IPv4 Address Types & Allocations: Network ID, broadcast address, gateway address, editing gateway address, manually assigned IP address types, static, reserved, DHCP reserved, dynamically assigned IP address types, assigning IP addresses, standalone PTR records, duplicate name check, ping before assign, change IP assignment, clear IP assignment, move IPv4 address, find next available IPv4 address.

8- Review

Time to complete: 26 minutes

LAB- Integrity Lab 2: Blocks, Networks & IP Addressing (90 minutes)

DHCP CONFIGURATION

TOPICS:

1- Overview: Learn to quickly define, modify, deploy and manage DHCP ranges in Address Manager.

2- DHCP Refresher: IP address pool, DHCP server, DHCP options, lease expiry, lease renewal, DORA process, Discovery, Offer, Request, Acknowledge, leases file, dhcpd.conf, deployment.

3- Steps to deploy DHCP: Four easy steps to create and deploy DHCP.

4- Create a DHCP range: using IP addresses, using offsets, using offsets and percentage, split DHCP range, DHCP alerts, DHCP low watermark, DHCP high watermark, delete range.

5- DHCP Deployment Options: DHCP client options, DHCP service options, DHCP vendor options, overrides, default DHCP options, DHCP custom options, DHCP raw options.

6- DHCP Deployment Roles: primary, none, diagnostics, view DHCPv4 configuration, dhcpd.conf.

7- Resizing and Merging DHCP Pools: orphaned IPs, convert to DHCP reserved, convert to static, convert to unassigned, merge DHCP ranges

8- Dynamically Assigned Addresses & Exclusions: DHCP unassigned, DHCP assigned, DHCP free, DHCP reserved, DHCP excluded, DHCP abandoned.

9- DHCP Validation: configuration level DHCP validation, server level DHCP validation, DHCP validation log.

10- Review

Time to complete: 25 minutes

LAB- Integrity Lab 3: DHCP Configuration (70 minutes)

DNS FUNDAMENTALS

TOPICS:

1- Overview: Refresher on how DNS works, and walkthrough the fundamentals of configuring DNS in Address Manager.

2- DNS Refresher: Domain Name System, FQDN, Root zone, TLD, SLD, subdomain, root servers, TLD nameservers, authoritative nameservers, resolvers, and recursion.

3- DNS Views & Zones: DNS namespace, DNS zone, BAM DNS hierarchy, create a view, multiple views, inheritance.

4- Creating a DNS Zone: Add a zone from the View level, edit zone settings, add a zone from the zone level, deployable zone.

5- Zone File: Zone file directives: origin, TTL; resource records: SOA, NS, A, AAAA, CNAME, glue records; comments, reading a zone file.

6- Creating Resource Records: Create and manage common resource record types in BAM: Host, CNAME, TXT, MX and other resource record types. Five different ways to create resource records in the BAM UI, including: Resource Records tab; Quick Action Widget; assigning IP Addresses; importing DNS records; or Bulk DNS Update.

7- SOA Records: Working with SOA records in BAM, including default SOA values: MNAME, RNAME, refresh value, retry value, expire value, minimum value; zone transfers; SOA serial number; add or edit SOA records.

8- DNS Redundancy: Secondary DNS, xHA, Anycast, Secondary DNS, Authoritative nameservers, BAM deployment roles: Primary, Hidden Primary, Secondary, Stealth Secondary; zone transfer, TSIG Keys, Configure Primary/Secondary server roles in BAM. 

9- Reverse DNS: PTR records, IPv4/IPv6 reverse address space, purpose of reverse DNS, configure reverse zones and PTR records in BAM, view the .db file.

10- Review

Time to complete: 35 minutes

LAB: Integrity Lab 4: DNS Configuration (70 minutes)

MANAGING DNS DEPLOYMENT

TOPICS:

1- Overview: Configure DNS deployment roles and DNS deployment options to deploy server data.

2- DNS Deployment Roles: Primary and secondary deployment roles, TTL, zone settings.

3- Types of Deployment: Full deployment, differential deployment and quick deployment.

4-  DNS Deployment Options: DNS options, DNS raw options, SOA option, allow dynamic updates, allow zone transfers, allow notify, refresh value, retry value and expire value.

5- Access Control List (ACL): Add new ACL, global ACL, allow recursion, allow query, match clients, linked objects, delete ACL.

6- Recursive DNS: Caching resolvers, recursion deployment role, allow recursion DNS option, Root hints.

7- Global Forwarding, Forwarding Zones and Stub Zones: Forwarders, forward first and forward only.

8- DNS Validation: Enable DNS zone validation, View DNS log files, deployment data validation report, report schedule. 

9- Review 

Time to complete: 23 minutes

LAB: Integrity Lab 5: DNS Architecture (35 minutes)

USER ACCESS MANAGEMENT

TOPICS:

1- Overview: User accounts, access types, adding user accounts and setting privileges. 

2- User Accounts & Access Types: Authentication system, user accounts, LDAP groups, TACACS+, administrator and non-administrator levels, access types, GUI, API, security privilege, history privilege.

3- Authenticators: External authenticators, LDAP authenticator.

4- Groups: User groups, LDAP groups, TACACS+, SSO groups.

5- LDAP Users: Login as an LDAP user.

6- Managing Address Manager Users: Add, Edit, Lock, Unlock, delete and reset users, view user sessions.

7- Access Rights: Hide, view, change and full access;  access right settings, default access rights, administrative access rights.

8- Workflow Levels: workflow settings and configurations.

9- Object Audit Trail & Transaction Details: History privilege, view history list, transaction details fields, data retention settings.

