diff --git a/docs/archive/2023/class3/class6/images/200.png b/docs/archive/2023/class3/class6/images/200.png deleted file mode 100644 index d4810611..00000000 Binary files a/docs/archive/2023/class3/class6/images/200.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/403.png b/docs/archive/2023/class3/class6/images/403.png deleted file mode 100644 index bca3cfa4..00000000 Binary files a/docs/archive/2023/class3/class6/images/403.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/4lbs.png b/docs/archive/2023/class3/class6/images/4lbs.png deleted file mode 100644 index 263e9c2a..00000000 Binary files a/docs/archive/2023/class3/class6/images/4lbs.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/8080.png b/docs/archive/2023/class3/class6/images/8080.png deleted file mode 100644 index 297d94b3..00000000 Binary files a/docs/archive/2023/class3/class6/images/8080.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/action.png b/docs/archive/2023/class3/class6/images/action.png deleted file mode 100644 index 7151f121..00000000 Binary files a/docs/archive/2023/class3/class6/images/action.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/advervip.png b/docs/archive/2023/class3/class6/images/advervip.png deleted file mode 100644 index a94c42c9..00000000 Binary files a/docs/archive/2023/class3/class6/images/advervip.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/allow80.png b/docs/archive/2023/class3/class6/images/allow80.png deleted file mode 100644 index 07ca7863..00000000 Binary files a/docs/archive/2023/class3/class6/images/allow80.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/appconnect.png b/docs/archive/2023/class3/class6/images/appconnect.png deleted file mode 100644 index 841e23ca..00000000 Binary files a/docs/archive/2023/class3/class6/images/appconnect.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/approval.png b/docs/archive/2023/class3/class6/images/approval.png deleted file mode 100644 index 80f64d2c..00000000 Binary files a/docs/archive/2023/class3/class6/images/approval.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/awsconf.png b/docs/archive/2023/class3/class6/images/awsconf.png deleted file mode 100644 index b572f57e..00000000 Binary files a/docs/archive/2023/class3/class6/images/awsconf.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/awsnet.png b/docs/archive/2023/class3/class6/images/awsnet.png deleted file mode 100644 index 4164ce80..00000000 Binary files a/docs/archive/2023/class3/class6/images/awsnet.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/awspri.png b/docs/archive/2023/class3/class6/images/awspri.png deleted file mode 100644 index 65583b45..00000000 Binary files a/docs/archive/2023/class3/class6/images/awspri.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/awspub.png b/docs/archive/2023/class3/class6/images/awspub.png deleted file mode 100644 index b074856f..00000000 Binary files a/docs/archive/2023/class3/class6/images/awspub.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/awstoazure.png b/docs/archive/2023/class3/class6/images/awstoazure.png deleted file mode 100644 index bee78740..00000000 Binary files a/docs/archive/2023/class3/class6/images/awstoazure.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/awsuri.png b/docs/archive/2023/class3/class6/images/awsuri.png deleted file mode 100644 index ec3e58f9..00000000 Binary files a/docs/archive/2023/class3/class6/images/awsuri.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/azint.png b/docs/archive/2023/class3/class6/images/azint.png deleted file mode 100644 index 1037feb5..00000000 Binary files a/docs/archive/2023/class3/class6/images/azint.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/azurepri.png b/docs/archive/2023/class3/class6/images/azurepri.png deleted file mode 100644 index 3d004b81..00000000 Binary files a/docs/archive/2023/class3/class6/images/azurepri.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/azurepub.png b/docs/archive/2023/class3/class6/images/azurepub.png deleted file mode 100644 index adc4245a..00000000 Binary files a/docs/archive/2023/class3/class6/images/azurepub.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/azureuri.png b/docs/archive/2023/class3/class6/images/azureuri.png deleted file mode 100644 index 8e16bff7..00000000 Binary files a/docs/archive/2023/class3/class6/images/azureuri.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/backendvip.png b/docs/archive/2023/class3/class6/images/backendvip.png deleted file mode 100644 index a19fcdf7..00000000 Binary files a/docs/archive/2023/class3/class6/images/backendvip.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/ceconf.png b/docs/archive/2023/class3/class6/images/ceconf.png deleted file mode 100644 index ea92deec..00000000 Binary files a/docs/archive/2023/class3/class6/images/ceconf.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/cestate.png b/docs/archive/2023/class3/class6/images/cestate.png deleted file mode 100644 index d93e9586..00000000 Binary files a/docs/archive/2023/class3/class6/images/cestate.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/changepwd.png b/docs/archive/2023/class3/class6/images/changepwd.png deleted file mode 100644 index f1809db4..00000000 Binary files a/docs/archive/2023/class3/class6/images/changepwd.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/cioreq.png b/docs/archive/2023/class3/class6/images/cioreq.png deleted file mode 100644 index b788ac0f..00000000 Binary files a/docs/archive/2023/class3/class6/images/cioreq.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/cli-01.png b/docs/archive/2023/class3/class6/images/cli-01.png deleted file mode 100644 index 66ec0307..00000000 Binary files a/docs/archive/2023/class3/class6/images/cli-01.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/cli-02.png b/docs/archive/2023/class3/class6/images/cli-02.png deleted file mode 100644 index 1128e059..00000000 Binary files a/docs/archive/2023/class3/class6/images/cli-02.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/cli-03.png b/docs/archive/2023/class3/class6/images/cli-03.png deleted file mode 100644 index f84fbff0..00000000 Binary files a/docs/archive/2023/class3/class6/images/cli-03.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/cli-04.png b/docs/archive/2023/class3/class6/images/cli-04.png deleted file mode 100644 index 443a3f3b..00000000 Binary files a/docs/archive/2023/class3/class6/images/cli-04.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/cli-05.png b/docs/archive/2023/class3/class6/images/cli-05.png deleted file mode 100644 index cc0a094d..00000000 Binary files a/docs/archive/2023/class3/class6/images/cli-05.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/clone.png b/docs/archive/2023/class3/class6/images/clone.png deleted file mode 100644 index 59c738a2..00000000 Binary files a/docs/archive/2023/class3/class6/images/clone.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/clustersize.png b/docs/archive/2023/class3/class6/images/clustersize.png deleted file mode 100644 index b70dc013..00000000 Binary files a/docs/archive/2023/class3/class6/images/clustersize.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/configure.png b/docs/archive/2023/class3/class6/images/configure.png deleted file mode 100644 index ec90a1bd..00000000 Binary files a/docs/archive/2023/class3/class6/images/configure.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/contool.png b/docs/archive/2023/class3/class6/images/contool.png deleted file mode 100644 index 853f7846..00000000 Binary files a/docs/archive/2023/class3/class6/images/contool.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/copytoke.png b/docs/archive/2023/class3/class6/images/copytoke.png deleted file mode 100644 index 30dd58ee..00000000 Binary files a/docs/archive/2023/class3/class6/images/copytoke.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/curl.png b/docs/archive/2023/class3/class6/images/curl.png deleted file mode 100644 index 6073b849..00000000 Binary files a/docs/archive/2023/class3/class6/images/curl.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/curlerror.png b/docs/archive/2023/class3/class6/images/curlerror.png deleted file mode 100644 index 9d461dc0..00000000 Binary files a/docs/archive/2023/class3/class6/images/curlerror.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/curlhead.png b/docs/archive/2023/class3/class6/images/curlhead.png deleted file mode 100644 index c27fc34e..00000000 Binary files a/docs/archive/2023/class3/class6/images/curlhead.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/curltest.png b/docs/archive/2023/class3/class6/images/curltest.png deleted file mode 100644 index 8f755a8d..00000000 Binary files a/docs/archive/2023/class3/class6/images/curltest.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/custom.png b/docs/archive/2023/class3/class6/images/custom.png deleted file mode 100644 index 7317f006..00000000 Binary files a/docs/archive/2023/class3/class6/images/custom.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/dash.png b/docs/archive/2023/class3/class6/images/dash.png deleted file mode 100644 index 6182068e..00000000 Binary files a/docs/archive/2023/class3/class6/images/dash.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/dash1.png b/docs/archive/2023/class3/class6/images/dash1.png deleted file mode 100644 index 22db7f2a..00000000 Binary files a/docs/archive/2023/class3/class6/images/dash1.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/denyall.png b/docs/archive/2023/class3/class6/images/denyall.png deleted file mode 100644 index 27b978ca..00000000 Binary files a/docs/archive/2023/class3/class6/images/denyall.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/devconf.png b/docs/archive/2023/class3/class6/images/devconf.png deleted file mode 100644 index 0fc8e5f2..00000000 Binary files a/docs/archive/2023/class3/class6/images/devconf.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/disabletls.png b/docs/archive/2023/class3/class6/images/disabletls.png deleted file mode 100644 index 2e5cbff0..00000000 Binary files a/docs/archive/2023/class3/class6/images/disabletls.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/docu.png b/docs/archive/2023/class3/class6/images/docu.png deleted file mode 100644 index 1aac464c..00000000 Binary files a/docs/archive/2023/class3/class6/images/docu.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/domains.png b/docs/archive/2023/class3/class6/images/domains.png deleted file mode 100644 index 0dbcd3f0..00000000 Binary files a/docs/archive/2023/class3/class6/images/domains.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/edit.png b/docs/archive/2023/class3/class6/images/edit.png deleted file mode 100644 index a4d5cc75..00000000 Binary files a/docs/archive/2023/class3/class6/images/edit.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/editazure.png b/docs/archive/2023/class3/class6/images/editazure.png deleted file mode 100644 index ab891c41..00000000 Binary files a/docs/archive/2023/class3/class6/images/editazure.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/efwp.png b/docs/archive/2023/class3/class6/images/efwp.png deleted file mode 100644 index b406ab07..00000000 Binary files a/docs/archive/2023/class3/class6/images/efwp.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/error.png b/docs/archive/2023/class3/class6/images/error.png deleted file mode 100644 index 6e7bc5a7..00000000 Binary files a/docs/archive/2023/class3/class6/images/error.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/filter.png b/docs/archive/2023/class3/class6/images/filter.png deleted file mode 100644 index bd1af329..00000000 Binary files a/docs/archive/2023/class3/class6/images/filter.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/findnamespace.png b/docs/archive/2023/class3/class6/images/findnamespace.png deleted file mode 100644 index a9b5478b..00000000 Binary files a/docs/archive/2023/class3/class6/images/findnamespace.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/fleetlabel.png b/docs/archive/2023/class3/class6/images/fleetlabel.png deleted file mode 100644 index 9a3a042b..00000000 Binary files a/docs/archive/2023/class3/class6/images/fleetlabel.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/fleetlabel1.png b/docs/archive/2023/class3/class6/images/fleetlabel1.png deleted file mode 100644 index d848ae53..00000000 Binary files a/docs/archive/2023/class3/class6/images/fleetlabel1.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/fleetlabel2.png b/docs/archive/2023/class3/class6/images/fleetlabel2.png deleted file mode 100644 index 6454020a..00000000 Binary files a/docs/archive/2023/class3/class6/images/fleetlabel2.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/fleetmeta.png b/docs/archive/2023/class3/class6/images/fleetmeta.png deleted file mode 100644 index 5a994439..00000000 Binary files a/docs/archive/2023/class3/class6/images/fleetmeta.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/fleetpol.png b/docs/archive/2023/class3/class6/images/fleetpol.png deleted file mode 100644 index 2579dff5..00000000 Binary files a/docs/archive/2023/class3/class6/images/fleetpol.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/flv.png b/docs/archive/2023/class3/class6/images/flv.png deleted file mode 100644 index f90215c4..00000000 Binary files a/docs/archive/2023/class3/class6/images/flv.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/forbid.png b/docs/archive/2023/class3/class6/images/forbid.png deleted file mode 100644 index 850d5c79..00000000 Binary files a/docs/archive/2023/class3/class6/images/forbid.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/fwver.png b/docs/archive/2023/class3/class6/images/fwver.png deleted file mode 100644 index a0f6eca7..00000000 Binary files a/docs/archive/2023/class3/class6/images/fwver.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/fwver2.png b/docs/archive/2023/class3/class6/images/fwver2.png deleted file mode 100644 index 0ccc1c0c..00000000 Binary files a/docs/archive/2023/class3/class6/images/fwver2.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/globlog.png b/docs/archive/2023/class3/class6/images/globlog.png deleted file mode 100644 index da6e4126..00000000 Binary files a/docs/archive/2023/class3/class6/images/globlog.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/head.png b/docs/archive/2023/class3/class6/images/head.png deleted file mode 100644 index 7c8b07da..00000000 Binary files a/docs/archive/2023/class3/class6/images/head.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/health.png b/docs/archive/2023/class3/class6/images/health.png deleted file mode 100644 index b7b18eb1..00000000 Binary files a/docs/archive/2023/class3/class6/images/health.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/httplb.png b/docs/archive/2023/class3/class6/images/httplb.png deleted file mode 100644 index a53f4fb4..00000000 Binary files a/docs/archive/2023/class3/class6/images/httplb.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/intro.png b/docs/archive/2023/class3/class6/images/intro.png deleted file mode 100644 index bb4f2392..00000000 Binary files a/docs/archive/2023/class3/class6/images/intro.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/intro1.png b/docs/archive/2023/class3/class6/images/intro1.png deleted file mode 100644 index 06a81cce..00000000 Binary files a/docs/archive/2023/class3/class6/images/intro1.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/intro2.png b/docs/archive/2023/class3/class6/images/intro2.png deleted file mode 100644 index 4adafd94..00000000 Binary files a/docs/archive/2023/class3/class6/images/intro2.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/iporssl.png b/docs/archive/2023/class3/class6/images/iporssl.png deleted file mode 100644 index 8921ddbf..00000000 Binary files a/docs/archive/2023/class3/class6/images/iporssl.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/json.png b/docs/archive/2023/class3/class6/images/json.png deleted file mode 100644 index 0e61787c..00000000 Binary files a/docs/archive/2023/class3/class6/images/json.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/json1.png b/docs/archive/2023/class3/class6/images/json1.png deleted file mode 100644 index 662d09bb..00000000 Binary files a/docs/archive/2023/class3/class6/images/json1.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lab1fini.png b/docs/archive/2023/class3/class6/images/lab1fini.png deleted file mode 100644 index f9fad419..00000000 Binary files a/docs/archive/2023/class3/class6/images/lab1fini.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lab1intro.png b/docs/archive/2023/class3/class6/images/lab1intro.png deleted file mode 100644 index c00c6d66..00000000 Binary files a/docs/archive/2023/class3/class6/images/lab1intro.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lab2biz.png b/docs/archive/2023/class3/class6/images/lab2biz.png deleted file mode 100644 index 8d893a07..00000000 Binary files a/docs/archive/2023/class3/class6/images/lab2biz.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lab2rev.png b/docs/archive/2023/class3/class6/images/lab2rev.png deleted file mode 100644 index 09a41f29..00000000 Binary files a/docs/archive/2023/class3/class6/images/lab2rev.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lab3.png b/docs/archive/2023/class3/class6/images/lab3.png deleted file mode 100644 index bf8acac5..00000000 Binary files a/docs/archive/2023/class3/class6/images/lab3.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lab3bizreq1.png b/docs/archive/2023/class3/class6/images/lab3bizreq1.png deleted file mode 100644 index 3b0fe41d..00000000 Binary files a/docs/archive/2023/class3/class6/images/lab3bizreq1.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lab3review.png b/docs/archive/2023/class3/class6/images/lab3review.png deleted file mode 100644 index da2f1acc..00000000 Binary files a/docs/archive/2023/class3/class6/images/lab3review.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lab4.png b/docs/archive/2023/class3/class6/images/lab4.png deleted file mode 100644 index 4bb466c1..00000000 Binary files a/docs/archive/2023/class3/class6/images/lab4.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lab4biz.png b/docs/archive/2023/class3/class6/images/lab4biz.png deleted file mode 100644 index 1a26449d..00000000 Binary files a/docs/archive/2023/class3/class6/images/lab4biz.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lab4bizreq.png b/docs/archive/2023/class3/class6/images/lab4bizreq.png deleted file mode 100644 index 93526171..00000000 Binary files a/docs/archive/2023/class3/class6/images/lab4bizreq.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lab4bizreq1.png b/docs/archive/2023/class3/class6/images/lab4bizreq1.png deleted file mode 100644 index ef326c6e..00000000 Binary files a/docs/archive/2023/class3/class6/images/lab4bizreq1.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lab4goal.png b/docs/archive/2023/class3/class6/images/lab4goal.png deleted file mode 100644 index 6f01b9c4..00000000 Binary files a/docs/archive/2023/class3/class6/images/lab4goal.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lab4review.png b/docs/archive/2023/class3/class6/images/lab4review.png deleted file mode 100644 index d4b59149..00000000 Binary files a/docs/archive/2023/class3/class6/images/lab4review.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lab5.png b/docs/archive/2023/class3/class6/images/lab5.png deleted file mode 100644 index a854a7ef..00000000 Binary files a/docs/archive/2023/class3/class6/images/lab5.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lab5bizreq.png b/docs/archive/2023/class3/class6/images/lab5bizreq.png deleted file mode 100644 index 949cbd5c..00000000 Binary files a/docs/archive/2023/class3/class6/images/lab5bizreq.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lab5mg.png b/docs/archive/2023/class3/class6/images/lab5mg.png deleted file mode 100644 index d9460017..00000000 Binary files a/docs/archive/2023/class3/class6/images/lab5mg.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lab5sanity.png b/docs/archive/2023/class3/class6/images/lab5sanity.png deleted file mode 100644 index e7e52e86..00000000 Binary files a/docs/archive/2023/class3/class6/images/lab5sanity.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/labs.png b/docs/archive/2023/class3/class6/images/labs.png deleted file mode 100644 index f08d02d2..00000000 Binary files a/docs/archive/2023/class3/class6/images/labs.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lbs.png b/docs/archive/2023/class3/class6/images/lbs.png deleted file mode 100644 index 5f33c82d..00000000 Binary files a/docs/archive/2023/class3/class6/images/lbs.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lbsp.png b/docs/archive/2023/class3/class6/images/lbsp.png deleted file mode 100644 index 01639ffe..00000000 Binary files a/docs/archive/2023/class3/class6/images/lbsp.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/lbwaf.png b/docs/archive/2023/class3/class6/images/lbwaf.png deleted file mode 100644 index 061175d9..00000000 Binary files a/docs/archive/2023/class3/class6/images/lbwaf.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/locallog.png b/docs/archive/2023/class3/class6/images/locallog.png deleted file mode 100644 index cc1d2231..00000000 Binary files a/docs/archive/2023/class3/class6/images/locallog.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/logs.png b/docs/archive/2023/class3/class6/images/logs.png deleted file mode 100644 index 29c33443..00000000 Binary files a/docs/archive/2023/class3/class6/images/logs.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/met1.png b/docs/archive/2023/class3/class6/images/met1.png deleted file mode 100644 index b6d9fbfe..00000000 Binary files a/docs/archive/2023/class3/class6/images/met1.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/meta.png b/docs/archive/2023/class3/class6/images/meta.png deleted file mode 100644 index 0c521027..00000000 Binary files a/docs/archive/2023/class3/class6/images/meta.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/metrics.png b/docs/archive/2023/class3/class6/images/metrics.png deleted file mode 100644 index d9bd5072..00000000 Binary files a/docs/archive/2023/class3/class6/images/metrics.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/mod2bizreq.png b/docs/archive/2023/class3/class6/images/mod2bizreq.png deleted file mode 100644 index 6612c289..00000000 Binary files a/docs/archive/2023/class3/class6/images/mod2bizreq.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/namespace1.png b/docs/archive/2023/class3/class6/images/namespace1.png deleted file mode 100644 index e8761216..00000000 Binary files a/docs/archive/2023/class3/class6/images/namespace1.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/netconnect.png b/docs/archive/2023/class3/class6/images/netconnect.png deleted file mode 100644 index 1d96d2bb..00000000 Binary files a/docs/archive/2023/class3/class6/images/netconnect.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/netconnlab.png b/docs/archive/2023/class3/class6/images/netconnlab.png deleted file mode 100644 index 86f7cbad..00000000 Binary files a/docs/archive/2023/class3/class6/images/netconnlab.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/newlb.png b/docs/archive/2023/class3/class6/images/newlb.png deleted file mode 100644 index e3744c8a..00000000 Binary files a/docs/archive/2023/class3/class6/images/newlb.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/node.png b/docs/archive/2023/class3/class6/images/node.png deleted file mode 100644 index 3d92349c..00000000 Binary files a/docs/archive/2023/class3/class6/images/node.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/nslookup.png b/docs/archive/2023/class3/class6/images/nslookup.png deleted file mode 100644 index 2fbb8af5..00000000 Binary files a/docs/archive/2023/class3/class6/images/nslookup.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/orgaws.png b/docs/archive/2023/class3/class6/images/orgaws.png deleted file mode 100644 index 6486e43c..00000000 Binary files a/docs/archive/2023/class3/class6/images/orgaws.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/orig.png b/docs/archive/2023/class3/class6/images/orig.png deleted file mode 100644 index 856ebf9c..00000000 Binary files a/docs/archive/2023/class3/class6/images/orig.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/origaws.png b/docs/archive/2023/class3/class6/images/origaws.png deleted file mode 100644 index 333a5a58..00000000 Binary files a/docs/archive/2023/class3/class6/images/origaws.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/origazure.png b/docs/archive/2023/class3/class6/images/origazure.png deleted file mode 100644 index df87d5de..00000000 Binary files a/docs/archive/2023/class3/class6/images/origazure.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/originserve.png b/docs/archive/2023/class3/class6/images/originserve.png deleted file mode 100644 index b1ee3f18..00000000 Binary files a/docs/archive/2023/class3/class6/images/originserve.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/otherregs.png b/docs/archive/2023/class3/class6/images/otherregs.png deleted file mode 100644 index 3b72fca5..00000000 Binary files a/docs/archive/2023/class3/class6/images/otherregs.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/perfmo.png b/docs/archive/2023/class3/class6/images/perfmo.png deleted file mode 100644 index 7d571a64..00000000 Binary files a/docs/archive/2023/class3/class6/images/perfmo.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/perfmo2.png b/docs/archive/2023/class3/class6/images/perfmo2.png deleted file mode 100644 index b34b6c28..00000000 Binary files a/docs/archive/2023/class3/class6/images/perfmo2.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/perfmon.png b/docs/archive/2023/class3/class6/images/perfmon.png deleted file mode 100644 index 540df6fb..00000000 Binary files a/docs/archive/2023/class3/class6/images/perfmon.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/ping.png b/docs/archive/2023/class3/class6/images/ping.png deleted file mode 100644 index 3311764c..00000000 Binary files a/docs/archive/2023/class3/class6/images/ping.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/post-migration.png b/docs/archive/2023/class3/class6/images/post-migration.png deleted file mode 100644 index 511067c1..00000000 Binary files a/docs/archive/2023/class3/class6/images/post-migration.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/pre-migration.png b/docs/archive/2023/class3/class6/images/pre-migration.png deleted file mode 100644 index f48da8ea..00000000 Binary files a/docs/archive/2023/class3/class6/images/pre-migration.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/prefix.png b/docs/archive/2023/class3/class6/images/prefix.png deleted file mode 100644 index ab3d73bd..00000000 Binary files a/docs/archive/2023/class3/class6/images/prefix.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/prov2.png b/docs/archive/2023/class3/class6/images/prov2.png deleted file mode 100644 index 731647e5..00000000 Binary files a/docs/archive/2023/class3/class6/images/prov2.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/provisioning.png b/docs/archive/2023/class3/class6/images/provisioning.png deleted file mode 100644 index a1bf9cdd..00000000 Binary files a/docs/archive/2023/class3/class6/images/provisioning.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/registeredce.png b/docs/archive/2023/class3/class6/images/registeredce.png deleted file mode 100644 index 206f16fc..00000000 Binary files a/docs/archive/2023/class3/class6/images/registeredce.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/remeta.png b/docs/archive/2023/class3/class6/images/remeta.png deleted file mode 100644 index e26f0d35..00000000 Binary files a/docs/archive/2023/class3/class6/images/remeta.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/requests.png b/docs/archive/2023/class3/class6/images/requests.png deleted file mode 100644 index a83e8391..00000000 Binary files a/docs/archive/2023/class3/class6/images/requests.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/requesttab.png b/docs/archive/2023/class3/class6/images/requesttab.png deleted file mode 100644 index 66e61e9e..00000000 Binary files a/docs/archive/2023/class3/class6/images/requesttab.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/restart.png b/docs/archive/2023/class3/class6/images/restart.png deleted file mode 100644 index 3e61e0f3..00000000 Binary files a/docs/archive/2023/class3/class6/images/restart.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/rl.png b/docs/archive/2023/class3/class6/images/rl.png deleted file mode 100644 index 00102433..00000000 Binary files a/docs/archive/2023/class3/class6/images/rl.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/routes.png b/docs/archive/2023/class3/class6/images/routes.png deleted file mode 100644 index e91a78d2..00000000 Binary files a/docs/archive/2023/class3/class6/images/routes.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/routes1.png b/docs/archive/2023/class3/class6/images/routes1.png deleted file mode 100644 index 0315c701..00000000 Binary files a/docs/archive/2023/class3/class6/images/routes1.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/s2sarrow.png b/docs/archive/2023/class3/class6/images/s2sarrow.png deleted file mode 100644 index 19a826a1..00000000 Binary files a/docs/archive/2023/class3/class6/images/s2sarrow.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/save.png b/docs/archive/2023/class3/class6/images/save.png deleted file mode 100644 index eefa60b9..00000000 Binary files a/docs/archive/2023/class3/class6/images/save.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/secevents.png b/docs/archive/2023/class3/class6/images/secevents.png deleted file mode 100644 index 4eaf6672..00000000 Binary files a/docs/archive/2023/class3/class6/images/secevents.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/secmon.png b/docs/archive/2023/class3/class6/images/secmon.png deleted file mode 100644 index a9f8fb42..00000000 Binary files a/docs/archive/2023/class3/class6/images/secmon.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/shroutes.png b/docs/archive/2023/class3/class6/images/shroutes.png deleted file mode 100644 index 6dabe325..00000000 Binary files a/docs/archive/2023/class3/class6/images/shroutes.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/shroutes2.png b/docs/archive/2023/class3/class6/images/shroutes2.png deleted file mode 100644 index 06ccb116..00000000 Binary files a/docs/archive/2023/class3/class6/images/shroutes2.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/shroutes3.png b/docs/archive/2023/class3/class6/images/shroutes3.png deleted file mode 100644 index bea6d43d..00000000 Binary files a/docs/archive/2023/class3/class6/images/shroutes3.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/signin.png b/docs/archive/2023/class3/class6/images/signin.png deleted file mode 100644 index 2247d2d0..00000000 Binary files a/docs/archive/2023/class3/class6/images/signin.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/sitemgt.png b/docs/archive/2023/class3/class6/images/sitemgt.png deleted file mode 100644 index 011a7048..00000000 Binary files a/docs/archive/2023/class3/class6/images/sitemgt.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/sitereg.png b/docs/archive/2023/class3/class6/images/sitereg.png deleted file mode 100644 index d2eb3edc..00000000 Binary files a/docs/archive/2023/class3/class6/images/sitereg.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/sitetoke.png b/docs/archive/2023/class3/class6/images/sitetoke.png deleted file mode 100644 index e03cc7f7..00000000 Binary files a/docs/archive/2023/class3/class6/images/sitetoke.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/sitev.png b/docs/archive/2023/class3/class6/images/sitev.png deleted file mode 100644 index 478fd8bd..00000000 Binary files a/docs/archive/2023/class3/class6/images/sitev.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/sp1.png b/docs/archive/2023/class3/class6/images/sp1.png deleted file mode 100644 index 7bc3b4d5..00000000 Binary files a/docs/archive/2023/class3/class6/images/sp1.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/sp2.png b/docs/archive/2023/class3/class6/images/sp2.png deleted file mode 100644 index 0ce5e794..00000000 Binary files a/docs/archive/2023/class3/class6/images/sp2.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/spget.png b/docs/archive/2023/class3/class6/images/spget.png deleted file mode 100644 index 570ec481..00000000 Binary files a/docs/archive/2023/class3/class6/images/spget.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/sqli.png b/docs/archive/2023/class3/class6/images/sqli.png deleted file mode 100644 index 63fb3c54..00000000 Binary files a/docs/archive/2023/class3/class6/images/sqli.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/sqliblock.png b/docs/archive/2023/class3/class6/images/sqliblock.png deleted file mode 100644 index 5584dbf8..00000000 Binary files a/docs/archive/2023/class3/class6/images/sqliblock.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/sqliblockpng.png b/docs/archive/2023/class3/class6/images/sqliblockpng.png deleted file mode 100644 index dbfaa33d..00000000 Binary files a/docs/archive/2023/class3/class6/images/sqliblockpng.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/studfleet.png b/docs/archive/2023/class3/class6/images/studfleet.png deleted file mode 100644 index a58ade88..00000000 Binary files a/docs/archive/2023/class3/class6/images/studfleet.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/studglob.png b/docs/archive/2023/class3/class6/images/studglob.png deleted file mode 100644 index 88bc2aa3..00000000 Binary files a/docs/archive/2023/class3/class6/images/studglob.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/success.png b/docs/archive/2023/class3/class6/images/success.png deleted file mode 100644 index e5abd9fd..00000000 Binary files a/docs/archive/2023/class3/class6/images/success.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/tenantlogin.png b/docs/archive/2023/class3/class6/images/tenantlogin.png deleted file mode 100644 index aeb5c02b..00000000 Binary files a/docs/archive/2023/class3/class6/images/tenantlogin.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/time.png b/docs/archive/2023/class3/class6/images/time.png deleted file mode 100644 index 443fe826..00000000 Binary files a/docs/archive/2023/class3/class6/images/time.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/timeslide.png b/docs/archive/2023/class3/class6/images/timeslide.png deleted file mode 100644 index 3255ee4c..00000000 Binary files a/docs/archive/2023/class3/class6/images/timeslide.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/timeslide2.png b/docs/archive/2023/class3/class6/images/timeslide2.png deleted file mode 100644 index da858074..00000000 Binary files a/docs/archive/2023/class3/class6/images/timeslide2.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/tlsenable.png b/docs/archive/2023/class3/class6/images/tlsenable.png deleted file mode 100644 index 2992ad85..00000000 Binary files a/docs/archive/2023/class3/class6/images/tlsenable.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/tokens.png b/docs/archive/2023/class3/class6/images/tokens.png deleted file mode 100644 index 57f1545f..00000000 Binary files a/docs/archive/2023/class3/class6/images/tokens.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/toollb.png b/docs/archive/2023/class3/class6/images/toollb.png deleted file mode 100644 index bb63e22d..00000000 Binary files a/docs/archive/2023/class3/class6/images/toollb.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/toolpool.png b/docs/archive/2023/class3/class6/images/toolpool.png deleted file mode 100644 index 2de21a91..00000000 Binary files a/docs/archive/2023/class3/class6/images/toolpool.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/traffic.png b/docs/archive/2023/class3/class6/images/traffic.png deleted file mode 100644 index 213d47ff..00000000 Binary files a/docs/archive/2023/class3/class6/images/traffic.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/ubuntu.png b/docs/archive/2023/class3/class6/images/ubuntu.png deleted file mode 100644 index 70e79bff..00000000 Binary files a/docs/archive/2023/class3/class6/images/ubuntu.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/udf-ce.png b/docs/archive/2023/class3/class6/images/udf-ce.png deleted file mode 100644 index 1324e1e5..00000000 Binary files a/docs/archive/2023/class3/class6/images/udf-ce.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/updatepasswd.png b/docs/archive/2023/class3/class6/images/updatepasswd.png deleted file mode 100644 index 130aadc8..00000000 Binary files a/docs/archive/2023/class3/class6/images/updatepasswd.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/updatepasswd2.png b/docs/archive/2023/class3/class6/images/updatepasswd2.png deleted file mode 100644 index 83954460..00000000 Binary files a/docs/archive/2023/class3/class6/images/updatepasswd2.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/varattack.png b/docs/archive/2023/class3/class6/images/varattack.png deleted file mode 100644 index 8235bf42..00000000 Binary files a/docs/archive/2023/class3/class6/images/varattack.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/varblock.png b/docs/archive/2023/class3/class6/images/varblock.png deleted file mode 100644 index eaa6b943..00000000 Binary files a/docs/archive/2023/class3/class6/images/varblock.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/waf.png b/docs/archive/2023/class3/class6/images/waf.png deleted file mode 100644 index 3dd0496f..00000000 Binary files a/docs/archive/2023/class3/class6/images/waf.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/wafaction.png b/docs/archive/2023/class3/class6/images/wafaction.png deleted file mode 100644 index 0e349bb2..00000000 Binary files a/docs/archive/2023/class3/class6/images/wafaction.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/images/weird-results.png b/docs/archive/2023/class3/class6/images/weird-results.png deleted file mode 100644 index c0fe5708..00000000 Binary files a/docs/archive/2023/class3/class6/images/weird-results.png and /dev/null differ diff --git a/docs/archive/2023/class3/class6/intro.rst b/docs/archive/2023/class3/class6/intro.rst deleted file mode 100644 index ff210da4..00000000 --- a/docs/archive/2023/class3/class6/intro.rst +++ /dev/null @@ -1,49 +0,0 @@ -Introduction to the Lab -======================= - -**Narrative:** - -Congratulations! You are a Network Engineer at ACME Corp. - - -ACME has an Application Team that supports internally developed traditional and modern apps, vendor provided and SaaS applications. -They have started utilizing some public cloud (AWS) IaaS for several applications and have come to you with a new requirement that an on-prem backend server must be able to securely communicate -with the AWS workloads over a secure connection. For lab simplicity, the backend server in the "Data Center" is a pretend security device in this exercise, and needs to scan the AWS workload on port 80. -It could just as easily be thought of as a API to API, container to container or frontend to backend. Other backends or frontends may be added in the future. - -As the Network Engineer, you are tasked with evaluating how to securely connect the Data Center network to the AWS network. -At first you consider the classic methods of deploying and managing your own IPSec solution but realize that this will be complex and costly. - -You recently saw a post on LinkedIn about a SaaS product that F5 has, claiming to solve multi-cloud network complexities. -Given your current predicament and industry knowledge of F5 being a leader for decades, you decide to check it out and end up in the chair you are sitting in today: Taking a first-hand look at how F5 makes Multi-Cloud Networking (MCN) simple and secure. - -.. Note:: The requirements start out easy enough but will get progressively more "Real World" as the labs progress. - -**Before Cloud Migration - "The Good Ol' Days"** - -.. image:: ./images/pre-migration.png - - -**After Cloud Migration - "Current State"** - -.. image:: ./images/post-migration.png - - -**Your job, should you choose to accept it, and avoid demotion to the help desk, is to figure out the best way for the backend workload to privately communicate with the frontend workload.** - - -Lab Environment ---------------- - -The Data Center environment is emulated by the F5 UDF lab framework and contains an Ubuntu Server and a Distributed Cloud (XC) Node that you will be configuring in Lab 1. - -The AWS cloud environment contains a prebuilt XC Node and a workload hosting a web frontend. **You will not have access to the AWS console.** - -The Azure cloud environment contains a prebuilt XC Node and a workload hosting a web frontend. **You will not have access to the Azure console.** - -.. Important:: While we are keeping the labs intentionally simple today with just a single Data Center and 2 Cloud Services Providers (CSP's), F5 Distributed Cloud supports much more advanced use-cases. - -.. toctree:: - :maxdepth: 1 - :glob: - diff --git a/docs/archive/2023/class3/class6/module1/lab1.rst b/docs/archive/2023/class3/class6/module1/lab1.rst deleted file mode 100644 index 8d95aaa8..00000000 --- a/docs/archive/2023/class3/class6/module1/lab1.rst +++ /dev/null @@ -1,453 +0,0 @@ -Lab 1: Building an XC Node (CE) -================================== - -**Objective:** - -* Get familiar with the UDF Lab Environment. - -* Deploy an XC Node to define the Customer Edge at the UDF Data Center. - -* Explore and become familiar with the Distributed Cloud Console. - -**Narrative:** - -After consulting with your trusty F5 Solutions Engineer, you decide to setup F5 Distributed Cloud, Network Connect. This will allow for privately routed network connectivity between two disparate networks. -You also found out that you can use the F5 Distributed Cloud, Enhanced Firewall to provide network security between Sites. -We already did a push-button deployment of the AWS XC Node to define the Customer Edge in the ACME VPC, which only took a few moments. - -Now, Lab 1 starts right after you have loaded the downloadable XC Node OVA on to your Data Center's local hypervisor (VMWARE or KVM). - -.. NOTE:: Your Data Center environment in these labs is the F5 UDF platform, which uses KVM as it's underlying virtualization technology. The OVA has already been imported for you. We also have hardware and container deployment options for Production XC Nodes. - -| - -.. image:: ../images/lab1intro.png - -| - -**Prerequisite** ------------------- - -.. NOTE:: You should have received an email from F5 Distributed Cloud User Management with the content as follows: - -| - -.. image:: ../images/updatepasswd.png - -| - -If you have not already, please click on **Update Password**, and change your credentials. Ensure you adhere to the password strength restrictions and make a mental note of these credentials as you will need them several times throughout the labs today. - -Once you've set your new password (make sure to include 1 upper, 1 lower and 1 special character), you will be asked to "Log In" and then presented with the following screen: - -| - -.. image:: ../images/tenantlogin.png - -| - -In the domain field, enter: **f5-xc-lab-mcn**, click **Next** and sign in with your email address and password you've just set, and proceed to accepting the Terms and Conditions. - - -.. warning:: If you have not received the email to change your credentials or ran into problems changing your credentials, please stop and get help from one of the Lab Assistants. - - -**Logging into the XC Console** ---------------------------------- - - -After accepting the Terms of Service and Privacy Policy, you will need to select your "Persona". - -Enter your persona as **"NetOps"** and click **next**. - -Enter your level as **"Intermediate"** and then click **Get Started**. - -Your persona will highlight workflows within F5 Distributed Cloud. -You will be able to access all services, but making use of personas can focus your view on particular tasks that are relevant to your role. - -You can change these settings at any time. - -Click on **"Account Settings"** by expanding the **"Account"** icon in the top right of the screen and clicking on **"Account Settings".** -In the resulting window you can observe the **Work domains and skill level** section and other administrative functions. - -.. note:: **For the purposes of this lab, permissions have been restricted to lab operations. Some menus/functions will be locked and/or not visible.** - -| - -.. image:: ../images/intro1.png - -| - -**For informational purposes only:** - -| - -.. image:: ../images/intro2.png - -| - -**Find your Namespace** ---------------------------------- - - -Namespaces, which provide an environment for isolating configured applications or enforcing role-based access controls, are leveraged -within the F5 Distributed Cloud Console. For the purposes of this lab, each lab attendee has been pre-assigned a unique **namespace**. - -From the **Select service** menu, click on **Web App & API Protection**. - -| - -.. image:: ../images/findnamespace.png - -| - -In the **Web App & API Protection Security Dashboard** configuration screen **observe** the browser URL. In the URI path, locate the **** namespace that you have -been assigned. It will be located in the portion of the URI path between */namespaces/* and */overview/* as shown in this example: **…/namespaces//overview/**. - -**Note your namespace as it will be used throughout the labs today.** - -.. warning:: If you have problems locating your namespace, please see a lab assistance. - -| - -.. image:: ../images/namespace1.png - -| - -.. note:: Administratively, there are other ways to find namespaces. Due to permission restrictions for this particular lab, those menus are not available. - - - -**Site Token** ----------------- - -Soon, you will be configuring an XC Node in the F5 UDF Lab Environment (Data Center) that will need a way to authenticate to the Distributed Cloud Infrastructure and associate it with your tenant. For this, you will need a Site Token. - -If you are not already logged into the console, please do so now by opening the following URL in your browser: - -https://f5-xc-lab-mcn.console.ves.volterra.io/ - - -From the **Select service** menu, click on **Multi-Cloud Network Connect**. - -| - -.. image:: ../images/sitetoke.png - -| - -On the side menu go down to **Manage**, then select **Site Management >> Site Tokens** - -In the lab we have generated a Site Token for you to use named **student-ce-site**. -In your production environment you will need to create your own Site Token to register your Customer Edge Node, which is literally two clicks and a name. Very simple! - -| - -.. image:: ../images/tokens.png - -| - -Copy the UID of the the **student-ce-site** token and paste it somewhere you can reference later (word, notepad etc). - -| - -.. image:: ../images/copytoke.png - -| - -**Setting up the Customer Edge** ----------------------------------- - -There are two approaches for setting up your Customer Edge deployment both will be reviewed in the sections that follow. Select the method designated by your lab team instructions - -**Option 1: CLI Site Setup** ----------------------- - -In your browser, you should have a tab open to the UDF course. Under the F5 Distributed Cloud CE, click on **Access >> Console** - -| - -.. image:: ../images/cli-01.png - -| - -This should redirect you to the CLI and prompt for authentication. Type in the default username/password: - -============================== ===== -Variable Value -============================== ===== -Default Username: **admin** -Default Password: **Volterra123** -============================== ===== - -| - -.. image:: ../images/cli-02.png - -| - -Change the password as directed. Remember the new password should you need to log in again. - -| - -.. image:: ../images/cli-03.png - -| - -At the **>>>** type the word **configure** and then enter. - -| - -.. image:: ../images/cli-04.png - -| - -Use the following response values to complete the prompts: - -================================ ==================================================== -Question Response Value -================================ ==================================================== -What is your token? Insert the Site Token UID you collected earlier -What is your site name? Insert your unique namespace -What is your hostname? Insert your unique namespace -What is your latitude? 