10- Review

Time to complete: 19 minutes

LAB- Integrity Lab 7: User Access Management (30 minutes)

BLUECAT INTEGRITY CERTIFIED ASSOCIATE
EXAM

Overview:
This exam will verify the knowledge required of associate-level network professionals to understand BlueCat Integrity essentials, including IPv4 address management, DHCP and DNS configuration and deployment, server administration and monitoring, and user access management on BlueCat Address Manager and DNS/DHCP servers.
 
Time to complete:
1 hour 

INTEGRITY DNS PROFESSIONAL TRAINING

Overview:
A deep dive into Integrity DNS features and functions, including multiple DNS Views and Configurations, Dynamic DNS, DNS  logging & DNS Activity.   

MANAGING DNS VIEWS & ZONES

TOPICS:

1- Overview: DNS multiple views, match clients,  query handling in a multi-view configuration, and configuring zone templates.

2- Multiple DNS Views: Multiple Views and match clients.

3- DNS Multi-view Configuration: Query-handling in a multi-view configuration.

4- DNS Zone Templates: Configure, assign and update zone templates, DNS deployment roles and options, zone transfer.

5- Review 

Time to complete: 11 minutes

MANAGING DYNAMIC DNS (DDNS)

TOPICS:

1- Overview: How dynamic DNS works, allow dynamic updates, configure secure DDNS updates, DHCP zone declarations, DDNS deployment options.

2- Introduction to Dynamic DNS: How dynamic DNS works; step-by-step walkthrough of DDNS processes including bcn-nsupdate.

3- Allow Dynamic Updates option: Allow dynamic updates deployment option and settings to configure.

4- DHCP Zone Declaration: Configure DHCP zone declaration settings.

5- Securing Dynamic Updates: Secure DDNS updates using a TSIG key, limit dynamic updates, configure forward and reverse zone declarations, add DDNS deployment options.

6- Review

Time to complete: 21 minutes

LAB- Integrity Lab 8: Dynamic DNS (40 minutes)

DNS LOGGING

TOPICS:

1- Overview: A look at syslog and how to view data, query logging, and configuring logging channel data.

2- The Syslog: IP address pool, DHCP server, DHCP options, lease expiry, lease renewal, DORA process, Discovery, Offer, Request, Acknowledge, leases file, dhcpd.conf, deployment.

3- Query Logging: Four easy steps to create and deploy DHCP.

4- Logging Channel: using IP addresses, using offsets, using offsets and percentage, split DHCP range, DHCP alerts, DHCP low watermark, DHCP high watermark, delete range.

5- Review

Time to complete: 19 minutes

DNS ACTIVITY

TOPICS:

1- Overview: Walkthrough Integrity DNS activity, why and how to use, the architecture, and demonstrate ways to configure using Splunk, HTTP, or API.

2- What is DNS Activity?: Overview of DNS Activity features and benefits.

3- Benefits of DNS Activity: Capture and filter DNS Activity  by domain, source IP and query/response, simplified Query logging architecture, complete log data.

4- DNS Activity vs Query Logging: Comparing log data, formats, filtering, and configuration.

5- DNS Activity Architecture: Main components including DNStap, BIND, and Vector log service.

6- Configure DNS Activity in BAM using Splunk: Configure from a Splunk endpoint and view DNS Activity updates and responses.

7- Configure DNS Activity in BAM using HTTPS: Send DNS Activity data to an HTTPS endpoint.

8- Configure DNS Activity using API: Requests to BAM input from Postman.

9- Review 

Time to complete: 19 minutes

BLUECAT INTEGRITY DNS CERTIFIED PROFESSIONAL
EXAM

Overview:
This exam will verify the knowledge required of DNS professionals to configure and manage DNS architectures, multiple views and zones, Dynamic DNS, query logs and channels, and DNS Activity in BlueCat Integrity.
 
Time to complete:
1 hour 

SERVER MANAGEMENT PROFESSIONAL TRAINING

Overview:
A deep dive into how to deploy, configure, and maintain BlueCat hardware and virtual appliances. This includes step-by-step installation, initial CLI setup, enabling key services (iDRAC, SSH, NTP, SMTP, Syslog), and using Integrity’s Monitoring for system health. The path also covers database management, xHA, audit retention, replication, software updates, and high availability for reliable, secure operations

SERVER ADMINISTRATION

TOPICS:

1- Overview: BlueCat hardware and virtual appliances, and a step-by-step walkthrough of how to install BAM appliances and initial configurations.

2- BlueCat Servers Set-up: Gen 4 servers, QPS, LPS, virtual servers, Installation guide.

3-  iDRAC Configuration: Telemetry streaming; enable NIC..

4- Initial Server Configuration: Admin password, IP address assignment, gateway address, host name, name server address, timezone, set date and time.

5- Configuring BAM Services: SMTP, SSH, NTP, Syslog.

6- BAM Global Settings and Configurations: change control comments, user session timeout, disclaimer, breadcrumbs, quick action - last selected IP, additional supported locales - language support, custom reverse zone format, default configuration, add configuration, associate shared network tag group.

7- Managing BDDS: add a BDDS to BAM control, disable a BDDS, replace a BDDS, delete a BDDS from BAM.

8- Review

Time to complete: 22:20 minutes

SYSTEM & EVENT MONITORING 

TOPICS:

1- Introduction: Configuring SNMP polling and traps, and Integrity's built-in monitoring service on BAM and BDDS..

2- Overview of SNMP: polling, traps, 5 steps to set-up monitoring in BAM and BDDS.

3- Enabling SNMP on BAM: Polling period, SNMP version, community string, authentication type.

4- Monitoring Service Configuration: Polling interval, SNMP Port, failure detection count.

5- SNMP Polling in Integrity: Polling period, SNMP version, community string, authentication type.

6-System Metrics: CPU utilization percentage, tracking back time, memory utilization percentage, network utilization percentage, disk utilization percentage

7- SNMP Traps: Network Management System, Trap Server.

8 -Notification Groups & Event Level Subscriptions: Trap Group, subscribe to event levels, event level descriptions table, track event notifications.

9 - MIBs & OIDs: BlueCat BAM & BDDS MIBs and OIDs

10- Review

Time to complete: 24 minutes

LAB- Integrity Lab 6: Server Administration & Monitoring( 35minutes)

DATABASE MANAGEMENT & XHA

TOPICS:

1- Overview: Managing and maintaining the BAM database, BAM & BDDS software updates, audit data export & retention, BAM database backup & replication, crossover high availability and more.

2- Audit Data Export & Retention: Highlights the Audit Data Export and Audit Data Retention features in BAM. Enable export audit data for compliance reporting, manage and maintain the BAM database.

3- Database Backup: enabling backup scheduling service, configuring a scheduled backup, executing a manual backup, and restoring the backup from the BAM CLI.

4 - BAM Database Replication: disaster recovery, setup, latency considerations, preparation for replication, establishing trust relationships, configuration requirements, and how to reset replication

5- BAM Software Updates & Hotfixes: Steps to prepare for an upgrade: update BAMs in; replication, how to apply an update, and what to do if you experience warning messages or need to roll back an update.

6- BDDS Software Updates: perform an upgrade, including preserving custom scripts; backing up custom files, and reviewing the release notes.

7 - BDDS Hotfixes: Install hotfixes and patches on BDDS servers from BAM.

8 - xHa Overview: An overview of xHA, along with xHA pairs, including the primary and standby server, and how replication works.

9- Managing xHA: Learn how to create an xHA pair in a default management set up. xHA requirements - removing all deployment options and roles from a standby server, steps to create an xHA pair, view the status and deploy.

10 -Testing, Repairing, & Breaking xHA: switching the active and passive servers in an xHA cluster, how failover works. Repair an xHA pair after a failover, and how to break apart an xHA pair if and when needed.

11- Review

Time to complete: 30 minutes

LAB- Integrity Lab 10: Server Administration & Monitoring( 40 minutes)

BLUECAT SERVER MANAGEMENT CERTIFIED PROFESSIONAL EXAM

Overview:
This exam will verify the knowledge required of DNS professionals to deploy, configure and maintain BlueCat hardware and virtual appliances, including knowledge on initial CLI setup, enabling key services, Integrity’s Monitoring for system health, database management & xHA. 
 
Time to complete:
1 hour 

INTEGRITY FUNDAMENTALS TRAINING

Overview:
A deep dive into Integrity DNS features and functions, including multiple DNS Views and Configurations, Dynamic DNS, DNS  logging & DNS Activity.   

INTEGRITY IPAM ADVANCED

TOPICS:

1- Overview: Advanced IPAM features in Integrity, including IP Groups, IP Templates and IP Discovery & Reconciliation.

2- IP Groups: Assign specific users or groups access rights to any defined IP range using IP Groups; access permissions, create an IP Group, group access rights.

3- IPv4 Templates for Networks: Apply settings on many network objects, create IP templates, create quantities of networks using the same settings.

4- IPv4 Templates - Deployment Options: Create IP templates to standardize deployment options applied to blocks, networks, DHCP ranges and DHCP reserved addresses.

5- IP Discovery: IP discovery, IP reconciliation, SNMP Discovery Process layer 3/2, pingsweep discovery, IP discovery best practices.

6- IP Reconciliation Policy: Reconcile or add discovered IPv4 or IPv6 addresses to BAM data, create/add IP reconciliation policy, FQDN & DNS reverse lookup, schedule discoveries, acceptance criteria, override list.

7- Reconciling IP Addresses: Automatic/manual reconciliation, discovery status, discovered IP states: unknown, reclaimable, mismatch, reconciliation options.

8- Review

 Time to complete: 29 minutes

INTEGRITY IPv6 & DHCP MANAGEMENT

TOPICS:

Overview: How dynamic DNS works, allow dynamic updates, configure secure DDNS updates, DHCP zone declarations, DDNS deployment options.

1- IPv6 Management: IPv6 addresses/abbreviations, global address space, local address space, create IPv6 child blocks/networks, assign/manage IPv6 addresses.

2- DHCP Advanced Features: Configure shared networks, vendor profiles, match classes, MAC Pools, set DHCP alerts.

3- DHCP Failover: Configure DHCP failover, DHCP failover architecture, failover states, failover deployment roles, failover deployment options, failover commands.

Time to complete: 30 minutes

LAB- Integrity Lab 9: DHCP Failover (25 minutes)

INTEGRITY SERVER MANAGEMENT

TOPICS:

1- General Administration: Network interfaces, global settings, create a configuration.

2- Updates & Patches: Obtain and apply updates and patches, dual partition.

3- Getting the System Ready: BAM console (CLI), setting passwords for built-in user accounts, BAM hostname; configuring network settings, time, time zone & date; configuring SNMP & NTP, adding servers, enabling monitoring.

4- Data Management & User-Defined Fields: Data checker, database replication, database re-indexing; history, archive, purge; back-up & restore BAM database, user-defined fields.

5- Monitoring & Tracking: Configure monitoring, event list, event details, view & search transaction history, configure & schedule reports, notification groups, BAM log files.

6- Object Tags & Devices: Create object tag groups & object tags, use object tags to manage IPAM data, create devices, manage multi-home devices, create device tyles, categorize devices.

Time to complete: 55 minutes

INTEGRITY CROSSOVER HIGH AVAILABILITY (xHA)

TOPICS:

1- Understanding xHA: How xHA works, interfaces, heartbeat, distributed replicated block device (DRBD), xHA Backbone, failover scenarios.

2- Configuring xHA: configure an xHA cluster, xHA status, show high-availability, view an xHA pair, xHA properties.