33.812 -What is your longitude? -117.91 -What is your default fleet name? Enter (This selects the default of **optional**) -Select your certified hardware? Enter (This selects the default of **kvm-voltmesh**) -Select your primary outside NIC? Enter (This selects the default of **eth0**) -================================ ==================================================== - -The response values will then be summarized. Confirm they are correct and type **y** for **yes**. If not, answer **n** and correct any values. - -| - -.. image:: ../images/cli-05.png - -| - -We will now go accept the Customer Edge registration in Distributed Cloud console. Proceed to **Registering the Customer Edge**. - -**Option 2: Site UI Site Setup** ----------------------- - -In your browser, you should have a tab open to the UDF course. Under the F5 Distributed Cloud CE, click on **Access >> Site UI** - -| - -.. image:: ../images/udf-ce.png - -| - -This should prompt you for authentication and then open the Customer Edge Node Admin portal. - -Type in the default username/password: - -============================== ===== -Variable Value -============================== ===== -Default Username: **admin** -Default Password: **Volterra123** -============================== ===== - -| - -.. image:: ../images/signin.png - -| - -You will be prompted to change the password at the initial log in. **Make a mental note of these credentials as you will need them several times throughout the labs today.** - -| - -.. image:: ../images/changepwd.png - -| - -After you set the password, the services will need to restart and then the Customer Edge node will present the Dashboard - -.. Note:: You may have to Refresh your browser and log in again. - -| - -.. image:: ../images/restart.png - -| - -Once all services are up and running you should see the Dashboard which will have various colors and state as shown: - -| - -.. image:: ../images/dash.png - -| - -If you mouse-over each of the icons, the specific services will report their status in addition to the status reflected by the icon. - -Mouse over each of the components under VP Manager Status and note the components and their condition. You can also click on **“Show full status”** and see a JSON report that is used to present the VP Manager Status in detail. - -You can also scroll down and see hardware details that describe the platform that the Customer Edge is installed on. - - -Click the blue **Configure Now** button. - -| - -.. image:: ../images/ceconf.png - -| - -This will take you to the **Customer Edge Device Configuration** page. - -Set the following parameters and leave everything else as default: - -============================== ===== -Variable Value -============================== ===== -Token Insert the Site Token UID you collected earlier -Cluster Name Insert your unique namespace -Hostname Insert your unique namespace -Latitude 33.812 -Longitude -117.91 -============================== ===== - -The end result should look like the image below, and then click **Save Configuration.** - -| - -.. image:: ../images/devconf.png - -| - -After you save the configuration, you will be taken back to the Dashboard, notice the status change to **“Approval”** after a few moments. (May need to refresh page) - -| - -.. image:: ../images/approval.png - -| - -**If you encounter it, you can safely ignore this benign timing error due to the UDF lab environment.** - -| - -.. image:: ../images/error.png - -| - -We will now go accept the Customer Edge registration in Distributed Cloud console. Proceed to **Registering the Customer Edge**. - - -**Registering the Customer Edge** ----------------------------------- - -Go back to the Distributed Cloud console. If the session timed out, you will need to log back into the console using the following URL or refreshing your browser: - -https://f5-xc-lab-mcn.console.ves.volterra.io/ - -From the **Select service** menu, click on **Multi-Cloud Network Connect**. - -On the side menu go down to **Manage >> Site Management >> Registrations.** - -| - -.. image:: ../images/sitemgt.png - -| - -The Customer Edge node you configured from the previous step should appear on this list, if not give it a couple moments and refresh the screen by clicking the **Refresh button** at the top right-hand corner. - -| - -.. image:: ../images/sitereg.png - -| - -.. Tip:: This process can take a few minutes for the node to register with Distributed Cloud. - -Once the Node appears in the Registration list, accept the registration by clicking on the blue check mark. - -**Click the blue check mark** to accept the registration. - -.. Note:: If you DO NOT see a blue check mark, it's likely your browser width is NOT wide enough. Simply increase the width of the browser and you should see the blue checkmark to approve the registration. - - -Once you have clicked the checkmark, the console will bring up the Registration Acceptance menu which shows all the settings of the Customer Edge node. Note the parameters you’ve entered from the previous exercise are populated into the appropriate fields. - -.. Important:: Look at the Cluster Size parameter and notice this is set to 1. In this lab, we will only deploy a single-node-cluster and thus leave this setting as 1. In a production environment, the best practice is to deploy a 3-node-cluster minimum. In that case, the Cluster Size parameter would be set to 3 so an appropriately sized cluster can be formed. - -**Leave the cluster size set to 1** - -| - -.. image:: ../images/clustersize.png - -| - -Scroll down to Site to Site Tunnel Type and click on the drop down arrow - -| - -.. image:: ../images/s2sarrow.png - -| - -This setting determines the VPN connectivity protocols used between the Customer Edge and the Regional Edges. The XC Node will automatically bring up redundant tunnels to two different RE's. -These tunnels are self-healing and can fallback when using the configuration setting of IPSEC or SSL. -Select **IPSEC or SSL** from the list. - -| - -.. image:: ../images/iporssl.png - -| - -Click **Save and Exit**. - - -Once the registration completes, you can see the cluster in the “Other Registrations” tab and the current state will be ADMITTED. - -| - -.. image:: ../images/otherregs.png - -| - -The Customer Edge Node Admin portal will also reflect some changes in its status, although the node still requires some additional configuration. -From the menu on the left click on **Sites** and observe your Nodes (animal-name). Hint: You may have to hit **Refresh** in the upper right corner. - -| - -.. image:: ../images/provisioning.png - -| -| - -You should see the CE you just deployed on this list go through several phases of provisioning and you can observe the **Site Admin State, Health Score, and Software Version and OS version.** -You may also observe the Health score going up and down as services are spun up and restarted. - -.. Note:: This step takes about 10 -15 minutes to complete and will finish up while we start our presentation and lecture. - - -The end result should look something like the following screen where the node is green at 100 percent health and has the latest software version. - -.. Important:: Do not move on to Lab 2 until the CE is fully provisioned and **Online**. - -| - -.. image:: ../images/prov2.png - -| - -Sanity Check -------------- -**This is what you just deployed.** - -| - -.. image:: ../images/lab1fini.png - -| - -**We hope you enjoyed this lab!** - -**End of Lab 1** diff --git a/docs/archive/2023/class3/class6/module1/lab2.rst b/docs/archive/2023/class3/class6/module1/lab2.rst deleted file mode 100644 index 6a0372eb..00000000 --- a/docs/archive/2023/class3/class6/module1/lab2.rst +++ /dev/null @@ -1,550 +0,0 @@ -Lab 2: Configuring Network Connect (L3/L4 Routing Firewall ) -============================================================= - -**Objective:** - -* Verify the XC Node's health. - -* Configure Network Connect to connect the Data Center network to the AWS Network. - -* Test connectivity and configure Enhanced Firewall for network security - -**Narrative:** -Now that your XC Node is provisioned, it's time to verify, explore the XC Console and set up Network Connect to establish secure connectivity between the Data Center and AWS networks. -After the setup is complete, you will test connectivity and configure network security. - -| - -.. image:: ../images/lab2biz.png - -| - -Verify the XC Node's Health ---------------------------- - -If you are not already logged into the console, please do so now by opening the following URL in your browser: - -https://f5-xc-lab-mcn.console.ves.volterra.io/ - -From the **Select service** menu, click on **Multi-Cloud Network Connect** and then click on **Sites,** - -Your XC Node should have registered successfully and will appear green with a Health Score of 100. You may need to click **Refresh** in the top right corner -if you do not see your animal name. In this example I was assigned and filtered for **busy-goblin**. - -| - -.. image:: ../images/registeredce.png - -| - -.. Important:: If you do not see your Site as registered or in a healthy state please see a Lab Assistant. - - -From this Dashboard you can note the current **Site Admin State, Provider, SW version, and OS version.** - - -**Please DO NOT click "Upgrade" on any of the Sites!** - - -Instead, **Click** on the three dots under the **Actions** column at the far right of the screen of **"your animal"** Site and click on **Manage Configuration**. In this screenshot I was **busy-goblin**. - -| - -.. image:: ../images/action.png - -| - -Review the **Metadata, Site Type** and **Coordinates** fields as well as the **Connected REs** (Regional Edge) section. - -These are the closest Regional Edge sites based on the latitude and longitude information provided during the deployment process. **Each CE has an auto-provisioned self-healing secure tunnel to redundant RE's.** - -| - -.. image:: ../images/remeta.png - -| - -Look at the top left-hand corner where you see Form, Documentation and JSON. **You will see these fields throughout the Distributed Cloud Console configuration menus.** - - -.. Important:: Distributed Cloud is built with an API-first strategy. All the configurations can be done via GUI or API calls. - -| - -You can view the JSON file of the configuration by clicking **JSON**. - - -.. image:: ../images/json.png - - -This is the JSON code of the configuration which could be saved to create a backup of the Customer Edge configuration, but that is beyond the scope of this lab. - -| - -.. image:: ../images/json1.png - -| - -Click on **Documentation**. - -| - -.. image:: ../images/docu.png - -| - -This will load the API specification for a Customer Edge Node. Review briefly and click **Cancel and Exit** - -| - -.. image:: ../images/sitev.png - -| - - -In the **Site** screen, click on your Customer Edge Node **animal name**. (It should have a green status symbol) - -The default landing is a Dashboard giving you a detailed summary of the Customer Edge Node. **Briefly** explore the extensive menus and analytics at the top of the screen. - -| - -.. image:: ../images/dash1.png - -| - -Narrative Check ------------------ - -Now that you are familiar with your new "Software Defined" Node, we can start getting our hands dirty with the real configuration necessary to meet ACME Corp's first requirement to -get the network in the Data Center connected to the network in AWS. The backend security device will need to "scan" the frontend in AWS on port 80 and all other ports must be blocked. - - -Configuring Network Connect ---------------------------------------- - -In our lab today, an Ubuntu Server in the UDF environment will simulate the backend. -The AWS frontend workload is already deployed along with an XC Node to extend the Customer Edge in the AWS cloud. - -.. NOTE:: The Data Center backend has a pre-existing route to 10.0.3.0/24 and it points to the single outside interface of the Data Center XC Node. The AWS workload has a route to 10.1.1.0/24 that points to the inside interface of the AWS XC Node. - - -.. image:: ../images/netconnlab.png - - -What you have done so far in Lab 1 and the beginning of Lab 2, is setup the ACME Data Center XC Node to extend the Data Center Customer Edge. -Your next goal is to simply establish routing between these environments by using a hub and spoke model with our Regional Edges as shown in the diagram above. - -**All traffic between these networks will now be routed through auto-provisioned, self-healing and encrypted tunnels between the defined Customer Edges and the XC Regional Edges.** - - -.. Note:: In this lab some objects are already created due to permission requirements in the XC Lab environment. You will still observe and walkthrough the configuration for referrence. - - -Global Virtual Network ------------------------- - -To connect two or more Distributed Cloud node environments together across the Distributed Cloud network we will need to connect the sites through a Global Virtual Network. - -Confirm you are still in the **Multi-Cloud Network Connect** Console under **Sites**. If not, click on the **Select Service** in the left-hand navigation and click on **Multi-Cloud Network Connect**. - -On the left side menu, navigate to **Manage >> Networking >> Virtual Networks**. - -**Observe** the pre-configured **student-global** Virtual Network. Click the the dots under the **Action** menu for **student-global** and then **Manage Config**. Note the very simple config. - -| - -.. image:: ../images/studglob.png - -| - -Click **Cancel and Exit**. - -.. Note:: Due to tenant permissions you will not be able to create your own Global Virtual Network. - -If you wanted to configure this outside of the lab, you would simply click **Add Virtual Network** button, enter a name for the Virtual Network and make sure it is type **Global**. Simple indeed! - -The configuration **would** look like the screen below. - - -.. image:: ../images/meta.png - - -Fleets ------------------- -A Fleet is used to configure infrastructure components (like nodes) in one or more F5® Distributed Cloud Services Customer Edge (CE) sites homogeneously. - -Fleet configuration includes the following information - -* Software image release to be deployed on the Fleet - -* Virtual networks - -* List of interface and devices to be configured on every node - -* Connections between the virtual networks - -* Security policies applied in the Site - - -.. Note:: In this lab we have already created a fleet called "student-fleet" for you due to permission restrictions. - -Review Fleet Config ------------------------- - -In Multi-Cloud Network Connect context, go down to **Manage >> Site Management >> Fleets.** - -Click on the 3 dots at the far right hand side of student-fleet and select **Manage Configuration** - -| - -.. image:: ../images/studfleet.png - -| - -In the next screen click on **Edit Configuration** in the top right of the screen and **Observe** the Fleet Configuration and Network Connectors. - -A Network Connector is used to create a connection between two virtual networks on a given site. - -For more information on Network Connectors and their functions you can review this link: https://docs.cloud.f5.com/docs/how-to/networking/network-connectors - -The **Network Connectors** are configured as: - -**student-global-connector** - -* Network Connector Type: Direct, Site Local Inside to a Global Network - -* Global Virtual Network: system/student-global - -| - -**student-snat-connector** - -*Network Connector Type: SNAT, Site Local Inside to Site Local Outside - -* Routing Mode: Default Gateway - -* SNAT Source IP Selection: Interface IP - -| - -**student-ce-global-connector** - -* Network Connector Type: Direct, Site Local Outside to a Global Network - -* Global Virtual Network: system/student-global - -| - -Also, notice Network Firewall is **NOT** currently defined. We will come back to that in a few moments. - -Click **Cancel and Exit.** - - -Fleet Label -------------- -Labels are a map of string keys and values that can be used to organize and categorize objects within Distributed Cloud. - -Fleet has a field called fleet_label. When a Fleet object is created, the system automatically creates a **"known_label"** named: **"ves.io/fleet"**. -The known_label is created in the Shared namespace for the tenant. A site is made a "member of Fleet" when this known_label is added to the site. -A site can have at most one known_label of type ves.io/fleet and hence belongs to exactly one Fleet at any given time. - -**Note** the **Fleet Label Value** of the **student-fleet**. The label is also named **student-fleet**. - -.. image:: ../images/flv.png - - - -Bringing up the Connection ----------------------------- -From your UDF environment browser tab, click on **Access >> Web Shell** on the Ubuntu Client. This will open a new tab to a Web Shell. - -| - -.. image:: ../images/ubuntu.png - -| - -**The workload in AWS has an IP address of 10.0.3.253** - -Type **ping 10.0.3.253** and hit **Enter**. You **WILL NOT** get a response. - -Back in the XC Console, navigate to **Multi-Cloud Network Connect >> Sites** and find your **"animal-name"** -Click the **3 buttons** under the **Action Menu** under **"your animal name"** and select **Manage Configuration**. - -In the top right click **Edit Configuration**. - -You should be here. We will be adding a **Fleet Label** to tag our CE Node into the fleet. - -| - -.. image:: ../images/fleetlabel.png - -| - -Click **Add Label** under the **Labels** section and select the label **ves.io/fleet.** -For the value click on **student-fleet**, scroll down, **Save and Exit**. - -| - -.. image:: ../images/fleetlabel1.png - -| - -It should look like this: - -| - -.. image:: ../images/fleetlabel2.png - -| - - -Check back on your web shell tab with the ping going. Success!! - -| - -.. image:: ../images/ping.png - -| - -.. important:: If you want to tear down this connectivity it is as easy as removing the label. - - -In XC Console, navigate to **Multi-Cloud Network Connect** >> **Sites** and click directly on your **"animal-name"** and finally click on the **Tools** menu on the top, far right. - -.. note:: If you do not see the Tools menu there should be a right chevron ">" that will allow you to access additional menu items. - - -Click on **Show Routes** - -| - -.. image:: ../images/shroutes.png - -| - -Set Virtual Network Type to: **VIRTUAL_NETWORK_SITE_LOCAL_INSIDE** and click the blue **Show routes** button - -| - -.. image:: ../images/shroutes2.png - -| - -Scroll down to see the AWS subnet route **"10.0.3.0/24** being advertised through the tunnel. - -| - -.. image:: ../images/shroutes3.png - -| - -Routing is good, now let's test some other ports. -Go back to the web shell where you ran a ping. We will now test 2 ports that we know the server is listening on. - -**Port 80** - Simple Web page - -**Port 8080** - Diagnostic tool - -Our first test will be to port 80. In the web shell type: **curl \-\-head http://10.0.3.253** - -| - -.. image:: ../images/curl.png - -| - -Next, push the keyboard "up arrow " and run the same command but targeted at port 8080 like this: **curl \-\-head http://10.0.3.253:8080** - -| - -.. image:: ../images/8080.png - -| - -.. Important:: If you are not getting a **"200 OK"** repsponse, please see a lab assistant before moving on. - - - -.. Note:: We now have to close port 8080 per the ACME Corp security department requirement. - -Enhanced Firewall Policy ---------------------------------- - -You will now configure the F5 Distributed Cloud Enhanced Firewall to provide network security between these sites. - -.. Note:: Due to lab architecture, we will only be able to configure the policies but not apply. We will show you the final step to apply your policy for reference, but you will not actually be able to apply or test. - - -Navigate to **Manage >> Firewall >> Enhanced Firewall Policies** and click **Add Enhanced Firewall Policy**. - -| - -========================================= ===== -Variable Value -========================================= ===== -Name [animal-name]-fwp -Select Enhanced Firewall Policy Rule Type Custom Enhanced Firewall Policy Rule Selection -========================================= ===== - - -Click the blue **Configure** hyperlink. - -| - -.. image:: ../images/efwp.png - -| - -Click on **Add Item** to bring up the Rules creation screen. Here you will notice several powerful **"Enhanced"** Source and Destination Traffic filters. - - -================================= ===== -Variable Value -================================= ===== -Name [animal-name]-allow-80 -Source Traffic Filter IPv4 Prefix List >> Click Configure and add 10.1.1.0/24 then click **Apply**. -Destination Traffic Filter IPv4 Prefix List >> Click Configure and add 10.0.3.0/24 then click **Apply**. -Select Type of Traffic to Match Match Protocol and Port Ranges -Match Protocol and Port Ranges TCP >> click **Add Item** and add **80**. -Action Allow -================================= ===== - - -| - -.. image:: ../images/allow80.png - -| - -Click **Apply** and your screen should look like this: - -| - -.. image:: ../images/fwver.png - -| - -Now we will create the **default deny** to prevent any other traffic between these two networks. - -Click **Add Item** again to add another rule to the **Enhanced Firewall Policy**. - -================================= ===== -Variable Value -================================= ===== -Name [animal-name]-deny-all -Source Traffic Filter IPv4 Prefix List >> Click Configure and add 10.1.1.0/24 then click **Apply**. -Destination Traffic Filter IPv4 Prefix List >> Click Configure and add 10.0.3.0/24 then click **Apply**. -Select Type of Traffic to Match Match All Traffic -Action Deny -================================= ===== - -| - -.. image:: ../images/denyall.png - -| - - -Click **Apply** and your screen should look like this: - - -| - - -.. image:: ../images/fwver2.png - -| - -Click **Apply** and **Save and Exit**. - -| - - -.. image:: ../images/save.png - -| - -Summary ---------------------------------- -You have now created the firewall policy necessary to secure these two networks. Outside of the lab environment you would now add this policy to the fleet by managing your fleet and adding an Enhanced Firewall policy. - -| - - -.. image:: ../images/fleetpol.png - -| - -Logging ---------- -Customers often ask about the logging options with F5 Distributed Cloud. There are two main options for logging. - -1. Global Logging - Logging related to activities that occur within Distributed Cloud and on the Regional Edges such as load balancers or WAAP/Bot policy. - -2. Site Local Logging - Logging related to activities that occur within the Customer Edge Boundary such as load balancers or WAAP/Bot policies runnning locally on an XC Node. - -.. Note:: This is the last "Read Only" lab section. Our apologies for the inconvenience. - -**Global Logging**: - -To observe **(NOT configure)** the Global Logging configuration options, in the side-menu, browse to **Manage >> Log Management >> Global Log Receiver** and click **Add Global Log Receiver**. - -Take particular notice of the different **Log Types** and **Receiver Configurations** which include AWS, Azure and Splunk options to namedrop a few. - -| - - -.. image:: ../images/globlog.png - -| - -Click **Cancel and Exit** and Discard any changes. - - -**Site Local Logging**: - -To observe **(NOT configure)** the Site Local Logging configuration options, in the side-menu, browse to **Manage >> Log Management >> Log Receiver** and click **Add Log Receiver**. - -Click on the **Show Advanced Fields** button on the right and take note of the **Where** - -Click **Cancel and Exit** and Discard any changes. - - -| - - -.. image:: ../images/locallog.png - -| - -**Applying Site Local Logging**: - -To observe **(NOT configure)** the application of the Site Local Logging profile, browse to **Manage >> Site Management >> Fleets**, click the **3 button** Action menu and click **Manage Configuration**. - -Scroll down to observe the **Logs Streaming** field under **Advanced Configuration**. Outside of the lab environment, you would enable this and select your **Log Receiver** profile. - -| - - -.. image:: ../images/logs.png - -| - -Click **Cancel and Exit**. - -You can now feel free to explore the **Multi-Cloud Network Connect** Site menus while everyone is getting caught up. - -Click on **Site Map**, **Site Security**, which is where we would review our firewall logs in "real world", and finally, head down to the **Service Info** Section and click on **About**. - - -Sanity Check -------------- -**This is what you just deployed.** - -.. image:: ../images/lab2rev.png - - -**We hope you enjoyed this lab!** - -**End of Lab 2** \ No newline at end of file diff --git a/docs/archive/2023/class3/class6/module1/module1.rst b/docs/archive/2023/class3/class6/module1/module1.rst deleted file mode 100644 index d268e2e2..00000000 --- a/docs/archive/2023/class3/class6/module1/module1.rst +++ /dev/null @@ -1,22 +0,0 @@ -Module 1: Network Connect -======================================================= - -.. image:: ../images/netconnect.png - -**Narrative**: - -As described in the intro, you work at ACME corp as a Network Engineer and have been tasked with privately and securely connecting the backend server with the frontend server in AWS. -Your solution must be future-proof to allow for additional backends or frontends in the future. - -**In Lab 1** we will be deploying an XC Node to establish the Customer Edge (CE) which will provide connectivity to remote environments or sites. - -**In Lab 2** we will configure the XC Nodes to act as Software-Defined Routers to stitch together the Data Center and AWS networks using Network Connect. - - -.. image:: ../images/labs.png - -.. toctree:: - :maxdepth: 1 - :glob: - - lab* diff --git a/docs/archive/2023/class3/class6/module2/lab3.rst b/docs/archive/2023/class3/class6/module2/lab3.rst deleted file mode 100644 index 5c1a080e..00000000 --- a/docs/archive/2023/class3/class6/module2/lab3.rst +++ /dev/null @@ -1,469 +0,0 @@ -Lab 3: Globally Available Front End -======================================= - -**Objective:** - -* Use XC Regional Edges to provide future-proof, globally available frontend. - -* XC frontend (RE) must be able to load balance the 2 cloud frontends. - -* Expose Azure private frontend without adding a public IP for the workload. - -* Always prefer the AWS frontend for ingress traffic. - -**What they want:** - -.. image:: ../images/mod2bizreq.png - -**Narrative:** - -Unfortunately, after doing your due diligence, you find that the Azure VNET overlaps with the AWS subnets. To make matters worse, -the Azure server is not associated with any public IP and there is a security directive in place to not have any workload servers in Azure associated with a public IP without a security device. - -Lately, the site has been getting pounded with attack traffic and frontend security has become a hot topic at ACME. -You think to yourself, this is going to be tricky, and reach out to your trusted F5 Solutions Engineer to see how this will work with Distributed Cloud. - -Your F5 Solutions Engineer explains that IP overlap between sites is a common problem and one that can be easily solved with Distributed Cloud App Connect. -App Connect alleviates this problem by leveraging the XC Nodes as Software-Defined Proxies rather than Software-Defined Routers as they were configured with Network Connect. Additionally App Connect enforces a default deny architecture, where only the port and domain name defined on the load balancer will accept traffic. - -Also, you are informed that by using F5 Distributed Cloud Regional Edges for the frontend workloads, you will be able to have full proxy security, visibility and analytics for the client traffic, so the Security team will be pleased. - -After reviewing the architecture with you, your Solutions Engineer advises you to break up these requirements in to 2 specific deliverables. - -**Deliverable 1:** - -Create a globally scaled and future-proof frontend with the XC Regional Edges **(Lab 3)** - -| - -.. image:: ../images/lab3.png - -| - -**Deliverable 2:** - -Leverage App Connect for secure site to site connectivity regardless of IP overlap. **(Lab 4)** - -| - -.. image:: ../images/lab4goal.png - -| - -Multi-Cloud App Connect ----------------------------- - -With **Network Connect** you connected routed networks with your CE Node which acted as a Software-Defined Router. - -Now with **App Connect** you will be configuring our Regional Edges and your CE Nodes as Sofware-Defined-Proxies to provide connectivity between workloads. The CE's can do both functions simultaneously!! - -In the **Side menu** under **Manage** click on **Load Balancers** >> **Origin Pools** and click the **Add Origin Pool** button. - - -AWS Origin Pool ----------------- - -| - -.. image:: ../images/orig.png - -| - -Enter the following Values: - -============================== ===== -Variable Value -============================== ===== -Name animal-name-aws-pool -Origin Server Port 80 -Origin Servers See Below -Health Checks See Below -============================== ===== - -**Origin Servers:** Click **Add Item** - -In the dropdown keep: **Public DNS Name of Origin Server** and type: **public.lab.f5demos.com** and click **Apply**. - -**Health Checks:** Under "Health Check object" click the **Select Item*** dropdown and click **Add Item**. - -For the Name use: **[animal-name]-http** and take the rest as defaults. - -Click **Continue** - -| - -.. image:: ../images/health.png - -| - -Your Origin Pool should now look like this: - -| - -.. image:: ../images/origaws.png - -| - - -Leave everything else as **default** and click **Save and Exit**. - - -Azure Origin Pool ---------------------- - -Click the **Add Origin Pool** button at the top the screen. - - -============================== ===== -Variable Value -============================== ===== -Name animal-name-azure-pool -Origin Server Port 80 -Origin Servers See Below -Health Checks [animal-name]-http -============================== ===== - -**Origin Servers:** -Hit the dropdown for **Select Type of Origin Server** and choose **IP Address of Origin Server on given Sites**. - -============================== ===== -Variable Value -============================== ===== -IP 10.0.3.253 (Note: this is not a typo. The CSP workloads have IP overlap) -Site or Virtual Site Site -Site: **system/student-azurenet** -Select Network on the site Inside Network -============================== ===== - -Click **Apply**. - -Your config should look like this: - -| - -.. image:: ../images/origazure.png - -| - -Leave everything else as **default** and click **Save and Exit**. - -Now that we have defined both of our Origin Server pools which are a public DNS Name in AWS and a private IP in Azure, we will set up the App Connect Proxy to provide a Global Frontend to load balance them. - -Global Frontend ----------------------------- - -In the **Side menu** under **Manage** click on **Load Balancers** >> **HTTP Load Balancers** and click the **Add HTTP Load Balancer** button. - -================================== ===== -Variable Value -================================== ===== -Name animal-name-acme-frontend -Domains and LB Type animal-name-acme-frontend.lab-mcn.f5demos.com -Load Balancer Type HTTP -Automatically Manage DNS Records **check** -HTTP Port 80 -Origin Pools See Below -================================== ===== - -**Origin Pools** - -Click **Add Item** and under "Origin Pool" select the **AWS pool** with your animal name. Leave everything else as **default** and click **Apply**. - -| - -.. image:: ../images/awspri.png - -| - -Click **Add Item** again and under "Origin Pool" select the **Azure pool** with your animal name. This time, change the priority to **0** and click **Apply**. - -.. Note:: A zero value priority makes that pool the lowest priority. A value of **1** is the highest priority. AWS was set to **1** by default. - -| - -.. image:: ../images/azurepri.png - -| - -Click **Apply** and you should now be back to the **HTTP Load Balancer** configuration screen which should look like this. - -| - -.. image:: ../images/httplb.png - -| - -Leave everything else as **default** and scroll down to the bottom to click **Save and Exit**. - -You should now see your Globally Available frontend in the **HTTP Load Balancers** screen. - -| - -.. image:: ../images/newlb.png - -| - -Testing ---------------------- - - -Go ahead and open up a **Command Prompt** or **Terminal** on your personal machine and type the following command: - -**nslookup [animal-name]-acme-frontend.lab-mcn.f5demos.com** and note the IP address that is returned. - -In my example, I am using a terminal on MAC and my animal-name was **rested-tiger**. - -.. Note:: This may take a few moments to become resolvable depending on your local DNS configuration. - -| - -.. image:: ../images/nslookup.png - -| - -Now open up a new tab in your browser and try http://[animal-name]-acme-frontend.lab-mcn.f5demos.com - -If you reached this page, you set it up right! Nice work. - -| - -.. image:: ../images/awspub.png - -| - -Hit **[Shift + Refresh]** a few times in your browser and make sure you are staying on the same site. You should NOT be seeing a **blue page** at any point. - - -In **XC Console**, navigate to **Manage >> Load Balancers >> Origin Pools**, click on the **3 Button** Actions Menu and choose **Manage Configuration** for your **[animal-name]-aws-pool**. - -Click **Edit Configuration** in the upper right and then scroll to the bottom of the **AWS origin Servers** configuration screen. - -Under **TLS**, hit the dropdown and choose **Enable** and click **Save and Exit**. - -| - -.. image:: ../images/tlsenable.png - -| - - -.. Important:: What you are doing here, is enabling TLS on the backend connection to the Origin Server of the AWS pool. This WILL FAIL, as the Server is not expecting TLS which will effectively cause the monitors to fail. This will take down the AWS pool and allow us to test the Azure failover as if the AWS workload itself was failing. - -**Check it out....** - -Go back to your browser tab that you had open to http://[animal-name]-frontend.lab-mcn.f5demos.com and hit **[Shift + Refresh]**. - -| - -.. image:: ../images/azurepub.png - -| - -Go back to XC Console and edit the AWS pool again to disable TLS and bring the AWS site back online. - -| - -.. image:: ../images/disabletls.png - -| - -Click **Save and Exit**. - -Go back to your browser tab that you had open to http://[animal-name]-frontend.lab-mcn.f5demos.com and hit **[Shift + Refresh]**. - -.. note:: If you receive a 503 error, please wait a moment and [Shift + Refresh] your browser. - -You should be back to the AWS page now. - -| - -.. image:: ../images/awspub.png - -| - -.. - **Testing Load Balancing** - - Although this isn't an ACME requirement at the moment, you decide to test an Active/Active pool configuration. - Currrently, you have a Global frontend [http://animal-name-acme-frontend.lab-mcn.f5demos.com] that points to a pool with a public EC2 workload in AWS and a pool with a private IP workload in Azure sitting behind the CE. - You are configured for Active/Standby load-balancing of the pools due to the priority setting in the pool. - - - In **XC Console**, navigate to **Manage >> HTTP Load Balancers**, click on the **3 Button** Actions Menu and choose **Manage Configuration** for your **[animal-name]-acme-frontend**. - - Click **Edit Configuration** in the upper right and then click the **pencil/edit** icon next to the Azure Origin Pool. - - | - - .. image:: ../images/editazure.png - - | - - Change the priority to **1**, click **Apply** and **Save and Exit**. - - Go back to your browser tab that you had open to http://[animal-name]-frontend.lab-mcn.f5demos.com and hit **[Shift + Refresh]**. - - - | - - .. image:: ../images/weird-results.png - - | - - -Dashboard and Analytics -------------------------- - -Now that we've sent several requests to our shiny new **Globally Available Frontend**, we can take a look at the traffic dashboards. - -In **XC Console** >> **Multi-Cloud App Connect** >> **Overview** click on **Performance**. - -Scroll all the way to the bottom and under **Load Balancers**, click directly on your **[animal-name-acme-frontend]**. - -| - -.. image:: ../images/lbs.png - -| - -This will take you to the **Performance Monitoring** Dashboard. If you took a break or don't see any live traffic, try tuning your time-frame. - -| - -.. image:: ../images/time.png - -| - -You should see a number of metrics including a **Application Health** score which may NOT be at **100** due to the AWS site being offline earlier when we tested failover. - -| - -.. image:: ../images/metrics.png - -| - -Notice the invaluable **End to end Latency** analytic. Click on the **Metrics** tab. - -| - -.. image:: ../images/met1.png - -| - -Click on the **Health** Percent metric over on the right side. Use the time-sliders at the bottom to try and zoom in to the approximate time when the applications health was poor. - - -| - -.. image:: ../images/timeslide.png - -| - -In my example, I am zooming in to approx 12:33AM and can click the color block to get a filtered view of the requests as they were being served at that time. - -| - -.. image:: ../images/timeslide2.png - -| - -We can confirm that the Standby Azure workload was sure enough serving up requests during that time. - -| - -.. image:: ../images/requests.png - -| - -Click the **Traffic Tab** in the top menu and change your time-frame back to **1 hour**. - -This graph shows you a visual representation on where your traffic is ingressing our Regional Edges. In my example below, I am local to the DC area, so you can see I consistently hit the DC12 RE in Ashburn Virginia. - -You may see different Source Sites depending where you are geographically located. In production you would see several source sites here if your customer traffic is geographically diverse. - - -You can also see the load balancer name and the Origin Servers to the right. If you hover over them you will get a Request Rate metric. - -| - -.. image:: ../images/traffic.png - -| - -Click the **Origin Servers Tab** in the top menu and change your time-frame to **1 hour**. At the bottom left, change your setting to **50** items per page. - -Why do you think there are so many Origin Servers showing for the AWS EC2 workload DNS name? - -| - -.. image:: ../images/originserve.png - -| - -Click the **Requests Tab** in the top menu and change your time-frame to **1 hour**. At the bottom left, change your setting to **50** items per page. - -The request log has a wealth of information. Literally everything about the request is logged and analyzed. - -Choose any request in the log and click the **expand** arrow next to the time-stamp. - -Every request has built in End-to-End analytics. You can also click on **JSON** to see the request log in JSON format. - -| - -.. image:: ../images/rl.png - -| - -Feel free to explore additional requests and/or fields while other students are getting caught up. - -Sanity Check -------------- -**This is what you just deployed.** - -| - -.. image:: ../images/lab3review.png - -| - -**We hope you enjoyed this lab!** - -**End of Lab 3** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/docs/archive/2023/class3/class6/module2/lab4.rst b/docs/archive/2023/class3/class6/module2/lab4.rst deleted file mode 100644 index 673aada7..00000000 --- a/docs/archive/2023/class3/class6/module2/lab4.rst +++ /dev/null @@ -1,537 +0,0 @@ -Lab 4: App Connect - Solving IP Overlap -=========================================== - -**Objective:** - -* Implement App Connect to overcome IP Address overlap in AWS/Azure. - -* Provide private and secure connectivity between all sites. - -* Configure policy to only permit port 80 between these sites. - -* Review network security events in the XC console. - -| - -.. image:: ../images/lab4bizreq1.png - -| - -**Narrative:** - -Now that the globally available frontend has been deployed, it's time to start working on **Deliverable #2** and configure backend connectivity. Since Network Connect does **NOT** support IP overlap, we will configure the XC Nodes with App Connect proxies. -Recall that Network Connect joins networks by using the XC Nodes as Software-Defined Routers and App Connect uses the XC Nodes as Software-Defined Proxies to connect applications. Think...NetworkAAS or ProxyAAS. - -| - -.. image:: ../images/lab4goal.png - -| - -Multi-Cloud App Connect ----------------------------- - -In the **Side menu** under **Manage** click on **Load Balancers** >> **HTTP Load Balancers** and click the **Add HTTP Load Balancer** button. - - -Enter the following values: - -================================== ============== -Variable Value -================================== ============== -Name [animal-name]-backend-vip-to-azure -Domains and LB Type [animal-name]-backend-vip-to-azure.lab-mcn.f5demos.com -Load Balancer Type HTTP -Automatically Manage DNS Records **uncheck** -HTTP Port 80 -Origin Pools See Below -================================== ============== - -**Origin Pools** - -Click **Add Item** and under "Origin Pool" select the **Azure pool** with your animal name and click **Apply**. - -Your config should look like this so far: - -| - -.. image:: ../images/backendvip.png - -| - -**Scroll** all the way down until you reach the **Other Settings** section. Here you will find the **VIP Advertisement** field. - -.. Important:: In the previous lab, we took the default of **Internet** here. This means that the load balancer will be distributed across all Regional Edges in our anycast network. This time we will choose our Data Center CE to host the load balancer. - -Hit the dropdown and select **Custom**. - -| - -.. image:: ../images/custom.png - -| - -Now click the **Configure** link right below that field: - -| - -.. image:: ../images/configure.png - -| - -On the **"List of Sites to Advertise"** screen click **Add Item**. - -Enter the following values: - -============================== ========================================================= -Variable Value -============================== ========================================================= -Select Where to Advertise Site -Site Network Outside Network (Since we only have 1 interface on our CE Node, it is "Outside" by default) -Site Reference system/[animal-name] -TCP Listen Port Choice TCP Listen Port -TCP Listen Port 80 -============================== ========================================================= - -| - -.. image:: ../images/azint.png - -| - -Click on **Apply**, **Apply**, and then **Save and Exit** on the main **HTTP Load Balancer** config screen. - - -Testing Internal LB ----------------------- -If that seemed easy, it's because it was. Now, you will test the load balancer that you just configured on the Data Center XC Node. - -| - -.. image:: ../images/node.png - -| - -From the Ubuntu Client (backend) **Web Shell** browser tab, type the following command and hit Enter. - -curl http://10.1.1.5 - -| - -.. image:: ../images/curlerror.png - -| - -Uh oh....! **404 Not Found**? But why? - -Recall the mandatory **Domains** field that was required when you configured the HTTP load balancer. **XC App Connect HTTP Load Balancers natively perform Domain Name enforcement and DO NOT respond to requests without the expected Domain Name.** - -| - -.. image:: ../images/domains.png - -| - -We will now use a tool to help test this with a built-in "resolve" function. - -From the Ubuntu Client **Web Shell** browser tab, type or paste the following command **(with your animal-name)** and hit **Enter**.:: - - curl --head http://[animal-name]-backend-vip-to-azure.lab-mcn.f5demos.com --resolve [animal-name]-backend-vip-to-azure.lab-mcn.f5demos.com:80:10.1.1.5 - -.. note:: On a MAC you should be able to [CMD + v] and on a PC [Shift + Insert] to paste into the web shell. - -| - -.. image:: ../images/curlhead.png - -| - -In my example, my animal-name was **wanted-swan**. If you want to see the full HTML of the site you can **up arrow** and run the command again without the **\-\-head** flag.:: - - curl http://[animal-name]-backend-vip-to-azure.lab-mcn.f5demos.com --resolve [animal-name]-backend-vip-to-azure.lab-mcn.f5demos.com:80:10.1.1.5 - -| - -.. image:: ../images/curltest.png - -| - -Success! Your stomach growls and it's time for lunch! You have now met every requirement thrown at you thus far with F5 Distrib.... **Ring Ring** - -.. Important:: Your phone rings! Just as you were finishing up your testing and about to head to lunch, the CIO calls your desk directly with an urgent request and it sounds like that new Pho restaurant is going to have to wait. There is an immediate requirement for the frontend in AWS to connect to an API on the frontend in Azure, privately over port 80. Additionally, this API should be "Read Only" for any API clients originating in AWS. This traffic CAN NOT be sent unencrypted over the Internet. Can we use F5 Distributed Cloud to quickly bridge these CSP's? - -Narrative Update ----------------------- -You have met all the requirements thus far, but that phone call had a real sense of urgency to it so, you're going to have to act fast. - -Unfortunately, you don't have access to any of the workloads in the CSP environments but one of your friends over on the Application team recently let you know about a diagnostic tool they use on their AWS frontend. It's called the "In-Container-Diagnostic tool" and it runs on their AWS instance on port 8080. -They said you could use it if you need to test connectivity from the AWS frontend to the Azure frontend but they can't give you direct access to the container or workload itself. - -"No problem" you reply, and quickly set out to configure a new frontend in XC for the Diag tool. After you expose the Diag tool, you will configure an internal load balancer for port 80 traffic between the AWS frontend and Azure frontend. You will use the Diag tool to then verify this connectivity. - -| - -.. image:: ../images/cioreq.png - -| - -Expose AWS Diag Tool ----------------------- - -In the **Side menu** under **Manage** click on **Load Balancers** >> **Origin Pools** and click the **Add Origin Pool** button. - -================================== ============== -Variable Value -================================== ============== -Name [animal-name]-awstool-pool -Origin Servers **Add Item** > See Below -Origin Server Port 8080 -================================== ============== - -**Origin Servers** - -================================== ============== -Variable Value -================================== ============== -Select Type of Origin Server IP address of Origin Server on given Sites -IP 10.0.3.253 -Site or Virtual Site Site -Site system/student-awsnet -Select Network on the site Inside Network -================================== ============== - -Click **Apply** and the **Save and Exit**. - -| - -.. image:: ../images/toolpool.png - -| - - -In the **Side menu** under **Manage** click on **Load Balancers** >> **HTTP Load Balancers** and click the **Add HTTP Load Balancer** button. - - -Enter the following values: - -================================== ============== -Variable Value -================================== ============== -Name [animal-name]-awstool -Domains and LB Type [animal-name]-awstool.lab-mcn.f5demos.com -Load Balancer Type HTTP -Automatically Manage DNS Records **check** (Important!) -HTTP Port 80 -Origin Pools **Add Item** and select [animal-name-awstool-pool] and click **Apply**. -================================== ============== - -| - -.. image:: ../images/toollb.png - -| - - -Click **Save and Exit**. - -You should now be able to access the new globally availalable tool by accessing the following URL with your animal-name: - -http://[animal-name]-awstool.lab-mcn.f5demos.com - -| - -.. image:: ../images/contool.png - -| - -.. Note:: Please see a lab assistant if you can not access the tool site. - -Create AWS to Azure LB ------------------------- - -Now that we have a way to test connectivity between AWS and Azure all we need to do is setup the HTTP Load Balancer (App Connect Proxy) to provide the secure connectivity. - -Back in XC Console, from the **Side menu** under **Manage** click on **Load Balancers** >> **HTTP Load Balancers** and click the **Add HTTP Load Balancer** button. - - -Enter the following values: - -================================== ============== -Variable Value -================================== ============== -Name [animal-name]-aws-to-azure-lb -Domains and LB Type [animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com -Load Balancer Type HTTP -Automatically Manage DNS Records **uncheck** -HTTP Port 80 -Origin Pools **Add Item** and select [animal-name-azure-pool] and click **Apply**. -VIP Advertisement (at bottom) **Custom** Click **Configure** See Below. -================================== ============== - -Under **List of Sites to Advertise**, click **Add Item**. - -**VIP Advertisement** - -================================== ============== -Variable Value -================================== ============== -Select Where to Advertise Site -Site Network Inside (The AWS node has 2 interface. Inside/Outside) -Site Reference system/student-awsnet -TCP Listen Port Choice TCP Listen Port -TCP Listen Port 80 -================================== ============== - -Click **Apply** and it should look ike this: - -| - -.. image:: ../images/advervip.png - -| - -Click **Apply** and then **Save and Exit** from the HTTP Load Balancer creation screen. - -If you search your HTTP Load Balancers for your **animal-name**, you should now see 4 as per the example below: - -| - -.. image:: ../images/4lbs.png - -| - -Testing AWS to Azure LB ------------------------- - -You now have a load balancer running in AWS on the inside interface of your AWS XC Node. The inside interface IP of the AWS XC Node is **10.0.5.101**. - -We will now use the In-Container Diag tool to test connectivity. - -If you don't already have a tab open to the Diag tool, in your browser go to: http://[animal-name]-awstool.lab-mcn.f5demos.com - -Click on **Run Command** and paste in the following:: - - curl http://[animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com --resolve [animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com:80:10.0.5.101 - -| - -.. image:: ../images/success.png - -| - -In just a few moments, you now have full proxy connectivity between IP Overlapped AWS and Azure resources over a private encrypted tunnel! Pretty sweet huh? - - -Let's try that command again but with the shorthand version by using **\-\-head**:: - - curl --head http://[animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com --resolve [animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com:80:10.0.5.101 - -| - -.. image:: ../images/head.png - -| - -Adding Security ------------------------- - -You just configured an App Connect Proxy listening on port 80 of the Inside interface of the AWS XC Node. Since the App Connect Proxy is **default-deny** and only accepts traffic on the configured load balancer port with the appropriate Layer 7 Domain information, we can rest assured that no other ports will be permitted. - -The second request to ensure that the **pretend API running on port 80 in Azure is Read Only or R/O**, can easily be solved with a Service Policy. For ease of demonstration we will make use of two HTTP methods and **pretend that HEAD is R/W** and of course **GET is natively R/O.