3- Managing xHA: Manual xHA failover, upgrade/repair/break an xHA cluster, xHA vs DHCP failover.

Time to complete: 14 minutes

INTEGRITY RESPONSE POLICY ZONES & THREAT PROTECTION

TOPICS:

1- RPZ Overview: How RPZs work, DNS server responses, configuring RPZs

2- Response Policy: Define a response policy, configure a response policy zone.

3- Wildcards: Adding policy items, adding domain names to block domains.

4- Results of RPZ: How RPZs stop employees from accessing sites that violate policy.

Time to complete: 12 minutes

INTEGRITY FUNDAMENTALS CERTIFIED PROFESSIONAL
EXAM

Overview:
This cumulative exam will verify the knowledge required of DNS professionals to understand BlueCat Integrity fundamentals, IPv4 & IPv6 address management, DHCP and DNS advanced configuration, and high availability server management.
 
Time to complete:
1 hour 

INTEGRITY SECURITY PROFESSIONAL TRAINING

Overview:
Introduces security concepts for DNS and provides guidance on securing DNS infrastructure, building secure DNS architectures and leveraging the DNSSEC protocol and implementation with Integrity.  

SECURING DNS INFRASTRUCTURE

TOPICS:

1- Overview: Securing DNS, DNS security threats, securing Address Manager, HTTPS and SSL certificates, Public Key Infrastructure, Identity Access Management, system hardening and best practices .

2- Securing DNS: DNS security, CIA triad goals, DNS components that require securing.

3- Types of DNS Security Threats: DNS attacks, denial of service (DoS), distributed denial of service (DDoS), ways to prevent DNS attacks

4- Securing Address Manager: STIG and PCI compliance with BlueCat Integrity.

5- HTTPS & SSL Certificates: HTTPs settings in BAM and how to configure custom and self-signed certificates.

6- Public Key Infrastructure: PKI use cases, how encryption works, digital signatures, digital certificates, certificate authority (CA), certificate chain order.

7- Identity Access Management: IAM, methods of IAM, SSO and OAuth configuration.

8- System Hardening: Securing a network, BlueCat system hardening, deployment and notifications, Address Manager Firewall.

9- Best Practices: BlueCat's recommendations for securing network and DNS infrustruture.

10- Recap

Time to complete: 40 minutes

LAB- Integrity Lab 11: Securing DNS Infrastructure (45 minutes)

SECURE DNS ARCHITECTURES

TOPICS:

1- Four Quadrant Architecture Model: BlueCat's model for building secure DNS Architectures. 

2- Four Quadrant Architecture Best Practice: Secure and redundant implementations of the four quadrant architecture model as a best practice. 

3- Four Quadrant Architecture in Practice: A look at a typical DNS setup in a small organization and the steps to improve DNS security and performance through application of the four quadrant model.

Time to complete: 14 minutes

DNSSEC & ADVANCED DNS

TOPICS:

1- Overview:  DNSSEC components and functions, and how to configure DNSSEC with Integrity.

2- What is DNSSEC? How digital signatures authenticate DNS responses for integrity and authenticity. DNS vulnerabilities; public key cryptography; key pairs; DNSSEC role in data origin authentication, integrity, and denial of existence prevention.

3- DNSSEC Core Requirements & Terminology: Requirements for enabling DNSSEC, validating resolvers, authenticating signed DNS responses, authoritative servers, signing zone data; chain of trust, public and private keys.

4- DNSSEC Resource Records: Resource record signature (RRSIG), DNSKEY, key signing keys (KSK), zone signing key (ZSK), delegation signer (DS), DNSSEC chain of trust, proof of non-existence records—NSEC, NSEC3, and NSEC3PARAM.

5- DNSSEC Responses & Validations: DNSSEC-enabled response,  AD flag, OK flag, validation, RRSIG generation, how a DNSSEC response is validated.

6- DNSSEC Query Validation Process: Steps involved for a DNSSEC-enabled resolver to send a validated response to a client; standard DNS resolution versus resolution with a validating resolver.

7- DNSSEC on BlueCat Authoritative: steps to DNSSEC-enable authoritative BlueCat servers, key rollovers, scheduled deployments, key-signing key (KSK) updates, validate DNSSEC-enabled responses.

8- BlueCat Validating Resolver: Enable a DNSSEC validating resolver on BlueCat BDDS servers. Automatic validation: using the root as the trust anchor. Configured trust anchor with manual validation. Manually configuring trust anchors.

9- Review

Time to complete: 42 minutes

LAB- Integrity Lab 12: DNSSEC & Advanced DNS Topics (70 minutes)

BLUECAT SECURITY CERTIFIED PROFESSIONAL
EXAM

Overview:
This exam will verify the knowledge required of DNS professionals to understand DNS security concepts, as well as practical techniques for securing BlueCat Address Manager infrastructure, building secure DNS architectures, and configuring DNNSEC on BlueCat servers.
 
Time to complete:
1 hour 

BLUECAT ADVANCED CERTIFIED PROFESSIONAL
EXAM

Overview:
This cumulative exam will validate the knowledge required of networking professionals to understand DNS security and advanced IP address management concepts, as well as practical techniques for securing BlueCat Address Manager and DNS queries including DNNSEC, response policies and threat protection..
 
Time to complete:
1 hour 

SUPPORT PROVIDER FUNDAMENTALS

Overview:
A deep dive into Linux systems and tools, services and configuration files, validation and system logs, scripts, datarakes and other system tools and processes used to support BAM and BDDS.   

LINUX TOOLBOX 1

TOPICS:

1- Directory Structure on BlueCat Appliances: Working with linux, file and directory management, change directories, print working directory, list directory contents.

2- Copy, Move, & Create File Links: Move files, copy files, symbolic links (symlinks), create a soft link/symbolic link between files and directories. 

3- Read and Manipulate File Contents: Text file basics, display file contents, display the bottom of a file, display new lines of a file; system input, output & redirect; append and pipe, combine two files, print to STDOUT, text file advanced. 

4- Search files: Regular expressions (aka regex), search file contents, additional parameters for grep, grep and escape characters, colorize grep matches, process text as columns, changing the delimiter for AWK, find and replace file contents. 

5- Manage Processes & Network Properties: Network management, managing IP addresses, managing ARP & routing tables, resource management, managing memory and processes, view running processes, stop a running process.

Time to complete: 30 minutes

SUPPORTING BDDS

TOPICS:

1- DNS Service: DNS configuration files, named.conf configuration file, zone.conf configuration files, zone.db files, DNS zone.db filenames, DNS journal files.

2- DHCP Service: DHCP configuration files, dhcpd.conf, leases database file dhcpd.leases; minimum, maximum & default lease time; SNMP Service, SNMP config. file snmpd.conf, commonly polled objects, BlueCat MIB files. 

3- AnyCast Service: Quagga, anycast configuration files ospfd.conf, anycast configuration files zebra.conf; firewall service, Integrity DDS firewall.

4- DNS/DHCP Server Log Files: DNS/DHCP system log, common syslog errors - dhcpd; common syslog errors - named; DNS/DHCP command server log, DNS/DHCP server scripts and shortcuts, DNS/DHCP server aliases

5- DNS/DHCP Server System Passwords: Resetting the deployment password, resetting the admin password, resetting the root password.

Time to complete: 45 minutes

SUPPORTING BAM

TOPICS:

1- Deployment Service: Types of deployment, common deployment configuration and operation files, deployment process, full deployment XML, differential deployment XML, deployment status.

2- Notification Service: Notification queue, notification process, notification health check.

3- Database Service: Database maintenance, BAM log files, system log, BAM server log, BAM scripts and aliases, built-in application accounts, resetting the BAM admin password.

Time to complete: 25 minutes

DATARAKE DIAGNOSTICS

TOPICS:

1- Datarake Diagnostics: Datarake diagnostics collector, datarake process, datarake contents: platform, resources, networking, BlueCat software; troubleshooting; collected by datarake.sh, how Customer Success uses datarake.sh, datarake archive process.

Time to complete: 14 minutes

LINUX TOOLBOX 2

TOPICS:

1- SSH: Log into a remote system.

2- DNS Query Tools: DNS query tools, query a website or device to see info about the host, reading the results of DIG, variables in the dig header, display the name server of a domain, display high-level DNS details. 

3- Networking Tools: Read and write data, TCP only, port scanning with netcat, BAM service ports, view packets moving through an interface, refining the analysis of tcpdump, examining packets with wireshark, packet tracking between a query and target server.

4- BIND and Named: BIND, named, control DNS functions through command line, view status of named device with RNDC status, enable/disable querylogging, flush cached records; view status of all network entities with SNMP; object identifiers and management info bases, enabling SNMP, SNMP walk command, reading SNMP walk output, commonly polled objects

Time to complete: 24 minutes

BLUECAT SUPPORT PROVIDER ADVANCED CERTIFIED 
EXAM

Overview:
This exam will verify the knowledge required of advanced networking professionals to troubleshoot and manage BlueCat Integrity through demonstrated familiarity with the directory structure of BlueCat appliances; configuration files for DNS, DHCP, SNMP, and Anycast; deployment and notification operations; datarake diagnostics; and command line tools used to support BlueCat appliances.
 
Time to complete:
1 hour 

EDGE ESSENTIAL TRAINING

 Overview:
Introduction to the core features and functions of Edge - describing its role as a DNS forwarding and caching server, and its DNS routing, threat detection, and reporting capabilities. 

INTRODUCTION TO EDGE

TOPICS:

1- Overview: Core features and functions of Edge, DNS forwarding and caching server, DNS routing, threat detection, reporting.

2- What is Edge?: Intelligent forwarding, threat detection and remediation, visibility and reporting, policy actions, DNS activity, threat activity logs.

3- Main Components: DNS Edge Cloud, Edge Service Points; configure service points, namespaces, forwarders; set policies, define routes, filter DNS data, sites, site groups, domain lists, BlueCat threat protection, Edge namespaces, resolve queries efficiently. 

4- Navigating Edge: World map, statistics panel, top navigation, policy activity, QPS activity, IP engagement, top 5 queried domains, DNS Service, service point management, administration, analytics resaerch zone, insights, query logs, reports, help, & account settings.

5- Intelligent Forwarding: DNS forwarding policy management, service points, query assessment, policies, namespaces, multiple namespaces, namespace parameters, split view, latency, localization, direct query path, cloud, reduced risk migrations, stealth migrations, mergers & aquisitions, Cisco Umbrella integration.

6- Threat Detection & Remediation: Defend against phishing attack, browser-based attack, attack vulnerability, identify compromised tunnel client.

7- Visibility & Reporting: query logs, insights, reports, analytics research zone, filtering.

8- Review

Time to complete: 32 minutes

LAB- EDGE Lab 1: DNS Foundations (30 minutes)

GETTING STARTED WITH EDGE

TOPICS:

1- Overview: How Edge works to route queries and collect query data; configuring an Edge environment, Edge in a best practice DNS architecture, sites, service points, namespaces, domain and IP match/exception lists, response codes.

2- Edge in a DNS Architecture: Edge in a best practice DNS architecture, internal recursive, caching, forwarding, DNS resolver, placement of Edge service points.

3- Standard vs Edge query resolution: Standard query resolution, Edge query resolution, Edge resolvers, multiple namespaces, DNS record management.

4- Sites, Service Points and Namespaces: Relationship between Edge sites, service points and namespaces, and the sequence for configuring them; set  Policies and Location data for service points, configure a site.