** - -Head is one of many HTTP methods used to interact with API's amongst other things. Some other common ones are GET, POST and PUT. - -Technically speaking, The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response. - -.. Note:: In our Lab we are just pretending that HEAD is R/W. - -What if we we didn't want to allow **HEAD** or only allow certain HTTP methods between these two workloads? - -In general, for any of our HTTP Load Balancers, what if we wanted to block a geolocation? -What if we wanted to allow some IP's and disallow others? How about file type enforcements? - -**Service Policies to the Rescue!** - -Service Policies ------------------- - -While Service Policies can do many things, we will go through a quick exercise to simply block the HTTP Method of **HEAD** for our AWS to Azure HTTP Load Balancer. This example could easily be expanded upon. - -When you create a **Service Policy** it intrinsically contains a **default deny**. Therefore, our Service Policy will actually be a definition of what is allowed. - -Back in XC Console, from the **Side menu** under **Security**, click on **Service Policies** >> **Service Policies** and click the **Add Service Policy** button. - -================================== ============== -Variable Value -================================== ============== -Name [animal-name]-allow-get-sp -Server Selection Server Name -Server Name [animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com -Select Policy Rules Custom Rule List -Rules **Configure**, Click **Add Item** > See Below: -================================== ============== - -**Rules** - -================================== ============== -Variable Value -================================== ============== -Name allow-get -Action Allow -Clients Any Client -Servers Domain Matcher >> **Exact Value** >> [animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com -HTTP Method/Method List Get -HTTP Path **Configure** >> **Add Item** add **/** under **Prefix Values**. -================================== ============== - -Click **Apply**. - -| - -.. image:: ../images/prefix.png - -| - - -| - -.. image:: ../images/spget.png - -| - -Scroll down and click **Apply**. - -| - -.. image:: ../images/sp1.png - -| - -Click **Apply**. - -| - -.. image:: ../images/sp2.png - -| - -Click **Save and Exit**. - -Apply Service Policy ---------------------- - -In the **Side menu** under **Manage** click on **Load Balancers** >> **HTTP Load Balancers** and then click the **3 Button** Action Menu >> **Manage Configuration** under your **[animal-name]-aws-to-azure-lb**. - -Click **Edit Configuration** and scroll down to **Common Security Controls**. - -Under **Service Policies**, hit the dropdown and choose, **Apply Specified Service Policies** and then click the blue **Configure**. - -Choose your **[animal-name]-allow-get-sp** and click **Apply** and then **Save and Exit**. - -| - -.. image:: ../images/lbsp.png - - -| - - -Test Service Policy -------------------- - -If you don't already have a tab open to the Diag tool, in your browser go to: http://[animal-name]-awstool.lab-mcn.f5demos.com - -Try your curl command again **without** the **--head** flag.:: - - curl http://[animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com --resolve [animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com:80:10.0.5.101 - - -| - -.. image:: ../images/success.png - - -| - -Now run the command again but insert the **\-\-head** command.:: - - curl --head http://[animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com --resolve [animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com:80:10.0.5.101 - -| - -.. image:: ../images/forbid.png - -| - - -You have now successfully configured an application layer **Service Policy** that enforces HTTP methods. - -.. Note:: This is a primitive example of a much more powerful construct that can be used to enforce, secure and manipulate HTTP traffic much like iRules did on F5's classic BIG-IP platform. - -Review Service Policy Logs ---------------------------- - -Back in XC Console, from the **Side menu** under **Overview**, click on **Applications** and scroll down and click on your **[animal-name]-aws-to-azure-lb** under **Load Balancers**. - - -| - -.. image:: ../images/awstoazure.png - -| - -Take a moment to observe some of the analytics and then click on the **Requests** tab at the top of the page. - -| - -.. image:: ../images/requesttab.png - -| - -Here you will find the full request log. You will see the request path and if you click the little settings gear on the far right, you can add the Response Code given back to the client and several other metrics. -You may have to click refresh in the upper right or change your time frame if you took a break or don't see any data. - -| - -.. image:: ../images/perfmon.png - -| - -**Expand** one of the log entries that had a **403** response code. These were the forbidden **Head** requests. -Look through the request data and determine the policy that was applied to the request as well as the **result**. - -.. note:: If you do not see a response code column in the data, click on the wheel on the right, next to the search edit box and check response code. Click Apply. - -| - -.. image:: ../images/403.png - -| - -**Expand** one of the log entries that had a **200** response code. These were the allowed **Get** requests. -Look through the request data and determine the policy that was applied to the request as well as the **result**. - -| - -.. image:: ../images/200.png - -| - -**Great job! You have now quickly completed every requirement thrown at you with F5 Distributed Cloud App Connect and Network Connect concepts.** - -There is a final bonus lab that will showcase some App Layer Routing and Security Concepts as well. - -Sanity Check -------------- -**This is what you just deployed.** - -| - -.. image:: ../images/lab4review.png - -| - - -**We hope you enjoyed this lab!** - -**End of Lab 4** diff --git a/docs/archive/2023/class3/class6/module2/lab5.rst b/docs/archive/2023/class3/class6/module2/lab5.rst deleted file mode 100644 index 9e64d5eb..00000000 --- a/docs/archive/2023/class3/class6/module2/lab5.rst +++ /dev/null @@ -1,363 +0,0 @@ -Lab 5: Bonus Lab - L7 App Routing & Security -============================================== - -**Objective:** - -* Configure the Global Frontend to perform Layer 7 routing. - -* Configure security policy to protect the frontends from OWASP Top 10 web attacks. - -* Test connectivity and review application security events in the XC console. - -.. image:: ../images/lab5bizreq.png - -**Narrative:** - -Much like "The Real World", the requirements never stop coming. Now, ACME has 2 new deliverables for you to figure out. - -**First**, a new API has been added to the cloud frontends and will require Layer 7 routing at the global frontend in XC. -The requirement is for any requests that have **/aws** in the URI to be routed to AWS. -Any requests with **/azure** should be routed to Azure. - -**Second**, ever since exposing the frontends globally, they have noticed a lot of attack type traffic coming into their application. -They have asked if there is a way to apply a security policy to identify and remediate these attacks which seem to target the application with common OWASP Top 10 type attacks. - -| - -.. image:: ../images/lab5.png - -| - -L7 App Routing ---------------- - -**Adding Layer 7 App Routing with F5 Distributed Cloud is a simple task,** but one thing we haven't done yet is configure an **internal pool** for the **AWS workload**. So far, we have been pointing at a public DNS name in the AWS Origin pool, so that could in theory, change or resolve to different IP's/AZ's, at different times. -What we essentially want is a static proxy into the AWS environment that this one particular frontend is located in, which is also where our CE Node is deployed. - -In the **Side menu** under **Manage** click on **Load Balancers** >> **Origin Pools** and click **Manage Configuration** under the **3 Button** Action Menu on your **[animal-name]-azure-pool**. - -Cick **Clone Object**. - -| - -.. image:: ../images/clone.png - -| - -For the name call it: **[animal-name]-aws-internal** and click the pencil **edit** icon next to the **Origin Server**. - -| - -.. image:: ../images/edit.png - -| - -Simply change the **Site** from **system/student-azurenet** to **system/student-awsnet**. - -| - -.. image:: ../images/orgaws.png - -| - -Click **Apply** - -Your Origin Pool config should now look like this: - -| - -.. image:: ../images/awsconf.png - -| - -Click **Save and Exit**. - -Now we will configure the **Global Frontend** Load Balancer to point at both the AWS and Azure "IP-overlapped workloads" and we will add Layer 7 URI routing so traffic arrives at the appropriate Origin Server. - -In the **Side menu** under **Manage** click on **Load Balancers** >> **HTTP Load Balancers** and click on the **3 Buttons** under the **Actions** menu for your **animal-name-acme-frontend**. - -Click **Manage Configuration** and then **Edit Configuration** in the top right. - -| - -.. image:: ../images/lab5mg.png - -| - -Scroll down to where you see **Routes** and click the blue hyperlink "**Configure**" - -| - -.. image:: ../images/routes.png - -| - -Click **Add Item**. - -Enter the following values: - -================================== ============== -Variable Value -================================== ============== -Route Type Simple Route -HTTP Method GET -Path Match Prefix -Prefix /aws -Headers Leave Default -Origin Pools **Add Item** >> Origin Pool = **[animal-name]-aws-internal**, Click **Apply**. -Host Rewrite Method Disable Host Rewrite -================================== ============== - -Click **Apply**. - -Click **Add Item** again. - -================================== ============== -Variable Value -================================== ============== -Route Type Simple Route -HTTP Method GET -Path Match Prefix -Prefix /azure -Headers Leave Default -Origin Pools **Add Item** >> Origin Pool = **[animal-name]-azure-pool**, Click **Apply**. -Host Rewrite Method Disable Host Rewrite -================================== ============== - -Click **Apply**, **Apply**, **Save and Exit**. - - -| - -.. image:: ../images/routes1.png - -| - -Testing L7 Routing --------------------- - -In your browser open a new tab to: **http://[animal-name]-acme-frontend.lab-mcn.f5demos.com** - -Once you have loaded the site sucessfully, try adding the URI **/aws** and reload the page. - -You should see this: - -| - -.. image:: ../images/awsuri.png - -| - - -Now try adding the URI **/azure** and reload the page. - -You should see this: - -| - -.. image:: ../images/azureuri.png - -| - -So, how do we know for certain which workload was actually answering and this wasn't all smoke and mirrors? - -Back in XC Console, from the **Side menu** under **Overview**, click on **Perfomance**. - -Scroll all the way to the bottom and under **Load Balancers**, click directly on your **[animal-name-acme-frontend]** and then click the **Requests** tab (top middle). - -.. Note:: Remember to click refresh and adjust time-frame as necessary. - - -| - -.. image:: ../images/perfmo.png - -| - - -Notice the requests clearly show the URI and the Origin Server. - -| - -.. image:: ../images/perfmo2.png - -| - -Mission accomplished yet again!!! And with only a few short steps and simple concepts. The more you use F5 Distributed Cloud, the more powerful you become but as you know, with that power comes great responsibility...especially with security! - -L7 Security ---------------- - -If you haven't noticed, all along today, there has always been an underlying theme of security in all of the configurations we setup. It's very rare in this day and age to expose a resource or public frontend without some basic protection. - -A common theme was also reviewed in the narrative above. Your new public frontend has started getting a lot of unwanted attention and there is an immediate need to apply some security controls to expose and mitigate the unwanted traffic. We hear from customers with this request every day. - -With **F5 Distributed Cloud App Connect**, adding a WAF policy is just as easy as everything else we've setup so far. - -**First**, we will test out our attacks on the site without any WAF policy and observe the response. - -Testing Vulnerabilities ------------------------- - -For a SQL Injection (SQLi) attack, run the following command from your "Online Diag Tool". If you closed or lost that tab, the link is: **http://[animal-name]-awstool.lab-mcn.f5demos.com** - -SQLi:: - - curl -A "Mozilla/5.0', (select*from(select(sleep(20)))a)) #" http://[animal-name]-acme-frontend.lab-mcn.f5demos.com/ --resolve [animal-name]-acme-frontend.lab-mcn.f5demos.com:80:159.60.128.61 - - -| - -.. image:: ../images/sqli.png - -| - - -For some various other attacks you can modify the command and URI as shown below and try these: - -Other Attack Samples:: - - curl -X GET "http://[animal-name]-acme-frontend.lab-mcn.f5demos.com/?cmd=cat%20/etc/passwd" --resolve [animal-name]-acme-frontend.lab-mcn.f5demos.com:80:159.60.128.61 - -Or:: - - curl -X GET "http://[animal-name]-acme-frontend.lab-mcn.f5demos.com/product?id=4%20OR%201=1" --resolve [animal-name]-acme-frontend.lab-mcn.f5demos.com:80:159.60.128.61 - - -Here are the URI paths from above for easy reference: - -**/?cmd=cat%20/etc/passwd** - -**/product?id=4%20OR%201=1** - -| - -.. image:: ../images/varattack.png - -| - -Now that you've confirmed that the application is indeed vulnerable to these types of attacks, it's time to put a WAF policy in place and start blocking these immediately. - -Applying WAF ---------------- - -Back in XC Console, from the **Side menu** under **Manage**, click on **Load Balancers**, **HTTP Load Balancers** >> **Actions** >> **Manage Configuration** for the **[animal-name]-acme-frontend**. - -Click **Edit Configuration** and scroll down to the **Web Application Firewall** section. In the dropdown choose **Enable** - -Under **Enable**, click **Add Item**. - -For a name, call it your **[animal-name]-waf** and set the **Enforcement Mode** to blocking. Leave all others **default** and click **Continue**. - -| - -.. image:: ../images/waf.png - -| - -Your HTTP Load Balancer Configuration should now look like this. - -| - -.. image:: ../images/lbwaf.png - -| - -Click **Save and Exit**. - -Testing Vulnerabilities with WAF ----------------------------------- - -For the SQL Injection (SQLi) attack, run the following command from your "Online Diag Tool". If you closed or lost that tab, the link is: **http://[animal-name]-awstool.lab-mcn.f5demos.com** - -SQLi:: - - curl -A "Mozilla/5.0', (select*from(select(sleep(20)))a)) #" http://[animal-name]-acme-frontend.lab-mcn.f5demos.com/ --resolve [animal-name]-acme-frontend.lab-mcn.f5demos.com:80:159.60.128.61 - - -| - -.. image:: ../images/sqliblock.png - -| - -For some various other attacks you can modify the command and URI as shown below and try these: **All should be Blocked or "Rejected"**. - -Other Attack Samples:: - - curl -X GET "http://[animal-name]-acme-frontend.lab-mcn.f5demos.com/?cmd=cat%20/etc/passwd" --resolve [animal-name]-acme-frontend.lab-mcn.f5demos.com:80:159.60.128.61 - -Or:: - - curl -X GET "http://[animal-name]-acme-frontend.lab-mcn.f5demos.com/product?id=4%20OR%201=1" --resolve [animal-name]-acme-frontend.lab-mcn.f5demos.com:80:159.60.128.61 - -| - -.. image:: ../images/varblock.png - -| - -Reviewing WAF Logs ------------------------ - -In this final section, we will review the WAF logs for the attacks we just tested. - -Back in XC Console, from the **Side menu** under **Overview**, click on **Applications**. - -Scroll all the way to the bottom and under **Load Balancers**, click directly on your **[animal-name-acme-frontend]** and then click the **Security Analytics** tab (top middle). - -| - -.. image:: ../images/secmon.png - -| - -.. Note:: Remember to click refresh and adjust time-frame as necessary. - -| - -.. image:: ../images/secevents.png - -| - - -Click on the **Requests** tab (top middle) and then click the **Add Filter** icon: - -| - -.. image:: ../images/filter.png - -| - -Type **waf** in the search field, and select **waf_action** >> **In** >> **Block** >> **Apply**. - -| - -.. image:: ../images/wafaction.png - -| - -You can now see a filtered **Request Log** view of all blocked events. Feel free to play around with other filters and explore the security events. - - -Sanity Check -------------- -**This is what you just deployed.** - - -| - -.. image:: ../images/lab5sanity.png - -| - -Outro --------- - -What a long day it has been at ACME corp.... but you look at your watch and realize that you could have never setup what you just did, in the time it took you, even 3 years ago. The magic of F5 Distributed Cloud Network Connect and App Connect solutions greatly simplify modern problems while saving time and enhancing security. - -**We hope you enjoyed this lab!** - -**End of Lab 5** - - diff --git a/docs/archive/2023/class3/class6/module2/module2.rst b/docs/archive/2023/class3/class6/module2/module2.rst deleted file mode 100644 index f98ca88d..00000000 --- a/docs/archive/2023/class3/class6/module2/module2.rst +++ /dev/null @@ -1,30 +0,0 @@ -Module 2: App Connect -======================================== - -.. image:: ../images/appconnect.png - -**Narrative:** -Everything has been running terrific at ACME with your current Network Connect model. Your boss is pleased with your work and has a new assignment for you. -ACME has aquired a new company that utilizes Azure IAAS but none of their servers are public facing due to security governance. - -ACME wants to implement a globally available frontend that can serve content from either AWS or Azure without directly giving any of the Azure workloads a public IP. -Inbound Internet traffic should always be sent to the public AWS frontend DNS name with the Azure private-ip frontend acting as a backup for now. - -The on-prem backend server must be able to scan the private frontend in Azure on port 80. -The frontend server in Azure WILL NOT have a public IP. ACME has truly gone multi-cloud! - -.. image:: ../images/mod2bizreq.png - - -**In Lab 3** we will be satisfying the latest ACME business requirements by using App Connect to provide a globally available frontend for the cloud application - -**In Lab 4** we will solve the IP overlap problem introduced by the Azure acquisition by leveraging App Connect. - -**In Lab 5** we are offering a bonus App Connect, "Application Routing" lab, where requests from Internet Clients will be routed to AWS or Azure frontend based on URI. You will also -be configuring application security policy on the globally available frontend load balancer in XC to portect against OWASP Top 10 attacks. - -.. toctree:: - :maxdepth: 1 - :glob: - - lab* diff --git a/docs/archive/2023/class3/class7/images/10select_advertise_options-updated.png b/docs/archive/2023/class3/class7/images/10select_advertise_options-updated.png deleted file mode 100644 index 0d4dc1b5..00000000 Binary files a/docs/archive/2023/class3/class7/images/10select_advertise_options-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/10select_advertise_options.png b/docs/archive/2023/class3/class7/images/10select_advertise_options.png deleted file mode 100644 index 6534773f..00000000 Binary files a/docs/archive/2023/class3/class7/images/10select_advertise_options.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/11_b_vk8s_apply_complete_config.png b/docs/archive/2023/class3/class7/images/11_b_vk8s_apply_complete_config.png deleted file mode 100644 index b3128b2e..00000000 Binary files a/docs/archive/2023/class3/class7/images/11_b_vk8s_apply_complete_config.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/11_c_vk8s_saveandexit_complete_config.png b/docs/archive/2023/class3/class7/images/11_c_vk8s_saveandexit_complete_config.png deleted file mode 100644 index 6dce66c5..00000000 Binary files a/docs/archive/2023/class3/class7/images/11_c_vk8s_saveandexit_complete_config.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/11set_advertise_port-updated.png b/docs/archive/2023/class3/class7/images/11set_advertise_port-updated.png deleted file mode 100644 index bc4fe61d..00000000 Binary files a/docs/archive/2023/class3/class7/images/11set_advertise_port-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/11set_advertise_port.png b/docs/archive/2023/class3/class7/images/11set_advertise_port.png deleted file mode 100644 index d49ca1c1..00000000 Binary files a/docs/archive/2023/class3/class7/images/11set_advertise_port.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/12_a_verify_3_workload_sites_pods_pending.png b/docs/archive/2023/class3/class7/images/12_a_verify_3_workload_sites_pods_pending.png deleted file mode 100644 index cf844445..00000000 Binary files a/docs/archive/2023/class3/class7/images/12_a_verify_3_workload_sites_pods_pending.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/12b_verify_3_workload_sites_pods-updated.png b/docs/archive/2023/class3/class7/images/12b_verify_3_workload_sites_pods-updated.png deleted file mode 100644 index 69776753..00000000 Binary files a/docs/archive/2023/class3/class7/images/12b_verify_3_workload_sites_pods-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/12verify_3_workload_sites_pods.png b/docs/archive/2023/class3/class7/images/12verify_3_workload_sites_pods.png deleted file mode 100644 index ce19e722..00000000 Binary files a/docs/archive/2023/class3/class7/images/12verify_3_workload_sites_pods.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/13validate_vK8s_dashboard-updated.png b/docs/archive/2023/class3/class7/images/13validate_vK8s_dashboard-updated.png deleted file mode 100644 index ebee52f7..00000000 Binary files a/docs/archive/2023/class3/class7/images/13validate_vK8s_dashboard-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/13validate_vK8s_dashboard.png b/docs/archive/2023/class3/class7/images/13validate_vK8s_dashboard.png deleted file mode 100644 index c807f92f..00000000 Binary files a/docs/archive/2023/class3/class7/images/13validate_vK8s_dashboard.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/14edit_deployment-updated.png b/docs/archive/2023/class3/class7/images/14edit_deployment-updated.png deleted file mode 100644 index 35f0589b..00000000 Binary files a/docs/archive/2023/class3/class7/images/14edit_deployment-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/14edit_deployment.png b/docs/archive/2023/class3/class7/images/14edit_deployment.png deleted file mode 100644 index e3f860bd..00000000 Binary files a/docs/archive/2023/class3/class7/images/14edit_deployment.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/15modify_deployment_spec-updated.png b/docs/archive/2023/class3/class7/images/15modify_deployment_spec-updated.png deleted file mode 100644 index 344a9e17..00000000 Binary files a/docs/archive/2023/class3/class7/images/15modify_deployment_spec-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/15modify_deployment_spec.png b/docs/archive/2023/class3/class7/images/15modify_deployment_spec.png deleted file mode 100644 index f66d48ea..00000000 Binary files a/docs/archive/2023/class3/class7/images/15modify_deployment_spec.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/16a_review_scaled_deployment--sites-with-error-updated.png b/docs/archive/2023/class3/class7/images/16a_review_scaled_deployment--sites-with-error-updated.png deleted file mode 100644 index 188d86cc..00000000 Binary files a/docs/archive/2023/class3/class7/images/16a_review_scaled_deployment--sites-with-error-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/16review_scaled_deployment-updated.png b/docs/archive/2023/class3/class7/images/16review_scaled_deployment-updated.png deleted file mode 100644 index 8ef9042b..00000000 Binary files a/docs/archive/2023/class3/class7/images/16review_scaled_deployment-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/16review_scaled_deployment.png b/docs/archive/2023/class3/class7/images/16review_scaled_deployment.png deleted file mode 100644 index 2ab0d0e4..00000000 Binary files a/docs/archive/2023/class3/class7/images/16review_scaled_deployment.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/17review_scaled_pods.png b/docs/archive/2023/class3/class7/images/17review_scaled_pods.png deleted file mode 100644 index 18179930..00000000 Binary files a/docs/archive/2023/class3/class7/images/17review_scaled_pods.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/18review_pods_information.png b/docs/archive/2023/class3/class7/images/18review_pods_information.png deleted file mode 100644 index 2e7354e7..00000000 Binary files a/docs/archive/2023/class3/class7/images/18review_pods_information.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/1access_distributed_apps_service_menu-updated.png b/docs/archive/2023/class3/class7/images/1access_distributed_apps_service_menu-updated.png deleted file mode 100644 index d7e56071..00000000 Binary files a/docs/archive/2023/class3/class7/images/1access_distributed_apps_service_menu-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/1access_distributed_apps_service_menu.png b/docs/archive/2023/class3/class7/images/1access_distributed_apps_service_menu.png deleted file mode 100644 index f0b1df16..00000000 Binary files a/docs/archive/2023/class3/class7/images/1access_distributed_apps_service_menu.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/2access_applications_vk8s-udpated.png b/docs/archive/2023/class3/class7/images/2access_applications_vk8s-udpated.png deleted file mode 100644 index d9b7dbd1..00000000 Binary files a/docs/archive/2023/class3/class7/images/2access_applications_vk8s-udpated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/2access_applications_vk8s.png b/docs/archive/2023/class3/class7/images/2access_applications_vk8s.png deleted file mode 100644 index 9e877d9d..00000000 Binary files a/docs/archive/2023/class3/class7/images/2access_applications_vk8s.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/3review_vk8s_dashboard_sites-updated.png b/docs/archive/2023/class3/class7/images/3review_vk8s_dashboard_sites-updated.png deleted file mode 100644 index 3be20d48..00000000 Binary files a/docs/archive/2023/class3/class7/images/3review_vk8s_dashboard_sites-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/3review_vk8s_dashboard_sites.png b/docs/archive/2023/class3/class7/images/3review_vk8s_dashboard_sites.png deleted file mode 100644 index 2e5a191f..00000000 Binary files a/docs/archive/2023/class3/class7/images/3review_vk8s_dashboard_sites.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/4add_vk8s_workload-updated.png b/docs/archive/2023/class3/class7/images/4add_vk8s_workload-updated.png deleted file mode 100644 index b395eb2e..00000000 Binary files a/docs/archive/2023/class3/class7/images/4add_vk8s_workload-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/4add_vk8s_workload.png b/docs/archive/2023/class3/class7/images/4add_vk8s_workload.png deleted file mode 100644 index e0df3185..00000000 Binary files a/docs/archive/2023/class3/class7/images/4add_vk8s_workload.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/5workload_metadata_and_service-updated.png b/docs/archive/2023/class3/class7/images/5workload_metadata_and_service-updated.png deleted file mode 100644 index 59d348e8..00000000 Binary files a/docs/archive/2023/class3/class7/images/5workload_metadata_and_service-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/5workload_metadata_and_service.png b/docs/archive/2023/class3/class7/images/5workload_metadata_and_service.png deleted file mode 100644 index 2ece6714..00000000 Binary files a/docs/archive/2023/class3/class7/images/5workload_metadata_and_service.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/6add_container-updated.png b/docs/archive/2023/class3/class7/images/6add_container-updated.png deleted file mode 100644 index 73ec26c5..00000000 Binary files a/docs/archive/2023/class3/class7/images/6add_container-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/6add_container.png b/docs/archive/2023/class3/class7/images/6add_container.png deleted file mode 100644 index 21c97698..00000000 Binary files a/docs/archive/2023/class3/class7/images/6add_container.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/7container_config-updated.png b/docs/archive/2023/class3/class7/images/7container_config-updated.png deleted file mode 100644 index 6ba7529e..00000000 Binary files a/docs/archive/2023/class3/class7/images/7container_config-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/7container_config.png b/docs/archive/2023/class3/class7/images/7container_config.png deleted file mode 100644 index 62927516..00000000 Binary files a/docs/archive/2023/class3/class7/images/7container_config.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/8deploy_options-updated.png b/docs/archive/2023/class3/class7/images/8deploy_options-updated.png deleted file mode 100644 index 3bd8033b..00000000 Binary files a/docs/archive/2023/class3/class7/images/8deploy_options-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/8deploy_options.png b/docs/archive/2023/class3/class7/images/8deploy_options.png deleted file mode 100644 index 78043eb4..00000000 Binary files a/docs/archive/2023/class3/class7/images/8deploy_options.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/9select_customer_site-updated.png b/docs/archive/2023/class3/class7/images/9select_customer_site-updated.png deleted file mode 100644 index 15b3008f..00000000 Binary files a/docs/archive/2023/class3/class7/images/9select_customer_site-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/9select_customer_site.png b/docs/archive/2023/class3/class7/images/9select_customer_site.png deleted file mode 100644 index 9c11128f..00000000 Binary files a/docs/archive/2023/class3/class7/images/9select_customer_site.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/Event_Order_HTTPS_v7.png b/docs/archive/2023/class3/class7/images/Event_Order_HTTPS_v7.png deleted file mode 100644 index 269beff5..00000000 Binary files a/docs/archive/2023/class3/class7/images/Event_Order_HTTPS_v7.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/Event_Order_HTTP_v12.png b/docs/archive/2023/class3/class7/images/Event_Order_HTTP_v12.png deleted file mode 100644 index 74e7161f..00000000 Binary files a/docs/archive/2023/class3/class7/images/Event_Order_HTTP_v12.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/advanced-stream.png b/docs/archive/2023/class3/class7/images/advanced-stream.png deleted file mode 100644 index 2eb339c2..00000000 Binary files a/docs/archive/2023/class3/class7/images/advanced-stream.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/bigip_login.png b/docs/archive/2023/class3/class7/images/bigip_login.png deleted file mode 100644 index 9f9e45a7..00000000 Binary files a/docs/archive/2023/class3/class7/images/bigip_login.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/dasboard.png b/docs/archive/2023/class3/class7/images/dasboard.png deleted file mode 100644 index 7c5e0324..00000000 Binary files a/docs/archive/2023/class3/class7/images/dasboard.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/deployments.png b/docs/archive/2023/class3/class7/images/deployments.png deleted file mode 100644 index 4c23d778..00000000 Binary files a/docs/archive/2023/class3/class7/images/deployments.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclick-updated.png b/docs/archive/2023/class3/class7/images/distributedappclick-updated.png deleted file mode 100644 index b06f21f1..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclick-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclick.png b/docs/archive/2023/class3/class7/images/distributedappclick.png deleted file mode 100644 index abf991d9..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclick.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclickaddvirtualk8s.png b/docs/archive/2023/class3/class7/images/distributedappclickaddvirtualk8s.png deleted file mode 100644 index 000f41a8..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclickaddvirtualk8s.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclickagilityk8svsite.png b/docs/archive/2023/class3/class7/images/distributedappclickagilityk8svsite.png deleted file mode 100644 index 437d0fba..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclickagilityk8svsite.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8kubeconfig-updated.png b/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8kubeconfig-updated.png deleted file mode 100644 index 2c9fc080..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8kubeconfig-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8kubeconfig.png b/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8kubeconfig.png deleted file mode 100644 index c21e8fee..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8kubeconfig.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8kubeconfigexperitation.png b/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8kubeconfigexperitation.png deleted file mode 100644 index 0dd92630..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8kubeconfigexperitation.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8s.png b/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8s.png deleted file mode 100644 index 19cd0464..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8s.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8ssettings.png b/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8ssettings.png deleted file mode 100644 index ddc3fd80..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8ssettings.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8ssettings2.png b/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8ssettings2.png deleted file mode 100644 index b3b1faf9..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8ssettings2.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8ssettings3.png b/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8ssettings3.png deleted file mode 100644 index d40d053f..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8ssettings3.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8sstatus-in-progress.png b/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8sstatus-in-progress.png deleted file mode 100644 index 862307b1..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8sstatus-in-progress.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8sstatus-updated.png b/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8sstatus-updated.png deleted file mode 100644 index 9d4e54ce..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8sstatus-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8sstatus.png b/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8sstatus.png deleted file mode 100644 index 3977ed06..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclickvirtualk8sstatus.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclickvirtualsite.png b/docs/archive/2023/class3/class7/images/distributedappclickvirtualsite.png deleted file mode 100644 index 32250c02..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclickvirtualsite.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclickvpcsiteone.png b/docs/archive/2023/class3/class7/images/distributedappclickvpcsiteone.png deleted file mode 100644 index c931a342..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclickvpcsiteone.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclickvpcsiteoneexploresite-updated.png b/docs/archive/2023/class3/class7/images/distributedappclickvpcsiteoneexploresite-updated.png deleted file mode 100644 index b2d09d5f..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclickvpcsiteoneexploresite-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclickvpcsiteoneexploresite.png b/docs/archive/2023/class3/class7/images/distributedappclickvpcsiteoneexploresite.png deleted file mode 100644 index 497cda03..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclickvpcsiteoneexploresite.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclickvpcsiteoneexploresite2-updated.png b/docs/archive/2023/class3/class7/images/distributedappclickvpcsiteoneexploresite2-updated.png deleted file mode 100644 index f3cc9dfd..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclickvpcsiteoneexploresite2-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappclickvpcsiteoneexploresite2.png b/docs/archive/2023/class3/class7/images/distributedappclickvpcsiteoneexploresite2.png deleted file mode 100644 index 2247ec4c..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappclickvpcsiteoneexploresite2.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/distributedappprompts.png b/docs/archive/2023/class3/class7/images/distributedappprompts.png deleted file mode 100644 index 0fbaa09a..00000000 Binary files a/docs/archive/2023/class3/class7/images/distributedappprompts.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/firefox_developer.png b/docs/archive/2023/class3/class7/images/firefox_developer.png deleted file mode 100644 index b17930b2..00000000 Binary files a/docs/archive/2023/class3/class7/images/firefox_developer.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/globalkubeconfig.png b/docs/archive/2023/class3/class7/images/globalkubeconfig.png deleted file mode 100644 index 58ea9910..00000000 Binary files a/docs/archive/2023/class3/class7/images/globalkubeconfig.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/intro-008-updated.png b/docs/archive/2023/class3/class7/images/intro-008-updated.png deleted file mode 100644 index 1c6e9cdc..00000000 Binary files a/docs/archive/2023/class3/class7/images/intro-008-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/intro-008.png b/docs/archive/2023/class3/class7/images/intro-008.png deleted file mode 100644 index 33274914..00000000 Binary files a/docs/archive/2023/class3/class7/images/intro-008.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/intro-009-updated.png b/docs/archive/2023/class3/class7/images/intro-009-updated.png deleted file mode 100644 index 47a2133b..00000000 Binary files a/docs/archive/2023/class3/class7/images/intro-009-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/intro-009.png b/docs/archive/2023/class3/class7/images/intro-009.png deleted file mode 100644 index 5e88bdd8..00000000 Binary files a/docs/archive/2023/class3/class7/images/intro-009.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/irule_create.png b/docs/archive/2023/class3/class7/images/irule_create.png deleted file mode 100644 index edb017d0..00000000 Binary files a/docs/archive/2023/class3/class7/images/irule_create.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/it_works.png b/docs/archive/2023/class3/class7/images/it_works.png deleted file mode 100644 index c1ba9148..00000000 Binary files a/docs/archive/2023/class3/class7/images/it_works.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/kubeconfigexpirydate.png b/docs/archive/2023/class3/class7/images/kubeconfigexpirydate.png deleted file mode 100644 index 42a806df..00000000 Binary files a/docs/archive/2023/class3/class7/images/kubeconfigexpirydate.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/lab1-irules-add.png b/docs/archive/2023/class3/class7/images/lab1-irules-add.png deleted file mode 100644 index 7e1158c6..00000000 Binary files a/docs/archive/2023/class3/class7/images/lab1-irules-add.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/lab2-irules-add.png b/docs/archive/2023/class3/class7/images/lab2-irules-add.png deleted file mode 100644 index 24e03a17..00000000 Binary files a/docs/archive/2023/class3/class7/images/lab2-irules-add.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/lab2_verify-remove.png b/docs/archive/2023/class3/class7/images/lab2_verify-remove.png deleted file mode 100644 index 1ac856e7..00000000 Binary files a/docs/archive/2023/class3/class7/images/lab2_verify-remove.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/lab2_verify.png b/docs/archive/2023/class3/class7/images/lab2_verify.png deleted file mode 100644 index d4e22dfb..00000000 Binary files a/docs/archive/2023/class3/class7/images/lab2_verify.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/lab3-irules-add-https.png b/docs/archive/2023/class3/class7/images/lab3-irules-add-https.png deleted file mode 100644 index 78c7bffd..00000000 Binary files a/docs/archive/2023/class3/class7/images/lab3-irules-add-https.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/lab3-irules-add.png b/docs/archive/2023/class3/class7/images/lab3-irules-add.png deleted file mode 100644 index 92102e96..00000000 Binary files a/docs/archive/2023/class3/class7/images/lab3-irules-add.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/lab3_verify.png b/docs/archive/2023/class3/class7/images/lab3_verify.png deleted file mode 100644 index adc586fa..00000000 Binary files a/docs/archive/2023/class3/class7/images/lab3_verify.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/lab4-irules-add.png b/docs/archive/2023/class3/class7/images/lab4-irules-add.png deleted file mode 100644 index ec7ddef6..00000000 Binary files a/docs/archive/2023/class3/class7/images/lab4-irules-add.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m-add-http-menu.png b/docs/archive/2023/class3/class7/images/m-add-http-menu.png deleted file mode 100644 index 83b7cb49..00000000 Binary files a/docs/archive/2023/class3/class7/images/m-add-http-menu.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m-add-http.png b/docs/archive/2023/class3/class7/images/m-add-http.png deleted file mode 100644 index bbae4ac3..00000000 Binary files a/docs/archive/2023/class3/class7/images/m-add-http.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m-add-origin-server-updated.png b/docs/archive/2023/class3/class7/images/m-add-origin-server-updated.png deleted file mode 100644 index 43148070..00000000 Binary files a/docs/archive/2023/class3/class7/images/m-add-origin-server-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m-add-origin-server.png b/docs/archive/2023/class3/class7/images/m-add-origin-server.png deleted file mode 100644 index 84d4f1ec..00000000 Binary files a/docs/archive/2023/class3/class7/images/m-add-origin-server.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m-http-basic-updated.png b/docs/archive/2023/class3/class7/images/m-http-basic-updated.png deleted file mode 100644 index 094abedf..00000000 Binary files a/docs/archive/2023/class3/class7/images/m-http-basic-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m-http-basic.png b/docs/archive/2023/class3/class7/images/m-http-basic.png deleted file mode 100644 index 5bb3cb57..00000000 Binary files a/docs/archive/2023/class3/class7/images/m-http-basic.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m-http-name.png b/docs/archive/2023/class3/class7/images/m-http-name.png deleted file mode 100644 index 59b9a6f1..00000000 Binary files a/docs/archive/2023/class3/class7/images/m-http-name.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m-http-page.png b/docs/archive/2023/class3/class7/images/m-http-page.png deleted file mode 100644 index 1acd388e..00000000 Binary files a/docs/archive/2023/class3/class7/images/m-http-page.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m-http-status-updated.png b/docs/archive/2023/class3/class7/images/m-http-status-updated.png deleted file mode 100644 index 00629069..00000000 Binary files a/docs/archive/2023/class3/class7/images/m-http-status-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m-http-status.png b/docs/archive/2023/class3/class7/images/m-http-status.png deleted file mode 100644 index f6ba93ee..00000000 Binary files a/docs/archive/2023/class3/class7/images/m-http-status.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m-origin-pool-name.png b/docs/archive/2023/class3/class7/images/m-origin-pool-name.png deleted file mode 100644 index a468a58a..00000000 Binary files a/docs/archive/2023/class3/class7/images/m-origin-pool-name.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m-origin-pool.png b/docs/archive/2023/class3/class7/images/m-origin-pool.png deleted file mode 100644 index 54d1c2a6..00000000 Binary files a/docs/archive/2023/class3/class7/images/m-origin-pool.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m-security-configuration-updated.png b/docs/archive/2023/class3/class7/images/m-security-configuration-updated.png deleted file mode 100644 index 367b9bbc..00000000 Binary files a/docs/archive/2023/class3/class7/images/m-security-configuration-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m-security-configuration.png b/docs/archive/2023/class3/class7/images/m-security-configuration.png deleted file mode 100644 index 2d507015..00000000 Binary files a/docs/archive/2023/class3/class7/images/m-security-configuration.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m-select-origin-pool-updated.png b/docs/archive/2023/class3/class7/images/m-select-origin-pool-updated.png deleted file mode 100644 index 9279f282..00000000 Binary files a/docs/archive/2023/class3/class7/images/m-select-origin-pool-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m-select-origin-pool.png b/docs/archive/2023/class3/class7/images/m-select-origin-pool.png deleted file mode 100644 index d8256cc6..00000000 Binary files a/docs/archive/2023/class3/class7/images/m-select-origin-pool.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m3-add-origin-pool.png b/docs/archive/2023/class3/class7/images/m3-add-origin-pool.png deleted file mode 100644 index 35e9b9a7..00000000 Binary files a/docs/archive/2023/class3/class7/images/m3-add-origin-pool.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m3-add-origin-pools.png b/docs/archive/2023/class3/class7/images/m3-add-origin-pools.png deleted file mode 100644 index 086f89c2..00000000 Binary files a/docs/archive/2023/class3/class7/images/m3-add-origin-pools.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m3-add-origin-server-updated.png b/docs/archive/2023/class3/class7/images/m3-add-origin-server-updated.png deleted file mode 100644 index 96ca8cdb..00000000 Binary files a/docs/archive/2023/class3/class7/images/m3-add-origin-server-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m3-add-origin-server.png b/docs/archive/2023/class3/class7/images/m3-add-origin-server.png deleted file mode 100644 index 1cbe3d23..00000000 Binary files a/docs/archive/2023/class3/class7/images/m3-add-origin-server.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m3-origin-pool-name-updated.png b/docs/archive/2023/class3/class7/images/m3-origin-pool-name-updated.png deleted file mode 100644 index 699de4a9..00000000 Binary files a/docs/archive/2023/class3/class7/images/m3-origin-pool-name-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/m3-origin-pool.png b/docs/archive/2023/class3/class7/images/m3-origin-pool.png deleted file mode 100644 index 54d1c2a6..00000000 Binary files a/docs/archive/2023/class3/class7/images/m3-origin-pool.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/manage_irule.png b/docs/archive/2023/class3/class7/images/manage_irule.png deleted file mode 100644 index 01423aa3..00000000 Binary files a/docs/archive/2023/class3/class7/images/manage_irule.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/managedk8s.png b/docs/archive/2023/class3/class7/images/managedk8s.png deleted file mode 100644 index 60940b16..00000000 Binary files a/docs/archive/2023/class3/class7/images/managedk8s.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/namespaces.png b/docs/archive/2023/class3/class7/images/namespaces.png deleted file mode 100644 index 724705d7..00000000 Binary files a/docs/archive/2023/class3/class7/images/namespaces.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/nodes.png b/docs/archive/2023/class3/class7/images/nodes.png deleted file mode 100644 index ad954290..00000000 Binary files a/docs/archive/2023/class3/class7/images/nodes.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/origin-pool.png b/docs/archive/2023/class3/class7/images/origin-pool.png deleted file mode 100644 index b332288d..00000000 Binary files a/docs/archive/2023/class3/class7/images/origin-pool.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/pods.png b/docs/archive/2023/class3/class7/images/pods.png deleted file mode 100644 index c8a12ade..00000000 Binary files a/docs/archive/2023/class3/class7/images/pods.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/resources.png b/docs/archive/2023/class3/class7/images/resources.png deleted file mode 100644 index 26ad9809..00000000 Binary files a/docs/archive/2023/class3/class7/images/resources.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/select_vs.png b/docs/archive/2023/class3/class7/images/select_vs.png deleted file mode 100644 index d5146033..00000000 Binary files a/docs/archive/2023/class3/class7/images/select_vs.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/select_vs_https.png b/docs/archive/2023/class3/class7/images/select_vs_https.png deleted file mode 100644 index f5f3839e..00000000 Binary files a/docs/archive/2023/class3/class7/images/select_vs_https.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/services.png b/docs/archive/2023/class3/class7/images/services.png deleted file mode 100644 index 27b8db36..00000000 Binary files a/docs/archive/2023/class3/class7/images/services.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/test_sites.png b/docs/archive/2023/class3/class7/images/test_sites.png deleted file mode 100644 index 69df1972..00000000 Binary files a/docs/archive/2023/class3/class7/images/test_sites.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/websrv_output.png b/docs/archive/2023/class3/class7/images/websrv_output.png deleted file mode 100644 index 7e9c49cb..00000000 Binary files a/docs/archive/2023/class3/class7/images/websrv_output.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xcconsoleaccountprofile.png b/docs/archive/2023/class3/class7/images/xcconsoleaccountprofile.png deleted file mode 100644 index 0de197f5..00000000 Binary files a/docs/archive/2023/class3/class7/images/xcconsoleaccountprofile.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xcconsoleclickdns-updated.png b/docs/archive/2023/class3/class7/images/xcconsoleclickdns-updated.png deleted file mode 100644 index aa52d63c..00000000 Binary files a/docs/archive/2023/class3/class7/images/xcconsoleclickdns-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xcconsoleclickdns.png b/docs/archive/2023/class3/class7/images/xcconsoleclickdns.png deleted file mode 100644 index 2402a104..00000000 Binary files a/docs/archive/2023/class3/class7/images/xcconsoleclickdns.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xcconsoleclickdomain-updated.png b/docs/archive/2023/class3/class7/images/xcconsoleclickdomain-updated.png deleted file mode 100644 index e857089f..00000000 Binary files a/docs/archive/2023/class3/class7/images/xcconsoleclickdomain-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xcconsoleclickdomain.png b/docs/archive/2023/class3/class7/images/xcconsoleclickdomain.png deleted file mode 100644 index b083c77d..00000000 Binary files a/docs/archive/2023/class3/class7/images/xcconsoleclickdomain.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xcconsolenamespace.png b/docs/archive/2023/class3/class7/images/xcconsolenamespace.png deleted file mode 100644 index cdb6c2bd..00000000 Binary files a/docs/archive/2023/class3/class7/images/xcconsolenamespace.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xcconsolenamespace2.png b/docs/archive/2023/class3/class7/images/xcconsolenamespace2.png deleted file mode 100644 index c1f43e03..00000000 Binary files a/docs/archive/2023/class3/class7/images/xcconsolenamespace2.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xcconsolepromt.png b/docs/archive/2023/class3/class7/images/xcconsolepromt.png deleted file mode 100644 index 6408a9a0..00000000 Binary files a/docs/archive/2023/class3/class7/images/xcconsolepromt.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xchomepage.png b/docs/archive/2023/class3/class7/images/xchomepage.png deleted file mode 100644 index 620ce9d7..00000000 Binary files a/docs/archive/2023/class3/class7/images/xchomepage.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xclogon.png b/docs/archive/2023/class3/class7/images/xclogon.png deleted file mode 100644 index f6df89cd..00000000 Binary files a/docs/archive/2023/class3/class7/images/xclogon.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xclogonacceptterms.png b/docs/archive/2023/class3/class7/images/xclogonacceptterms.png deleted file mode 100644 index f51d6d1a..00000000 Binary files a/docs/archive/2023/class3/class7/images/xclogonacceptterms.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xclogonaccountsettings.png b/docs/archive/2023/class3/class7/images/xclogonaccountsettings.png deleted file mode 100644 index 17115de2..00000000 Binary files a/docs/archive/2023/class3/class7/images/xclogonaccountsettings.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xclogonlogin.png b/docs/archive/2023/class3/class7/images/xclogonlogin.png deleted file mode 100644 index 05ccfb5c..00000000 Binary files a/docs/archive/2023/class3/class7/images/xclogonlogin.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xclogonoemailupdatepass.png b/docs/archive/2023/class3/class7/images/xclogonoemailupdatepass.png deleted file mode 100644 index 7705e272..00000000 Binary files a/docs/archive/2023/class3/class7/images/xclogonoemailupdatepass.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xclogonopass.png b/docs/archive/2023/class3/class7/images/xclogonopass.png deleted file mode 100644 index be4073c8..00000000 Binary files a/docs/archive/2023/class3/class7/images/xclogonopass.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xclogonsetlevel.png b/docs/archive/2023/class3/class7/images/xclogonsetlevel.png deleted file mode 100644 index e9a5e30a..00000000 Binary files a/docs/archive/2023/class3/class7/images/xclogonsetlevel.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xclogonsetpersona.png b/docs/archive/2023/class3/class7/images/xclogonsetpersona.png deleted file mode 100644 index 113a42e7..00000000 Binary files a/docs/archive/2023/class3/class7/images/xclogonsetpersona.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xclogontenantname-updated.png b/docs/archive/2023/class3/class7/images/xclogontenantname-updated.png deleted file mode 100644 index 282c72b7..00000000 Binary files a/docs/archive/2023/class3/class7/images/xclogontenantname-updated.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/images/xclogontenantname.png b/docs/archive/2023/class3/class7/images/xclogontenantname.png deleted file mode 100644 index 12dde250..00000000 Binary files a/docs/archive/2023/class3/class7/images/xclogontenantname.png and /dev/null differ diff --git a/docs/archive/2023/class3/class7/module1/lab1.rst b/docs/archive/2023/class3/class7/module1/lab1.rst deleted file mode 100644 index 5ccf6272..00000000 --- a/docs/archive/2023/class3/class7/module1/lab1.rst +++ /dev/null @@ -1,142 +0,0 @@ -Lab 1 - Explore F5 Distributed Cloud Console --------------------------------------------- - -Welcome to F5 Distributed Cloud Application 301. - -The following Exercises will guide you through the initial -access requirements for this multi-part lab. Lab attendees should have received an invitation -(which requests you update your password for access) email to the lab environment. Please check -the email address used for course registration and its associated spam folders to see if the -invitation email has been received. If you have not received an email, please contact a member -of the lab team. - -The F5 Distributed Cloud Console, where a majority of all lab tasks will be conducted, is a SaaS -based control-plane for services which provides a GUI and API for managing network, security, and -compute services. The F5 Distributed Cloud Console can manage "sites" in existing on-premises, -private data centers and sites within AWS, Azure, and GCP public cloud environments. - - -In this lab, we will learn the following: - -• Log into the F5 Distributed CLoud Console. - -• Review account profile - -• Identify your namespace and your delegated domain name - - -.. NOTE:: - - The delegated Domain Name should be captured/written down as it will be used later in the lab - - Basic Kubernetes knowledge is recommended - -**Core concepts** - - *Tenant* - `Tenant is an entity that is the owner of a given set of configuration and infrastructure. Tenant is the owner of all - configuration objects that a user with given tenant-id has created. Tenant is the fundamental concept of isolation, and a - tenant cannot access any objects or infrastructure of other tenants.` - - *Namespaces* - `Tenant’s configuration objects are grouped under namespaces. Namespaces can be thought of as administrative domains. - All the objects of the same kind need to have unique names in a given namespace. Namespace themselves must be unique - within a tenant. In this document namespace will be referred as /, which will be globally unique.` - - For more core concepts, please review `F5 Distributed Cloud documentation `_ - -**Exercise 1 - Log into F5 Distributed Cloud Console** - -.. NOTE:: - Once you join the UDF session, your UDF deployment will start and create an ephemeral account on the F5 Distributed Cloud console (this may take 5-10min) - - -#. Once your ephemeral account is created, you will receive an email to update your password. - - .. image:: ../images/xclogonoemailupdatepass.png - :width: 250pt - -#. Upon the first login, you will be prompted to change your password. - - .. image:: ../images/xclogonopass.png - :width: 250pt - -#. After setting your login credentials, click login. - - .. image:: ../images/xclogon.png - -#. Upon password update completion, you will be redirected to the F5 Distributed Cloud Console login. You will need to enter the lab tenant name *f5-xc-lab-app* and then click **Next**. Then enter your email and password and click **Log in** - -.. NOTE:: - A tenant in the F5 Distributed Cloud console is a similar construct as an account in AWS or GCP terms. - - .. image:: ../images/xclogontenantname-updated.png - :width: 250pt - - .. image:: ../images/xclogonlogin.png - :width: 250pt - -#. You must click **Accept and Agree** to the terms. - - .. image:: ../images/xclogonacceptterms.png - :width: 250pt - -#. Now, you will need to set the persona and the skill level to access the console. - - .. image:: ../images/xclogonsetpersona.png - :width: 400pt - - .. image:: ../images/xclogonsetlevel.png - :width: 400pt - -#. Finally, navigate through the initial prompts. - - .. image:: ../images/xcconsolepromt.png - :width: 400pt - - - -**Exercise 2 - Explore F5 Distributed Cloud Console** - - .. NOTE:: - For the purposes of this lab, permissions have been restricted to lab operations. Some menus will be locked and not visible. - -#. You can adjust your work domains and skill level (not required) by clicking on the **Account** icon in the top right of the screen and then clicking on **Account Settings**. - - .. image:: ../images/xclogonaccountsettings.png - :width: 400pt - -#. In the resulting window you can observe the **Work domains and skill level** section and other administrative functions. - - -#. Namespaces, which provide an environment for isolating configured applications or enforcing role-based - access controls, are leveraged within the F5 Distributed Cloud Console. For the purposes of this lab, - each lab attendee has been provided a unique **namespace** which you will defaulted to (in terms of GUI navigation) - for all tasks performed through the course of this lab. - -#. Click on the **Select Service** in the left-hand navigation. In the resulting fly out navigation, click **Multi-Cloud App Connect**. - - .. image:: ../images/intro-008-updated.png - :width: 400pt - -#. In the **Multi-Cloud App Connect** configuration screen observe the URL. In the URI path, locate the **** - namespace that you have been assigned. It will be located in the portion of the URI path - between */namespaces/* and */sites/* as shown in this example **…/namespaces//sites/…**. - Note the namespace as it will be used throughout the lab tasks that follow. - - .. image:: ../images/intro-009-updated.png - :width: 400pt - -#. Click on the **Select Service** navigation menu, then click the **DNS Management** tile. - - .. image:: ../images/xcconsoleclickdns-updated.png - :width: 400pt - -#. Please note the delegated domain name - - .. image:: ../images/xcconsoleclickdomain-updated.png - :width: 400pt - - .. NOTE:: - - Your namespace name should captured/written down as it will be referenced later in the labs - - A namespace is a Kubernetes construct. For more Kubernetes concepts, please review `Kubernetes Documentation `_ - - The delegated Domain Name should be captured/written down, as it will be leveraged later in the lab. - diff --git a/docs/archive/2023/class3/class7/module1/lab2.rst b/docs/archive/2023/class3/class7/module1/lab2.rst deleted file mode 100644 index 51d2608e..00000000 --- a/docs/archive/2023/class3/class7/module1/lab2.rst +++ /dev/null @@ -1,104 +0,0 @@ -Lab 2 - Create a Virtual Kubernetes Cluster -------------------------------------------- - -F5 Distributed Cloud App Stack is a SaaS-based offering to deploy, secure, and operate a fleet of applications across the distributed infrastructure in multi-cloud or edge environments. It can scale to a large number of clusters and locations with centralized orchestration, observability, and operations to reduce the complexity of managing a fleet of distributed clusters. - -In this lab, we will learn the following: - -• Access the **Distributed Apps** service in the F5 Distributed Cloud console - -• Create a Virtual Kubernetes Cluster (Virtual K8s) to run a demo app - -**Core concepts** - - *Virtual K8s (vK8s)* - `vK8s refers to a virtual Kubernetes cluster. F5 Distributed Cloud Services support a Kubernetes compatible API for centralized orchestration of applications across a fleet of sites - (customer sites or F5 Distributed Cloud Regional Edge). This API is considered “Kubernetes compatible”, because not all Kubernetes APIs or resources - are supported. However, for the API(s) that are supported, it is 100% compatible. We have implemented a distributed control - plane within our global infrastructure to manage scheduling and scaling of applications across multiple (tens to hundreds of thousands of) - sites, where each site in itself is also a managed physical K8s cluster.` - - *Virtual Sites* - `vK8s objects have a reference to the virtual-site which selects the sites on which the application can be deployed, secured, and operated. - The virtual-site reference of vK8s is used as the default virtual-site for the given vK8s.` - - For more core concepts, please review `F5 Distributed Cloud documentation `_ - -**Exercise 1 - Explore sites and virtual site** - -#. Select the **Distributed Apps** tile on the F5 Distributed Cloud Services home page. - - .. image:: ../images/distributedappclick.png - :width: 400pt - -#. Within the Distributed Apps side menu and under **Applications**, click on **Virtual Sites**. - - .. image:: ../images/distributedappclickvirtualsite.png - :width: 250pt - - -#. Locate the Virtual Site named *agility-k8s-vsite*. - - .. NOTE:: - For this lab, we have provisioned a Virtual Site called *agility-k8s-vsite* to save time - - .. image:: ../images/distributedappclickagilityk8svsite.png - :width: 400pt - -#. Virtual site *agility-k8s-vsite* contains three customer edge sites. As mentioned in the core concepts section, a virtual site is a construct that - selects the sites on which the application can be deployed, secured, and operated. All workloads assigned to site *agility-k8s-vsite* will be - replicated across all three sites. Select **agility-vpc-site-one** - - .. image:: ../images/distributedappclickvpcsiteone.png - :width: 400pt - -#. You can see a summary of stats and configurations for site *agility-vpc-site-one*. Notice the labels used to deploy the site. Can you guess where - this customer edge site is deployed? We can see by the labels that this site is deployed on the Google Cloud Platform (GCP). You can deploy a - customer edge site on ANY major cloud provider and also on-prem. Click on **agility-vpc-site-one** to see more details about the customer edge site. - - .. image:: ../images/distributedappclickvpcsiteoneexploresite-updated.png - :width: 400pt - -#. You can get a lot of helpful information for site *agility-vpc-site-one* and its workloads, including application metrics, number of Pods, - deployment status, etc. Spend some time exploring the different tabs. Of course, there is no information because we have not deployed any workload on this site. - - .. image:: ../images/distributedappclickvpcsiteoneexploresite2-updated.png - :width: 400pt - -**Exercise 2 - Create a Virtual K8s** - -#. In the left-hand side of the console, click **Virtual K8s** under the **Applications** section. - - .. image:: ../images/distributedappclickvirtualk8s.png - :width: 250pt - -#. There are currently no Virtual K8s, so let's create one! Click **Add Virtual K8s** - - .. image:: ../images/distributedappclickaddvirtualk8s.png - :width: 250pt - -#. Enter the site **Name** using your Firstname initial and Lastname altogether and append "-vk8" at the end. Ex: For Andrew Smith, the site name will be *"asmith-vk8"* (without the quotes!) - - .. image:: ../images/distributedappclickvirtualk8ssettings.png - :width: 600pt - -#. Click the **Add Item** button in the *Virtual Sites* section - - .. image:: ../images/distributedappclickvirtualk8ssettings2.png - :width: 450pt - -#. Select the `shared/agility-k8s-vsite` site from the dropdown. - - .. image:: ../images/distributedappclickvirtualk8ssettings3.png - :width: 450pt - -#. Click the **Save and Exit** button at the bottom of the page. - -#. Wait for your virtual K8s current state to show as *Ready* (this can take 5 minutes or more). This is your virtual Kubernetes cluster assigned to the virtual site *agility-k8s-vsite*. - As you already know, virtual site *agility-k8s-vsite* has three sites (*agility-vpc-site-one*, *agility-vpc-site-two*, *agility-vpc-site-three*) - - .. image:: ../images/distributedappclickvirtualk8sstatus-in-progress.png - :width: 600pt - - .. image:: ../images/distributedappclickvirtualk8sstatus-updated.png - :width: 600pt diff --git a/docs/archive/2023/class3/class7/module1/lab3.rst b/docs/archive/2023/class3/class7/module1/lab3.rst deleted file mode 100644 index c07347a7..00000000 --- a/docs/archive/2023/class3/class7/module1/lab3.rst +++ /dev/null @@ -1,37 +0,0 @@ -Lab 3 - Configure your local kubectl to access your virtual K8s (Optional) -------------------------------------------------------------------------- - -In this lab, we will learn the following: - -• Download the kubeconfig file to access your virtual k8s - -**Exercise 1 - Log into F5 Distributed Cloud Console** - - -#. Click the distributed apps tile on the F5 Distributed Cloud Services home page. - - .. image:: ../images/distributedappclick-updated.png - :width: 400pt - -#. Click virtual K8s under the applications section. - - .. image:: ../images/distributedappclickvirtualk8s.png - :width: 180pt - -#. Click the three dots under the "Action" column and then click **Kubeconfig**. - - .. image:: ../images/distributedappclickvirtualk8kubeconfig-updated.png - :width: 650pt - -#. When prompted to select an expiration date, pick a future date that will give you adequate time to complete the lab. - - .. image:: ../images/kubeconfigexpirydate.png - :width: 650pt - -#. If your browser prompts you for a location to download the file, select a directory you prefer and click **Save**. - -#. Click the config kubeconfig is downloaded, and follow the Kubernetes documentation to configure your local kubctl tool. - - `Organizing Cluster Access Using kubeconfig Files `_ - -#. Once you have configured your local kubectl tool, you will be able to manage your virtual k8s using kubectl commands. diff --git a/docs/archive/2023/class3/class7/module1/module1.rst b/docs/archive/2023/class3/class7/module1/module1.rst deleted file mode 100644 index 892b5e6c..00000000 --- a/docs/archive/2023/class3/class7/module1/module1.rst +++ /dev/null @@ -1,10 +0,0 @@ -Module 1: The Basics -==================== - -Here we'll start with the basics of platform. We will start with exploring the F5 Distributed Cloud Console. We will next observe the infrastructure components that have been pre-built for this lab and then proceed to configurat a virtual K8s cluster. - -.. toctree:: - :maxdepth: 1 - :glob: - - lab* diff --git a/docs/archive/2023/class3/class7/module2/lab1.rst b/docs/archive/2023/class3/class7/module2/lab1.rst deleted file mode 100644 index 4a324c66..00000000 --- a/docs/archive/2023/class3/class7/module2/lab1.rst +++ /dev/null @@ -1,118 +0,0 @@ -Lab 1 - Review vK8s Cluster and Deploy vK8s Workload ----------------------------------------------------- - -.. F5 Distributed Cloud App Stack is a SaaS-based offering to deploy, secure, and operate a fleet of applications across the distributed infrastructure in multi-cloud or edge. It can scale to a large number of clusters and locations with centralized orchestration, observability, and operations to reduce the complexity of managing a fleet of distributed clusters. - -In this lab, we will learn the following: - -• Review the previously-created Virtual K8s cluster - -• Configure a vK8s workload utilizing a containerized app from a private registry - -• Deploy a vK8s workload within a vK8s site - -• Advertise a vK8s workload within a cluster via custom HTTP port - -**Core concepts** - - *Workload* - `Workload is used to configure and deploy a workload in Virtual Kubernetes. A workload may be part of an application. Workload encapsulates all the operational characteristics of Kubernetes workload, storage, and network objects (deployments, statefulsets, jobs, persistent volume claims, configmaps, secrets, and services) configuration, as well as configuration related to where the workload is deployed and how it is advertised using L7 or L4 load balancers. A workload can be one of simple service, service, stateful service or job. Services are long running workloads like web servers, databases, etc. Jobs are "run to completion" workloads. Services and jobs can be deployed on Regional Edges or customer sites. Services can be exposed in-cluster, on the Internet by L7 or L4 load balancer, or on sites using an advertise policy.` - - *Service* - `A service with one or more containers with configurable number of replicas that can be deployed on a selection of Regional Edge sites or customer sites and advertised within the cluster where is it deployed, on the Internet, or on other sites using TCP or HTTP or HTTPS load balancer.` - - *Deploy* - `Since Kubernetes is becoming the de-facto industry standard for orchestrating applications, F5® Distributed Cloud has chosen to implement its control plane with a Kubernetes compatible API for orchestration while delivering additional capabilities of managing and securing multiple clusters across distributed locations. This makes it seamless to integrate with third party tools like Spinnaker for CI/CD, etc. For packaging of microservices, we prefer Docker images, which have become another de-facto approach.` - - For more core concepts, please review `F5 Distributed Cloud documentation `_ - -**Exercise 1 - Review Virtual K8s Site** - -#. Access **Distributed Apps** on the F5XC Console - - .. image:: ../images/1access_distributed_apps_service_menu-updated.png - :width: 600pt - -#. Select **Applications -> Virtual K8s**, then your Virtual K8s cluster from the list - - .. image:: ../images/2access_applications_vk8s-udpated.png - :width: 600pt - -#. Review **Sites** on the vK8s dashboard - there should be 3. These 3 customer edge sites will be were our workloads will be deployed to. - - .. image:: ../images/3review_vk8s_dashboard_sites-updated.png - :width: 600pt - -**Exercise 2 - Configure vK8s Workload Container** - -#. Select **Workloads** -> **Add vK8s workload** - - .. image:: ../images/4add_vk8s_workload-updated.png - :width: 600pt - -#. Complete the **Metadata** section by using your Firstname initial and Lastname altogether and append “-workload” at the end. Ex: For Andrew Smith, the site name will be “asmith-workload” (without the quotes!) Use this value for **Name** and **Description**, then select **Service** from the **Select Type of Workload** list. - - .. image:: ../images/5workload_metadata_and_service-updated.png - :width: 600pt - -#. Next, click the **Configure** link within the **Service** sub-section. - -#. Select **Add Item** within the **Containers** section - - .. image:: ../images/6add_container-updated.png - :width: 600pt - -#. Complete the **Container Configuration** section by providing a **Name** and details for which **Image to Use** - - - **Name**: f5xcdemoapp - - **Image Name**: colemaneast.azurecr.io/f5xcdemoapp - - **Container Registry**: Private Registry - - **Private Registry**: shared/azure-registry - - .. image:: ../images/7container_config-updated.png - :width: 600pt - -#. Click **Apply** - -**Exercise 3 - Configure vK8s Workload Deployment Options** - -#. Within the **Deploy Options** section, set **Where to Deploy the Workload** to *Customer Virtual Sites*, then click the **Configure** link within the **Customer Virtual Sites** section. - - .. image:: ../images/8deploy_options-updated.png - :width: 600pt - -#. Select the agility-k8s-vsite vK8s site name from **List of Customer Virtual Sites to Deploy**, then **Apply**. - - .. image:: ../images/9select_customer_site-updated.png - :width: 600pt - -**Exercise 4 - Configure vK8s Workload Advertisement Options** - -#. Within the **Advertise Options** section, set **Options to Advertise the Workload** to *Advertise In Cluster*, then click the **Configure** link within the **Advertise in Cluster** section - - .. image:: ../images/10select_advertise_options-updated.png - :width: 600pt - -#. Within the **Select Port to Advertise** section, set **Select Port to Advertise** to *3000*, set **Application Protocol** to *HTTP*. Finally click **Apply**. This will set the clusterIP port to 3000. - - - **Port**: 3000 - - **Application Protocol**: HTTP - - .. image:: ../images/11set_advertise_port-updated.png - :width: 600pt - -#. With the vk8s workload configuration now completed, Click **Apply** again, then **Save and Exit** from the vK8s Workload configuration page - - .. image:: ../images/11_b_vk8s_apply_complete_config.png - :width: 600pt - - .. image:: ../images/11_c_vk8s_saveandexit_complete_config.png - :width: 600pt - -#. In less than a minute, you should see the workload added with 3 total sites and 3 total pods (you may need to click the "Refresh" button) - - .. image:: ../images/12_a_verify_3_workload_sites_pods_pending.png - :width: 600pt - - .. image:: ../images/12b_verify_3_workload_sites_pods-updated.png - :width: 600pt diff --git a/docs/archive/2023/class3/class7/module2/lab2.rst b/docs/archive/2023/class3/class7/module2/lab2.rst deleted file mode 100644 index 5b8ca366..00000000 --- a/docs/archive/2023/class3/class7/module2/lab2.rst +++ /dev/null @@ -1,57 +0,0 @@ -Lab 2 - Scale vK8s Deployment ------------------------------ - -F5 Distributed Cloud App Stack is a SaaS-based offering to deploy, secure, and operate a fleet of applications across the distributed infrastructure in multi-cloud or edge. It can scale to a large number of clusters and locations with centralized orchestration, observability, and operations to reduce the complexity of managing a fleet of distributed clusters. - -In this lab, we will learn the following: - -• Review the Virtual K8s Cluster Dashboard - -• Modify Virtual K8s Deployment to Scale Replicas - -**Core concepts** - - *Pods in vK8s* - `The core concept in application management on Kubernetes is a Pod. Pod is the basic and smallest execution unit that can be created, deployed, and managed in Kubernetes. A Pod consumes compute, memory, and storage resources and needs a network identity. A Pod contains a single or multiple containers but it is a single instance of an application in Kubernetes.` - - *Service* - `A service with one or more containers with configurable number of replicas that can be deployed on a selection of Regional Edge sites or customer sites and advertised within the cluster where is it deployed, on the Internet, or on other sites using TCP or HTTP or HTTPS load balancer.` - - For more core concepts, please review `F5 Distributed Cloud documentation `_ - -**Exercise 1 - Access Virtual K8s Cluster Dashboard and Edit Deployment** - -#. Select **Applications -> Virtual K8s -> -> Dashboard**. You should see one pod per site. - - .. image:: ../images/13validate_vK8s_dashboard-updated.png - :width: 600pt - -#. Select **Deployments**, then select the menu under **Actions** for your deployment, then **Edit** - - .. image:: ../images/14edit_deployment-updated.png - :width: 600pt - -#. Ensure **Edit** mode is enabled, expand the **spec** section, and modify **replicas** from *1* to *3* and select **Save** - - .. image:: ../images/15modify_deployment_spec-updated.png - :width: 600pt - -**Exercise 2 - Review Scaled vK8s Deployment** - -#. It may take a few moments, but on the vK8s cluster dashboard, number of **Running Pods** should increase to 9. Upon refreshing the list, you may notice the number of **Sites with Error** gradually decrease as **Running Pods** increases. - - .. image:: ../images/16review_scaled_deployment-updated.png - :width: 600pt - -#. The F5 XC platform can also provide more information on the specific pods directly from the web console. Click on **Pods** in the top menu. - - - .. image:: ../images/17review_scaled_pods.png - :width: 600pt - -#. In this view, you can see the specific pod information such as resource consumption, site deployment and node location, message status. (you may need to click the "Refresh" button) - - .. image:: ../images/18review_pods_information.png - :width: 600pt - -This concludes Module 2: Deploy and Scale Virtual K8s Workload. Thank you for taking the time to complete these exercises! Please continue on to module 3 for a look at how to publish your application for users to consume. diff --git a/docs/archive/2023/class3/class7/module2/module2.rst b/docs/archive/2023/class3/class7/module2/module2.rst deleted file mode 100644 index 65e5fc35..00000000 --- a/docs/archive/2023/class3/class7/module2/module2.rst +++ /dev/null @@ -1,11 +0,0 @@ - -Module 2: Deploy and Scale Virtual K8s Workload -=============================================== - -Here we'll take a look at the process for deploying and scaling a vK8s workload via private container registry. This private container registry has been already configured for this lab. - -.. toctree:: - :maxdepth: 1 - :glob: - - lab* diff --git a/docs/archive/2023/class3/class7/module3/lab1.rst b/docs/archive/2023/class3/class7/module3/lab1.rst deleted file mode 100644 index 196721ec..00000000 --- a/docs/archive/2023/class3/class7/module3/lab1.rst +++ /dev/null @@ -1,40 +0,0 @@ -Lab 1 - Create Origin Pool -========================== -In this first part of the lab, you will create an origin pool pointing to the service of the F5xcdemo workload you created in the previous lab. - -**Exercise 1: Create Origin Pool** - -#. Navigate the left-side menu to **Manage -> Load Balancers**, then click **Origin Pools**. - - |origin_pool| - -#. Click the **Add Origin Pool** button. - - |origin_pool_add| - -#. On the New Origin Pool form: - - #. Enter a **Name** for your pool (ex: pool) - #. Replace the **Port** value of *443* with *3000* - #. Select **Add Item** under **Origin Servers** - - |origin_pool_name| - -#. Complete the **Origin Server** section by make the following changes: - - - **Select Type of Origin Server**: K8s Service Name of Origin Server on given Sites - - **Service Name**: . (eg: asmith-workload.grand-marten This will map to the service name of your vK8s workload and XC tenant namespace) - - **Site or Virtual Site**: Virtual Site select shared/agility-k82-site - - **Select Network on the site**: vK8s Networks on Site - - |origin_pools_menu| - -#. Click on **Apply** to return to the previous screen - -#. Click the **Save and Exit** button to close the **Origin Pool** dialogue. - - -.. |origin_pool| image:: ../images/m3-origin-pool.png -.. |origin_pool_add| image:: ../images/m3-add-origin-pools.png -.. |origin_pool_name| image:: ../images/m3-origin-pool-name-updated.png -.. |origin_pools_menu| image:: ../images/m3-add-origin-server-updated.png diff --git a/docs/archive/2023/class3/class7/module3/lab2.rst b/docs/archive/2023/class3/class7/module3/lab2.rst deleted file mode 100644 index 9737b444..00000000 --- a/docs/archive/2023/class3/class7/module3/lab2.rst +++ /dev/null @@ -1,67 +0,0 @@ -Lab 2 - Publish to the Internet -=============================== - -**Exercise 1: Create HTTP Load Balancer** - -#. Navigate the left-side menu to **Manage -> Load Balancers -> HTTP Load Balancers**, then click **Add HTTP Load Balancer**. - - |add_HTTP_menu| - |add_HTTP| - -#. In the **HTTP Load Balancer** Configuration Section make the following changes: - - - **Name**: User -lb - - **List of Domains**: Use .lab-app.f5demos.com - - **Select Type of Load Balancer**: HTTP - - **Automatically Manage DNS Records**: Make sure this is checked - - |http_basic| - -#. In the **Origin Pools** section click **Add Item**. - - |add_origin_server| - -#. Select your **Origin Pool**, which was created earlier in this lab, and Click **Apply** - - |select_origin_pool| - -#. In the Common Security Controls section change the **Service Policies** to *Do Not Apply Service Policies* then click **Save and Exit** at the bottom of the page. - - |security_configuration| - -#. After a few moments you should see a screen like the following: - - |http_status| - -.. NOTE:: - - Please wait for the **VIRTUAL_HOST_READY** - -Now we are ready to test! - -Open a browser tab and navigate to the domain you entered. - -In the example below it is *grand-marten.lab-app.f5demos.com* - -Success will render a page like the following: - - |http_page| - -Please note the country name. - -Refresh your browser a few times and notice what happens to the country name. - -Why? - -This ends the lab. - - - - -.. |add_HTTP_menu| image:: ../images/m-add-http-menu.png -.. |add_HTTP| image:: ../images/m-add-http.png -.. |http_basic| image:: ../images/m-http-basic-updated.png -.. |add_origin_server| image:: ../images/m-add-origin-server-updated.png -.. |select_origin_pool| image:: ../images/m-select-origin-pool-updated.png -.. |security_configuration| image:: ../images/m-security-configuration-updated.png -.. |http_status| image:: ../images/m-http-status-updated.png -.. |http_page| image:: ../images/m-http-page.png \ No newline at end of file diff --git a/docs/archive/2023/class3/class7/module3/module3.rst b/docs/archive/2023/class3/class7/module3/module3.rst deleted file mode 100644 index 1e2a7570..00000000 --- a/docs/archive/2023/class3/class7/module3/module3.rst +++ /dev/null @@ -1,10 +0,0 @@ -Module 3: Publish Application to the Internet -============================================= - -In order to publish our application to the Internet, we will need to create an origin pool and an HTTP Load Balancer. The F5 XC platform can provide both hosting capabilities with the virtual K8s platfom and also secure Application Delivery capabilities through a single SaaS delivered solution. - -.. toctree:: - :maxdepth: 1 - :glob: - - lab* diff --git a/docs/archive/2023/class3/class7/module4/lab_optional.rst b/docs/archive/2023/class3/class7/module4/lab_optional.rst deleted file mode 100644 index ef347e46..00000000 --- a/docs/archive/2023/class3/class7/module4/lab_optional.rst +++ /dev/null @@ -1,61 +0,0 @@ -Lab Optional - Use kubectl to view vK8s Output -============================================== - -F5 Distributed Cloud App Stack provides the ability to manage your vK8s namespace via command line with kubectl - -In this lab, we will learn perform the following: - -• Review kubectl commands and see the output - -**Core Concepts** - - *Virtual Kubernetes vK8s* - `F5 Distributed Cloud Services support a Kubernetes compatible API for centralized orchestration of applications across a fleet of sites (customer sites or F5 Distributed Cloud Regional Edge). This API is "Kubernetes compatible" because not all Kubernetes APIs or resources are supported. However, for the API(s) that are supported, it is hundred percent compatible. We have implemented a distributed control plane within our global infrastructure to manage scheduling and scaling of applications across multiple (tens to hundreds of thousands of) sites, where each site in itself is also a managed physical K8s cluster.` - - *kubectl* - `Standard upstream kubectl CLI tool can be used on the vK8s API URL or the downloaded kubeconfig file can be used to access the vK8s APIs.` - - For more core concepts, please review `F5 Distributed Cloud documentation `_ - -**Commands to run via cli to Access Virtual K8s** - - *Commands* - `Run the following commands and view the outputs. Why are there different outputs before and after increasing the replicas?` - - *View Nodes* - `kubectl get nodes` - - `kubectl get nodes -o wide` - - *View pods* - `kubectl get pods` - - `kubectl get pods -o wide` - - `kubectl describe pod ` - - *View deployment and service* - `kubectl get deployment -workload` - - `kubectl get svc -workload` - - *View all resources in your namespace* - `kubectl get all` - - *View output of the pod in yaml format* - `kubectl get pods -o yaml` - - *View output of the deployment in yaml format* - `kubectl get deployment -workload -o yaml` - - *View output of the service in yaml format* - `kubectl get svc -workload -o yaml` - - *Save the output of the deployment in yaml format* - `kubectl get deployment -workload -o yaml > agility.yaml` - - *View the saved yaml deployment* - `find the file in the current directory: - ls -larth` - - `view the file: cat agility.yaml` diff --git a/docs/archive/2023/class3/class7/module4/module4.rst b/docs/archive/2023/class3/class7/module4/module4.rst deleted file mode 100644 index 6e9825c9..00000000 --- a/docs/archive/2023/class3/class7/module4/module4.rst +++ /dev/null @@ -1,10 +0,0 @@ -Module 4: Optional Lab Using kubectl to View vk8s Outputs -========================================================= - -In order to use kubectl please have the kubeconfig file downloaded and merged into your kubeconfig file. - -.. toctree:: - :maxdepth: 1 - :glob: - - lab* diff --git a/docs/class3/class2.rst b/docs/class3/class3.rst similarity index 100% rename from docs/class3/class2.rst rename to docs/class3/class3.rst diff --git a/docs/class4/class2.rst b/docs/class4/class4.rst similarity index 100% rename from docs/class4/class2.rst rename to docs/class4/class4.rst diff --git a/docs/class5/class3.rst b/docs/class5/class5.rst similarity index 100% rename from docs/class5/class3.rst rename to docs/class5/class5.rst diff --git a/docs/class5/class6/class4.rst b/docs/class5/class6/class4.rst deleted file mode 100644 index 5677bd3e..00000000 --- a/docs/class5/class6/class4.rst +++ /dev/null @@ -1,23 +0,0 @@ -F5 Distributed Cloud - Intro to Multi-Cloud Networking -========================================================== - -This hands-on lab environment highlights some of the basic concepts of F5 Distributed Cloud Multi-cloud Networking. - -**Narrative:** -During the lab you will be playing the role of an Engineer at ACME Corp who responds to new business requirements quickly by implementing F5's Network and App connect solutions. - -**Goal:** -Demonstrate and understand when to use F5 Distributed Cloud Network Connect or App Connect to securely extend connectivity between disparate environments. - -.. image:: ./images/intro.png - -.. Caution:: Please be aware that there is a waiting period after Lab 1, while provisioning occurs. If you are an instructor, please have students proceed with Lab 1 prior to any presentation, to give ample time for processes to complete. - -This Lab uses the **[Agility] F5XC Introduction into MCN** UDF Blueprint. - -.. toctree:: - :maxdepth: 1 - :glob: - - intro - module*/module* \ No newline at end of file diff --git a/docs/class5/class6/images/200.png b/docs/class5/class6/images/200.png deleted file mode 100644 index d4810611..00000000 Binary files a/docs/class5/class6/images/200.png and /dev/null differ diff --git a/docs/class5/class6/images/403.png b/docs/class5/class6/images/403.png deleted file mode 100644 index bca3cfa4..00000000 Binary files a/docs/class5/class6/images/403.png and /dev/null differ diff --git a/docs/class5/class6/images/4lbs.png b/docs/class5/class6/images/4lbs.png deleted file mode 100644 index 263e9c2a..00000000 Binary files a/docs/class5/class6/images/4lbs.png and /dev/null differ diff --git a/docs/class5/class6/images/8080.png b/docs/class5/class6/images/8080.png deleted file mode 100644 index 297d94b3..00000000 Binary files a/docs/class5/class6/images/8080.png and /dev/null differ diff --git a/docs/class5/class6/images/action.png b/docs/class5/class6/images/action.png deleted file mode 100644 index 7151f121..00000000 Binary files a/docs/class5/class6/images/action.png and /dev/null differ diff --git a/docs/class5/class6/images/advervip.png b/docs/class5/class6/images/advervip.png deleted file mode 100644 index a94c42c9..00000000 Binary files a/docs/class5/class6/images/advervip.png and /dev/null differ diff --git a/docs/class5/class6/images/allow80.png b/docs/class5/class6/images/allow80.png deleted file mode 100644 index 07ca7863..00000000 Binary files a/docs/class5/class6/images/allow80.png and /dev/null differ diff --git a/docs/class5/class6/images/appconnect.png b/docs/class5/class6/images/appconnect.png deleted file mode 100644 index 841e23ca..00000000 Binary files a/docs/class5/class6/images/appconnect.png and /dev/null differ diff --git a/docs/class5/class6/images/approval.png b/docs/class5/class6/images/approval.png deleted file mode 100644 index 80f64d2c..00000000 Binary files a/docs/class5/class6/images/approval.png and /dev/null differ diff --git a/docs/class5/class6/images/awsconf.png b/docs/class5/class6/images/awsconf.png deleted file mode 100644 index b572f57e..00000000 Binary files a/docs/class5/class6/images/awsconf.png and /dev/null differ diff --git a/docs/class5/class6/images/awsnet.png b/docs/class5/class6/images/awsnet.png deleted file mode 100644 index 4164ce80..00000000 Binary files a/docs/class5/class6/images/awsnet.png and /dev/null differ diff --git a/docs/class5/class6/images/awspri.png b/docs/class5/class6/images/awspri.png deleted file mode 100644 index 65583b45..00000000 Binary files a/docs/class5/class6/images/awspri.png and /dev/null differ diff --git a/docs/class5/class6/images/awspub.png b/docs/class5/class6/images/awspub.png deleted file mode 100644 index b074856f..00000000 Binary files a/docs/class5/class6/images/awspub.png and /dev/null differ diff --git a/docs/class5/class6/images/awstoazure.png b/docs/class5/class6/images/awstoazure.png deleted file mode 100644 index bee78740..00000000 Binary files a/docs/class5/class6/images/awstoazure.png and /dev/null differ diff --git a/docs/class5/class6/images/awsuri.png b/docs/class5/class6/images/awsuri.png deleted file mode 100644 index ec3e58f9..00000000 Binary files a/docs/class5/class6/images/awsuri.png and /dev/null differ diff --git a/docs/class5/class6/images/azint.png b/docs/class5/class6/images/azint.png deleted file mode 100644 index 1037feb5..00000000 Binary files a/docs/class5/class6/images/azint.png and /dev/null differ diff --git a/docs/class5/class6/images/azurepri.png b/docs/class5/class6/images/azurepri.png deleted file mode 100644 index 3d004b81..00000000 Binary files a/docs/class5/class6/images/azurepri.png and /dev/null differ diff --git a/docs/class5/class6/images/azurepub.png b/docs/class5/class6/images/azurepub.png deleted file mode 100644 index adc4245a..00000000 Binary files a/docs/class5/class6/images/azurepub.png and /dev/null differ diff --git a/docs/class5/class6/images/azureuri.png b/docs/class5/class6/images/azureuri.png deleted file mode 100644 index 8e16bff7..00000000 Binary files a/docs/class5/class6/images/azureuri.png and /dev/null differ diff --git a/docs/class5/class6/images/backendvip.png b/docs/class5/class6/images/backendvip.png deleted file mode 100644 index a19fcdf7..00000000 Binary files a/docs/class5/class6/images/backendvip.png and /dev/null differ diff --git a/docs/class5/class6/images/ceconf.png b/docs/class5/class6/images/ceconf.png deleted file mode 100644 index ea92deec..00000000 Binary files a/docs/class5/class6/images/ceconf.png and /dev/null differ diff --git a/docs/class5/class6/images/cestate.png b/docs/class5/class6/images/cestate.png deleted file mode 100644 index d93e9586..00000000 Binary files a/docs/class5/class6/images/cestate.png and /dev/null differ diff --git a/docs/class5/class6/images/changepwd.png b/docs/class5/class6/images/changepwd.png deleted file mode 100644 index f1809db4..00000000 Binary files a/docs/class5/class6/images/changepwd.png and /dev/null differ diff --git a/docs/class5/class6/images/cioreq.png b/docs/class5/class6/images/cioreq.png deleted file mode 100644 index b788ac0f..00000000 Binary files a/docs/class5/class6/images/cioreq.png and /dev/null differ diff --git a/docs/class5/class6/images/cli-01.png b/docs/class5/class6/images/cli-01.png deleted file mode 100644 index 66ec0307..00000000 Binary files a/docs/class5/class6/images/cli-01.png and /dev/null differ diff --git a/docs/class5/class6/images/cli-02.png b/docs/class5/class6/images/cli-02.png deleted file mode 100644 index 1128e059..00000000 Binary files a/docs/class5/class6/images/cli-02.png and /dev/null differ diff --git a/docs/class5/class6/images/cli-03.png b/docs/class5/class6/images/cli-03.png deleted file mode 100644 index f84fbff0..00000000 Binary files a/docs/class5/class6/images/cli-03.png and /dev/null differ diff --git a/docs/class5/class6/images/cli-04.png b/docs/class5/class6/images/cli-04.png deleted file mode 100644 index 443a3f3b..00000000 Binary files a/docs/class5/class6/images/cli-04.png and /dev/null differ diff --git a/docs/class5/class6/images/cli-05.png b/docs/class5/class6/images/cli-05.png deleted file mode 100644 index cc0a094d..00000000 Binary files a/docs/class5/class6/images/cli-05.png and /dev/null differ diff --git a/docs/class5/class6/images/clone.png