5- Domain & IP Lists: Route queries with Namespaces configured with Domain lists and IP address lists; Service Point policies that allow, block, redirect or monitor specific domains or specific client IP addresses.

6- Namespace Settings and Forwarders: Namespace configuration, CISCO Umbrella, TTL, EDNS Client Subnet, serving expired queries from the cache, multiple forwarders, Edge load balancing.

7- Namespace Routing: Routing parameters for namespaces: response codes, domain lists, IP lists, match & exception lists.

8- SPv4: Overview of SPv4 features, range of services, view health status, OS and services updates; security, reliability, diagnostic and troubleshooting features.

9- Review

Time to complete: 32 minutes

LAB- EDGE Lab 2: Navigating EDGE (45 minutes)

LAB- EDGE Lab 3: Domain Lists, Namespaces & Sites (40 minutes)

CONFIGURING POLICIES

TOPICS:

1- Overview:  Introduction to Edge policy types, actions, use cases and  Edge policy assessment, create a policy and define criteria, best practices, threat protection feeds, and policy implementation strategies.

2- What are Policies?: Policy basics, what is a policy, where is it applied, what can it do and how is it triggered.

3- Policy Types: Block, Block with Redirect, Monitor and Trust; policy actions, query paths under different policy conditions, example use cases, configuring a Global Trust Policy.

4- Policy Assessment & Actions: Policy actions on Edge queriy questions and answers, query paths in different scenarios; multiple policies matching a query, CNAME records, NS records, Time and Date criteria.

5- Creating a Policy: Create a policy in Edge, criteria that can be used to trigger a policy response.

6- Policy Actions for Potential Threats: Edge threat assessment, threat indicators, threat types, DGAs, Tunelling, and how to use policies to monitor or block queries identified as potential threats.

 7- Policy Best Practices: Best practices for policy implementation, including threat protection feeds, and policy implementation strategies.

8- Review

Time to complete: 27 minutes

LAB- EDGE Lab 4: Working with Policies (45 minutes)

LAB- EDGE Lab 5: Edge Workshop (45 minutes)

BLUECAT EDGE CERTIFIED ASSOCIATE
EXAM

Overview:
This exam will verify the knowledge required of networking professionals to understand DNS Edge architecture, components, query resolution and to configure Service Points, namespace forwarding and Edge policies.
 
Time to complete:
1 hour 

MICETRO ESSENTIAL TRAINING

Overview:
Introduction to the core features and functions of Micetro, navigating the system, and IPAM, DHCP and DNS Management. 

INTRODUCTION TO MICETRO

TOPICS:

1- Navigating Micetro: Walkthrough of the Micetro user interface and main features.

2- IPAM/DHCP Management: A look at how network, range and DHCP scope data is organized; How to create and access distinct IP address spaces; IP address assignments for Ranges and DHCP scopes; using the Quick Command tool and Folders.

3- DNS Management: A look at zones and zone types, using Quickfilter regular expressions, creating and editing DNS records, and using the Workflow system.

Runtime: 20 minutes

GETTING STARTED WITH MICETRO

TOPICS:

1- Introduction: A quick course introduction to Getting Started with Micetro.

2- Micetro Components: A walkthrough of Micetro and its components: Micetro Central, Data Storage, Micetro Agents or “server controllers”, and the Web Application.

3- Architecture: A quick look at Micetro Architecture and the three stacks that it is comprised of: User, Micetro, and Services. 

4- Data Storage & Controllers: Looking into the installation considerations for Micetro data storage and service controllers. 

5- Micetro Installation on Windows: A quick walkthrough demonstration on how to properly install Micetro on Windows. 

6- Adding a Service: A walkthrough on adding DNS or DHCP services with Micetro. 

7- Custom Properties: A demonstration on how to set up custom properties with Micetro. 

8- Import IPAM Data: A look at how to import IP address ranges or IP addresses into Micetro using the Import wizard.

9- Role Based Access Control: A quick review of Role Based Access Control in Micetro. 

10- Review: A recap of all the topics covered in this course.

Runtime: 25 minutes

LAB- MICETRO Lab 1: MICETRO 101 (90 minutes)

BCIA 

Overview:
Introduction to the core features and functions of BCIA, and its proactive visibility, alerting and root cause analysis capabilities. 

INTRODUCTION TO BCIA

TOPICS:

1- Introduction to BCIA: Difference between reactive and proactive solutions; eight core functions of BCIA that enable proactive visibility, alerting and root cause analysis.

2- Navigating BCIA: Walkthrough of the BCIA platform, including the Dashboard, Issues and detailed issue reviews, Analysis & Reporting, Devices, Settings, and codified knowledge contained in Indeni Explorer.

Runtime: 12 minutes

LAB- BCIA Lab 1: BCIA for Integrity (40 minutes)

LAB- BCIA Lab 2: BCIA for Firewall - Palo Alto (40 minutes)

LAB- BCIA Lab 3: BCIA for Firewall - Checkpoint (40 minutes)

NEW FROM BCIA

Overview:
Want to see what's brand new with BCIA? Our product specialists and engineers will provide in-depth technical training on new features and releases.

BLUECAT INFRASTRUCTURE ASSURANCE 9.0

TOPICS:

1- Introduction: Intro to Firewalls, Integrity, New Devices/Releases, Visibility, Proactiveness, and Automation.

2- Firewalls: BCIA for Firewalls, Checkpoint Maestro Security Solutions, Security Groups, SMOs, VSX.