b/docs/class5/class6/images/clone.png deleted file mode 100644 index 59c738a2..00000000 Binary files a/docs/class5/class6/images/clone.png and /dev/null differ diff --git a/docs/class5/class6/images/clustersize.png b/docs/class5/class6/images/clustersize.png deleted file mode 100644 index b70dc013..00000000 Binary files a/docs/class5/class6/images/clustersize.png and /dev/null differ diff --git a/docs/class5/class6/images/configure.png b/docs/class5/class6/images/configure.png deleted file mode 100644 index ec90a1bd..00000000 Binary files a/docs/class5/class6/images/configure.png and /dev/null differ diff --git a/docs/class5/class6/images/contool.png b/docs/class5/class6/images/contool.png deleted file mode 100644 index 853f7846..00000000 Binary files a/docs/class5/class6/images/contool.png and /dev/null differ diff --git a/docs/class5/class6/images/copytoke.png b/docs/class5/class6/images/copytoke.png deleted file mode 100644 index 30dd58ee..00000000 Binary files a/docs/class5/class6/images/copytoke.png and /dev/null differ diff --git a/docs/class5/class6/images/curl.png b/docs/class5/class6/images/curl.png deleted file mode 100644 index 6073b849..00000000 Binary files a/docs/class5/class6/images/curl.png and /dev/null differ diff --git a/docs/class5/class6/images/curlerror.png b/docs/class5/class6/images/curlerror.png deleted file mode 100644 index 9d461dc0..00000000 Binary files a/docs/class5/class6/images/curlerror.png and /dev/null differ diff --git a/docs/class5/class6/images/curlhead.png b/docs/class5/class6/images/curlhead.png deleted file mode 100644 index c27fc34e..00000000 Binary files a/docs/class5/class6/images/curlhead.png and /dev/null differ diff --git a/docs/class5/class6/images/curltest.png b/docs/class5/class6/images/curltest.png deleted file mode 100644 index 8f755a8d..00000000 Binary files a/docs/class5/class6/images/curltest.png and /dev/null differ diff --git a/docs/class5/class6/images/custom.png b/docs/class5/class6/images/custom.png deleted file mode 100644 index 7317f006..00000000 Binary files a/docs/class5/class6/images/custom.png and /dev/null differ diff --git a/docs/class5/class6/images/dash.png b/docs/class5/class6/images/dash.png deleted file mode 100644 index 6182068e..00000000 Binary files a/docs/class5/class6/images/dash.png and /dev/null differ diff --git a/docs/class5/class6/images/dash1.png b/docs/class5/class6/images/dash1.png deleted file mode 100644 index 22db7f2a..00000000 Binary files a/docs/class5/class6/images/dash1.png and /dev/null differ diff --git a/docs/class5/class6/images/denyall.png b/docs/class5/class6/images/denyall.png deleted file mode 100644 index 27b978ca..00000000 Binary files a/docs/class5/class6/images/denyall.png and /dev/null differ diff --git a/docs/class5/class6/images/devconf.png b/docs/class5/class6/images/devconf.png deleted file mode 100644 index 0fc8e5f2..00000000 Binary files a/docs/class5/class6/images/devconf.png and /dev/null differ diff --git a/docs/class5/class6/images/disabletls.png b/docs/class5/class6/images/disabletls.png deleted file mode 100644 index 2e5cbff0..00000000 Binary files a/docs/class5/class6/images/disabletls.png and /dev/null differ diff --git a/docs/class5/class6/images/docu.png b/docs/class5/class6/images/docu.png deleted file mode 100644 index 1aac464c..00000000 Binary files a/docs/class5/class6/images/docu.png and /dev/null differ diff --git a/docs/class5/class6/images/domains.png b/docs/class5/class6/images/domains.png deleted file mode 100644 index 0dbcd3f0..00000000 Binary files a/docs/class5/class6/images/domains.png and /dev/null differ diff --git a/docs/class5/class6/images/edit.png b/docs/class5/class6/images/edit.png deleted file mode 100644 index a4d5cc75..00000000 Binary files a/docs/class5/class6/images/edit.png and /dev/null differ diff --git a/docs/class5/class6/images/editazure.png b/docs/class5/class6/images/editazure.png deleted file mode 100644 index ab891c41..00000000 Binary files a/docs/class5/class6/images/editazure.png and /dev/null differ diff --git a/docs/class5/class6/images/efwp.png b/docs/class5/class6/images/efwp.png deleted file mode 100644 index b406ab07..00000000 Binary files a/docs/class5/class6/images/efwp.png and /dev/null differ diff --git a/docs/class5/class6/images/error.png b/docs/class5/class6/images/error.png deleted file mode 100644 index 6e7bc5a7..00000000 Binary files a/docs/class5/class6/images/error.png and /dev/null differ diff --git a/docs/class5/class6/images/filter.png b/docs/class5/class6/images/filter.png deleted file mode 100644 index bd1af329..00000000 Binary files a/docs/class5/class6/images/filter.png and /dev/null differ diff --git a/docs/class5/class6/images/findnamespace.png b/docs/class5/class6/images/findnamespace.png deleted file mode 100644 index a9b5478b..00000000 Binary files a/docs/class5/class6/images/findnamespace.png and /dev/null differ diff --git a/docs/class5/class6/images/fleetlabel.png b/docs/class5/class6/images/fleetlabel.png deleted file mode 100644 index 9a3a042b..00000000 Binary files a/docs/class5/class6/images/fleetlabel.png and /dev/null differ diff --git a/docs/class5/class6/images/fleetlabel1.png b/docs/class5/class6/images/fleetlabel1.png deleted file mode 100644 index d848ae53..00000000 Binary files a/docs/class5/class6/images/fleetlabel1.png and /dev/null differ diff --git a/docs/class5/class6/images/fleetlabel2.png b/docs/class5/class6/images/fleetlabel2.png deleted file mode 100644 index 6454020a..00000000 Binary files a/docs/class5/class6/images/fleetlabel2.png and /dev/null differ diff --git a/docs/class5/class6/images/fleetmeta.png b/docs/class5/class6/images/fleetmeta.png deleted file mode 100644 index 5a994439..00000000 Binary files a/docs/class5/class6/images/fleetmeta.png and /dev/null differ diff --git a/docs/class5/class6/images/fleetpol.png b/docs/class5/class6/images/fleetpol.png deleted file mode 100644 index 2579dff5..00000000 Binary files a/docs/class5/class6/images/fleetpol.png and /dev/null differ diff --git a/docs/class5/class6/images/flv.png b/docs/class5/class6/images/flv.png deleted file mode 100644 index f90215c4..00000000 Binary files a/docs/class5/class6/images/flv.png and /dev/null differ diff --git a/docs/class5/class6/images/forbid.png b/docs/class5/class6/images/forbid.png deleted file mode 100644 index 850d5c79..00000000 Binary files a/docs/class5/class6/images/forbid.png and /dev/null differ diff --git a/docs/class5/class6/images/fwver.png b/docs/class5/class6/images/fwver.png deleted file mode 100644 index a0f6eca7..00000000 Binary files a/docs/class5/class6/images/fwver.png and /dev/null differ diff --git a/docs/class5/class6/images/fwver2.png b/docs/class5/class6/images/fwver2.png deleted file mode 100644 index 0ccc1c0c..00000000 Binary files a/docs/class5/class6/images/fwver2.png and /dev/null differ diff --git a/docs/class5/class6/images/globlog.png b/docs/class5/class6/images/globlog.png deleted file mode 100644 index da6e4126..00000000 Binary files a/docs/class5/class6/images/globlog.png and /dev/null differ diff --git a/docs/class5/class6/images/head.png b/docs/class5/class6/images/head.png deleted file mode 100644 index 7c8b07da..00000000 Binary files a/docs/class5/class6/images/head.png and /dev/null differ diff --git a/docs/class5/class6/images/health.png b/docs/class5/class6/images/health.png deleted file mode 100644 index b7b18eb1..00000000 Binary files a/docs/class5/class6/images/health.png and /dev/null differ diff --git a/docs/class5/class6/images/httplb.png b/docs/class5/class6/images/httplb.png deleted file mode 100644 index a53f4fb4..00000000 Binary files a/docs/class5/class6/images/httplb.png and /dev/null differ diff --git a/docs/class5/class6/images/intro.png b/docs/class5/class6/images/intro.png deleted file mode 100644 index bb4f2392..00000000 Binary files a/docs/class5/class6/images/intro.png and /dev/null differ diff --git a/docs/class5/class6/images/intro1.png b/docs/class5/class6/images/intro1.png deleted file mode 100644 index 06a81cce..00000000 Binary files a/docs/class5/class6/images/intro1.png and /dev/null differ diff --git a/docs/class5/class6/images/intro2.png b/docs/class5/class6/images/intro2.png deleted file mode 100644 index 4adafd94..00000000 Binary files a/docs/class5/class6/images/intro2.png and /dev/null differ diff --git a/docs/class5/class6/images/iporssl.png b/docs/class5/class6/images/iporssl.png deleted file mode 100644 index 8921ddbf..00000000 Binary files a/docs/class5/class6/images/iporssl.png and /dev/null differ diff --git a/docs/class5/class6/images/json.png b/docs/class5/class6/images/json.png deleted file mode 100644 index 0e61787c..00000000 Binary files a/docs/class5/class6/images/json.png and /dev/null differ diff --git a/docs/class5/class6/images/json1.png b/docs/class5/class6/images/json1.png deleted file mode 100644 index 662d09bb..00000000 Binary files a/docs/class5/class6/images/json1.png and /dev/null differ diff --git a/docs/class5/class6/images/lab1fini.png b/docs/class5/class6/images/lab1fini.png deleted file mode 100644 index f9fad419..00000000 Binary files a/docs/class5/class6/images/lab1fini.png and /dev/null differ diff --git a/docs/class5/class6/images/lab1intro.png b/docs/class5/class6/images/lab1intro.png deleted file mode 100644 index c00c6d66..00000000 Binary files a/docs/class5/class6/images/lab1intro.png and /dev/null differ diff --git a/docs/class5/class6/images/lab2biz.png b/docs/class5/class6/images/lab2biz.png deleted file mode 100644 index 8d893a07..00000000 Binary files a/docs/class5/class6/images/lab2biz.png and /dev/null differ diff --git a/docs/class5/class6/images/lab2rev.png b/docs/class5/class6/images/lab2rev.png deleted file mode 100644 index 09a41f29..00000000 Binary files a/docs/class5/class6/images/lab2rev.png and /dev/null differ diff --git a/docs/class5/class6/images/lab3.png b/docs/class5/class6/images/lab3.png deleted file mode 100644 index bf8acac5..00000000 Binary files a/docs/class5/class6/images/lab3.png and /dev/null differ diff --git a/docs/class5/class6/images/lab3bizreq1.png b/docs/class5/class6/images/lab3bizreq1.png deleted file mode 100644 index 3b0fe41d..00000000 Binary files a/docs/class5/class6/images/lab3bizreq1.png and /dev/null differ diff --git a/docs/class5/class6/images/lab3review.png b/docs/class5/class6/images/lab3review.png deleted file mode 100644 index da2f1acc..00000000 Binary files a/docs/class5/class6/images/lab3review.png and /dev/null differ diff --git a/docs/class5/class6/images/lab4.png b/docs/class5/class6/images/lab4.png deleted file mode 100644 index 4bb466c1..00000000 Binary files a/docs/class5/class6/images/lab4.png and /dev/null differ diff --git a/docs/class5/class6/images/lab4biz.png b/docs/class5/class6/images/lab4biz.png deleted file mode 100644 index 1a26449d..00000000 Binary files a/docs/class5/class6/images/lab4biz.png and /dev/null differ diff --git a/docs/class5/class6/images/lab4bizreq.png b/docs/class5/class6/images/lab4bizreq.png deleted file mode 100644 index 93526171..00000000 Binary files a/docs/class5/class6/images/lab4bizreq.png and /dev/null differ diff --git a/docs/class5/class6/images/lab4bizreq1.png b/docs/class5/class6/images/lab4bizreq1.png deleted file mode 100644 index ef326c6e..00000000 Binary files a/docs/class5/class6/images/lab4bizreq1.png and /dev/null differ diff --git a/docs/class5/class6/images/lab4goal.png b/docs/class5/class6/images/lab4goal.png deleted file mode 100644 index 6f01b9c4..00000000 Binary files a/docs/class5/class6/images/lab4goal.png and /dev/null differ diff --git a/docs/class5/class6/images/lab4review.png b/docs/class5/class6/images/lab4review.png deleted file mode 100644 index d4b59149..00000000 Binary files a/docs/class5/class6/images/lab4review.png and /dev/null differ diff --git a/docs/class5/class6/images/lab5.png b/docs/class5/class6/images/lab5.png deleted file mode 100644 index a854a7ef..00000000 Binary files a/docs/class5/class6/images/lab5.png and /dev/null differ diff --git a/docs/class5/class6/images/lab5bizreq.png b/docs/class5/class6/images/lab5bizreq.png deleted file mode 100644 index 949cbd5c..00000000 Binary files a/docs/class5/class6/images/lab5bizreq.png and /dev/null differ diff --git a/docs/class5/class6/images/lab5mg.png b/docs/class5/class6/images/lab5mg.png deleted file mode 100644 index d9460017..00000000 Binary files a/docs/class5/class6/images/lab5mg.png and /dev/null differ diff --git a/docs/class5/class6/images/lab5sanity.png b/docs/class5/class6/images/lab5sanity.png deleted file mode 100644 index e7e52e86..00000000 Binary files a/docs/class5/class6/images/lab5sanity.png and /dev/null differ diff --git a/docs/class5/class6/images/labs.png b/docs/class5/class6/images/labs.png deleted file mode 100644 index f08d02d2..00000000 Binary files a/docs/class5/class6/images/labs.png and /dev/null differ diff --git a/docs/class5/class6/images/lbs.png b/docs/class5/class6/images/lbs.png deleted file mode 100644 index 5f33c82d..00000000 Binary files a/docs/class5/class6/images/lbs.png and /dev/null differ diff --git a/docs/class5/class6/images/lbsp.png b/docs/class5/class6/images/lbsp.png deleted file mode 100644 index 01639ffe..00000000 Binary files a/docs/class5/class6/images/lbsp.png and /dev/null differ diff --git a/docs/class5/class6/images/lbwaf.png b/docs/class5/class6/images/lbwaf.png deleted file mode 100644 index 061175d9..00000000 Binary files a/docs/class5/class6/images/lbwaf.png and /dev/null differ diff --git a/docs/class5/class6/images/locallog.png b/docs/class5/class6/images/locallog.png deleted file mode 100644 index cc1d2231..00000000 Binary files a/docs/class5/class6/images/locallog.png and /dev/null differ diff --git a/docs/class5/class6/images/logs.png b/docs/class5/class6/images/logs.png deleted file mode 100644 index 29c33443..00000000 Binary files a/docs/class5/class6/images/logs.png and /dev/null differ diff --git a/docs/class5/class6/images/met1.png b/docs/class5/class6/images/met1.png deleted file mode 100644 index b6d9fbfe..00000000 Binary files a/docs/class5/class6/images/met1.png and /dev/null differ diff --git a/docs/class5/class6/images/meta.png b/docs/class5/class6/images/meta.png deleted file mode 100644 index 0c521027..00000000 Binary files a/docs/class5/class6/images/meta.png and /dev/null differ diff --git a/docs/class5/class6/images/metrics.png b/docs/class5/class6/images/metrics.png deleted file mode 100644 index d9bd5072..00000000 Binary files a/docs/class5/class6/images/metrics.png and /dev/null differ diff --git a/docs/class5/class6/images/mod2bizreq.png b/docs/class5/class6/images/mod2bizreq.png deleted file mode 100644 index 6612c289..00000000 Binary files a/docs/class5/class6/images/mod2bizreq.png and /dev/null differ diff --git a/docs/class5/class6/images/namespace1.png b/docs/class5/class6/images/namespace1.png deleted file mode 100644 index e8761216..00000000 Binary files a/docs/class5/class6/images/namespace1.png and /dev/null differ diff --git a/docs/class5/class6/images/netconnect.png b/docs/class5/class6/images/netconnect.png deleted file mode 100644 index 1d96d2bb..00000000 Binary files a/docs/class5/class6/images/netconnect.png and /dev/null differ diff --git a/docs/class5/class6/images/netconnlab.png b/docs/class5/class6/images/netconnlab.png deleted file mode 100644 index 86f7cbad..00000000 Binary files a/docs/class5/class6/images/netconnlab.png and /dev/null differ diff --git a/docs/class5/class6/images/newlb.png b/docs/class5/class6/images/newlb.png deleted file mode 100644 index e3744c8a..00000000 Binary files a/docs/class5/class6/images/newlb.png and /dev/null differ diff --git a/docs/class5/class6/images/node.png b/docs/class5/class6/images/node.png deleted file mode 100644 index 3d92349c..00000000 Binary files a/docs/class5/class6/images/node.png and /dev/null differ diff --git a/docs/class5/class6/images/nslookup.png b/docs/class5/class6/images/nslookup.png deleted file mode 100644 index 2fbb8af5..00000000 Binary files a/docs/class5/class6/images/nslookup.png and /dev/null differ diff --git a/docs/class5/class6/images/orgaws.png b/docs/class5/class6/images/orgaws.png deleted file mode 100644 index 6486e43c..00000000 Binary files a/docs/class5/class6/images/orgaws.png and /dev/null differ diff --git a/docs/class5/class6/images/orig.png b/docs/class5/class6/images/orig.png deleted file mode 100644 index 856ebf9c..00000000 Binary files a/docs/class5/class6/images/orig.png and /dev/null differ diff --git a/docs/class5/class6/images/origaws.png b/docs/class5/class6/images/origaws.png deleted file mode 100644 index 333a5a58..00000000 Binary files a/docs/class5/class6/images/origaws.png and /dev/null differ diff --git a/docs/class5/class6/images/origazure.png b/docs/class5/class6/images/origazure.png deleted file mode 100644 index df87d5de..00000000 Binary files a/docs/class5/class6/images/origazure.png and /dev/null differ diff --git a/docs/class5/class6/images/originserve.png b/docs/class5/class6/images/originserve.png deleted file mode 100644 index b1ee3f18..00000000 Binary files a/docs/class5/class6/images/originserve.png and /dev/null differ diff --git a/docs/class5/class6/images/otherregs.png b/docs/class5/class6/images/otherregs.png deleted file mode 100644 index 3b72fca5..00000000 Binary files a/docs/class5/class6/images/otherregs.png and /dev/null differ diff --git a/docs/class5/class6/images/perfmo.png b/docs/class5/class6/images/perfmo.png deleted file mode 100644 index 7d571a64..00000000 Binary files a/docs/class5/class6/images/perfmo.png and /dev/null differ diff --git a/docs/class5/class6/images/perfmo2.png b/docs/class5/class6/images/perfmo2.png deleted file mode 100644 index b34b6c28..00000000 Binary files a/docs/class5/class6/images/perfmo2.png and /dev/null differ diff --git a/docs/class5/class6/images/perfmon.png b/docs/class5/class6/images/perfmon.png deleted file mode 100644 index 540df6fb..00000000 Binary files a/docs/class5/class6/images/perfmon.png and /dev/null differ diff --git a/docs/class5/class6/images/ping.png b/docs/class5/class6/images/ping.png deleted file mode 100644 index 3311764c..00000000 Binary files a/docs/class5/class6/images/ping.png and /dev/null differ diff --git a/docs/class5/class6/images/post-migration.png b/docs/class5/class6/images/post-migration.png deleted file mode 100644 index 511067c1..00000000 Binary files a/docs/class5/class6/images/post-migration.png and /dev/null differ diff --git a/docs/class5/class6/images/pre-migration.png b/docs/class5/class6/images/pre-migration.png deleted file mode 100644 index f48da8ea..00000000 Binary files a/docs/class5/class6/images/pre-migration.png and /dev/null differ diff --git a/docs/class5/class6/images/prefix.png b/docs/class5/class6/images/prefix.png deleted file mode 100644 index ab3d73bd..00000000 Binary files a/docs/class5/class6/images/prefix.png and /dev/null differ diff --git a/docs/class5/class6/images/prov2.png b/docs/class5/class6/images/prov2.png deleted file mode 100644 index 731647e5..00000000 Binary files a/docs/class5/class6/images/prov2.png and /dev/null differ diff --git a/docs/class5/class6/images/provisioning.png b/docs/class5/class6/images/provisioning.png deleted file mode 100644 index a1bf9cdd..00000000 Binary files a/docs/class5/class6/images/provisioning.png and /dev/null differ diff --git a/docs/class5/class6/images/registeredce.png b/docs/class5/class6/images/registeredce.png deleted file mode 100644 index 206f16fc..00000000 Binary files a/docs/class5/class6/images/registeredce.png and /dev/null differ diff --git a/docs/class5/class6/images/remeta.png b/docs/class5/class6/images/remeta.png deleted file mode 100644 index e26f0d35..00000000 Binary files a/docs/class5/class6/images/remeta.png and /dev/null differ diff --git a/docs/class5/class6/images/requests.png b/docs/class5/class6/images/requests.png deleted file mode 100644 index a83e8391..00000000 Binary files a/docs/class5/class6/images/requests.png and /dev/null differ diff --git a/docs/class5/class6/images/requesttab.png b/docs/class5/class6/images/requesttab.png deleted file mode 100644 index 66e61e9e..00000000 Binary files a/docs/class5/class6/images/requesttab.png and /dev/null differ diff --git a/docs/class5/class6/images/restart.png b/docs/class5/class6/images/restart.png deleted file mode 100644 index 3e61e0f3..00000000 Binary files a/docs/class5/class6/images/restart.png and /dev/null differ diff --git a/docs/class5/class6/images/rl.png b/docs/class5/class6/images/rl.png deleted file mode 100644 index 00102433..00000000 Binary files a/docs/class5/class6/images/rl.png and /dev/null differ diff --git a/docs/class5/class6/images/routes.png b/docs/class5/class6/images/routes.png deleted file mode 100644 index e91a78d2..00000000 Binary files a/docs/class5/class6/images/routes.png and /dev/null differ diff --git a/docs/class5/class6/images/routes1.png b/docs/class5/class6/images/routes1.png deleted file mode 100644 index 0315c701..00000000 Binary files a/docs/class5/class6/images/routes1.png and /dev/null differ diff --git a/docs/class5/class6/images/s2sarrow.png b/docs/class5/class6/images/s2sarrow.png deleted file mode 100644 index 19a826a1..00000000 Binary files a/docs/class5/class6/images/s2sarrow.png and /dev/null differ diff --git a/docs/class5/class6/images/save.png b/docs/class5/class6/images/save.png deleted file mode 100644 index eefa60b9..00000000 Binary files a/docs/class5/class6/images/save.png and /dev/null differ diff --git a/docs/class5/class6/images/secevents.png b/docs/class5/class6/images/secevents.png deleted file mode 100644 index 4eaf6672..00000000 Binary files a/docs/class5/class6/images/secevents.png and /dev/null differ diff --git a/docs/class5/class6/images/secmon.png b/docs/class5/class6/images/secmon.png deleted file mode 100644 index a9f8fb42..00000000 Binary files a/docs/class5/class6/images/secmon.png and /dev/null differ diff --git a/docs/class5/class6/images/shroutes.png b/docs/class5/class6/images/shroutes.png deleted file mode 100644 index 6dabe325..00000000 Binary files a/docs/class5/class6/images/shroutes.png and /dev/null differ diff --git a/docs/class5/class6/images/shroutes2.png b/docs/class5/class6/images/shroutes2.png deleted file mode 100644 index 06ccb116..00000000 Binary files a/docs/class5/class6/images/shroutes2.png and /dev/null differ diff --git a/docs/class5/class6/images/shroutes3.png b/docs/class5/class6/images/shroutes3.png deleted file mode 100644 index bea6d43d..00000000 Binary files a/docs/class5/class6/images/shroutes3.png and /dev/null differ diff --git a/docs/class5/class6/images/signin.png b/docs/class5/class6/images/signin.png deleted file mode 100644 index 2247d2d0..00000000 Binary files a/docs/class5/class6/images/signin.png and /dev/null differ diff --git a/docs/class5/class6/images/sitemgt.png b/docs/class5/class6/images/sitemgt.png deleted file mode 100644 index 011a7048..00000000 Binary files a/docs/class5/class6/images/sitemgt.png and /dev/null differ diff --git a/docs/class5/class6/images/sitereg.png b/docs/class5/class6/images/sitereg.png deleted file mode 100644 index d2eb3edc..00000000 Binary files a/docs/class5/class6/images/sitereg.png and /dev/null differ diff --git a/docs/class5/class6/images/sitetoke.png b/docs/class5/class6/images/sitetoke.png deleted file mode 100644 index e03cc7f7..00000000 Binary files a/docs/class5/class6/images/sitetoke.png and /dev/null differ diff --git a/docs/class5/class6/images/sitev.png b/docs/class5/class6/images/sitev.png deleted file mode 100644 index 478fd8bd..00000000 Binary files a/docs/class5/class6/images/sitev.png and /dev/null differ diff --git a/docs/class5/class6/images/sp1.png b/docs/class5/class6/images/sp1.png deleted file mode 100644 index 7bc3b4d5..00000000 Binary files a/docs/class5/class6/images/sp1.png and /dev/null differ diff --git a/docs/class5/class6/images/sp2.png b/docs/class5/class6/images/sp2.png deleted file mode 100644 index 0ce5e794..00000000 Binary files a/docs/class5/class6/images/sp2.png and /dev/null differ diff --git a/docs/class5/class6/images/spget.png b/docs/class5/class6/images/spget.png deleted file mode 100644 index 570ec481..00000000 Binary files a/docs/class5/class6/images/spget.png and /dev/null differ diff --git a/docs/class5/class6/images/sqli.png b/docs/class5/class6/images/sqli.png deleted file mode 100644 index 63fb3c54..00000000 Binary files a/docs/class5/class6/images/sqli.png and /dev/null differ diff --git a/docs/class5/class6/images/sqliblock.png b/docs/class5/class6/images/sqliblock.png deleted file mode 100644 index 5584dbf8..00000000 Binary files a/docs/class5/class6/images/sqliblock.png and /dev/null differ diff --git a/docs/class5/class6/images/sqliblockpng.png b/docs/class5/class6/images/sqliblockpng.png deleted file mode 100644 index dbfaa33d..00000000 Binary files a/docs/class5/class6/images/sqliblockpng.png and /dev/null differ diff --git a/docs/class5/class6/images/studfleet.png b/docs/class5/class6/images/studfleet.png deleted file mode 100644 index a58ade88..00000000 Binary files a/docs/class5/class6/images/studfleet.png and /dev/null differ diff --git a/docs/class5/class6/images/studglob.png b/docs/class5/class6/images/studglob.png deleted file mode 100644 index 88bc2aa3..00000000 Binary files a/docs/class5/class6/images/studglob.png and /dev/null differ diff --git a/docs/class5/class6/images/success.png b/docs/class5/class6/images/success.png deleted file mode 100644 index e5abd9fd..00000000 Binary files a/docs/class5/class6/images/success.png and /dev/null differ diff --git a/docs/class5/class6/images/tenantlogin.png b/docs/class5/class6/images/tenantlogin.png deleted file mode 100644 index aeb5c02b..00000000 Binary files a/docs/class5/class6/images/tenantlogin.png and /dev/null differ diff --git a/docs/class5/class6/images/time.png b/docs/class5/class6/images/time.png deleted file mode 100644 index 443fe826..00000000 Binary files a/docs/class5/class6/images/time.png and /dev/null differ diff --git a/docs/class5/class6/images/timeslide.png b/docs/class5/class6/images/timeslide.png deleted file mode 100644 index 3255ee4c..00000000 Binary files a/docs/class5/class6/images/timeslide.png and /dev/null differ diff --git a/docs/class5/class6/images/timeslide2.png b/docs/class5/class6/images/timeslide2.png deleted file mode 100644 index da858074..00000000 Binary files a/docs/class5/class6/images/timeslide2.png and /dev/null differ diff --git a/docs/class5/class6/images/tlsenable.png b/docs/class5/class6/images/tlsenable.png deleted file mode 100644 index 2992ad85..00000000 Binary files a/docs/class5/class6/images/tlsenable.png and /dev/null differ diff --git a/docs/class5/class6/images/tokens.png b/docs/class5/class6/images/tokens.png deleted file mode 100644 index 57f1545f..00000000 Binary files a/docs/class5/class6/images/tokens.png and /dev/null differ diff --git a/docs/class5/class6/images/toollb.png b/docs/class5/class6/images/toollb.png deleted file mode 100644 index bb63e22d..00000000 Binary files a/docs/class5/class6/images/toollb.png and /dev/null differ diff --git a/docs/class5/class6/images/toolpool.png b/docs/class5/class6/images/toolpool.png deleted file mode 100644 index 2de21a91..00000000 Binary files a/docs/class5/class6/images/toolpool.png and /dev/null differ diff --git a/docs/class5/class6/images/traffic.png b/docs/class5/class6/images/traffic.png deleted file mode 100644 index 213d47ff..00000000 Binary files a/docs/class5/class6/images/traffic.png and /dev/null differ diff --git a/docs/class5/class6/images/ubuntu.png b/docs/class5/class6/images/ubuntu.png deleted file mode 100644 index 70e79bff..00000000 Binary files a/docs/class5/class6/images/ubuntu.png and /dev/null differ diff --git a/docs/class5/class6/images/udf-ce.png b/docs/class5/class6/images/udf-ce.png deleted file mode 100644 index 1324e1e5..00000000 Binary files a/docs/class5/class6/images/udf-ce.png and /dev/null differ diff --git a/docs/class5/class6/images/updatepasswd.png b/docs/class5/class6/images/updatepasswd.png deleted file mode 100644 index 130aadc8..00000000 Binary files a/docs/class5/class6/images/updatepasswd.png and /dev/null differ diff --git a/docs/class5/class6/images/updatepasswd2.png b/docs/class5/class6/images/updatepasswd2.png deleted file mode 100644 index 83954460..00000000 Binary files a/docs/class5/class6/images/updatepasswd2.png and /dev/null differ diff --git a/docs/class5/class6/images/varattack.png b/docs/class5/class6/images/varattack.png deleted file mode 100644 index 8235bf42..00000000 Binary files a/docs/class5/class6/images/varattack.png and /dev/null differ diff --git a/docs/class5/class6/images/varblock.png b/docs/class5/class6/images/varblock.png deleted file mode 100644 index eaa6b943..00000000 Binary files a/docs/class5/class6/images/varblock.png and /dev/null differ diff --git a/docs/class5/class6/images/waf.png b/docs/class5/class6/images/waf.png deleted file mode 100644 index 3dd0496f..00000000 Binary files a/docs/class5/class6/images/waf.png and /dev/null differ diff --git a/docs/class5/class6/images/wafaction.png b/docs/class5/class6/images/wafaction.png deleted file mode 100644 index 0e349bb2..00000000 Binary files a/docs/class5/class6/images/wafaction.png and /dev/null differ diff --git a/docs/class5/class6/images/weird-results.png b/docs/class5/class6/images/weird-results.png deleted file mode 100644 index c0fe5708..00000000 Binary files a/docs/class5/class6/images/weird-results.png and /dev/null differ diff --git a/docs/class5/class6/intro.rst b/docs/class5/class6/intro.rst deleted file mode 100644 index ff210da4..00000000 --- a/docs/class5/class6/intro.rst +++ /dev/null @@ -1,49 +0,0 @@ -Introduction to the Lab -======================= - -**Narrative:** - -Congratulations! You are a Network Engineer at ACME Corp. - - -ACME has an Application Team that supports internally developed traditional and modern apps, vendor provided and SaaS applications. -They have started utilizing some public cloud (AWS) IaaS for several applications and have come to you with a new requirement that an on-prem backend server must be able to securely communicate -with the AWS workloads over a secure connection. For lab simplicity, the backend server in the "Data Center" is a pretend security device in this exercise, and needs to scan the AWS workload on port 80. -It could just as easily be thought of as a API to API, container to container or frontend to backend. Other backends or frontends may be added in the future. - -As the Network Engineer, you are tasked with evaluating how to securely connect the Data Center network to the AWS network. -At first you consider the classic methods of deploying and managing your own IPSec solution but realize that this will be complex and costly. - -You recently saw a post on LinkedIn about a SaaS product that F5 has, claiming to solve multi-cloud network complexities. -Given your current predicament and industry knowledge of F5 being a leader for decades, you decide to check it out and end up in the chair you are sitting in today: Taking a first-hand look at how F5 makes Multi-Cloud Networking (MCN) simple and secure. - -.. Note:: The requirements start out easy enough but will get progressively more "Real World" as the labs progress. - -**Before Cloud Migration - "The Good Ol' Days"** - -.. image:: ./images/pre-migration.png - - -**After Cloud Migration - "Current State"** - -.. image:: ./images/post-migration.png - - -**Your job, should you choose to accept it, and avoid demotion to the help desk, is to figure out the best way for the backend workload to privately communicate with the frontend workload.** - - -Lab Environment ---------------- - -The Data Center environment is emulated by the F5 UDF lab framework and contains an Ubuntu Server and a Distributed Cloud (XC) Node that you will be configuring in Lab 1. - -The AWS cloud environment contains a prebuilt XC Node and a workload hosting a web frontend. **You will not have access to the AWS console.** - -The Azure cloud environment contains a prebuilt XC Node and a workload hosting a web frontend. **You will not have access to the Azure console.** - -.. Important:: While we are keeping the labs intentionally simple today with just a single Data Center and 2 Cloud Services Providers (CSP's), F5 Distributed Cloud supports much more advanced use-cases. - -.. toctree:: - :maxdepth: 1 - :glob: - diff --git a/docs/class5/class6/module1/lab1.rst b/docs/class5/class6/module1/lab1.rst deleted file mode 100644 index 8d95aaa8..00000000 --- a/docs/class5/class6/module1/lab1.rst +++ /dev/null @@ -1,453 +0,0 @@ -Lab 1: Building an XC Node (CE) -================================== - -**Objective:** - -* Get familiar with the UDF Lab Environment. - -* Deploy an XC Node to define the Customer Edge at the UDF Data Center. - -* Explore and become familiar with the Distributed Cloud Console. - -**Narrative:** - -After consulting with your trusty F5 Solutions Engineer, you decide to setup F5 Distributed Cloud, Network Connect. This will allow for privately routed network connectivity between two disparate networks. -You also found out that you can use the F5 Distributed Cloud, Enhanced Firewall to provide network security between Sites. -We already did a push-button deployment of the AWS XC Node to define the Customer Edge in the ACME VPC, which only took a few moments. - -Now, Lab 1 starts right after you have loaded the downloadable XC Node OVA on to your Data Center's local hypervisor (VMWARE or KVM). - -.. NOTE:: Your Data Center environment in these labs is the F5 UDF platform, which uses KVM as it's underlying virtualization technology. The OVA has already been imported for you. We also have hardware and container deployment options for Production XC Nodes. - -| - -.. image:: ../images/lab1intro.png - -| - -**Prerequisite** ------------------- - -.. NOTE:: You should have received an email from F5 Distributed Cloud User Management with the content as follows: - -| - -.. image:: ../images/updatepasswd.png - -| - -If you have not already, please click on **Update Password**, and change your credentials. Ensure you adhere to the password strength restrictions and make a mental note of these credentials as you will need them several times throughout the labs today. - -Once you've set your new password (make sure to include 1 upper, 1 lower and 1 special character), you will be asked to "Log In" and then presented with the following screen: - -| - -.. image:: ../images/tenantlogin.png - -| - -In the domain field, enter: **f5-xc-lab-mcn**, click **Next** and sign in with your email address and password you've just set, and proceed to accepting the Terms and Conditions. - - -.. warning:: If you have not received the email to change your credentials or ran into problems changing your credentials, please stop and get help from one of the Lab Assistants. - - -**Logging into the XC Console** ---------------------------------- - - -After accepting the Terms of Service and Privacy Policy, you will need to select your "Persona". - -Enter your persona as **"NetOps"** and click **next**. - -Enter your level as **"Intermediate"** and then click **Get Started**. - -Your persona will highlight workflows within F5 Distributed Cloud. -You will be able to access all services, but making use of personas can focus your view on particular tasks that are relevant to your role. - -You can change these settings at any time. - -Click on **"Account Settings"** by expanding the **"Account"** icon in the top right of the screen and clicking on **"Account Settings".** -In the resulting window you can observe the **Work domains and skill level** section and other administrative functions. - -.. note:: **For the purposes of this lab, permissions have been restricted to lab operations. Some menus/functions will be locked and/or not visible.** - -| - -.. image:: ../images/intro1.png - -| - -**For informational purposes only:** - -| - -.. image:: ../images/intro2.png - -| - -**Find your Namespace** ---------------------------------- - - -Namespaces, which provide an environment for isolating configured applications or enforcing role-based access controls, are leveraged -within the F5 Distributed Cloud Console. For the purposes of this lab, each lab attendee has been pre-assigned a unique **namespace**. - -From the **Select service** menu, click on **Web App & API Protection**. - -| - -.. image:: ../images/findnamespace.png - -| - -In the **Web App & API Protection Security Dashboard** configuration screen **observe** the browser URL. In the URI path, locate the **** namespace that you have -been assigned. It will be located in the portion of the URI path between */namespaces/* and */overview/* as shown in this example: **…/namespaces//overview/**. - -**Note your namespace as it will be used throughout the labs today.** - -.. warning:: If you have problems locating your namespace, please see a lab assistance. - -| - -.. image:: ../images/namespace1.png - -| - -.. note:: Administratively, there are other ways to find namespaces. Due to permission restrictions for this particular lab, those menus are not available. - - - -**Site Token** ----------------- - -Soon, you will be configuring an XC Node in the F5 UDF Lab Environment (Data Center) that will need a way to authenticate to the Distributed Cloud Infrastructure and associate it with your tenant. For this, you will need a Site Token. - -If you are not already logged into the console, please do so now by opening the following URL in your browser: - -https://f5-xc-lab-mcn.console.ves.volterra.io/ - - -From the **Select service** menu, click on **Multi-Cloud Network Connect**. - -| - -.. image:: ../images/sitetoke.png - -| - -On the side menu go down to **Manage**, then select **Site Management >> Site Tokens** - -In the lab we have generated a Site Token for you to use named **student-ce-site**. -In your production environment you will need to create your own Site Token to register your Customer Edge Node, which is literally two clicks and a name. Very simple! - -| - -.. image:: ../images/tokens.png - -| - -Copy the UID of the the **student-ce-site** token and paste it somewhere you can reference later (word, notepad etc). - -| - -.. image:: ../images/copytoke.png - -| - -**Setting up the Customer Edge** ----------------------------------- - -There are two approaches for setting up your Customer Edge deployment both will be reviewed in the sections that follow. Select the method designated by your lab team instructions - -**Option 1: CLI Site Setup** ----------------------- - -In your browser, you should have a tab open to the UDF course. Under the F5 Distributed Cloud CE, click on **Access >> Console** - -| - -.. image:: ../images/cli-01.png - -| - -This should redirect you to the CLI and prompt for authentication. Type in the default username/password: - -============================== ===== -Variable Value -============================== ===== -Default Username: **admin** -Default Password: **Volterra123** -============================== ===== - -| - -.. image:: ../images/cli-02.png - -| - -Change the password as directed. Remember the new password should you need to log in again. - -| - -.. image:: ../images/cli-03.png - -| - -At the **>>>** type the word **configure** and then enter. - -| - -.. image:: ../images/cli-04.png - -| - -Use the following response values to complete the prompts: - -================================ ==================================================== -Question Response Value -================================ ==================================================== -What is your token? Insert the Site Token UID you collected earlier -What is your site name? Insert your unique namespace -What is your hostname? Insert your unique namespace -What is your latitude? 33.812 -What is your longitude? -117.91 -What is your default fleet name? Enter (This selects the default of **optional**) -Select your certified hardware? Enter (This selects the default of **kvm-voltmesh**) -Select your primary outside NIC? Enter (This selects the default of **eth0**) -================================ ==================================================== - -The response values will then be summarized. Confirm they are correct and type **y** for **yes**. If not, answer **n** and correct any values. - -| - -.. image:: ../images/cli-05.png - -| - -We will now go accept the Customer Edge registration in Distributed Cloud console. Proceed to **Registering the Customer Edge**. - -**Option 2: Site UI Site Setup** ----------------------- - -In your browser, you should have a tab open to the UDF course. Under the F5 Distributed Cloud CE, click on **Access >> Site UI** - -| - -.. image:: ../images/udf-ce.png - -| - -This should prompt you for authentication and then open the Customer Edge Node Admin portal. - -Type in the default username/password: - -============================== ===== -Variable Value -============================== ===== -Default Username: **admin** -Default Password: **Volterra123** -============================== ===== - -| - -.. image:: ../images/signin.png - -| - -You will be prompted to change the password at the initial log in. **Make a mental note of these credentials as you will need them several times throughout the labs today.** - -| - -.. image:: ../images/changepwd.png - -| - -After you set the password, the services will need to restart and then the Customer Edge node will present the Dashboard - -.. Note:: You may have to Refresh your browser and log in again. - -| - -.. image:: ../images/restart.png - -| - -Once all services are up and running you should see the Dashboard which will have various colors and state as shown: - -| - -.. image:: ../images/dash.png - -| - -If you mouse-over each of the icons, the specific services will report their status in addition to the status reflected by the icon. - -Mouse over each of the components under VP Manager Status and note the components and their condition. You can also click on **“Show full status”** and see a JSON report that is used to present the VP Manager Status in detail. - -You can also scroll down and see hardware details that describe the platform that the Customer Edge is installed on. - - -Click the blue **Configure Now** button. - -| - -.. image:: ../images/ceconf.png - -| - -This will take you to the **Customer Edge Device Configuration** page. - -Set the following parameters and leave everything else as default: - -============================== ===== -Variable Value -============================== ===== -Token Insert the Site Token UID you collected earlier -Cluster Name Insert your unique namespace -Hostname Insert your unique namespace -Latitude 33.812 -Longitude -117.91 -============================== ===== - -The end result should look like the image below, and then click **Save Configuration.** - -| - -.. image:: ../images/devconf.png - -| - -After you save the configuration, you will be taken back to the Dashboard, notice the status change to **“Approval”** after a few moments. (May need to refresh page) - -| - -.. image:: ../images/approval.png - -| - -**If you encounter it, you can safely ignore this benign timing error due to the UDF lab environment.** - -| - -.. image:: ../images/error.png - -| - -We will now go accept the Customer Edge registration in Distributed Cloud console. Proceed to **Registering the Customer Edge**. - - -**Registering the Customer Edge** ----------------------------------- - -Go back to the Distributed Cloud console. If the session timed out, you will need to log back into the console using the following URL or refreshing your browser: - -https://f5-xc-lab-mcn.console.ves.volterra.io/ - -From the **Select service** menu, click on **Multi-Cloud Network Connect**. - -On the side menu go down to **Manage >> Site Management >> Registrations.** - -| - -.. image:: ../images/sitemgt.png - -| - -The Customer Edge node you configured from the previous step should appear on this list, if not give it a couple moments and refresh the screen by clicking the **Refresh button** at the top right-hand corner. - -| - -.. image:: ../images/sitereg.png - -| - -.. Tip:: This process can take a few minutes for the node to register with Distributed Cloud. - -Once the Node appears in the Registration list, accept the registration by clicking on the blue check mark. - -**Click the blue check mark** to accept the registration. - -.. Note:: If you DO NOT see a blue check mark, it's likely your browser width is NOT wide enough. Simply increase the width of the browser and you should see the blue checkmark to approve the registration. - - -Once you have clicked the checkmark, the console will bring up the Registration Acceptance menu which shows all the settings of the Customer Edge node. Note the parameters you’ve entered from the previous exercise are populated into the appropriate fields. - -.. Important:: Look at the Cluster Size parameter and notice this is set to 1. In this lab, we will only deploy a single-node-cluster and thus leave this setting as 1. In a production environment, the best practice is to deploy a 3-node-cluster minimum. In that case, the Cluster Size parameter would be set to 3 so an appropriately sized cluster can be formed. - -**Leave the cluster size set to 1** - -| - -.. image:: ../images/clustersize.png - -| - -Scroll down to Site to Site Tunnel Type and click on the drop down arrow - -| - -.. image:: ../images/s2sarrow.png - -| - -This setting determines the VPN connectivity protocols used between the Customer Edge and the Regional Edges. The XC Node will automatically bring up redundant tunnels to two different RE's. -These tunnels are self-healing and can fallback when using the configuration setting of IPSEC or SSL. -Select **IPSEC or SSL** from the list. - -| - -.. image:: ../images/iporssl.png - -| - -Click **Save and Exit**. - - -Once the registration completes, you can see the cluster in the “Other Registrations” tab and the current state will be ADMITTED. - -| - -.. image:: ../images/otherregs.png - -| - -The Customer Edge Node Admin portal will also reflect some changes in its status, although the node still requires some additional configuration. -From the menu on the left click on **Sites** and observe your Nodes (animal-name). Hint: You may have to hit **Refresh** in the upper right corner. - -| - -.. image:: ../images/provisioning.png - -| -| - -You should see the CE you just deployed on this list go through several phases of provisioning and you can observe the **Site Admin State, Health Score, and Software Version and OS version.** -You may also observe the Health score going up and down as services are spun up and restarted. - -.. Note:: This step takes about 10 -15 minutes to complete and will finish up while we start our presentation and lecture. - - -The end result should look something like the following screen where the node is green at 100 percent health and has the latest software version. - -.. Important:: Do not move on to Lab 2 until the CE is fully provisioned and **Online**. - -| - -.. image:: ../images/prov2.png - -| - -Sanity Check -------------- -**This is what you just deployed.** - -| - -.. image:: ../images/lab1fini.png - -| - -**We hope you enjoyed this lab!** - -**End of Lab 1** diff --git a/docs/class5/class6/module1/lab2.rst b/docs/class5/class6/module1/lab2.rst deleted file mode 100644 index 6a0372eb..00000000 --- a/docs/class5/class6/module1/lab2.rst +++ /dev/null @@ -1,550 +0,0 @@ -Lab 2: Configuring Network Connect (L3/L4 Routing Firewall ) -============================================================= - -**Objective:** - -* Verify the XC Node's health. - -* Configure Network Connect to connect the Data Center network to the AWS Network. - -* Test connectivity and configure Enhanced Firewall for network security - -**Narrative:** -Now that your XC Node is provisioned, it's time to verify, explore the XC Console and set up Network Connect to establish secure connectivity between the Data Center and AWS networks. -After the setup is complete, you will test connectivity and configure network security. - -| - -.. image:: ../images/lab2biz.png - -| - -Verify the XC Node's Health ---------------------------- - -If you are not already logged into the console, please do so now by opening the following URL in your browser: - -https://f5-xc-lab-mcn.console.ves.volterra.io/ - -From the **Select service** menu, click on **Multi-Cloud Network Connect** and then click on **Sites,** - -Your XC Node should have registered successfully and will appear green with a Health Score of 100. You may need to click **Refresh** in the top right corner -if you do not see your animal name. In this example I was assigned and filtered for **busy-goblin**. - -| - -.. image:: ../images/registeredce.png - -| - -.. Important:: If you do not see your Site as registered or in a healthy state please see a Lab Assistant. - - -From this Dashboard you can note the current **Site Admin State, Provider, SW version, and OS version.** - - -**Please DO NOT click "Upgrade" on any of the Sites!** - - -Instead, **Click** on the three dots under the **Actions** column at the far right of the screen of **"your animal"** Site and click on **Manage Configuration**. In this screenshot I was **busy-goblin**. - -| - -.. image:: ../images/action.png - -| - -Review the **Metadata, Site Type** and **Coordinates** fields as well as the **Connected REs** (Regional Edge) section. - -These are the closest Regional Edge sites based on the latitude and longitude information provided during the deployment process. **Each CE has an auto-provisioned self-healing secure tunnel to redundant RE's.** - -| - -.. image:: ../images/remeta.png - -| - -Look at the top left-hand corner where you see Form, Documentation and JSON. **You will see these fields throughout the Distributed Cloud Console configuration menus.** - - -.. Important:: Distributed Cloud is built with an API-first strategy. All the configurations can be done via GUI or API calls. - -| - -You can view the JSON file of the configuration by clicking **JSON**. - - -.. image:: ../images/json.png - - -This is the JSON code of the configuration which could be saved to create a backup of the Customer Edge configuration, but that is beyond the scope of this lab. - -| - -.. image:: ../images/json1.png - -| - -Click on **Documentation**. - -| - -.. image:: ../images/docu.png - -| - -This will load the API specification for a Customer Edge Node. Review briefly and click **Cancel and Exit** - -| - -.. image:: ../images/sitev.png - -| - - -In the **Site** screen, click on your Customer Edge Node **animal name**. (It should have a green status symbol) - -The default landing is a Dashboard giving you a detailed summary of the Customer Edge Node. **Briefly** explore the extensive menus and analytics at the top of the screen. - -| - -.. image:: ../images/dash1.png - -| - -Narrative Check ------------------ - -Now that you are familiar with your new "Software Defined" Node, we can start getting our hands dirty with the real configuration necessary to meet ACME Corp's first requirement to -get the network in the Data Center connected to the network in AWS. The backend security device will need to "scan" the frontend in AWS on port 80 and all other ports must be blocked. - - -Configuring Network Connect ---------------------------------------- - -In our lab today, an Ubuntu Server in the UDF environment will simulate the backend. -The AWS frontend workload is already deployed along with an XC Node to extend the Customer Edge in the AWS cloud. - -.. NOTE:: The Data Center backend has a pre-existing route to 10.0.3.0/24 and it points to the single outside interface of the Data Center XC Node. The AWS workload has a route to 10.1.1.0/24 that points to the inside interface of the AWS XC Node. - - -.. image:: ../images/netconnlab.png - - -What you have done so far in Lab 1 and the beginning of Lab 2, is setup the ACME Data Center XC Node to extend the Data Center Customer Edge. -Your next goal is to simply establish routing between these environments by using a hub and spoke model with our Regional Edges as shown in the diagram above. - -**All traffic between these networks will now be routed through auto-provisioned, self-healing and encrypted tunnels between the defined Customer Edges and the XC Regional Edges.** - - -.. Note:: In this lab some objects are already created due to permission requirements in the XC Lab environment. You will still observe and walkthrough the configuration for referrence. - - -Global Virtual Network ------------------------- - -To connect two or more Distributed Cloud node environments together across the Distributed Cloud network we will need to connect the sites through a Global Virtual Network. - -Confirm you are still in the **Multi-Cloud Network Connect** Console under **Sites**. If not, click on the **Select Service** in the left-hand navigation and click on **Multi-Cloud Network Connect**. - -On the left side menu, navigate to **Manage >> Networking >> Virtual Networks**. - -**Observe** the pre-configured **student-global** Virtual Network. Click the the dots under the **Action** menu for **student-global** and then **Manage Config**. Note the very simple config. - -| - -.. image:: ../images/studglob.png - -| - -Click **Cancel and Exit**. - -.. Note:: Due to tenant permissions you will not be able to create your own Global Virtual Network. - -If you wanted to configure this outside of the lab, you would simply click **Add Virtual Network** button, enter a name for the Virtual Network and make sure it is type **Global**. Simple indeed! - -The configuration **would** look like the screen below. - - -.. image:: ../images/meta.png - - -Fleets ------------------- -A Fleet is used to configure infrastructure components (like nodes) in one or more F5® Distributed Cloud Services Customer Edge (CE) sites homogeneously. - -Fleet configuration includes the following information - -* Software image release to be deployed on the Fleet - -* Virtual networks - -* List of interface and devices to be configured on every node - -* Connections between the virtual networks - -* Security policies applied in the Site - - -.. Note:: In this lab we have already created a fleet called "student-fleet" for you due to permission restrictions. - -Review Fleet Config ------------------------- - -In Multi-Cloud Network Connect context, go down to **Manage >> Site Management >> Fleets.** - -Click on the 3 dots at the far right hand side of student-fleet and select **Manage Configuration** - -| - -.. image:: ../images/studfleet.png - -| - -In the next screen click on **Edit Configuration** in the top right of the screen and **Observe** the Fleet Configuration and Network Connectors. - -A Network Connector is used to create a connection between two virtual networks on a given site. - -For more information on Network Connectors and their functions you can review this link: https://docs.cloud.f5.com/docs/how-to/networking/network-connectors - -The **Network Connectors** are configured as: - -**student-global-connector** - -* Network Connector Type: Direct, Site Local Inside to a Global Network - -* Global Virtual Network: system/student-global - -| - -**student-snat-connector** - -*Network Connector Type: SNAT, Site Local Inside to Site Local Outside - -* Routing Mode: Default Gateway - -* SNAT Source IP Selection: Interface IP - -| - -**student-ce-global-connector** - -* Network Connector Type: Direct, Site Local Outside to a Global Network - -* Global Virtual Network: system/student-global - -| - -Also, notice Network Firewall is **NOT** currently defined. We will come back to that in a few moments. - -Click **Cancel and Exit.** - - -Fleet Label -------------- -Labels are a map of string keys and values that can be used to organize and categorize objects within Distributed Cloud. - -Fleet has a field called fleet_label. When a Fleet object is created, the system automatically creates a **"known_label"** named: **"ves.io/fleet"**. -The known_label is created in the Shared namespace for the tenant. A site is made a "member of Fleet" when this known_label is added to the site. -A site can have at most one known_label of type ves.io/fleet and hence belongs to exactly one Fleet at any given time. - -**Note** the **Fleet Label Value** of the **student-fleet**. The label is also named **student-fleet**. - -.. image:: ../images/flv.png - - - -Bringing up the Connection ----------------------------- -From your UDF environment browser tab, click on **Access >> Web Shell** on the Ubuntu Client. This will open a new tab to a Web Shell. - -| - -.. image:: ../images/ubuntu.png - -| - -**The workload in AWS has an IP address of 10.0.3.253** - -Type **ping 10.0.3.253** and hit **Enter**. You **WILL NOT** get a response. - -Back in the XC Console, navigate to **Multi-Cloud Network Connect >> Sites** and find your **"animal-name"** -Click the **3 buttons** under the **Action Menu** under **"your animal name"** and select **Manage Configuration**. - -In the top right click **Edit Configuration**. - -You should be here. We will be adding a **Fleet Label** to tag our CE Node into the fleet. - -| - -.. image:: ../images/fleetlabel.png - -| - -Click **Add Label** under the **Labels** section and select the label **ves.io/fleet.** -For the value click on **student-fleet**, scroll down, **Save and Exit**. - -| - -.. image:: ../images/fleetlabel1.png - -| - -It should look like this: - -| - -.. image:: ../images/fleetlabel2.png - -| - - -Check back on your web shell tab with the ping going. Success!! - -| - -.. image:: ../images/ping.png - -| - -.. important:: If you want to tear down this connectivity it is as easy as removing the label. - - -In XC Console, navigate to **Multi-Cloud Network Connect** >> **Sites** and click directly on your **"animal-name"** and finally click on the **Tools** menu on the top, far right. - -.. note:: If you do not see the Tools menu there should be a right chevron ">" that will allow you to access additional menu items. - - -Click on **Show Routes** - -| - -.. image:: ../images/shroutes.png - -| - -Set Virtual Network Type to: **VIRTUAL_NETWORK_SITE_LOCAL_INSIDE** and click the blue **Show routes** button - -| - -.. image:: ../images/shroutes2.png - -| - -Scroll down to see the AWS subnet route **"10.0.3.0/24** being advertised through the tunnel. - -| - -.. image:: ../images/shroutes3.png - -| - -Routing is good, now let's test some other ports. -Go back to the web shell where you ran a ping. We will now test 2 ports that we know the server is listening on. - -**Port 80** - Simple Web page - -**Port 8080** - Diagnostic tool - -Our first test will be to port 80. In the web shell type: **curl \-\-head http://10.0.3.253** - -| - -.. image:: ../images/curl.png - -| - -Next, push the keyboard "up arrow " and run the same command but targeted at port 8080 like this: **curl \-\-head http://10.0.3.253:8080** - -| - -.. image:: ../images/8080.png - -| - -.. Important:: If you are not getting a **"200 OK"** repsponse, please see a lab assistant before moving on. - - - -.. Note:: We now have to close port 8080 per the ACME Corp security department requirement. - -Enhanced Firewall Policy ---------------------------------- - -You will now configure the F5 Distributed Cloud Enhanced Firewall to provide network security between these sites. - -.. Note:: Due to lab architecture, we will only be able to configure the policies but not apply. We will show you the final step to apply your policy for reference, but you will not actually be able to apply or test. - - -Navigate to **Manage >> Firewall >> Enhanced Firewall Policies** and click **Add Enhanced Firewall Policy**. - -| - -========================================= ===== -Variable Value -========================================= ===== -Name [animal-name]-fwp -Select Enhanced Firewall Policy Rule Type Custom Enhanced Firewall Policy Rule Selection -========================================= ===== - - -Click the blue **Configure** hyperlink. - -| - -.. image:: ../images/efwp.png - -| - -Click on **Add Item** to bring up the Rules creation screen. Here you will notice several powerful **"Enhanced"** Source and Destination Traffic filters. - - -================================= ===== -Variable Value -================================= ===== -Name [animal-name]-allow-80 -Source Traffic Filter IPv4 Prefix List >> Click Configure and add 10.1.1.0/24 then click **Apply**. -Destination Traffic Filter IPv4 Prefix List >> Click Configure and add 10.0.3.0/24 then click **Apply**. -Select Type of Traffic to Match Match Protocol and Port Ranges -Match Protocol and Port Ranges TCP >> click **Add Item** and add **80**. -Action Allow -================================= ===== - - -| - -.. image:: ../images/allow80.png - -| - -Click **Apply** and your screen should look like this: - -| - -.. image:: ../images/fwver.png - -| - -Now we will create the **default deny** to prevent any other traffic between these two networks. - -Click **Add Item** again to add another rule to the **Enhanced Firewall Policy**. - -================================= ===== -Variable Value -================================= ===== -Name [animal-name]-deny-all -Source Traffic Filter IPv4 Prefix List >> Click Configure and add 10.1.1.0/24 then click **Apply**. -Destination Traffic Filter IPv4 Prefix List >> Click Configure and add 10.0.3.0/24 then click **Apply**. -Select Type of Traffic to Match Match All Traffic -Action Deny -================================= ===== - -| - -.. image:: ../images/denyall.png - -| - - -Click **Apply** and your screen should look like this: - - -| - - -.. image:: ../images/fwver2.png - -| - -Click **Apply** and **Save and Exit**. - -| - - -.. image:: ../images/save.png - -| - -Summary ---------------------------------- -You have now created the firewall policy necessary to secure these two networks. Outside of the lab environment you would now add this policy to the fleet by managing your fleet and adding an Enhanced Firewall policy. - -| - - -.. image:: ../images/fleetpol.png - -| - -Logging ---------- -Customers often ask about the logging options with F5 Distributed Cloud. There are two main options for logging. - -1. Global Logging - Logging related to activities that occur within Distributed Cloud and on the Regional Edges such as load balancers or WAAP/Bot policy. - -2. Site Local Logging - Logging related to activities that occur within the Customer Edge Boundary such as load balancers or WAAP/Bot policies runnning locally on an XC Node. - -.. Note:: This is the last "Read Only" lab section. Our apologies for the inconvenience. - -**Global Logging**: - -To observe **(NOT configure)** the Global Logging configuration options, in the side-menu, browse to **Manage >> Log Management >> Global Log Receiver** and click **Add Global Log Receiver**. - -Take particular notice of the different **Log Types** and **Receiver Configurations** which include AWS, Azure and Splunk options to namedrop a few. - -| - - -.. image:: ../images/globlog.png - -| - -Click **Cancel and Exit** and Discard any changes. - - -**Site Local Logging**: - -To observe **(NOT configure)** the Site Local Logging configuration options, in the side-menu, browse to **Manage >> Log Management >> Log Receiver** and click **Add Log Receiver**. - -Click on the **Show Advanced Fields** button on the right and take note of the **Where** - -Click **Cancel and Exit** and Discard any changes. - - -| - - -.. image:: ../images/locallog.png - -| - -**Applying Site Local Logging**: - -To observe **(NOT configure)** the application of the Site Local Logging profile, browse to **Manage >> Site Management >> Fleets**, click the **3 button** Action menu and click **Manage Configuration**. - -Scroll down to observe the **Logs Streaming** field under **Advanced Configuration**. Outside of the lab environment, you would enable this and select your **Log Receiver** profile. - -| - - -.. image:: ../images/logs.png - -| - -Click **Cancel and Exit**. - -You can now feel free to explore the **Multi-Cloud Network Connect** Site menus while everyone is getting caught up. - -Click on **Site Map**, **Site Security**, which is where we would review our firewall logs in "real world", and finally, head down to the **Service Info** Section and click on **About**. - - -Sanity Check -------------- -**This is what you just deployed.** - -.. image:: ../images/lab2rev.png - - -**We hope you enjoyed this lab!** - -**End of Lab 2** \ No newline at end of file diff --git a/docs/class5/class6/module1/module1.rst b/docs/class5/class6/module1/module1.rst deleted file mode 100644 index d268e2e2..00000000 --- a/docs/class5/class6/module1/module1.rst +++ /dev/null @@ -1,22 +0,0 @@ -Module 1: Network Connect -======================================================= - -.. image:: ../images/netconnect.png - -**Narrative**: - -As described in the intro, you work at ACME corp as a Network Engineer and have been tasked with privately and securely connecting the backend server with the frontend server in AWS. -Your solution must be future-proof to allow for additional backends or frontends in the future. - -**In Lab 1** we will be deploying an XC Node to establish the Customer Edge (CE) which will provide connectivity to remote environments or sites. - -**In Lab 2** we will configure the XC Nodes to act as Software-Defined Routers to stitch together the Data Center and AWS networks using Network Connect. - - -.. image:: ../images/labs.png - -.. toctree:: - :maxdepth: 1 - :glob: - - lab* diff --git a/docs/class5/class6/module2/lab3.rst b/docs/class5/class6/module2/lab3.rst deleted file mode 100644 index 5c1a080e..00000000 --- a/docs/class5/class6/module2/lab3.rst +++ /dev/null @@ -1,469 +0,0 @@ -Lab 3: Globally Available Front End -======================================= - -**Objective:** - -* Use XC Regional Edges to provide future-proof, globally available frontend. - -* XC frontend (RE) must be able to load balance the 2 cloud frontends. - -* Expose Azure private frontend without adding a public IP for the workload. - -* Always prefer the AWS frontend for ingress traffic. - -**What they want:** - -.. image:: ../images/mod2bizreq.png - -**Narrative:** - -Unfortunately, after doing your due diligence, you find that the Azure VNET overlaps with the AWS subnets. To make matters worse, -the Azure server is not associated with any public IP and there is a security directive in place to not have any workload servers in Azure associated with a public IP without a security device. - -Lately, the site has been getting pounded with attack traffic and frontend security has become a hot topic at ACME. -You think to yourself, this is going to be tricky, and reach out to your trusted F5 Solutions Engineer to see how this will work with Distributed Cloud. - -Your F5 Solutions Engineer explains that IP overlap between sites is a common problem and one that can be easily solved with Distributed Cloud App Connect. -App Connect alleviates this problem by leveraging the XC Nodes as Software-Defined Proxies rather than Software-Defined Routers as they were configured with Network Connect. Additionally App Connect enforces a default deny architecture, where only the port and domain name defined on the load balancer will accept traffic. - -Also, you are informed that by using F5 Distributed Cloud Regional Edges for the frontend workloads, you will be able to have full proxy security, visibility and analytics for the client traffic, so the Security team will be pleased. - -After reviewing the architecture with you, your Solutions Engineer advises you to break up these requirements in to 2 specific deliverables. - -**Deliverable 1:** - -Create a globally scaled and future-proof frontend with the XC Regional Edges **(Lab 3)** - -| - -.. image:: ../images/lab3.png - -| - -**Deliverable 2:** - -Leverage App Connect for secure site to site connectivity regardless of IP overlap. **(Lab 4)** - -| - -.. image:: ../images/lab4goal.png - -| - -Multi-Cloud App Connect ----------------------------- - -With **Network Connect** you connected routed networks with your CE Node which acted as a Software-Defined Router. - -Now with **App Connect** you will be configuring our Regional Edges and your CE Nodes as Sofware-Defined-Proxies to provide connectivity between workloads. The CE's can do both functions simultaneously!! - -In the **Side menu** under **Manage** click on **Load Balancers** >> **Origin Pools** and click the **Add Origin Pool** button. - - -AWS Origin Pool ----------------- - -| - -.. image:: ../images/orig.png - -| - -Enter the following Values: - -============================== ===== -Variable Value -============================== ===== -Name animal-name-aws-pool -Origin Server Port 80 -Origin Servers See Below -Health Checks See Below -============================== ===== - -**Origin Servers:** Click **Add Item** - -In the dropdown keep: **Public DNS Name of Origin Server** and type: **public.lab.f5demos.com** and click **Apply**. - -**Health Checks:** Under "Health Check object" click the **Select Item*** dropdown and click **Add Item**. - -For the Name use: **[animal-name]-http** and take the rest as defaults. - -Click **Continue** - -| - -.. image:: ../images/health.png - -| - -Your Origin Pool should now look like this: - -| - -.. image:: ../images/origaws.png - -| - - -Leave everything else as **default** and click **Save and Exit**. - - -Azure Origin Pool ---------------------- - -Click the **Add Origin Pool** button at the top the screen. - - -============================== ===== -Variable Value -============================== ===== -Name animal-name-azure-pool -Origin Server Port 80 -Origin Servers See Below -Health Checks [animal-name]-http -============================== ===== - -**Origin Servers:** -Hit the dropdown for **Select Type of Origin Server** and choose **IP Address of Origin Server on given Sites**. - -============================== ===== -Variable Value -============================== ===== -IP 10.0.3.253 (Note: this is not a typo. The CSP workloads have IP overlap) -Site or Virtual Site Site -Site: **system/student-azurenet** -Select Network on the site Inside Network -============================== ===== - -Click **Apply**. - -Your config should look like this: - -| - -.. image:: ../images/origazure.png - -| - -Leave everything else as **default** and click **Save and Exit**. - -Now that we have defined both of our Origin Server pools which are a public DNS Name in AWS and a private IP in Azure, we will set up the App Connect Proxy to provide a Global Frontend to load balance them. - -Global Frontend ----------------------------- - -In the **Side menu** under **Manage** click on **Load Balancers** >> **HTTP Load Balancers** and click the **Add HTTP Load Balancer** button. - -================================== ===== -Variable Value -================================== ===== -Name animal-name-acme-frontend -Domains and LB Type animal-name-acme-frontend.lab-mcn.f5demos.com -Load Balancer Type HTTP -Automatically Manage DNS Records **check** -HTTP Port 80 -Origin Pools See Below -================================== ===== - -**Origin Pools** - -Click **Add Item** and under "Origin Pool" select the **AWS pool** with your animal name. Leave everything else as **default** and click **Apply**. - -| - -.. image:: ../images/awspri.png - -| - -Click **Add Item** again and under "Origin Pool" select the **Azure pool** with your animal name. This time, change the priority to **0** and click **Apply**. - -.. Note:: A zero value priority makes that pool the lowest priority. A value of **1** is the highest priority. AWS was set to **1** by default. - -| - -.. image:: ../images/azurepri.png - -| - -Click **Apply** and you should now be back to the **HTTP Load Balancer** configuration screen which should look like this. - -| - -.. image:: ../images/httplb.png - -| - -Leave everything else as **default** and scroll down to the bottom to click **Save and Exit**. - -You should now see your Globally Available frontend in the **HTTP Load Balancers** screen. - -| - -.. image:: ../images/newlb.png - -| - -Testing ---------------------- - - -Go ahead and open up a **Command Prompt** or **Terminal** on your personal machine and type the following command: - -**nslookup [animal-name]-acme-frontend.lab-mcn.f5demos.com** and note the IP address that is returned. - -In my example, I am using a terminal on MAC and my animal-name was **rested-tiger**. - -.. Note:: This may take a few moments to become resolvable depending on your local DNS configuration. - -| - -.. image:: ../images/nslookup.png - -| - -Now open up a new tab in your browser and try http://[animal-name]-acme-frontend.lab-mcn.f5demos.com - -If you reached this page, you set it up right! Nice work. - -| - -.. image:: ../images/awspub.png - -| - -Hit **[Shift + Refresh]** a few times in your browser and make sure you are staying on the same site. You should NOT be seeing a **blue page** at any point. - - -In **XC Console**, navigate to **Manage >> Load Balancers >> Origin Pools**, click on the **3 Button** Actions Menu and choose **Manage Configuration** for your **[animal-name]-aws-pool**. - -Click **Edit Configuration** in the upper right and then scroll to the bottom of the **AWS origin Servers** configuration screen. - -Under **TLS**, hit the dropdown and choose **Enable** and click **Save and Exit**. - -| - -.. image:: ../images/tlsenable.png - -| - - -.. Important:: What you are doing here, is enabling TLS on the backend connection to the Origin Server of the AWS pool. This WILL FAIL, as the Server is not expecting TLS which will effectively cause the monitors to fail. This will take down the AWS pool and allow us to test the Azure failover as if the AWS workload itself was failing. - -**Check it out....** - -Go back to your browser tab that you had open to http://[animal-name]-frontend.lab-mcn.f5demos.com and hit **[Shift + Refresh]**. - -| - -.. image:: ../images/azurepub.png - -| - -Go back to XC Console and edit the AWS pool again to disable TLS and bring the AWS site back online. - -| - -.. image:: ../images/disabletls.png - -| - -Click **Save and Exit**. - -Go back to your browser tab that you had open to http://[animal-name]-frontend.lab-mcn.f5demos.com and hit **[Shift + Refresh]**. - -.. note:: If you receive a 503 error, please wait a moment and [Shift + Refresh] your browser. - -You should be back to the AWS page now. - -| - -.. image:: ../images/awspub.png - -| - -.. - **Testing Load Balancing** - - Although this isn't an ACME requirement at the moment, you decide to test an Active/Active pool configuration. - Currrently, you have a Global frontend [http://animal-name-acme-frontend.lab-mcn.f5demos.com] that points to a pool with a public EC2 workload in AWS and a pool with a private IP workload in Azure sitting behind the CE. - You are configured for Active/Standby load-balancing of the pools due to the priority setting in the pool. - - - In **XC Console**, navigate to **Manage >> HTTP Load Balancers**, click on the **3 Button** Actions Menu and choose **Manage Configuration** for your **[animal-name]-acme-frontend**. - - Click **Edit Configuration** in the upper right and then click the **pencil/edit** icon next to the Azure Origin Pool. - - | - - .. image:: ../images/editazure.png - - | - - Change the priority to **1**, click **Apply** and **Save and Exit**. - - Go back to your browser tab that you had open to http://[animal-name]-frontend.lab-mcn.f5demos.com and hit **[Shift + Refresh]**. - - - | - - .. image:: ../images/weird-results.png - - | - - -Dashboard and Analytics -------------------------- - -Now that we've sent several requests to our shiny new **Globally Available Frontend**, we can take a look at the traffic dashboards. - -In **XC Console** >> **Multi-Cloud App Connect** >> **Overview** click on **Performance**. - -Scroll all the way to the bottom and under **Load Balancers**, click directly on your **[animal-name-acme-frontend]**. - -| - -.. image:: ../images/lbs.png - -| - -This will take you to the **Performance Monitoring** Dashboard. If you took a break or don't see any live traffic, try tuning your time-frame. - -| - -.. image:: ../images/time.png - -| - -You should see a number of metrics including a **Application Health** score which may NOT be at **100** due to the AWS site being offline earlier when we tested failover. - -| - -.. image:: ../images/metrics.png - -| - -Notice the invaluable **End to end Latency** analytic. Click on the **Metrics** tab. - -| - -.. image:: ../images/met1.png - -| - -Click on the **Health** Percent metric over on the right side. Use the time-sliders at the bottom to try and zoom in to the approximate time when the applications health was poor. - - -| - -.. image:: ../images/timeslide.png - -| - -In my example, I am zooming in to approx 12:33AM and can click the color block to get a filtered view of the requests as they were being served at that time. - -| - -.. image:: ../images/timeslide2.png - -| - -We can confirm that the Standby Azure workload was sure enough serving up requests during that time. - -| - -.. image:: ../images/requests.png - -| - -Click the **Traffic Tab** in the top menu and change your time-frame back to **1 hour**. - -This graph shows you a visual representation on where your traffic is ingressing our Regional Edges. In my example below, I am local to the DC area, so you can see I consistently hit the DC12 RE in Ashburn Virginia. - -You may see different Source Sites depending where you are geographically located. In production you would see several source sites here if your customer traffic is geographically diverse. - - -You can also see the load balancer name and the Origin Servers to the right. If you hover over them you will get a Request Rate metric. - -| - -.. image:: ../images/traffic.png - -| - -Click the **Origin Servers Tab** in the top menu and change your time-frame to **1 hour**. At the bottom left, change your setting to **50** items per page. - -Why do you think there are so many Origin Servers showing for the AWS EC2 workload DNS name? - -| - -.. image:: ../images/originserve.png - -| - -Click the **Requests Tab** in the top menu and change your time-frame to **1 hour**. At the bottom left, change your setting to **50** items per page. - -The request log has a wealth of information. Literally everything about the request is logged and analyzed. - -Choose any request in the log and click the **expand** arrow next to the time-stamp. - -Every request has built in End-to-End analytics. You can also click on **JSON** to see the request log in JSON format. - -| - -.. image:: ../images/rl.png - -| - -Feel free to explore additional requests and/or fields while other students are getting caught up. - -Sanity Check -------------- -**This is what you just deployed.** - -| - -.. image:: ../images/lab3review.png - -| - -**We hope you enjoyed this lab!** - -**End of Lab 3** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/docs/class5/class6/module2/lab4.rst b/docs/class5/class6/module2/lab4.rst deleted file mode 100644 index 673aada7..00000000 --- a/docs/class5/class6/module2/lab4.rst +++ /dev/null @@ -1,537 +0,0 @@ -Lab 4: App Connect - Solving IP Overlap -=========================================== - -**Objective:** - -* Implement App Connect to overcome IP Address overlap in AWS/Azure. - -* Provide private and secure connectivity between all sites. - -* Configure policy to only permit port 80 between these sites. - -* Review network security events in the XC console. - -| - -.. image:: ../images/lab4bizreq1.png - -| - -**Narrative:** - -Now that the globally available frontend has been deployed, it's time to start working on **Deliverable #2** and configure backend connectivity. Since Network Connect does **NOT** support IP overlap, we will configure the XC Nodes with App Connect proxies. -Recall that Network Connect joins networks by using the XC Nodes as Software-Defined Routers and App Connect uses the XC Nodes as Software-Defined Proxies to connect applications. Think...NetworkAAS or ProxyAAS. - -| - -.. image:: ../images/lab4goal.png - -| - -Multi-Cloud App Connect ----------------------------- - -In the **Side menu** under **Manage** click on **Load Balancers** >> **HTTP Load Balancers** and click the **Add HTTP Load Balancer** button. - - -Enter the following values: - -================================== ============== -Variable Value -================================== ============== -Name [animal-name]-backend-vip-to-azure -Domains and LB Type [animal-name]-backend-vip-to-azure.lab-mcn.f5demos.com -Load Balancer Type HTTP -Automatically Manage DNS Records **uncheck** -HTTP Port 80 -Origin Pools See Below -================================== ============== - -**Origin Pools** - -Click **Add Item** and under "Origin Pool" select the **Azure pool** with your animal name and click **Apply**. - -Your config should look like this so far: - -| - -.. image:: ../images/backendvip.png - -| - -**Scroll** all the way down until you reach the **Other Settings** section. Here you will find the **VIP Advertisement** field. - -.. Important:: In the previous lab, we took the default of **Internet** here. This means that the load balancer will be distributed across all Regional Edges in our anycast network. This time we will choose our Data Center CE to host the load balancer. - -Hit the dropdown and select **Custom**. - -| - -.. image:: ../images/custom.png - -| - -Now click the **Configure** link right below that field: - -| - -.. image:: ../images/configure.png - -| - -On the **"List of Sites to Advertise"** screen click **Add Item**. - -Enter the following values: - -============================== ========================================================= -Variable Value -============================== ========================================================= -Select Where to Advertise Site -Site Network Outside Network (Since we only have 1 interface on our CE Node, it is "Outside" by default) -Site Reference system/[animal-name] -TCP Listen Port Choice TCP Listen Port -TCP Listen Port 80 -============================== ========================================================= - -| - -.. image:: ../images/azint.png - -| - -Click on **Apply**, **Apply**, and then **Save and Exit** on the main **HTTP Load Balancer** config screen. - - -Testing Internal LB ----------------------- -If that seemed easy, it's because it was. Now, you will test the load balancer that you just configured on the Data Center XC Node. - -| - -.. image:: ../images/node.png - -| - -From the Ubuntu Client (backend) **Web Shell** browser tab, type the following command and hit Enter. - -curl http://10.1.1.5 - -| - -.. image:: ../images/curlerror.png - -| - -Uh oh....! **404 Not Found**? But why? - -Recall the mandatory **Domains** field that was required when you configured the HTTP load balancer. **XC App Connect HTTP Load Balancers natively perform Domain Name enforcement and DO NOT respond to requests without the expected Domain Name.** - -| - -.. image:: ../images/domains.png - -| - -We will now use a tool to help test this with a built-in "resolve" function. - -From the Ubuntu Client **Web Shell** browser tab, type or paste the following command **(with your animal-name)** and hit **Enter**.:: - - curl --head http://[animal-name]-backend-vip-to-azure.lab-mcn.f5demos.com --resolve [animal-name]-backend-vip-to-azure.lab-mcn.f5demos.com:80:10.1.1.5 - -.. note:: On a MAC you should be able to [CMD + v] and on a PC [Shift + Insert] to paste into the web shell. - -| - -.. image:: ../images/curlhead.png - -| - -In my example, my animal-name was **wanted-swan**. If you want to see the full HTML of the site you can **up arrow** and run the command again without the **\-\-head** flag.:: - - curl http://[animal-name]-backend-vip-to-azure.lab-mcn.f5demos.com --resolve [animal-name]-backend-vip-to-azure.lab-mcn.f5demos.com:80:10.1.1.5 - -| - -.. image:: ../images/curltest.png - -| - -Success! Your stomach growls and it's time for lunch! You have now met every requirement thrown at you thus far with F5 Distrib.... **Ring Ring** - -.. Important:: Your phone rings! Just as you were finishing up your testing and about to head to lunch, the CIO calls your desk directly with an urgent request and it sounds like that new Pho restaurant is going to have to wait. There is an immediate requirement for the frontend in AWS to connect to an API on the frontend in Azure, privately over port 80. Additionally, this API should be "Read Only" for any API clients originating in AWS. This traffic CAN NOT be sent unencrypted over the Internet. Can we use F5 Distributed Cloud to quickly bridge these CSP's? - -Narrative Update ----------------------- -You have met all the requirements thus far, but that phone call had a real sense of urgency to it so, you're going to have to act fast. - -Unfortunately, you don't have access to any of the workloads in the CSP environments but one of your friends over on the Application team recently let you know about a diagnostic tool they use on their AWS frontend. It's called the "In-Container-Diagnostic tool" and it runs on their AWS instance on port 8080. -They said you could use it if you need to test connectivity from the AWS frontend to the Azure frontend but they can't give you direct access to the container or workload itself. - -"No problem" you reply, and quickly set out to configure a new frontend in XC for the Diag tool. After you expose the Diag tool, you will configure an internal load balancer for port 80 traffic between the AWS frontend and Azure frontend. You will use the Diag tool to then verify this connectivity. - -| - -.. image:: ../images/cioreq.png - -| - -Expose AWS Diag Tool ----------------------- - -In the **Side menu** under **Manage** click on **Load Balancers** >> **Origin Pools** and click the **Add Origin Pool** button. - -================================== ============== -Variable Value -================================== ============== -Name [animal-name]-awstool-pool -Origin Servers **Add Item** > See Below -Origin Server Port 8080 -================================== ============== - -**Origin Servers** - -================================== ============== -Variable Value -================================== ============== -Select Type of Origin Server IP address of Origin Server on given Sites -IP 10.0.3.253 -Site or Virtual Site Site -Site system/student-awsnet -Select Network on the site Inside Network -================================== ============== - -Click **Apply** and the **Save and Exit**. - -| - -.. image:: ../images/toolpool.png - -| - - -In the **Side menu** under **Manage** click on **Load Balancers** >> **HTTP Load Balancers** and click the **Add HTTP Load Balancer** button. - - -Enter the following values: - -================================== ============== -Variable Value -================================== ============== -Name [animal-name]-awstool -Domains and LB Type [animal-name]-awstool.lab-mcn.f5demos.com -Load Balancer Type HTTP -Automatically Manage DNS Records **check** (Important!) -HTTP Port 80 -Origin Pools **Add Item** and select [animal-name-awstool-pool] and click **Apply**. -================================== ============== - -| - -.. image:: ../images/toollb.png - -| - - -Click **Save and Exit**. - -You should now be able to access the new globally availalable tool by accessing the following URL with your animal-name: - -http://[animal-name]-awstool.lab-mcn.f5demos.com - -| - -.. image:: ../images/contool.png - -| - -.. Note:: Please see a lab assistant if you can not access the tool site. - -Create AWS to Azure LB ------------------------- - -Now that we have a way to test connectivity between AWS and Azure all we need to do is setup the HTTP Load Balancer (App Connect Proxy) to provide the secure connectivity. - -Back in XC Console, from the **Side menu** under **Manage** click on **Load Balancers** >> **HTTP Load Balancers** and click the **Add HTTP Load Balancer** button. - - -Enter the following values: - -================================== ============== -Variable Value -================================== ============== -Name [animal-name]-aws-to-azure-lb -Domains and LB Type [animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com -Load Balancer Type HTTP -Automatically Manage DNS Records **uncheck** -HTTP Port 80 -Origin Pools **Add Item** and select [animal-name-azure-pool] and click **Apply**. -VIP Advertisement (at bottom) **Custom** Click **Configure** See Below. -================================== ============== - -Under **List of Sites to Advertise**, click **Add Item**. - -**VIP Advertisement** - -================================== ============== -Variable Value -================================== ============== -Select Where to Advertise Site -Site Network Inside (The AWS node has 2 interface. Inside/Outside) -Site Reference system/student-awsnet -TCP Listen Port Choice TCP Listen Port -TCP Listen Port 80 -================================== ============== - -Click **Apply** and it should look ike this: - -| - -.. image:: ../images/advervip.png - -| - -Click **Apply** and then **Save and Exit** from the HTTP Load Balancer creation screen. - -If you search your HTTP Load Balancers for your **animal-name**, you should now see 4 as per the example below: - -| - -.. image:: ../images/4lbs.png - -| - -Testing AWS to Azure LB ------------------------- - -You now have a load balancer running in AWS on the inside interface of your AWS XC Node. The inside interface IP of the AWS XC Node is **10.0.5.101**. - -We will now use the In-Container Diag tool to test connectivity. - -If you don't already have a tab open to the Diag tool, in your browser go to: http://[animal-name]-awstool.lab-mcn.f5demos.com - -Click on **Run Command** and paste in the following:: - - curl http://[animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com --resolve [animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com:80:10.0.5.101 - -| - -.. image:: ../images/success.png - -| - -In just a few moments, you now have full proxy connectivity between IP Overlapped AWS and Azure resources over a private encrypted tunnel! Pretty sweet huh? - - -Let's try that command again but with the shorthand version by using **\-\-head**:: - - curl --head http://[animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com --resolve [animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com:80:10.0.5.101 - -| - -.. image:: ../images/head.png - -| - -Adding Security ------------------------- - -You just configured an App Connect Proxy listening on port 80 of the Inside interface of the AWS XC Node. Since the App Connect Proxy is **default-deny** and only accepts traffic on the configured load balancer port with the appropriate Layer 7 Domain information, we can rest assured that no other ports will be permitted. - -The second request to ensure that the **pretend API running on port 80 in Azure is Read Only or R/O**, can easily be solved with a Service Policy. For ease of demonstration we will make use of two HTTP methods and **pretend that HEAD is R/W** and of course **GET is natively R/O.** - -Head is one of many HTTP methods used to interact with API's amongst other things. Some other common ones are GET, POST and PUT. - -Technically speaking, The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response. - -.. Note:: In our Lab we are just pretending that HEAD is R/W. - -What if we we didn't want to allow **HEAD** or only allow certain HTTP methods between these two workloads? - -In general, for any of our HTTP Load Balancers, what if we wanted to block a geolocation? -What if we wanted to allow some IP's and disallow others? How about file type enforcements? - -**Service Policies to the Rescue!** - -Service Policies ------------------- - -While Service Policies can do many things, we will go through a quick exercise to simply block the HTTP Method of **HEAD** for our AWS to Azure HTTP Load Balancer. This example could easily be expanded upon. - -When you create a **Service Policy** it intrinsically contains a **default deny**. Therefore, our Service Policy will actually be a definition of what is allowed. - -Back in XC Console, from the **Side menu** under **Security**, click on **Service Policies** >> **Service Policies** and click the **Add Service Policy** button. - -================================== ============== -Variable Value -================================== ============== -Name [animal-name]-allow-get-sp -Server Selection Server Name -Server Name [animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com -Select Policy Rules Custom Rule List -Rules **Configure**, Click **Add Item** > See Below: -================================== ============== - -**Rules** - -================================== ============== -Variable Value -================================== ============== -Name allow-get -Action Allow -Clients Any Client -Servers Domain Matcher >> **Exact Value** >> [animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com -HTTP Method/Method List Get -HTTP Path **Configure** >> **Add Item** add **/** under **Prefix Values**. -================================== ============== - -Click **Apply**. - -| - -.. image:: ../images/prefix.png - -| - - -| - -.. image:: ../images/spget.png - -| - -Scroll down and click **Apply**. - -| - -.. image:: ../images/sp1.png - -| - -Click **Apply**. - -| - -.. image:: ../images/sp2.png - -| - -Click **Save and Exit**. - -Apply Service Policy ---------------------- - -In the **Side menu** under **Manage** click on **Load Balancers** >> **HTTP Load Balancers** and then click the **3 Button** Action Menu >> **Manage Configuration** under your **[animal-name]-aws-to-azure-lb**. - -Click **Edit Configuration** and scroll down to **Common Security Controls**. - -Under **Service Policies**, hit the dropdown and choose, **Apply Specified Service Policies** and then click the blue **Configure**. - -Choose your **[animal-name]-allow-get-sp** and click **Apply** and then **Save and Exit**. - -| - -.. image:: ../images/lbsp.png - - -| - - -Test Service Policy -------------------- - -If you don't already have a tab open to the Diag tool, in your browser go to: http://[animal-name]-awstool.lab-mcn.f5demos.com - -Try your curl command again **without** the **--head** flag.:: - - curl http://[animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com --resolve [animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com:80:10.0.5.101 - - -| - -.. image:: ../images/success.png - - -| - -Now run the command again but insert the **\-\-head** command.:: - - curl --head http://[animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com --resolve [animal-name]-aws-to-azure-lb.lab-mcn.f5demos.com:80:10.0.5.101 - -| - -.. image:: ../images/forbid.png - -| - - -You have now successfully configured an application layer **Service Policy** that enforces HTTP methods. - -.. Note:: This is a primitive example of a much more powerful construct that can be used to enforce, secure and manipulate HTTP traffic much like iRules did on F5's classic BIG-IP platform. - -Review Service Policy Logs ---------------------------- - -Back in XC Console, from the **Side menu** under **Overview**, click on **Applications** and scroll down and click on your **[animal-name]-aws-to-azure-lb** under **Load Balancers**. - - -| - -.. image:: ../images/awstoazure.png - -| - -Take a moment to observe some of the analytics and then click on the **Requests** tab at the top of the page. - -| - -.. image:: ../images/requesttab.png - -| - -Here you will find the full request log. You will see the request path and if you click the little settings gear on the far right, you can add the Response Code given back to the client and several other metrics. -You may have to click refresh in the upper right or change your time frame if you took a break or don't see any data. - -| - -.. image:: ../images/perfmon.png - -| - -**Expand** one of the log entries that had a **403** response code. These were the forbidden **Head** requests. -Look through the request data and determine the policy that was applied to the request as well as the **result**. - -.. note:: If you do not see a response code column in the data, click on the wheel on the right, next to the search edit box and check response code. Click Apply. - -| - -.. image:: ../images/403.png - -| - -**Expand** one of the log entries that had a **200** response code. These were the allowed **Get** requests. -Look through the request data and determine the policy that was applied to the request as well as the **result**. - -| - -.. image:: ../images/200.png - -| - -**Great job! You have now quickly completed every requirement thrown at you with F5 Distributed Cloud App Connect and Network Connect concepts.** - -There is a final bonus lab that will showcase some App Layer Routing and Security Concepts as well. - -Sanity Check -------------- -**This is what you just deployed.** - -| - -.. image:: ../images/lab4review.png - -| - - -**We hope you enjoyed this lab!