3- Integrity: DNS Lookup with different configurations,  Demonstration of BCIA 9.0 for Integrity

4- Edge:  Demonstration of BCIA 9.0 for Edge

5- Platform: New features, OS, UI, Automation, Manifest, Reports, Demonstration of Platform changes

Time to complete: 30 minutes

BLUECAT INFRASTRUCTURE ASSURANCE 25.1

TOPICS:

1- Introduction: Multi-homed ISP Failure Monitoring, Manifest Enhancements, Live DDI Analytics Technology Preview, BCIA Freemium

2- Multi-homed ISP Failure Monitoring

3- Manifest Enhancements

4- Live DDI Analytics Technology Preview - Overview

5- Live DDI Analytics Technology Preview - Demo

6- LiveNX 25.1 & LiveNX Assurance - Network Security Integration

Time to complete: 45 minutes

HYBRID CLOUD PROFESSIONAL

DDI FOR HYBRID CLOUD

TOPICS:

1- Overview: BlueCat's Hybrid Cloud offering, DDI considerations and best practices for migrating to cloud.

2- Benefits of Cloud: Benefits of moving to cloud, BlueCat Terraform, and the benefits of APIs.

3- Questions for DDI Professionals: Maintaining visibility, controls in the cloud, managing changes, DNS infrastructure. 

4- Cloud Discovery & Visibility Overview: Introduction to CD&V for managing DDI in hybrid cloud environments.

5- Hybrid DNS Update: Introduction to HDU for managing DDI updates in hybrid cloud environments.

6- BAM & BDDS in the Cloud: Virtual BAM & BDDS architectures.

7- Edge Intelligent Forwarding: Advanced threat protection, policy-based network security, analytics, resolution path management, DNS Edge Cloud, service points, namespaces, intelligent forwarding query path, DNS routing table.

8- Cloud Strategies and Best Practices: Cloud adoption planning, cloud-only, cloud-first, hybrid cloud, multi-cloud, best practice - any cloud.

9- Architecture & Best Practices: Benefits & issues with cloud-provided DNS, cloud DNS & DHCP best practices, cloud only/cloud first best practice, hybrid cloud DNS best practice, cloud DNS best practice, DHCP & DHCP failover in the cloud, transitions to the cloud.

10- Review

Time to complete: 40 minutes

CLOUD DISCOVERY & VISIBILITY

TOPICS:

1- Introduction: Overview of CD&V in AWS.

2- Discoverable Resources & Permissions: Discoverable AWS resources, security settings in AWS, running Discovery & Visibility service.

3- Install CD&V: Preinstallation set-up, docker workspace and log directories, 2 ways to install and run CD&V. 

4- Administrative User: Steps to create a BlueCatGateway UDF, and an administrative user in Address Manager for BlueCat Gateway.

5- Building Infrastructure with AWS: Create VPCs, enable host names, create subnets, attach VPCs to an external Gateway, create EC2 resources, setup a Load Balancer, and create private and public hosted zones in Route 53.

6- Configuring CD&V for AWS: Configure CD&V Settings, detrmine resources to be imported and where they will go in BAM. 

7- Discovery & VIsibility Management: View and manage Discovery and Visibility jobs, job tables; view histories; starting/stopping/terminating jobs,  update security credentials.

8- Save, Import, Export & Redundancy: Create redundant instances of CD&V; save, export and import visibility jobs, set up persistent storage of visibility jobs on disk, restore visibility jobs.

9- AWS Resources in BAM: Imported BAM resources; CD&V setup-specified configurations; how resources appear in IP Space, DNS or Devices pages in BAM.

10- AWS Visibility in Action: Demonstrations of AWS resources being added and made visible in BAM.

Time to complete: 45 minutes

HYBRID DNS UPDATE

TOPICS:

1- Introduction:  Introduction to BlueCat Hybrid DNS Update, extending CD&V by enabling instant updates to authoritative DNS data across multiple cloud and on premise providers.

2- Prerequisites & Installation: Prerequisites, docker workspace data and logs directory, installation walkthrough.

3- Administrative User: Create a UDF, create administrative user for Gateway in BAM.

4- Hybrid DNS Update UDFs: Policy actions on Edge queriy questions and answers, query paths in different scenarios; multiple policies matching a query, CNAME records, NS records, Time and Date criteria.

5- Hybrid DNS Update UDFs: Installation workflow steps, adding external DNS service providers, up and running with Hybrid DNS Update.

6- Privilege Elevation: Restrict write access in BAM, privileged service account, set-up privilege elevation using docker/installation workflow, configure restricted user in BAM.

7- Hybrid DNS Update in Action: Adding/deleting host record in HDU, view changes in BAM and AWS. 

8- Use Cases & APIs: automate DNS changes, deploy in a datacenter, update DNS records, deploy in cloud.

9- Review

Time to complete: 23 minutes

HYBRID CLOUD CERTIFIED PROFESSIONAL
EXAM

Overview:
This exam will verify the knowledge required of DDI networking professionals to understand and build BlueCat DNS and DHCP architectures in hybrid cloud environments. Earners have demonstrated comprehension of DDI considerations and best practices for migrating to cloud, Cloud Discovery and Visibility, and Hybrid DNS Update.
 
Time to complete:
1 hour 

DNS, DHCP & IPAM

Overview:
Agnostic DDI training on foundational protocols and technologies.

DHCP 101

TOPICS:

1- Introduction

2- What is DHCP?

3- DHCP in the Enterprise Space

4- History of DHCP> Before DHCP

5- History of DHCP> BOOTP to DHCP

6- How DHCP Works> DHCP Components

7- How DHCP Works> DORA Process Overview

8- How DHCP Works> DORA Step by Step

9- How DHCP Works> Lease Renewal

10- How DHCP Works> Rebooting

11- How DHCP Works> Lease Length

12- How DHCP Works> Choosing an IP

13- DHCP Message Format> Network Packets

14- DHCP Message Format> DHCP and the OSI Model

15- DHCP Message Format> DHCP Messages

16- DHCP Options> Options Section

17- DHCP Options> Common DHCP Options

18- Network Architecture> Scopes

19- Network Architecture> Reservations and Exclusions

20- Network Architecture> Relay Agents

21- DHCP Server Files> Server Files Overview

22- DHCP Server Files> DHCP Server Configuration File

23- DHCP Server Files> Leases File

24- Conclusion

Time to complete: 60 minutes

DHCP 101 CERTIFICATION EXAM

Overview:
This exam will validates the knowledge required of associate-level networking professionals to understand the fundamentals of the DHCP protocol. Earners have demonstrated comprehension of DHCP packet structure, message formats, options, scopes, network architecture, and server files.
 