** - -**End of Lab 4** diff --git a/docs/class5/class6/module2/lab5.rst b/docs/class5/class6/module2/lab5.rst deleted file mode 100644 index 9e64d5eb..00000000 --- a/docs/class5/class6/module2/lab5.rst +++ /dev/null @@ -1,363 +0,0 @@ -Lab 5: Bonus Lab - L7 App Routing & Security -============================================== - -**Objective:** - -* Configure the Global Frontend to perform Layer 7 routing. - -* Configure security policy to protect the frontends from OWASP Top 10 web attacks. - -* Test connectivity and review application security events in the XC console. - -.. image:: ../images/lab5bizreq.png - -**Narrative:** - -Much like "The Real World", the requirements never stop coming. Now, ACME has 2 new deliverables for you to figure out. - -**First**, a new API has been added to the cloud frontends and will require Layer 7 routing at the global frontend in XC. -The requirement is for any requests that have **/aws** in the URI to be routed to AWS. -Any requests with **/azure** should be routed to Azure. - -**Second**, ever since exposing the frontends globally, they have noticed a lot of attack type traffic coming into their application. -They have asked if there is a way to apply a security policy to identify and remediate these attacks which seem to target the application with common OWASP Top 10 type attacks. - -| - -.. image:: ../images/lab5.png - -| - -L7 App Routing ---------------- - -**Adding Layer 7 App Routing with F5 Distributed Cloud is a simple task,** but one thing we haven't done yet is configure an **internal pool** for the **AWS workload**. So far, we have been pointing at a public DNS name in the AWS Origin pool, so that could in theory, change or resolve to different IP's/AZ's, at different times. -What we essentially want is a static proxy into the AWS environment that this one particular frontend is located in, which is also where our CE Node is deployed. - -In the **Side menu** under **Manage** click on **Load Balancers** >> **Origin Pools** and click **Manage Configuration** under the **3 Button** Action Menu on your **[animal-name]-azure-pool**. - -Cick **Clone Object**. - -| - -.. image:: ../images/clone.png - -| - -For the name call it: **[animal-name]-aws-internal** and click the pencil **edit** icon next to the **Origin Server**. - -| - -.. image:: ../images/edit.png - -| - -Simply change the **Site** from **system/student-azurenet** to **system/student-awsnet**. - -| - -.. image:: ../images/orgaws.png - -| - -Click **Apply** - -Your Origin Pool config should now look like this: - -| - -.. image:: ../images/awsconf.png - -| - -Click **Save and Exit**. - -Now we will configure the **Global Frontend** Load Balancer to point at both the AWS and Azure "IP-overlapped workloads" and we will add Layer 7 URI routing so traffic arrives at the appropriate Origin Server. - -In the **Side menu** under **Manage** click on **Load Balancers** >> **HTTP Load Balancers** and click on the **3 Buttons** under the **Actions** menu for your **animal-name-acme-frontend**. - -Click **Manage Configuration** and then **Edit Configuration** in the top right. - -| - -.. image:: ../images/lab5mg.png - -| - -Scroll down to where you see **Routes** and click the blue hyperlink "**Configure**" - -| - -.. image:: ../images/routes.png - -| - -Click **Add Item**. - -Enter the following values: - -================================== ============== -Variable Value -================================== ============== -Route Type Simple Route -HTTP Method GET -Path Match Prefix -Prefix /aws -Headers Leave Default -Origin Pools **Add Item** >> Origin Pool = **[animal-name]-aws-internal**, Click **Apply**. -Host Rewrite Method Disable Host Rewrite -================================== ============== - -Click **Apply**. - -Click **Add Item** again. - -================================== ============== -Variable Value -================================== ============== -Route Type Simple Route -HTTP Method GET -Path Match Prefix -Prefix /azure -Headers Leave Default -Origin Pools **Add Item** >> Origin Pool = **[animal-name]-azure-pool**, Click **Apply**. -Host Rewrite Method Disable Host Rewrite -================================== ============== - -Click **Apply**, **Apply**, **Save and Exit**. - - -| - -.. image:: ../images/routes1.png - -| - -Testing L7 Routing --------------------- - -In your browser open a new tab to: **http://[animal-name]-acme-frontend.lab-mcn.f5demos.com** - -Once you have loaded the site sucessfully, try adding the URI **/aws** and reload the page. - -You should see this: - -| - -.. image:: ../images/awsuri.png - -| - - -Now try adding the URI **/azure** and reload the page. - -You should see this: - -| - -.. image:: ../images/azureuri.png - -| - -So, how do we know for certain which workload was actually answering and this wasn't all smoke and mirrors? - -Back in XC Console, from the **Side menu** under **Overview**, click on **Perfomance**. - -Scroll all the way to the bottom and under **Load Balancers**, click directly on your **[animal-name-acme-frontend]** and then click the **Requests** tab (top middle). - -.. Note:: Remember to click refresh and adjust time-frame as necessary. - - -| - -.. image:: ../images/perfmo.png - -| - - -Notice the requests clearly show the URI and the Origin Server. - -| - -.. image:: ../images/perfmo2.png - -| - -Mission accomplished yet again!!! And with only a few short steps and simple concepts. The more you use F5 Distributed Cloud, the more powerful you become but as you know, with that power comes great responsibility...especially with security! - -L7 Security ---------------- - -If you haven't noticed, all along today, there has always been an underlying theme of security in all of the configurations we setup. It's very rare in this day and age to expose a resource or public frontend without some basic protection. - -A common theme was also reviewed in the narrative above. Your new public frontend has started getting a lot of unwanted attention and there is an immediate need to apply some security controls to expose and mitigate the unwanted traffic. We hear from customers with this request every day. - -With **F5 Distributed Cloud App Connect**, adding a WAF policy is just as easy as everything else we've setup so far. - -**First**, we will test out our attacks on the site without any WAF policy and observe the response. - -Testing Vulnerabilities ------------------------- - -For a SQL Injection (SQLi) attack, run the following command from your "Online Diag Tool". If you closed or lost that tab, the link is: **http://[animal-name]-awstool.lab-mcn.f5demos.com** - -SQLi:: - - curl -A "Mozilla/5.0', (select*from(select(sleep(20)))a)) #" http://[animal-name]-acme-frontend.lab-mcn.f5demos.com/ --resolve [animal-name]-acme-frontend.lab-mcn.f5demos.com:80:159.60.128.61 - - -| - -.. image:: ../images/sqli.png - -| - - -For some various other attacks you can modify the command and URI as shown below and try these: - -Other Attack Samples:: - - curl -X GET "http://[animal-name]-acme-frontend.lab-mcn.f5demos.com/?cmd=cat%20/etc/passwd" --resolve [animal-name]-acme-frontend.lab-mcn.f5demos.com:80:159.60.128.61 - -Or:: - - curl -X GET "http://[animal-name]-acme-frontend.lab-mcn.f5demos.com/product?id=4%20OR%201=1" --resolve [animal-name]-acme-frontend.lab-mcn.f5demos.com:80:159.60.128.61 - - -Here are the URI paths from above for easy reference: - -**/?cmd=cat%20/etc/passwd** - -**/product?id=4%20OR%201=1** - -| - -.. image:: ../images/varattack.png - -| - -Now that you've confirmed that the application is indeed vulnerable to these types of attacks, it's time to put a WAF policy in place and start blocking these immediately. - -Applying WAF ---------------- - -Back in XC Console, from the **Side menu** under **Manage**, click on **Load Balancers**, **HTTP Load Balancers** >> **Actions** >> **Manage Configuration** for the **[animal-name]-acme-frontend**. - -Click **Edit Configuration** and scroll down to the **Web Application Firewall** section. In the dropdown choose **Enable** - -Under **Enable**, click **Add Item**. - -For a name, call it your **[animal-name]-waf** and set the **Enforcement Mode** to blocking. Leave all others **default** and click **Continue**. - -| - -.. image:: ../images/waf.png - -| - -Your HTTP Load Balancer Configuration should now look like this. - -| - -.. image:: ../images/lbwaf.png - -| - -Click **Save and Exit**. - -Testing Vulnerabilities with WAF ----------------------------------- - -For the SQL Injection (SQLi) attack, run the following command from your "Online Diag Tool". If you closed or lost that tab, the link is: **http://[animal-name]-awstool.lab-mcn.f5demos.com** - -SQLi:: - - curl -A "Mozilla/5.0', (select*from(select(sleep(20)))a)) #" http://[animal-name]-acme-frontend.lab-mcn.f5demos.com/ --resolve [animal-name]-acme-frontend.lab-mcn.f5demos.com:80:159.60.128.61 - - -| - -.. image:: ../images/sqliblock.png - -| - -For some various other attacks you can modify the command and URI as shown below and try these: **All should be Blocked or "Rejected"**. - -Other Attack Samples:: - - curl -X GET "http://[animal-name]-acme-frontend.lab-mcn.f5demos.com/?cmd=cat%20/etc/passwd" --resolve [animal-name]-acme-frontend.lab-mcn.f5demos.com:80:159.60.128.61 - -Or:: - - curl -X GET "http://[animal-name]-acme-frontend.lab-mcn.f5demos.com/product?id=4%20OR%201=1" --resolve [animal-name]-acme-frontend.lab-mcn.f5demos.com:80:159.60.128.61 - -| - -.. image:: ../images/varblock.png - -| - -Reviewing WAF Logs ------------------------ - -In this final section, we will review the WAF logs for the attacks we just tested. - -Back in XC Console, from the **Side menu** under **Overview**, click on **Applications**. - -Scroll all the way to the bottom and under **Load Balancers**, click directly on your **[animal-name-acme-frontend]** and then click the **Security Analytics** tab (top middle). - -| - -.. image:: ../images/secmon.png - -| - -.. Note:: Remember to click refresh and adjust time-frame as necessary. - -| - -.. image:: ../images/secevents.png - -| - - -Click on the **Requests** tab (top middle) and then click the **Add Filter** icon: - -| - -.. image:: ../images/filter.png - -| - -Type **waf** in the search field, and select **waf_action** >> **In** >> **Block** >> **Apply**. - -| - -.. image:: ../images/wafaction.png - -| - -You can now see a filtered **Request Log** view of all blocked events. Feel free to play around with other filters and explore the security events. - - -Sanity Check -------------- -**This is what you just deployed.** - - -| - -.. image:: ../images/lab5sanity.png - -| - -Outro --------- - -What a long day it has been at ACME corp.... but you look at your watch and realize that you could have never setup what you just did, in the time it took you, even 3 years ago. The magic of F5 Distributed Cloud Network Connect and App Connect solutions greatly simplify modern problems while saving time and enhancing security. - -**We hope you enjoyed this lab!** - -**End of Lab 5** - - diff --git a/docs/class5/class6/module2/module2.rst b/docs/class5/class6/module2/module2.rst deleted file mode 100644 index f98ca88d..00000000 --- a/docs/class5/class6/module2/module2.rst +++ /dev/null @@ -1,30 +0,0 @@ -Module 2: App Connect -======================================== - -.. image:: ../images/appconnect.png - -**Narrative:** -Everything has been running terrific at ACME with your current Network Connect model. Your boss is pleased with your work and has a new assignment for you. -ACME has aquired a new company that utilizes Azure IAAS but none of their servers are public facing due to security governance. - -ACME wants to implement a globally available frontend that can serve content from either AWS or Azure without directly giving any of the Azure workloads a public IP. -Inbound Internet traffic should always be sent to the public AWS frontend DNS name with the Azure private-ip frontend acting as a backup for now. - -The on-prem backend server must be able to scan the private frontend in Azure on port 80. -The frontend server in Azure WILL NOT have a public IP. ACME has truly gone multi-cloud! - -.. image:: ../images/mod2bizreq.png - - -**In Lab 3** we will be satisfying the latest ACME business requirements by using App Connect to provide a globally available frontend for the cloud application - -**In Lab 4** we will solve the IP overlap problem introduced by the Azure acquisition by leveraging App Connect. - -**In Lab 5** we are offering a bonus App Connect, "Application Routing" lab, where requests from Internet Clients will be routed to AWS or Azure frontend based on URI. You will also -be configuring application security policy on the globally available frontend load balancer in XC to portect against OWASP Top 10 attacks. - -.. toctree:: - :maxdepth: 1 - :glob: - - lab* diff --git a/docs/class5/class7/class5.rst b/docs/class5/class7/class5.rst deleted file mode 100644 index 7147b06c..00000000 --- a/docs/class5/class7/class5.rst +++ /dev/null @@ -1,14 +0,0 @@ -F5 Distributed Cloud - AppStack CaaS & K8s Delivery Options -=========================================================== - -This Lab environment highlights some of the basic concepts of F5 Distributed Cloud (XC) AppStack. - -During the lab you will be emulating a customer that needs to deploy applications closer to the user. The goal is to understand the steps and requirements to place workloads in the F5 Distributed Cloud virtual Kubernetes implementation. - -This class has 4 modules, each with at least 1 required lab. Some modules contain optional labs which are clearly denoted. We're simply doing this to show the standard structure of a class/module/lab. - -.. toctree:: - :maxdepth: 1 - :glob: - - module*/module* diff --git a/docs/class5/class7/images/10select_advertise_options-updated.png b/docs/class5/class7/images/10select_advertise_options-updated.png deleted file mode 100644 index 0d4dc1b5..00000000 Binary files a/docs/class5/class7/images/10select_advertise_options-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/10select_advertise_options.png b/docs/class5/class7/images/10select_advertise_options.png deleted file mode 100644 index 6534773f..00000000 Binary files a/docs/class5/class7/images/10select_advertise_options.png and /dev/null differ diff --git a/docs/class5/class7/images/11_b_vk8s_apply_complete_config.png b/docs/class5/class7/images/11_b_vk8s_apply_complete_config.png deleted file mode 100644 index b3128b2e..00000000 Binary files a/docs/class5/class7/images/11_b_vk8s_apply_complete_config.png and /dev/null differ diff --git a/docs/class5/class7/images/11_c_vk8s_saveandexit_complete_config.png b/docs/class5/class7/images/11_c_vk8s_saveandexit_complete_config.png deleted file mode 100644 index 6dce66c5..00000000 Binary files a/docs/class5/class7/images/11_c_vk8s_saveandexit_complete_config.png and /dev/null differ diff --git a/docs/class5/class7/images/11set_advertise_port-updated.png b/docs/class5/class7/images/11set_advertise_port-updated.png deleted file mode 100644 index bc4fe61d..00000000 Binary files a/docs/class5/class7/images/11set_advertise_port-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/11set_advertise_port.png b/docs/class5/class7/images/11set_advertise_port.png deleted file mode 100644 index d49ca1c1..00000000 Binary files a/docs/class5/class7/images/11set_advertise_port.png and /dev/null differ diff --git a/docs/class5/class7/images/12_a_verify_3_workload_sites_pods_pending.png b/docs/class5/class7/images/12_a_verify_3_workload_sites_pods_pending.png deleted file mode 100644 index cf844445..00000000 Binary files a/docs/class5/class7/images/12_a_verify_3_workload_sites_pods_pending.png and /dev/null differ diff --git a/docs/class5/class7/images/12b_verify_3_workload_sites_pods-updated.png b/docs/class5/class7/images/12b_verify_3_workload_sites_pods-updated.png deleted file mode 100644 index 69776753..00000000 Binary files a/docs/class5/class7/images/12b_verify_3_workload_sites_pods-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/12verify_3_workload_sites_pods.png b/docs/class5/class7/images/12verify_3_workload_sites_pods.png deleted file mode 100644 index ce19e722..00000000 Binary files a/docs/class5/class7/images/12verify_3_workload_sites_pods.png and /dev/null differ diff --git a/docs/class5/class7/images/13validate_vK8s_dashboard-updated.png b/docs/class5/class7/images/13validate_vK8s_dashboard-updated.png deleted file mode 100644 index ebee52f7..00000000 Binary files a/docs/class5/class7/images/13validate_vK8s_dashboard-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/13validate_vK8s_dashboard.png b/docs/class5/class7/images/13validate_vK8s_dashboard.png deleted file mode 100644 index c807f92f..00000000 Binary files a/docs/class5/class7/images/13validate_vK8s_dashboard.png and /dev/null differ diff --git a/docs/class5/class7/images/14edit_deployment-updated.png b/docs/class5/class7/images/14edit_deployment-updated.png deleted file mode 100644 index 35f0589b..00000000 Binary files a/docs/class5/class7/images/14edit_deployment-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/14edit_deployment.png b/docs/class5/class7/images/14edit_deployment.png deleted file mode 100644 index e3f860bd..00000000 Binary files a/docs/class5/class7/images/14edit_deployment.png and /dev/null differ diff --git a/docs/class5/class7/images/15modify_deployment_spec-updated.png b/docs/class5/class7/images/15modify_deployment_spec-updated.png deleted file mode 100644 index 344a9e17..00000000 Binary files a/docs/class5/class7/images/15modify_deployment_spec-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/15modify_deployment_spec.png b/docs/class5/class7/images/15modify_deployment_spec.png deleted file mode 100644 index f66d48ea..00000000 Binary files a/docs/class5/class7/images/15modify_deployment_spec.png and /dev/null differ diff --git a/docs/class5/class7/images/16a_review_scaled_deployment--sites-with-error-updated.png b/docs/class5/class7/images/16a_review_scaled_deployment--sites-with-error-updated.png deleted file mode 100644 index 188d86cc..00000000 Binary files a/docs/class5/class7/images/16a_review_scaled_deployment--sites-with-error-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/16review_scaled_deployment-updated.png b/docs/class5/class7/images/16review_scaled_deployment-updated.png deleted file mode 100644 index 8ef9042b..00000000 Binary files a/docs/class5/class7/images/16review_scaled_deployment-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/16review_scaled_deployment.png b/docs/class5/class7/images/16review_scaled_deployment.png deleted file mode 100644 index 2ab0d0e4..00000000 Binary files a/docs/class5/class7/images/16review_scaled_deployment.png and /dev/null differ diff --git a/docs/class5/class7/images/17review_scaled_pods.png b/docs/class5/class7/images/17review_scaled_pods.png deleted file mode 100644 index 18179930..00000000 Binary files a/docs/class5/class7/images/17review_scaled_pods.png and /dev/null differ diff --git a/docs/class5/class7/images/18review_pods_information.png b/docs/class5/class7/images/18review_pods_information.png deleted file mode 100644 index 2e7354e7..00000000 Binary files a/docs/class5/class7/images/18review_pods_information.png and /dev/null differ diff --git a/docs/class5/class7/images/1access_distributed_apps_service_menu-updated.png b/docs/class5/class7/images/1access_distributed_apps_service_menu-updated.png deleted file mode 100644 index d7e56071..00000000 Binary files a/docs/class5/class7/images/1access_distributed_apps_service_menu-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/1access_distributed_apps_service_menu.png b/docs/class5/class7/images/1access_distributed_apps_service_menu.png deleted file mode 100644 index f0b1df16..00000000 Binary files a/docs/class5/class7/images/1access_distributed_apps_service_menu.png and /dev/null differ diff --git a/docs/class5/class7/images/2access_applications_vk8s-udpated.png b/docs/class5/class7/images/2access_applications_vk8s-udpated.png deleted file mode 100644 index d9b7dbd1..00000000 Binary files a/docs/class5/class7/images/2access_applications_vk8s-udpated.png and /dev/null differ diff --git a/docs/class5/class7/images/2access_applications_vk8s.png b/docs/class5/class7/images/2access_applications_vk8s.png deleted file mode 100644 index 9e877d9d..00000000 Binary files a/docs/class5/class7/images/2access_applications_vk8s.png and /dev/null differ diff --git a/docs/class5/class7/images/3review_vk8s_dashboard_sites-updated.png b/docs/class5/class7/images/3review_vk8s_dashboard_sites-updated.png deleted file mode 100644 index 3be20d48..00000000 Binary files a/docs/class5/class7/images/3review_vk8s_dashboard_sites-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/3review_vk8s_dashboard_sites.png b/docs/class5/class7/images/3review_vk8s_dashboard_sites.png deleted file mode 100644 index 2e5a191f..00000000 Binary files a/docs/class5/class7/images/3review_vk8s_dashboard_sites.png and /dev/null differ diff --git a/docs/class5/class7/images/4add_vk8s_workload-updated.png b/docs/class5/class7/images/4add_vk8s_workload-updated.png deleted file mode 100644 index b395eb2e..00000000 Binary files a/docs/class5/class7/images/4add_vk8s_workload-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/4add_vk8s_workload.png b/docs/class5/class7/images/4add_vk8s_workload.png deleted file mode 100644 index e0df3185..00000000 Binary files a/docs/class5/class7/images/4add_vk8s_workload.png and /dev/null differ diff --git a/docs/class5/class7/images/5workload_metadata_and_service-updated.png b/docs/class5/class7/images/5workload_metadata_and_service-updated.png deleted file mode 100644 index 59d348e8..00000000 Binary files a/docs/class5/class7/images/5workload_metadata_and_service-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/5workload_metadata_and_service.png b/docs/class5/class7/images/5workload_metadata_and_service.png deleted file mode 100644 index 2ece6714..00000000 Binary files a/docs/class5/class7/images/5workload_metadata_and_service.png and /dev/null differ diff --git a/docs/class5/class7/images/6add_container-updated.png b/docs/class5/class7/images/6add_container-updated.png deleted file mode 100644 index 73ec26c5..00000000 Binary files a/docs/class5/class7/images/6add_container-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/6add_container.png b/docs/class5/class7/images/6add_container.png deleted file mode 100644 index 21c97698..00000000 Binary files a/docs/class5/class7/images/6add_container.png and /dev/null differ diff --git a/docs/class5/class7/images/7container_config-updated.png b/docs/class5/class7/images/7container_config-updated.png deleted file mode 100644 index 6ba7529e..00000000 Binary files a/docs/class5/class7/images/7container_config-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/7container_config.png b/docs/class5/class7/images/7container_config.png deleted file mode 100644 index 62927516..00000000 Binary files a/docs/class5/class7/images/7container_config.png and /dev/null differ diff --git a/docs/class5/class7/images/8deploy_options-updated.png b/docs/class5/class7/images/8deploy_options-updated.png deleted file mode 100644 index 3bd8033b..00000000 Binary files a/docs/class5/class7/images/8deploy_options-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/8deploy_options.png b/docs/class5/class7/images/8deploy_options.png deleted file mode 100644 index 78043eb4..00000000 Binary files a/docs/class5/class7/images/8deploy_options.png and /dev/null differ diff --git a/docs/class5/class7/images/9select_customer_site-updated.png b/docs/class5/class7/images/9select_customer_site-updated.png deleted file mode 100644 index 15b3008f..00000000 Binary files a/docs/class5/class7/images/9select_customer_site-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/9select_customer_site.png b/docs/class5/class7/images/9select_customer_site.png deleted file mode 100644 index 9c11128f..00000000 Binary files a/docs/class5/class7/images/9select_customer_site.png and /dev/null differ diff --git a/docs/class5/class7/images/Event_Order_HTTPS_v7.png b/docs/class5/class7/images/Event_Order_HTTPS_v7.png deleted file mode 100644 index 269beff5..00000000 Binary files a/docs/class5/class7/images/Event_Order_HTTPS_v7.png and /dev/null differ diff --git a/docs/class5/class7/images/Event_Order_HTTP_v12.png b/docs/class5/class7/images/Event_Order_HTTP_v12.png deleted file mode 100644 index 74e7161f..00000000 Binary files a/docs/class5/class7/images/Event_Order_HTTP_v12.png and /dev/null differ diff --git a/docs/class5/class7/images/advanced-stream.png b/docs/class5/class7/images/advanced-stream.png deleted file mode 100644 index 2eb339c2..00000000 Binary files a/docs/class5/class7/images/advanced-stream.png and /dev/null differ diff --git a/docs/class5/class7/images/bigip_login.png b/docs/class5/class7/images/bigip_login.png deleted file mode 100644 index 9f9e45a7..00000000 Binary files a/docs/class5/class7/images/bigip_login.png and /dev/null differ diff --git a/docs/class5/class7/images/dasboard.png b/docs/class5/class7/images/dasboard.png deleted file mode 100644 index 7c5e0324..00000000 Binary files a/docs/class5/class7/images/dasboard.png and /dev/null differ diff --git a/docs/class5/class7/images/deployments.png b/docs/class5/class7/images/deployments.png deleted file mode 100644 index 4c23d778..00000000 Binary files a/docs/class5/class7/images/deployments.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclick-updated.png b/docs/class5/class7/images/distributedappclick-updated.png deleted file mode 100644 index b06f21f1..00000000 Binary files a/docs/class5/class7/images/distributedappclick-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclick.png b/docs/class5/class7/images/distributedappclick.png deleted file mode 100644 index abf991d9..00000000 Binary files a/docs/class5/class7/images/distributedappclick.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclickaddvirtualk8s.png b/docs/class5/class7/images/distributedappclickaddvirtualk8s.png deleted file mode 100644 index 000f41a8..00000000 Binary files a/docs/class5/class7/images/distributedappclickaddvirtualk8s.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclickagilityk8svsite.png b/docs/class5/class7/images/distributedappclickagilityk8svsite.png deleted file mode 100644 index 437d0fba..00000000 Binary files a/docs/class5/class7/images/distributedappclickagilityk8svsite.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclickvirtualk8kubeconfig-updated.png b/docs/class5/class7/images/distributedappclickvirtualk8kubeconfig-updated.png deleted file mode 100644 index 2c9fc080..00000000 Binary files a/docs/class5/class7/images/distributedappclickvirtualk8kubeconfig-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclickvirtualk8kubeconfig.png b/docs/class5/class7/images/distributedappclickvirtualk8kubeconfig.png deleted file mode 100644 index c21e8fee..00000000 Binary files a/docs/class5/class7/images/distributedappclickvirtualk8kubeconfig.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclickvirtualk8kubeconfigexperitation.png b/docs/class5/class7/images/distributedappclickvirtualk8kubeconfigexperitation.png deleted file mode 100644 index 0dd92630..00000000 Binary files a/docs/class5/class7/images/distributedappclickvirtualk8kubeconfigexperitation.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclickvirtualk8s.png b/docs/class5/class7/images/distributedappclickvirtualk8s.png deleted file mode 100644 index 19cd0464..00000000 Binary files a/docs/class5/class7/images/distributedappclickvirtualk8s.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclickvirtualk8ssettings.png b/docs/class5/class7/images/distributedappclickvirtualk8ssettings.png deleted file mode 100644 index ddc3fd80..00000000 Binary files a/docs/class5/class7/images/distributedappclickvirtualk8ssettings.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclickvirtualk8ssettings2.png b/docs/class5/class7/images/distributedappclickvirtualk8ssettings2.png deleted file mode 100644 index b3b1faf9..00000000 Binary files a/docs/class5/class7/images/distributedappclickvirtualk8ssettings2.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclickvirtualk8ssettings3.png b/docs/class5/class7/images/distributedappclickvirtualk8ssettings3.png deleted file mode 100644 index d40d053f..00000000 Binary files a/docs/class5/class7/images/distributedappclickvirtualk8ssettings3.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclickvirtualk8sstatus-in-progress.png b/docs/class5/class7/images/distributedappclickvirtualk8sstatus-in-progress.png deleted file mode 100644 index 862307b1..00000000 Binary files a/docs/class5/class7/images/distributedappclickvirtualk8sstatus-in-progress.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclickvirtualk8sstatus-updated.png b/docs/class5/class7/images/distributedappclickvirtualk8sstatus-updated.png deleted file mode 100644 index 9d4e54ce..00000000 Binary files a/docs/class5/class7/images/distributedappclickvirtualk8sstatus-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclickvirtualk8sstatus.png b/docs/class5/class7/images/distributedappclickvirtualk8sstatus.png deleted file mode 100644 index 3977ed06..00000000 Binary files a/docs/class5/class7/images/distributedappclickvirtualk8sstatus.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclickvirtualsite.png b/docs/class5/class7/images/distributedappclickvirtualsite.png deleted file mode 100644 index 32250c02..00000000 Binary files a/docs/class5/class7/images/distributedappclickvirtualsite.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclickvpcsiteone.png b/docs/class5/class7/images/distributedappclickvpcsiteone.png deleted file mode 100644 index c931a342..00000000 Binary files a/docs/class5/class7/images/distributedappclickvpcsiteone.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclickvpcsiteoneexploresite-updated.png b/docs/class5/class7/images/distributedappclickvpcsiteoneexploresite-updated.png deleted file mode 100644 index b2d09d5f..00000000 Binary files a/docs/class5/class7/images/distributedappclickvpcsiteoneexploresite-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclickvpcsiteoneexploresite.png b/docs/class5/class7/images/distributedappclickvpcsiteoneexploresite.png deleted file mode 100644 index 497cda03..00000000 Binary files a/docs/class5/class7/images/distributedappclickvpcsiteoneexploresite.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclickvpcsiteoneexploresite2-updated.png b/docs/class5/class7/images/distributedappclickvpcsiteoneexploresite2-updated.png deleted file mode 100644 index f3cc9dfd..00000000 Binary files a/docs/class5/class7/images/distributedappclickvpcsiteoneexploresite2-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappclickvpcsiteoneexploresite2.png b/docs/class5/class7/images/distributedappclickvpcsiteoneexploresite2.png deleted file mode 100644 index 2247ec4c..00000000 Binary files a/docs/class5/class7/images/distributedappclickvpcsiteoneexploresite2.png and /dev/null differ diff --git a/docs/class5/class7/images/distributedappprompts.png b/docs/class5/class7/images/distributedappprompts.png deleted file mode 100644 index 0fbaa09a..00000000 Binary files a/docs/class5/class7/images/distributedappprompts.png and /dev/null differ diff --git a/docs/class5/class7/images/firefox_developer.png b/docs/class5/class7/images/firefox_developer.png deleted file mode 100644 index b17930b2..00000000 Binary files a/docs/class5/class7/images/firefox_developer.png and /dev/null differ diff --git a/docs/class5/class7/images/globalkubeconfig.png b/docs/class5/class7/images/globalkubeconfig.png deleted file mode 100644 index 58ea9910..00000000 Binary files a/docs/class5/class7/images/globalkubeconfig.png and /dev/null differ diff --git a/docs/class5/class7/images/intro-008-updated.png b/docs/class5/class7/images/intro-008-updated.png deleted file mode 100644 index 1c6e9cdc..00000000 Binary files a/docs/class5/class7/images/intro-008-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/intro-008.png b/docs/class5/class7/images/intro-008.png deleted file mode 100644 index 33274914..00000000 Binary files a/docs/class5/class7/images/intro-008.png and /dev/null differ diff --git a/docs/class5/class7/images/intro-009-updated.png b/docs/class5/class7/images/intro-009-updated.png deleted file mode 100644 index 47a2133b..00000000 Binary files a/docs/class5/class7/images/intro-009-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/intro-009.png b/docs/class5/class7/images/intro-009.png deleted file mode 100644 index 5e88bdd8..00000000 Binary files a/docs/class5/class7/images/intro-009.png and /dev/null differ diff --git a/docs/class5/class7/images/irule_create.png b/docs/class5/class7/images/irule_create.png deleted file mode 100644 index edb017d0..00000000 Binary files a/docs/class5/class7/images/irule_create.png and /dev/null differ diff --git a/docs/class5/class7/images/it_works.png b/docs/class5/class7/images/it_works.png deleted file mode 100644 index c1ba9148..00000000 Binary files a/docs/class5/class7/images/it_works.png and /dev/null differ diff --git a/docs/class5/class7/images/kubeconfigexpirydate.png b/docs/class5/class7/images/kubeconfigexpirydate.png deleted file mode 100644 index 42a806df..00000000 Binary files a/docs/class5/class7/images/kubeconfigexpirydate.png and /dev/null differ diff --git a/docs/class5/class7/images/lab1-irules-add.png b/docs/class5/class7/images/lab1-irules-add.png deleted file mode 100644 index 7e1158c6..00000000 Binary files a/docs/class5/class7/images/lab1-irules-add.png and /dev/null differ diff --git a/docs/class5/class7/images/lab2-irules-add.png b/docs/class5/class7/images/lab2-irules-add.png deleted file mode 100644 index 24e03a17..00000000 Binary files a/docs/class5/class7/images/lab2-irules-add.png and /dev/null differ diff --git a/docs/class5/class7/images/lab2_verify-remove.png b/docs/class5/class7/images/lab2_verify-remove.png deleted file mode 100644 index 1ac856e7..00000000 Binary files a/docs/class5/class7/images/lab2_verify-remove.png and /dev/null differ diff --git a/docs/class5/class7/images/lab2_verify.png b/docs/class5/class7/images/lab2_verify.png deleted file mode 100644 index d4e22dfb..00000000 Binary files a/docs/class5/class7/images/lab2_verify.png and /dev/null differ diff --git a/docs/class5/class7/images/lab3-irules-add-https.png b/docs/class5/class7/images/lab3-irules-add-https.png deleted file mode 100644 index 78c7bffd..00000000 Binary files a/docs/class5/class7/images/lab3-irules-add-https.png and /dev/null differ diff --git a/docs/class5/class7/images/lab3-irules-add.png b/docs/class5/class7/images/lab3-irules-add.png deleted file mode 100644 index 92102e96..00000000 Binary files a/docs/class5/class7/images/lab3-irules-add.png and /dev/null differ diff --git a/docs/class5/class7/images/lab3_verify.png b/docs/class5/class7/images/lab3_verify.png deleted file mode 100644 index adc586fa..00000000 Binary files a/docs/class5/class7/images/lab3_verify.png and /dev/null differ diff --git a/docs/class5/class7/images/lab4-irules-add.png b/docs/class5/class7/images/lab4-irules-add.png deleted file mode 100644 index ec7ddef6..00000000 Binary files a/docs/class5/class7/images/lab4-irules-add.png and /dev/null differ diff --git a/docs/class5/class7/images/m-add-http-menu.png b/docs/class5/class7/images/m-add-http-menu.png deleted file mode 100644 index 83b7cb49..00000000 Binary files a/docs/class5/class7/images/m-add-http-menu.png and /dev/null differ diff --git a/docs/class5/class7/images/m-add-http.png b/docs/class5/class7/images/m-add-http.png deleted file mode 100644 index bbae4ac3..00000000 Binary files a/docs/class5/class7/images/m-add-http.png and /dev/null differ diff --git a/docs/class5/class7/images/m-add-origin-server-updated.png b/docs/class5/class7/images/m-add-origin-server-updated.png deleted file mode 100644 index 43148070..00000000 Binary files a/docs/class5/class7/images/m-add-origin-server-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/m-add-origin-server.png b/docs/class5/class7/images/m-add-origin-server.png deleted file mode 100644 index 84d4f1ec..00000000 Binary files a/docs/class5/class7/images/m-add-origin-server.png and /dev/null differ diff --git a/docs/class5/class7/images/m-http-basic-updated.png b/docs/class5/class7/images/m-http-basic-updated.png deleted file mode 100644 index 094abedf..00000000 Binary files a/docs/class5/class7/images/m-http-basic-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/m-http-basic.png b/docs/class5/class7/images/m-http-basic.png deleted file mode 100644 index 5bb3cb57..00000000 Binary files a/docs/class5/class7/images/m-http-basic.png and /dev/null differ diff --git a/docs/class5/class7/images/m-http-name.png b/docs/class5/class7/images/m-http-name.png deleted file mode 100644 index 59b9a6f1..00000000 Binary files a/docs/class5/class7/images/m-http-name.png and /dev/null differ diff --git a/docs/class5/class7/images/m-http-page.png b/docs/class5/class7/images/m-http-page.png deleted file mode 100644 index 1acd388e..00000000 Binary files a/docs/class5/class7/images/m-http-page.png and /dev/null differ diff --git a/docs/class5/class7/images/m-http-status-updated.png b/docs/class5/class7/images/m-http-status-updated.png deleted file mode 100644 index 00629069..00000000 Binary files a/docs/class5/class7/images/m-http-status-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/m-http-status.png b/docs/class5/class7/images/m-http-status.png deleted file mode 100644 index f6ba93ee..00000000 Binary files a/docs/class5/class7/images/m-http-status.png and /dev/null differ diff --git a/docs/class5/class7/images/m-origin-pool-name.png b/docs/class5/class7/images/m-origin-pool-name.png deleted file mode 100644 index a468a58a..00000000 Binary files a/docs/class5/class7/images/m-origin-pool-name.png and /dev/null differ diff --git a/docs/class5/class7/images/m-origin-pool.png b/docs/class5/class7/images/m-origin-pool.png deleted file mode 100644 index 54d1c2a6..00000000 Binary files a/docs/class5/class7/images/m-origin-pool.png and /dev/null differ diff --git a/docs/class5/class7/images/m-security-configuration-updated.png b/docs/class5/class7/images/m-security-configuration-updated.png deleted file mode 100644 index 367b9bbc..00000000 Binary files a/docs/class5/class7/images/m-security-configuration-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/m-security-configuration.png b/docs/class5/class7/images/m-security-configuration.png deleted file mode 100644 index 2d507015..00000000 Binary files a/docs/class5/class7/images/m-security-configuration.png and /dev/null differ diff --git a/docs/class5/class7/images/m-select-origin-pool-updated.png b/docs/class5/class7/images/m-select-origin-pool-updated.png deleted file mode 100644 index 9279f282..00000000 Binary files a/docs/class5/class7/images/m-select-origin-pool-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/m-select-origin-pool.png b/docs/class5/class7/images/m-select-origin-pool.png deleted file mode 100644 index d8256cc6..00000000 Binary files a/docs/class5/class7/images/m-select-origin-pool.png and /dev/null differ diff --git a/docs/class5/class7/images/m3-add-origin-pool.png b/docs/class5/class7/images/m3-add-origin-pool.png deleted file mode 100644 index 35e9b9a7..00000000 Binary files a/docs/class5/class7/images/m3-add-origin-pool.png and /dev/null differ diff --git a/docs/class5/class7/images/m3-add-origin-pools.png b/docs/class5/class7/images/m3-add-origin-pools.png deleted file mode 100644 index 086f89c2..00000000 Binary files a/docs/class5/class7/images/m3-add-origin-pools.png and /dev/null differ diff --git a/docs/class5/class7/images/m3-add-origin-server-updated.png b/docs/class5/class7/images/m3-add-origin-server-updated.png deleted file mode 100644 index 96ca8cdb..00000000 Binary files a/docs/class5/class7/images/m3-add-origin-server-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/m3-add-origin-server.png b/docs/class5/class7/images/m3-add-origin-server.png deleted file mode 100644 index 1cbe3d23..00000000 Binary files a/docs/class5/class7/images/m3-add-origin-server.png and /dev/null differ diff --git a/docs/class5/class7/images/m3-origin-pool-name-updated.png b/docs/class5/class7/images/m3-origin-pool-name-updated.png deleted file mode 100644 index 699de4a9..00000000 Binary files a/docs/class5/class7/images/m3-origin-pool-name-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/m3-origin-pool.png b/docs/class5/class7/images/m3-origin-pool.png deleted file mode 100644 index 54d1c2a6..00000000 Binary files a/docs/class5/class7/images/m3-origin-pool.png and /dev/null differ diff --git a/docs/class5/class7/images/manage_irule.png b/docs/class5/class7/images/manage_irule.png deleted file mode 100644 index 01423aa3..00000000 Binary files a/docs/class5/class7/images/manage_irule.png and /dev/null differ diff --git a/docs/class5/class7/images/managedk8s.png b/docs/class5/class7/images/managedk8s.png deleted file mode 100644 index 60940b16..00000000 Binary files a/docs/class5/class7/images/managedk8s.png and /dev/null differ diff --git a/docs/class5/class7/images/namespaces.png b/docs/class5/class7/images/namespaces.png deleted file mode 100644 index 724705d7..00000000 Binary files a/docs/class5/class7/images/namespaces.png and /dev/null differ diff --git a/docs/class5/class7/images/nodes.png b/docs/class5/class7/images/nodes.png deleted file mode 100644 index ad954290..00000000 Binary files a/docs/class5/class7/images/nodes.png and /dev/null differ diff --git a/docs/class5/class7/images/origin-pool.png b/docs/class5/class7/images/origin-pool.png deleted file mode 100644 index b332288d..00000000 Binary files a/docs/class5/class7/images/origin-pool.png and /dev/null differ diff --git a/docs/class5/class7/images/pods.png b/docs/class5/class7/images/pods.png deleted file mode 100644 index c8a12ade..00000000 Binary files a/docs/class5/class7/images/pods.png and /dev/null differ diff --git a/docs/class5/class7/images/resources.png b/docs/class5/class7/images/resources.png deleted file mode 100644 index 26ad9809..00000000 Binary files a/docs/class5/class7/images/resources.png and /dev/null differ diff --git a/docs/class5/class7/images/select_vs.png b/docs/class5/class7/images/select_vs.png deleted file mode 100644 index d5146033..00000000 Binary files a/docs/class5/class7/images/select_vs.png and /dev/null differ diff --git a/docs/class5/class7/images/select_vs_https.png b/docs/class5/class7/images/select_vs_https.png deleted file mode 100644 index f5f3839e..00000000 Binary files a/docs/class5/class7/images/select_vs_https.png and /dev/null differ diff --git a/docs/class5/class7/images/services.png b/docs/class5/class7/images/services.png deleted file mode 100644 index 27b8db36..00000000 Binary files a/docs/class5/class7/images/services.png and /dev/null differ diff --git a/docs/class5/class7/images/test_sites.png b/docs/class5/class7/images/test_sites.png deleted file mode 100644 index 69df1972..00000000 Binary files a/docs/class5/class7/images/test_sites.png and /dev/null differ diff --git a/docs/class5/class7/images/websrv_output.png b/docs/class5/class7/images/websrv_output.png deleted file mode 100644 index 7e9c49cb..00000000 Binary files a/docs/class5/class7/images/websrv_output.png and /dev/null differ diff --git a/docs/class5/class7/images/xcconsoleaccountprofile.png b/docs/class5/class7/images/xcconsoleaccountprofile.png deleted file mode 100644 index 0de197f5..00000000 Binary files a/docs/class5/class7/images/xcconsoleaccountprofile.png and /dev/null differ diff --git a/docs/class5/class7/images/xcconsoleclickdns-updated.png b/docs/class5/class7/images/xcconsoleclickdns-updated.png deleted file mode 100644 index aa52d63c..00000000 Binary files a/docs/class5/class7/images/xcconsoleclickdns-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/xcconsoleclickdns.png b/docs/class5/class7/images/xcconsoleclickdns.png deleted file mode 100644 index 2402a104..00000000 Binary files a/docs/class5/class7/images/xcconsoleclickdns.png and /dev/null differ diff --git a/docs/class5/class7/images/xcconsoleclickdomain-updated.png b/docs/class5/class7/images/xcconsoleclickdomain-updated.png deleted file mode 100644 index e857089f..00000000 Binary files a/docs/class5/class7/images/xcconsoleclickdomain-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/xcconsoleclickdomain.png b/docs/class5/class7/images/xcconsoleclickdomain.png deleted file mode 100644 index b083c77d..00000000 Binary files a/docs/class5/class7/images/xcconsoleclickdomain.png and /dev/null differ diff --git a/docs/class5/class7/images/xcconsolenamespace.png b/docs/class5/class7/images/xcconsolenamespace.png deleted file mode 100644 index cdb6c2bd..00000000 Binary files a/docs/class5/class7/images/xcconsolenamespace.png and /dev/null differ diff --git a/docs/class5/class7/images/xcconsolenamespace2.png b/docs/class5/class7/images/xcconsolenamespace2.png deleted file mode 100644 index c1f43e03..00000000 Binary files a/docs/class5/class7/images/xcconsolenamespace2.png and /dev/null differ diff --git a/docs/class5/class7/images/xcconsolepromt.png b/docs/class5/class7/images/xcconsolepromt.png deleted file mode 100644 index 6408a9a0..00000000 Binary files a/docs/class5/class7/images/xcconsolepromt.png and /dev/null differ diff --git a/docs/class5/class7/images/xchomepage.png b/docs/class5/class7/images/xchomepage.png deleted file mode 100644 index 620ce9d7..00000000 Binary files a/docs/class5/class7/images/xchomepage.png and /dev/null differ diff --git a/docs/class5/class7/images/xclogon.png b/docs/class5/class7/images/xclogon.png deleted file mode 100644 index f6df89cd..00000000 Binary files a/docs/class5/class7/images/xclogon.png and /dev/null differ diff --git a/docs/class5/class7/images/xclogonacceptterms.png b/docs/class5/class7/images/xclogonacceptterms.png deleted file mode 100644 index f51d6d1a..00000000 Binary files a/docs/class5/class7/images/xclogonacceptterms.png and /dev/null differ diff --git a/docs/class5/class7/images/xclogonaccountsettings.png b/docs/class5/class7/images/xclogonaccountsettings.png deleted file mode 100644 index 17115de2..00000000 Binary files a/docs/class5/class7/images/xclogonaccountsettings.png and /dev/null differ diff --git a/docs/class5/class7/images/xclogonlogin.png b/docs/class5/class7/images/xclogonlogin.png deleted file mode 100644 index 05ccfb5c..00000000 Binary files a/docs/class5/class7/images/xclogonlogin.png and /dev/null differ diff --git a/docs/class5/class7/images/xclogonoemailupdatepass.png b/docs/class5/class7/images/xclogonoemailupdatepass.png deleted file mode 100644 index 7705e272..00000000 Binary files a/docs/class5/class7/images/xclogonoemailupdatepass.png and /dev/null differ diff --git a/docs/class5/class7/images/xclogonopass.png b/docs/class5/class7/images/xclogonopass.png deleted file mode 100644 index be4073c8..00000000 Binary files a/docs/class5/class7/images/xclogonopass.png and /dev/null differ diff --git a/docs/class5/class7/images/xclogonsetlevel.png b/docs/class5/class7/images/xclogonsetlevel.png deleted file mode 100644 index e9a5e30a..00000000 Binary files a/docs/class5/class7/images/xclogonsetlevel.png and /dev/null differ diff --git a/docs/class5/class7/images/xclogonsetpersona.png b/docs/class5/class7/images/xclogonsetpersona.png deleted file mode 100644 index 113a42e7..00000000 Binary files a/docs/class5/class7/images/xclogonsetpersona.png and /dev/null differ diff --git a/docs/class5/class7/images/xclogontenantname-updated.png b/docs/class5/class7/images/xclogontenantname-updated.png deleted file mode 100644 index 282c72b7..00000000 Binary files a/docs/class5/class7/images/xclogontenantname-updated.png and /dev/null differ diff --git a/docs/class5/class7/images/xclogontenantname.png b/docs/class5/class7/images/xclogontenantname.png deleted file mode 100644 index 12dde250..00000000 Binary files a/docs/class5/class7/images/xclogontenantname.png and /dev/null differ diff --git a/docs/class5/class7/module1/lab1.rst b/docs/class5/class7/module1/lab1.rst deleted file mode 100644 index 5ccf6272..00000000 --- a/docs/class5/class7/module1/lab1.rst +++ /dev/null @@ -1,142 +0,0 @@ -Lab 1 - Explore F5 Distributed Cloud Console --------------------------------------------- - -Welcome to F5 Distributed Cloud Application 301. - -The following Exercises will guide you through the initial -access requirements for this multi-part lab. Lab attendees should have received an invitation -(which requests you update your password for access) email to the lab environment. Please check -the email address used for course registration and its associated spam folders to see if the -invitation email has been received. If you have not received an email, please contact a member -of the lab team. - -The F5 Distributed Cloud Console, where a majority of all lab tasks will be conducted, is a SaaS -based control-plane for services which provides a GUI and API for managing network, security, and -compute services. The F5 Distributed Cloud Console can manage "sites" in existing on-premises, -private data centers and sites within AWS, Azure, and GCP public cloud environments. - - -In this lab, we will learn the following: - -• Log into the F5 Distributed CLoud Console. - -• Review account profile - -• Identify your namespace and your delegated domain name - - -.. NOTE:: - - The delegated Domain Name should be captured/written down as it will be used later in the lab - - Basic Kubernetes knowledge is recommended - -**Core concepts** - - *Tenant* - `Tenant is an entity that is the owner of a given set of configuration and infrastructure. Tenant is the owner of all - configuration objects that a user with given tenant-id has created. Tenant is the fundamental concept of isolation, and a - tenant cannot access any objects or infrastructure of other tenants.