Time to complete: 1 hour 

DNS & BIND ASSOCIATE CERTIFICATION EXAM

Overview:
This exam will validates the earner has foundational knowledge of the DNS protocol & BIND server administration. This certifies that the earner has foundational knowledge of domain delegation, DNS zones, building resilience with secondary servers, DNS server monitoring and maintenance, DNSSEC foundations and security best practices on a BIND 9 domain server.

NOTE: This exam is available upon completion of the DNSSEC & BIND Instructor-led training.
 
Time to complete: 1 hour 

DNSSEC & BIND PROFESSIONAL CERTIFICATION EXAM

Overview:
This exam will validates the knowledge required of networking professionals to understand how to deploy DNSSEC on BIND 9 domain name servers. Earners have demonstrated a solid understanding of the DNS concerns that DNSSEC solves, security best practices, DNSSEC record types, the chain of trust, DNSSEC automation, DNSSEC Validation, DNSSEC tools, and fundamentally how DNSSEC works.

NOTE: This exam is available upon completion of the DNSSEC & BIND Instructor-led training.
 
Time to complete: 1 hour 

NEW FROM BLUECAT

Overview:
Want to see what's brand new at BlueCat? Our product specialists and engineers will provide in-depth technical training on new products, applications, plugins and integrations.

INTEGRITY 9.6

TOPICS:

1- Feature Overview

2- Additional DNS Record Types: Overview, Demos

3- Multi-Primary DNS: Overview, Demos

4- Dynamic Updates of DHCP Records: Overview, Demos

Time to complete: 60 minutes

INTEGRITY 9.5

TOPICS:

1- Feature Overview

2- Gateway Service Improvements: Overview, Demos x2.

3- BlueCat Address Manager Firewall Improvements: Overview, Demo.

4- Syslog Enhancements: Overview, Demos x2.

5- DHCP Activity: Overview, Demos x4.

6- v2 RESTful API: Overview, Demos x16, Import Entities.

7- Telemetries to Kafka and ElasticSearch: Overview, Demos x5.

8- Cloud Enhancements: Overview, Demos x4

Time to complete: 3 hours

CLOUD RESOLVER

TOPICS:

1- Overview

2- Adopting Multiple Clouds: Distributed DNS authority, same zone names across multiple clouds, private end points.

3- Moving to Cloud> Key challenges

4- Moving to Cloud> Platform Services DNS

5- Private DNS

6- Public DNS

7- Cloud Resolver: Solving Complexities

8- Cloud Resolver 1.6> Introduction, Demo

9- Installation with Edge

Time to complete: 40 minutes

BLUECAT SERVER UPDATE SERVICES

TOPICS:

1- Overview

2- Installation

3- Navigation

4- Working with BSUS

5- BSUS SSH Private Key

6- BSUS Upgrade Customization Packages

7- BSUS Architecture

8- BSUS Rest APIs

EXTERNAL DNS

TOPICS:

1- What is External DNS?

2- Architecture Overview 

3- External DNS Risks

4- What is BlueCat External DNS?

5- Demonstration

Time to complete: 20 minutes

DISTRIBUTED DDNS

TOPICS:

1- Introduction to DDNS

2- Distributed DDNS Architecture

3- Distributed DDNS Settings

4- DDNS Updates & Permissions

5- Distributed DDNS in Action

6- Aging & Scavaging

7- Service Points & Anycast

8- Troubleshooting

QUICK SERVICE 24.1

TOPICS:

1- Overview: Access key areas of BAM without having to navigate all details within the BAM.

2- Installation

3- Permissions & Configurations

4- Zones: Search & Configure

5- Hosts

6- Aliases

7- IP Space

Time to complete: 20 minutes

QUICK SERVICE 25.1

TOPICS:

1- Overview: Provides users with secure, limited access to specific features in BlueCat Address Manager (BAM) — namely Zones and IP space — without giving full BAM access, and enables control of actions for specific Zones and Networks.

2- Demonstration - What's New

3- Demonstration - Approval Lifecycle

Time to complete: 15 minutes

SERVER ROLE MANAGEMENT

TOPICS:

1- Server Role Management: Overview.

2- User Defined Link

3- Server Role Management: Demonstration

Time to complete: 8 minutes

BLUECAT CISCO DNA CENTER (DNAC)

TOPICS:

1- CISCO DNAC Introduction

2- BlueCat DNAC Generic vs CISCO DNAC BlueCat Plugins

3- CISCO DNAC Installation

4- CISCO DNAC Demonstration

5- Importing Blocks from BAM

6- Modifying a Pool

7- Releasing a Pool

8- Troubleshooting

Time to complete: 23 minutes

GLOBAL SERVER SELECTOR

TOPICS:

1- Introduction

2- Installation Workflow

3- Configuring Log Settings

4- Region Management> Single Region

5- Region Management> Multiple Health Check Region Setup

6- Configuring the RPZ Option

7- Configuring and Application in GSS

8- Configuring High Availability

9- Configuring GSS: DNS Views & sub-regions

Time to complete: 30 minutes

NETWORK DISCOVERY

TOPICS:

1- Network Discovery: Overview, demonstration.

2- Installation & Configuration

Time to complete: 20 minutes