` - - *Namespaces* - `Tenant’s configuration objects are grouped under namespaces. Namespaces can be thought of as administrative domains. - All the objects of the same kind need to have unique names in a given namespace. Namespace themselves must be unique - within a tenant. In this document namespace will be referred as /, which will be globally unique.` - - For more core concepts, please review `F5 Distributed Cloud documentation `_ - -**Exercise 1 - Log into F5 Distributed Cloud Console** - -.. NOTE:: - Once you join the UDF session, your UDF deployment will start and create an ephemeral account on the F5 Distributed Cloud console (this may take 5-10min) - - -#. Once your ephemeral account is created, you will receive an email to update your password. - - .. image:: ../images/xclogonoemailupdatepass.png - :width: 250pt - -#. Upon the first login, you will be prompted to change your password. - - .. image:: ../images/xclogonopass.png - :width: 250pt - -#. After setting your login credentials, click login. - - .. image:: ../images/xclogon.png - -#. Upon password update completion, you will be redirected to the F5 Distributed Cloud Console login. You will need to enter the lab tenant name *f5-xc-lab-app* and then click **Next**. Then enter your email and password and click **Log in** - -.. NOTE:: - A tenant in the F5 Distributed Cloud console is a similar construct as an account in AWS or GCP terms. - - .. image:: ../images/xclogontenantname-updated.png - :width: 250pt - - .. image:: ../images/xclogonlogin.png - :width: 250pt - -#. You must click **Accept and Agree** to the terms. - - .. image:: ../images/xclogonacceptterms.png - :width: 250pt - -#. Now, you will need to set the persona and the skill level to access the console. - - .. image:: ../images/xclogonsetpersona.png - :width: 400pt - - .. image:: ../images/xclogonsetlevel.png - :width: 400pt - -#. Finally, navigate through the initial prompts. - - .. image:: ../images/xcconsolepromt.png - :width: 400pt - - - -**Exercise 2 - Explore F5 Distributed Cloud Console** - - .. NOTE:: - For the purposes of this lab, permissions have been restricted to lab operations. Some menus will be locked and not visible. - -#. You can adjust your work domains and skill level (not required) by clicking on the **Account** icon in the top right of the screen and then clicking on **Account Settings**. - - .. image:: ../images/xclogonaccountsettings.png - :width: 400pt - -#. In the resulting window you can observe the **Work domains and skill level** section and other administrative functions. - - -#. Namespaces, which provide an environment for isolating configured applications or enforcing role-based - access controls, are leveraged within the F5 Distributed Cloud Console. For the purposes of this lab, - each lab attendee has been provided a unique **namespace** which you will defaulted to (in terms of GUI navigation) - for all tasks performed through the course of this lab. - -#. Click on the **Select Service** in the left-hand navigation. In the resulting fly out navigation, click **Multi-Cloud App Connect**. - - .. image:: ../images/intro-008-updated.png - :width: 400pt - -#. In the **Multi-Cloud App Connect** configuration screen observe the URL. In the URI path, locate the **** - namespace that you have been assigned. It will be located in the portion of the URI path - between */namespaces/* and */sites/* as shown in this example **…/namespaces//sites/…**. - Note the namespace as it will be used throughout the lab tasks that follow. - - .. image:: ../images/intro-009-updated.png - :width: 400pt - -#. Click on the **Select Service** navigation menu, then click the **DNS Management** tile. - - .. image:: ../images/xcconsoleclickdns-updated.png - :width: 400pt - -#. Please note the delegated domain name - - .. image:: ../images/xcconsoleclickdomain-updated.png - :width: 400pt - - .. NOTE:: - - Your namespace name should captured/written down as it will be referenced later in the labs - - A namespace is a Kubernetes construct. For more Kubernetes concepts, please review `Kubernetes Documentation `_ - - The delegated Domain Name should be captured/written down, as it will be leveraged later in the lab. - diff --git a/docs/class5/class7/module1/lab2.rst b/docs/class5/class7/module1/lab2.rst deleted file mode 100644 index 51d2608e..00000000 --- a/docs/class5/class7/module1/lab2.rst +++ /dev/null @@ -1,104 +0,0 @@ -Lab 2 - Create a Virtual Kubernetes Cluster -------------------------------------------- - -F5 Distributed Cloud App Stack is a SaaS-based offering to deploy, secure, and operate a fleet of applications across the distributed infrastructure in multi-cloud or edge environments. It can scale to a large number of clusters and locations with centralized orchestration, observability, and operations to reduce the complexity of managing a fleet of distributed clusters. - -In this lab, we will learn the following: - -• Access the **Distributed Apps** service in the F5 Distributed Cloud console - -• Create a Virtual Kubernetes Cluster (Virtual K8s) to run a demo app - -**Core concepts** - - *Virtual K8s (vK8s)* - `vK8s refers to a virtual Kubernetes cluster. F5 Distributed Cloud Services support a Kubernetes compatible API for centralized orchestration of applications across a fleet of sites - (customer sites or F5 Distributed Cloud Regional Edge). This API is considered “Kubernetes compatible”, because not all Kubernetes APIs or resources - are supported. However, for the API(s) that are supported, it is 100% compatible. We have implemented a distributed control - plane within our global infrastructure to manage scheduling and scaling of applications across multiple (tens to hundreds of thousands of) - sites, where each site in itself is also a managed physical K8s cluster.` - - *Virtual Sites* - `vK8s objects have a reference to the virtual-site which selects the sites on which the application can be deployed, secured, and operated. - The virtual-site reference of vK8s is used as the default virtual-site for the given vK8s.` - - For more core concepts, please review `F5 Distributed Cloud documentation `_ - -**Exercise 1 - Explore sites and virtual site** - -#. Select the **Distributed Apps** tile on the F5 Distributed Cloud Services home page. - - .. image:: ../images/distributedappclick.png - :width: 400pt - -#. Within the Distributed Apps side menu and under **Applications**, click on **Virtual Sites**. - - .. image:: ../images/distributedappclickvirtualsite.png - :width: 250pt - - -#. Locate the Virtual Site named *agility-k8s-vsite*. - - .. NOTE:: - For this lab, we have provisioned a Virtual Site called *agility-k8s-vsite* to save time - - .. image:: ../images/distributedappclickagilityk8svsite.png - :width: 400pt - -#. Virtual site *agility-k8s-vsite* contains three customer edge sites. As mentioned in the core concepts section, a virtual site is a construct that - selects the sites on which the application can be deployed, secured, and operated. All workloads assigned to site *agility-k8s-vsite* will be - replicated across all three sites. Select **agility-vpc-site-one** - - .. image:: ../images/distributedappclickvpcsiteone.png - :width: 400pt - -#. You can see a summary of stats and configurations for site *agility-vpc-site-one*. Notice the labels used to deploy the site. Can you guess where - this customer edge site is deployed? We can see by the labels that this site is deployed on the Google Cloud Platform (GCP). You can deploy a - customer edge site on ANY major cloud provider and also on-prem. Click on **agility-vpc-site-one** to see more details about the customer edge site. - - .. image:: ../images/distributedappclickvpcsiteoneexploresite-updated.png - :width: 400pt - -#. You can get a lot of helpful information for site *agility-vpc-site-one* and its workloads, including application metrics, number of Pods, - deployment status, etc. Spend some time exploring the different tabs. Of course, there is no information because we have not deployed any workload on this site. - - .. image:: ../images/distributedappclickvpcsiteoneexploresite2-updated.png - :width: 400pt - -**Exercise 2 - Create a Virtual K8s** - -#. In the left-hand side of the console, click **Virtual K8s** under the **Applications** section. - - .. image:: ../images/distributedappclickvirtualk8s.png - :width: 250pt - -#. There are currently no Virtual K8s, so let's create one! Click **Add Virtual K8s** - - .. image:: ../images/distributedappclickaddvirtualk8s.png - :width: 250pt - -#. Enter the site **Name** using your Firstname initial and Lastname altogether and append "-vk8" at the end. Ex: For Andrew Smith, the site name will be *"asmith-vk8"* (without the quotes!) - - .. image:: ../images/distributedappclickvirtualk8ssettings.png - :width: 600pt - -#. Click the **Add Item** button in the *Virtual Sites* section - - .. image:: ../images/distributedappclickvirtualk8ssettings2.png - :width: 450pt - -#. Select the `shared/agility-k8s-vsite` site from the dropdown. - - .. image:: ../images/distributedappclickvirtualk8ssettings3.png - :width: 450pt - -#. Click the **Save and Exit** button at the bottom of the page. - -#. Wait for your virtual K8s current state to show as *Ready* (this can take 5 minutes or more). This is your virtual Kubernetes cluster assigned to the virtual site *agility-k8s-vsite*. - As you already know, virtual site *agility-k8s-vsite* has three sites (*agility-vpc-site-one*, *agility-vpc-site-two*, *agility-vpc-site-three*) - - .. image:: ../images/distributedappclickvirtualk8sstatus-in-progress.png - :width: 600pt - - .. image:: ../images/distributedappclickvirtualk8sstatus-updated.png - :width: 600pt diff --git a/docs/class5/class7/module1/lab3.rst b/docs/class5/class7/module1/lab3.rst deleted file mode 100644 index c07347a7..00000000 --- a/docs/class5/class7/module1/lab3.rst +++ /dev/null @@ -1,37 +0,0 @@ -Lab 3 - Configure your local kubectl to access your virtual K8s (Optional) -------------------------------------------------------------------------- - -In this lab, we will learn the following: - -• Download the kubeconfig file to access your virtual k8s - -**Exercise 1 - Log into F5 Distributed Cloud Console** - - -#. Click the distributed apps tile on the F5 Distributed Cloud Services home page. - - .. image:: ../images/distributedappclick-updated.png - :width: 400pt - -#. Click virtual K8s under the applications section. - - .. image:: ../images/distributedappclickvirtualk8s.png - :width: 180pt - -#. Click the three dots under the "Action" column and then click **Kubeconfig**. - - .. image:: ../images/distributedappclickvirtualk8kubeconfig-updated.png - :width: 650pt - -#. When prompted to select an expiration date, pick a future date that will give you adequate time to complete the lab. - - .. image:: ../images/kubeconfigexpirydate.png - :width: 650pt - -#. If your browser prompts you for a location to download the file, select a directory you prefer and click **Save**. - -#. Click the config kubeconfig is downloaded, and follow the Kubernetes documentation to configure your local kubctl tool. - - `Organizing Cluster Access Using kubeconfig Files `_ - -#. Once you have configured your local kubectl tool, you will be able to manage your virtual k8s using kubectl commands. diff --git a/docs/class5/class7/module1/module1.rst b/docs/class5/class7/module1/module1.rst deleted file mode 100644 index 892b5e6c..00000000 --- a/docs/class5/class7/module1/module1.rst +++ /dev/null @@ -1,10 +0,0 @@ -Module 1: The Basics -==================== - -Here we'll start with the basics of platform. We will start with exploring the F5 Distributed Cloud Console. We will next observe the infrastructure components that have been pre-built for this lab and then proceed to configurat a virtual K8s cluster. - -.. toctree:: - :maxdepth: 1 - :glob: - - lab* diff --git a/docs/class5/class7/module2/lab1.rst b/docs/class5/class7/module2/lab1.rst deleted file mode 100644 index 4a324c66..00000000 --- a/docs/class5/class7/module2/lab1.rst +++ /dev/null @@ -1,118 +0,0 @@ -Lab 1 - Review vK8s Cluster and Deploy vK8s Workload ----------------------------------------------------- - -.. F5 Distributed Cloud App Stack is a SaaS-based offering to deploy, secure, and operate a fleet of applications across the distributed infrastructure in multi-cloud or edge. It can scale to a large number of clusters and locations with centralized orchestration, observability, and operations to reduce the complexity of managing a fleet of distributed clusters. - -In this lab, we will learn the following: - -• Review the previously-created Virtual K8s cluster - -• Configure a vK8s workload utilizing a containerized app from a private registry - -• Deploy a vK8s workload within a vK8s site - -• Advertise a vK8s workload within a cluster via custom HTTP port - -**Core concepts** - - *Workload* - `Workload is used to configure and deploy a workload in Virtual Kubernetes. A workload may be part of an application. Workload encapsulates all the operational characteristics of Kubernetes workload, storage, and network objects (deployments, statefulsets, jobs, persistent volume claims, configmaps, secrets, and services) configuration, as well as configuration related to where the workload is deployed and how it is advertised using L7 or L4 load balancers. A workload can be one of simple service, service, stateful service or job. Services are long running workloads like web servers, databases, etc. Jobs are "run to completion" workloads. Services and jobs can be deployed on Regional Edges or customer sites. Services can be exposed in-cluster, on the Internet by L7 or L4 load balancer, or on sites using an advertise policy.` - - *Service* - `A service with one or more containers with configurable number of replicas that can be deployed on a selection of Regional Edge sites or customer sites and advertised within the cluster where is it deployed, on the Internet, or on other sites using TCP or HTTP or HTTPS load balancer.` - - *Deploy* - `Since Kubernetes is becoming the de-facto industry standard for orchestrating applications, F5® Distributed Cloud has chosen to implement its control plane with a Kubernetes compatible API for orchestration while delivering additional capabilities of managing and securing multiple clusters across distributed locations. This makes it seamless to integrate with third party tools like Spinnaker for CI/CD, etc. For packaging of microservices, we prefer Docker images, which have become another de-facto approach.` - - For more core concepts, please review `F5 Distributed Cloud documentation `_ - -**Exercise 1 - Review Virtual K8s Site** - -#. Access **Distributed Apps** on the F5XC Console - - .. image:: ../images/1access_distributed_apps_service_menu-updated.png - :width: 600pt - -#. Select **Applications -> Virtual K8s**, then your Virtual K8s cluster from the list - - .. image:: ../images/2access_applications_vk8s-udpated.png - :width: 600pt - -#. Review **Sites** on the vK8s dashboard - there should be 3. These 3 customer edge sites will be were our workloads will be deployed to. - - .. image:: ../images/3review_vk8s_dashboard_sites-updated.png - :width: 600pt - -**Exercise 2 - Configure vK8s Workload Container** - -#. Select **Workloads** -> **Add vK8s workload** - - .. image:: ../images/4add_vk8s_workload-updated.png - :width: 600pt - -#. Complete the **Metadata** section by using your Firstname initial and Lastname altogether and append “-workload” at the end. Ex: For Andrew Smith, the site name will be “asmith-workload” (without the quotes!) Use this value for **Name** and **Description**, then select **Service** from the **Select Type of Workload** list. - - .. image:: ../images/5workload_metadata_and_service-updated.png - :width: 600pt - -#. Next, click the **Configure** link within the **Service** sub-section. - -#. Select **Add Item** within the **Containers** section - - .. image:: ../images/6add_container-updated.png - :width: 600pt - -#. Complete the **Container Configuration** section by providing a **Name** and details for which **Image to Use** - - - **Name**: f5xcdemoapp - - **Image Name**: colemaneast.azurecr.io/f5xcdemoapp - - **Container Registry**: Private Registry - - **Private Registry**: shared/azure-registry - - .. image:: ../images/7container_config-updated.png - :width: 600pt - -#. Click **Apply** - -**Exercise 3 - Configure vK8s Workload Deployment Options** - -#. Within the **Deploy Options** section, set **Where to Deploy the Workload** to *Customer Virtual Sites*, then click the **Configure** link within the **Customer Virtual Sites** section. - - .. image:: ../images/8deploy_options-updated.png - :width: 600pt - -#. Select the agility-k8s-vsite vK8s site name from **List of Customer Virtual Sites to Deploy**, then **Apply**. - - .. image:: ../images/9select_customer_site-updated.png - :width: 600pt - -**Exercise 4 - Configure vK8s Workload Advertisement Options** - -#. Within the **Advertise Options** section, set **Options to Advertise the Workload** to *Advertise In Cluster*, then click the **Configure** link within the **Advertise in Cluster** section - - .. image:: ../images/10select_advertise_options-updated.png - :width: 600pt - -#. Within the **Select Port to Advertise** section, set **Select Port to Advertise** to *3000*, set **Application Protocol** to *HTTP*. Finally click **Apply**. This will set the clusterIP port to 3000. - - - **Port**: 3000 - - **Application Protocol**: HTTP - - .. image:: ../images/11set_advertise_port-updated.png - :width: 600pt - -#. With the vk8s workload configuration now completed, Click **Apply** again, then **Save and Exit** from the vK8s Workload configuration page - - .. image:: ../images/11_b_vk8s_apply_complete_config.png - :width: 600pt - - .. image:: ../images/11_c_vk8s_saveandexit_complete_config.png - :width: 600pt - -#. In less than a minute, you should see the workload added with 3 total sites and 3 total pods (you may need to click the "Refresh" button) - - .. image:: ../images/12_a_verify_3_workload_sites_pods_pending.png - :width: 600pt - - .. image:: ../images/12b_verify_3_workload_sites_pods-updated.png - :width: 600pt diff --git a/docs/class5/class7/module2/lab2.rst b/docs/class5/class7/module2/lab2.rst deleted file mode 100644 index 5b8ca366..00000000 --- a/docs/class5/class7/module2/lab2.rst +++ /dev/null @@ -1,57 +0,0 @@ -Lab 2 - Scale vK8s Deployment ------------------------------ - -F5 Distributed Cloud App Stack is a SaaS-based offering to deploy, secure, and operate a fleet of applications across the distributed infrastructure in multi-cloud or edge. It can scale to a large number of clusters and locations with centralized orchestration, observability, and operations to reduce the complexity of managing a fleet of distributed clusters. - -In this lab, we will learn the following: - -• Review the Virtual K8s Cluster Dashboard - -• Modify Virtual K8s Deployment to Scale Replicas - -**Core concepts** - - *Pods in vK8s* - `The core concept in application management on Kubernetes is a Pod. Pod is the basic and smallest execution unit that can be created, deployed, and managed in Kubernetes. A Pod consumes compute, memory, and storage resources and needs a network identity. A Pod contains a single or multiple containers but it is a single instance of an application in Kubernetes.` - - *Service* - `A service with one or more containers with configurable number of replicas that can be deployed on a selection of Regional Edge sites or customer sites and advertised within the cluster where is it deployed, on the Internet, or on other sites using TCP or HTTP or HTTPS load balancer.` - - For more core concepts, please review `F5 Distributed Cloud documentation `_ - -**Exercise 1 - Access Virtual K8s Cluster Dashboard and Edit Deployment** - -#. Select **Applications -> Virtual K8s -> -> Dashboard**. You should see one pod per site. - - .. image:: ../images/13validate_vK8s_dashboard-updated.png - :width: 600pt - -#. Select **Deployments**, then select the menu under **Actions** for your deployment, then **Edit** - - .. image:: ../images/14edit_deployment-updated.png - :width: 600pt - -#. Ensure **Edit** mode is enabled, expand the **spec** section, and modify **replicas** from *1* to *3* and select **Save** - - .. image:: ../images/15modify_deployment_spec-updated.png - :width: 600pt - -**Exercise 2 - Review Scaled vK8s Deployment** - -#. It may take a few moments, but on the vK8s cluster dashboard, number of **Running Pods** should increase to 9. Upon refreshing the list, you may notice the number of **Sites with Error** gradually decrease as **Running Pods** increases. - - .. image:: ../images/16review_scaled_deployment-updated.png - :width: 600pt - -#. The F5 XC platform can also provide more information on the specific pods directly from the web console. Click on **Pods** in the top menu. - - - .. image:: ../images/17review_scaled_pods.png - :width: 600pt - -#. In this view, you can see the specific pod information such as resource consumption, site deployment and node location, message status. (you may need to click the "Refresh" button) - - .. image:: ../images/18review_pods_information.png - :width: 600pt - -This concludes Module 2: Deploy and Scale Virtual K8s Workload. Thank you for taking the time to complete these exercises! Please continue on to module 3 for a look at how to publish your application for users to consume. diff --git a/docs/class5/class7/module2/module2.rst b/docs/class5/class7/module2/module2.rst deleted file mode 100644 index 65e5fc35..00000000 --- a/docs/class5/class7/module2/module2.rst +++ /dev/null @@ -1,11 +0,0 @@ - -Module 2: Deploy and Scale Virtual K8s Workload -=============================================== - -Here we'll take a look at the process for deploying and scaling a vK8s workload via private container registry. This private container registry has been already configured for this lab. - -.. toctree:: - :maxdepth: 1 - :glob: - - lab* diff --git a/docs/class5/class7/module3/lab1.rst b/docs/class5/class7/module3/lab1.rst deleted file mode 100644 index 196721ec..00000000 --- a/docs/class5/class7/module3/lab1.rst +++ /dev/null @@ -1,40 +0,0 @@ -Lab 1 - Create Origin Pool -========================== -In this first part of the lab, you will create an origin pool pointing to the service of the F5xcdemo workload you created in the previous lab. - -**Exercise 1: Create Origin Pool** - -#. Navigate the left-side menu to **Manage -> Load Balancers**, then click **Origin Pools**. - - |origin_pool| - -#. Click the **Add Origin Pool** button. - - |origin_pool_add| - -#. On the New Origin Pool form: - - #. Enter a **Name** for your pool (ex: pool) - #. Replace the **Port** value of *443* with *3000* - #. Select **Add Item** under **Origin Servers** - - |origin_pool_name| - -#. Complete the **Origin Server** section by make the following changes: - - - **Select Type of Origin Server**: K8s Service Name of Origin Server on given Sites - - **Service Name**: . (eg: asmith-workload.grand-marten This will map to the service name of your vK8s workload and XC tenant namespace) - - **Site or Virtual Site**: Virtual Site select shared/agility-k82-site - - **Select Network on the site**: vK8s Networks on Site - - |origin_pools_menu| - -#. Click on **Apply** to return to the previous screen - -#. Click the **Save and Exit** button to close the **Origin Pool** dialogue. - - -.. |origin_pool| image:: ../images/m3-origin-pool.png -.. |origin_pool_add| image:: ../images/m3-add-origin-pools.png -.. |origin_pool_name| image:: ../images/m3-origin-pool-name-updated.png -.. |origin_pools_menu| image:: ../images/m3-add-origin-server-updated.png diff --git a/docs/class5/class7/module3/lab2.rst b/docs/class5/class7/module3/lab2.rst deleted file mode 100644 index 9737b444..00000000 --- a/docs/class5/class7/module3/lab2.rst +++ /dev/null @@ -1,67 +0,0 @@ -Lab 2 - Publish to the Internet -=============================== - -**Exercise 1: Create HTTP Load Balancer** - -#. Navigate the left-side menu to **Manage -> Load Balancers -> HTTP Load Balancers**, then click **Add HTTP Load Balancer**. - - |add_HTTP_menu| - |add_HTTP| - -#. In the **HTTP Load Balancer** Configuration Section make the following changes: - - - **Name**: User -lb - - **List of Domains**: Use .lab-app.f5demos.com - - **Select Type of Load Balancer**: HTTP - - **Automatically Manage DNS Records**: Make sure this is checked - - |http_basic| - -#. In the **Origin Pools** section click **Add Item**. - - |add_origin_server| - -#. Select your **Origin Pool**, which was created earlier in this lab, and Click **Apply** - - |select_origin_pool| - -#. In the Common Security Controls section change the **Service Policies** to *Do Not Apply Service Policies* then click **Save and Exit** at the bottom of the page. - - |security_configuration| - -#. After a few moments you should see a screen like the following: - - |http_status| - -.. NOTE:: - - Please wait for the **VIRTUAL_HOST_READY** - -Now we are ready to test! - -Open a browser tab and navigate to the domain you entered. - -In the example below it is *grand-marten.lab-app.f5demos.com* - -Success will render a page like the following: - - |http_page| - -Please note the country name. - -Refresh your browser a few times and notice what happens to the country name. - -Why? - -This ends the lab. - - - - -.. |add_HTTP_menu| image:: ../images/m-add-http-menu.png -.. |add_HTTP| image:: ../images/m-add-http.png -.. |http_basic| image:: ../images/m-http-basic-updated.png -.. |add_origin_server| image:: ../images/m-add-origin-server-updated.png -.. |select_origin_pool| image:: ../images/m-select-origin-pool-updated.png -.. |security_configuration| image:: ../images/m-security-configuration-updated.png -.. |http_status| image:: ../images/m-http-status-updated.png -.. |http_page| image:: ../images/m-http-page.png \ No newline at end of file diff --git a/docs/class5/class7/module3/module3.rst b/docs/class5/class7/module3/module3.rst deleted file mode 100644 index 1e2a7570..00000000 --- a/docs/class5/class7/module3/module3.rst +++ /dev/null @@ -1,10 +0,0 @@ -Module 3: Publish Application to the Internet -============================================= - -In order to publish our application to the Internet, we will need to create an origin pool and an HTTP Load Balancer. The F5 XC platform can provide both hosting capabilities with the virtual K8s platfom and also secure Application Delivery capabilities through a single SaaS delivered solution. - -.. toctree:: - :maxdepth: 1 - :glob: - - lab* diff --git a/docs/class5/class7/module4/lab_optional.rst b/docs/class5/class7/module4/lab_optional.rst deleted file mode 100644 index ef347e46..00000000 --- a/docs/class5/class7/module4/lab_optional.rst +++ /dev/null @@ -1,61 +0,0 @@ -Lab Optional - Use kubectl to view vK8s Output -============================================== - -F5 Distributed Cloud App Stack provides the ability to manage your vK8s namespace via command line with kubectl - -In this lab, we will learn perform the following: - -• Review kubectl commands and see the output - -**Core Concepts** - - *Virtual Kubernetes vK8s* - `F5 Distributed Cloud Services support a Kubernetes compatible API for centralized orchestration of applications across a fleet of sites (customer sites or F5 Distributed Cloud Regional Edge). This API is "Kubernetes compatible" because not all Kubernetes APIs or resources are supported. However, for the API(s) that are supported, it is hundred percent compatible. We have implemented a distributed control plane within our global infrastructure to manage scheduling and scaling of applications across multiple (tens to hundreds of thousands of) sites, where each site in itself is also a managed physical K8s cluster.` - - *kubectl* - `Standard upstream kubectl CLI tool can be used on the vK8s API URL or the downloaded kubeconfig file can be used to access the vK8s APIs.` - - For more core concepts, please review `F5 Distributed Cloud documentation `_ - -**Commands to run via cli to Access Virtual K8s** - - *Commands* - `Run the following commands and view the outputs. Why are there different outputs before and after increasing the replicas?` - - *View Nodes* - `kubectl get nodes` - - `kubectl get nodes -o wide` - - *View pods* - `kubectl get pods` - - `kubectl get pods -o wide` - - `kubectl describe pod ` - - *View deployment and service* - `kubectl get deployment -workload` - - `kubectl get svc -workload` - - *View all resources in your namespace* - `kubectl get all` - - *View output of the pod in yaml format* - `kubectl get pods -o yaml` - - *View output of the deployment in yaml format* - `kubectl get deployment -workload -o yaml` - - *View output of the service in yaml format* - `kubectl get svc -workload -o yaml` - - *Save the output of the deployment in yaml format* - `kubectl get deployment -workload -o yaml > agility.yaml` - - *View the saved yaml deployment* - `find the file in the current directory: - ls -larth` - - `view the file: cat agility.yaml` diff --git a/docs/class5/class7/module4/module4.rst b/docs/class5/class7/module4/module4.rst deleted file mode 100644 index 6e9825c9..00000000 --- a/docs/class5/class7/module4/module4.rst +++ /dev/null @@ -1,10 +0,0 @@ -Module 4: Optional Lab Using kubectl to View vk8s Outputs -========================================================= - -In order to use kubectl please have the kubeconfig file downloaded and merged into your kubeconfig file. - -.. toctree:: - :maxdepth: 1 - :glob: - - lab* diff --git a/docs/class6/class4.rst b/docs/class6/class4.rst deleted file mode 100644 index 5677bd3e..00000000 --- a/docs/class6/class4.rst +++ /dev/null @@ -1,23 +0,0 @@ -F5 Distributed Cloud - Intro to Multi-Cloud Networking -========================================================== - -This hands-on lab environment highlights some of the basic concepts of F5 Distributed Cloud Multi-cloud Networking. - -**Narrative:** -During the lab you will be playing the role of an Engineer at ACME Corp who responds to new business requirements quickly by implementing F5's Network and App connect solutions. - -**Goal:** -Demonstrate and understand when to use F5 Distributed Cloud Network Connect or App Connect to securely extend connectivity between disparate environments. - -.. image:: ./images/intro.png - -.. Caution:: Please be aware that there is a waiting period after Lab 1, while provisioning occurs. If you are an instructor, please have students proceed with Lab 1 prior to any presentation, to give ample time for processes to complete. - -This Lab uses the **[Agility] F5XC Introduction into MCN** UDF Blueprint. - -.. toctree:: - :maxdepth: 1 - :glob: - - intro - module*/module* \ No newline at end of file diff --git a/docs/archive/2023/class3/class6/class4.rst b/docs/class6/class6.rst similarity index 100% rename from docs/archive/2023/class3/class6/class4.rst rename to docs/class6/class6.rst diff --git a/docs/class7/class5.rst b/docs/class7/class5.rst deleted file mode 100644 index 7147b06c..00000000 --- a/docs/class7/class5.rst +++ /dev/null @@ -1,14 +0,0 @@ -F5 Distributed Cloud - AppStack CaaS & K8s Delivery Options -=========================================================== - -This Lab environment highlights some of the basic concepts of F5 Distributed Cloud (XC) AppStack. - -During the lab you will be emulating a customer that needs to deploy applications closer to the user. The goal is to understand the steps and requirements to place workloads in the F5 Distributed Cloud virtual Kubernetes implementation. - -This class has 4 modules, each with at least 1 required lab. Some modules contain optional labs which are clearly denoted. We're simply doing this to show the standard structure of a class/module/lab. - -.. toctree:: - :maxdepth: 1 - :glob: - - module*/module* diff --git a/docs/archive/2023/class3/class7/class5.rst b/docs/class7/class7.rst similarity index 100% rename from docs/archive/2023/class3/class7/class5.rst rename to docs/class7/class7.rst diff --git a/docs/class8/class8.rst b/docs/class8/class8.rst new file mode 100644 index 00000000..8623c9e3 --- /dev/null +++ b/docs/class8/class8.rst @@ -0,0 +1,38 @@ +F5 Distributed Cloud - Introduction to Deployment Models and Services +========================================================================= + +Welcome +------- + +In this lab, attendees will be introduced to the F5 Distributed Cloud Services platform. Attendees will create proxy services for publishing and securing +applications that are served by both public and private endpoints. Attendees will also explore the DNS, Observability, and CDN capabilities of the platform. + +Objectives: +---------- + +- Gain an understanding of deploying proxy services to securely deliver an application with a public endpoint +- Gain an understanding of viewing telemetry data and utilizing it to tune WAAP policies +- Gain an understanding of how to deploy a site for providing connectivity to a private endpoint +- Gain an understanding of DNS, Observability, and CDN +- Gain an understanding of Multi-Cloud Networking (MCN) connectivity features (i.e. AWS, Azure, and Google) + +Lab & Tasks: +------------ + +The next page (Introduction) will cover the lab environment, access, and lab variables. The lab will be using a shared AWS account where we have deployed the following resources: + +- NGINX webserver that is exposed to the Public internet ("Public Endpoint") +- F5 Distributed Cloud site node that can be used to connect to AWS VPC (network) +- NGINX webserver that only has a private IP address with no external access + +During the lab exercises we will explore different methods of protecting and exposing applications/webserver +that are included in the lab + +.. toctree:: + :maxdepth: 2 + :caption: Labs: + :glob: + + intro* + lab* + close* diff --git a/docs/class8/close.rst b/docs/class8/close.rst new file mode 100644 index 00000000..ffc6f886 --- /dev/null +++ b/docs/class8/close.rst @@ -0,0 +1,62 @@ +Conclusion +========== + +Thank you for your participation in the F5 Distributed Cloud Lab. +This Lab Guide has highlighted how attendees can leverage F5 Distributed +Cloud security to protect hosted applications and resources. + +Appendix +======== +**F5 Distributed Cloud Platform**: + * **Overview**: https://www.f5.com/cloud/products/platform-overview + * **Documentation Portal**: https://docs.cloud.f5.com/docs/ + * **Services**: https://docs.cloud.f5.com/docs/services + * **Concepts**: https://docs.cloud.f5.com/docs/ves-concepts + +**F5 Distributed Cloud Web Application Firewall (WAF)**: + * **Intro**: https://www.f5.com/cloud/products/distributed-cloud-waf + * **How to**: https://docs.cloud.f5.com/docs/how-to/app-security/web-app-firewall + +**F5 Distributed Cloud BotDefense**: + * **Intro**: https://www.f5.com/cloud/products/bot-defense + * **How to**: https://docs.cloud.f5.com/docs/how-to/advanced-security/bot-defense + +**F5 Distributed Service Policies**: + * **How to**: https://docs.cloud.f5.com/docs/how-to/app-security/service-policy + * **How to**: https://docs.cloud.f5.com/docs/how-to/advanced-security/configure-ip-reputation + +**Automation/Orchestration**: + * **API:** https://docs.cloud.f5.com/docs/api + * **Terraform:** https://registry.terraform.io/providers/volterraedge/volterra/latest + ++----------------------------------------------------------------------------------------------+ +| F5 Networks, Inc. \| f5.com | ++----------------------------------------------------------------------------------------------+ + ++----------------------------------------------------------------------------------------------+ +| US Headquarters: 801 5th Ave, Seattle, WA 98104 \| 888-882-4447 | +| | +| Americas: info@f5.com | +| | +| Asia-Pacific: apacinfo@f5.com | +| | +| Europe/Middle East/Africa: emeainfo@f5.com | +| | +| Japan: f5j-info@f5.com | +| | +| ©2017 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks | +| | +| of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are | +| | +| identified at f5.com. Any other products, services, or company names referenced herein may | +| | +| be trademarks of their respective owners with no endorsement or affiliation, express or | +| | +| implied, claimed by F5. These training materials and documentation are F5 Confidential | +| | +| Information and are subject to the F5 Networks Reseller Agreement. You may not share these | +| | +| training materials and documentation with any third party without the express written | +| | +| permission of F5. | ++----------------------------------------------------------------------------------------------+ diff --git a/docs/class8/intro.rst b/docs/class8/intro.rst new file mode 100644 index 00000000..52709345 --- /dev/null +++ b/docs/class8/intro.rst @@ -0,0 +1,155 @@ +Introduction: Accessing F5 Distributed Cloud Console +==================================================== + +Welcome to this F5 Distributed Cloud Lab. The following tasks will guide you through the initial +access requirements for this multi-part lab. Lab attendees should have received an invitation +email to the lab environment based on the submitted registration email. Please check email and +spam folders if it has not been received. If you have not received an email, please contact a +member of the lab team. + +F5 Distributed Cloud Console where this lab will be conducted, is a SaaS control-plane for +services that provides a UI and API for managing network, security, and compute services. The F5 +Distributed Cloud Console can manage "sites" in existing on-premises data centers and sites in +AWS, Azure, and GCP cloud environments. + +Task 1: Lab Environment +~~~~~~~~~~~~~~~~~~~~~~~ + ++----------------------------------------------------------------------------------------------+ +| The image below represents an overview of the lab environment. F5 Distributed Cloud Services | +| | +| will be configured as a SaaS Edge delivery and security service tier to a publicly hosted web| +| | +| application. Key elements lab attendees will interact with are as follows: | +| | +| * **F5 Distributed Cloud Console** | +| * **F5 Distributed Cloud Global Network / Application Delivery Network (ADN)** | +| * **Publicly hosted application (Public Cloud)** | ++----------------------------------------------------------------------------------------------+ +| |intro001| | ++----------------------------------------------------------------------------------------------+ + +Task 2: F5 Distributed Cloud Console Login +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following will guide you through the initial Lab environment access within the +F5 Distributed Cloud Console. You should have received an email with an invitation to +access a F5 Distributed Cloud Tenant. The email will come from **no-reply@cloud.f5.com**. + +The name of the F5 Distributed Cloud tenant that we will be using is **f5-xc-lab-sec** +Additionally, the following are important elements of this lab and will be used throughout the +lab tasks that follow. + +* F5 Distributed Cloud Console: **https://f5-xc-lab-sec.console.ves.volterra.io/** +* Delegated Domain: **lab-sec.f5demos.com** + +After following the invitation email's to **Update Password**, proceed to the first step below. + ++----------------------------------------------------------------------------------------------+ +| 1. Please log into F5 Distributed Cloud Lab Tenant with your user ID (email) and password. | +| | +| **https://f5-xc-lab-sec.console.ves.volterra.io/** | +| | +| 2. When you first login, accept the Lab tenant EULA. Click the check box and the click | +| | +| **Accept and Agree**. | +| | +| 3. Select all persona roles and click **Next** to see all the various configuration options. | +| | +| Personas can be changed anytime if desired. | +| | +| 4. Click **Advanced** to expose more menu options and the **Get Started** to begin. You can | +| | +| change this setting after logging in as well. | +| | +| 5. Several **Guidance ToolTips** will appear, you can safely close these out. | ++----------------------------------------------------------------------------------------------+ +| |intro002| | +| | +| |intro003| | +| | +| |intro004| | +| | +| |intro005| | ++----------------------------------------------------------------------------------------------+ + ++----------------------------------------------------------------------------------------------+ +| 6. You can adjust your work domains and skill level (not required) by clicking on the | +| | +| **Account** icon in the top right of the screen and then clicking on **Account Settings**.| +| | +| 7. In the resulting window you can observe the **Work domains and skill level** section and | +| | +| other administrative functions. | +| | +| .. note:: | +| *For the purposes of this lab, permissions have been restricted to lab operations. As a* | +| | +| *some menus will be locked and not visible.* | ++----------------------------------------------------------------------------------------------+ +| |intro006| | +| | +| |intro007| | ++----------------------------------------------------------------------------------------------+ + ++----------------------------------------------------------------------------------------------+ +| 8. Namespaces, which provide an environment for isolating configured applications or | +| | +| enforcing role-based access controls, are leveraged within the F5 Distributed Cloud | +| | +| Console. For the purposes of this lab, each lab attendee has been provided a unique | +| | +| **namespace** which you will defaulted to (in terms of GUI navigation) for all tasks | +| | +| performed through the course of this lab. | +| | +| 9. Click on the **Select Service** in the left-hand navigation. In the resulting fly out | +| | +| navigation, click **Web App & API Protection**. | +| | +| 10. In the **Web App & API Protection** configuration screen observe the URL. In the URI | +| | +| path, locate the **** namespace that you have been assigned. It will be| +| | +| located in the portion of the URI path between */namespaces/* and */overview/* as shown | +| | +| in this example **…/namespaces//overview/…**. Note the namespace as it will | +| | +| be used throughout the lab tasks that follow. | +| | +| .. note:: | +| *Administratively, there are other ways to find namespaces. Due to access and permission* | +| | +| *restrictions for this particular lab, those menus are not available.* | ++----------------------------------------------------------------------------------------------+ +| |intro008| | +| | +| |intro009| | ++----------------------------------------------------------------------------------------------+ + ++----------------------------------------------------------------------------------------------+ +| **Beginning of Lab:** You are now ready to begin the lab, Enjoy! Ask questions as needed. | ++----------------------------------------------------------------------------------------------+ +| |labbgn| | ++----------------------------------------------------------------------------------------------+ + +.. |intro001| image:: _static/intro-001.png + :width: 800px +.. |intro002| image:: _static/intro-002.png + :width: 800px +.. |intro003| image:: _static/intro-003.png + :width: 800px +.. |intro004| image:: _static/intro-004.png + :width: 800px +.. |intro005| image:: _static/intro-005.png + :width: 800px +.. |intro006| image:: _static/intro-006.png + :width: 800px +.. |intro007| image:: _static/intro-007.png + :width: 800px +.. |intro008| image:: _static/intro-008.png + :width: 800px +.. |intro009| image:: _static/intro-009.png + :width: 800px +.. |labbgn| image:: _static/labbgn.png + :width: 800px diff --git a/docs/class8/lab1.rst b/docs/class8/lab1.rst new file mode 100644 index 00000000..6752a54c --- /dev/null +++ b/docs/class8/lab1.rst @@ -0,0 +1,482 @@ +Lab 1: Deploying F5 Distributed Cloud Proxy Services to Securely Deliver a Public Endpoint +========================================================================================== + +This lab will focus on the deployment and security of an existing hosted application using F5 +Distributed Cloud Platform and Services. This lab will be deployed in a SaaS only +configuration with no on-premises (public or private cloud) elements. All configuration +will be made via the F5 Distributed Cloud Console and within the F5 Distributed Cloud Global +Network services architecture. + +For the tasks that follow, you should have already noted your individual **namespace**. If you +failed to note it, return to the **Introduction** section of this lab, follow the instructions +provided and note your **namespace** accordingly. The **Delegated Domain** and the F5 +Distributed Cloud **Tenant** are listed below for your convenience as they will be the same for +all lab attendees. + +* **Delegated Domain:** *.lab-sec.f5demos.com* +* **F5 Distributed Cloud Tenant:** https://f5-xc-lab-sec.console.ves.volterra.io + +Following the tasks in the prior **Introduction** Section, you should now be able to access the +F5 Distributed Cloud Console, having set your Work Domain Roles and Skill levels. If you have +not done so already, please login to your tenant for this lab and proceed to Task 1. + +Task 1: Configure Load Balancer and Origin Pool +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following steps will allow you to deploy and advertise a globally available application. +These steps will create an origin pool, add a health monitor, define an application, register +its DNS, and advertise the application on the Internet using the F5 Distributed Cloud Global +Network. + ++---------------------------------------------------------------------------------------------------------------+ +| 1. Following the **Introduction** section instructions, you should now be in the **Multi-Cloud App Connect** | +| | +| configuration window. If for some reason you are not in the **Multi-Cloud App Connect** window, use the | +| | +| **Select Service** in the left-hand navigation, and click **Multi-Cloud App Connect** as shown in the | +| | +| *Introduction section, Task 2, Step 9*. | +| | +| 2. In the left-hand navigation expand **Manage** and click **Load Balancers > Origin Pools** | +| | +| 3. In the resulting screen click the **Add Origin Pool** in the graphic as shown. | +| | +| .. note:: | +| *You have defaulted to your specific namespace as that is the only namespace to which you have | +| | +| *administrative access.** | ++---------------------------------------------------------------------------------------------------------------+ +| |lab001| | +| | +| |lab002| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 4. In the resulting window, enter **-pool** in the **Name** field and click **Add Item** under | +| | +| **Origin Servers** | ++---------------------------------------------------------------------------------------------------------------+ +| |lab003| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 5. In the resulting window, **Public DNS Name of Origin Server** should be selected for **Select Type of** | +| | +| **Origin Server**. | +| | +| 6. For **DNS Name** enter the following hostname: **demo-app.amer.myedgedemo.com** and then click **Apply** | ++---------------------------------------------------------------------------------------------------------------+ +| |lab004| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 7. After returning to the prior window, change the **Port** under **Origin server Port** to **80**. | +| | +| 8. Scroll to the bottom and click **Save and Exit**. | ++---------------------------------------------------------------------------------------------------------------+ +| |lab005| | +| | +| |lab006| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 9. In the left-hand navigation expand **Manage** and click **Load Balancers > HTTP Load** **Balancers**. | +| | +| 10. In the resulting screen click the **Add HTTP Load Balancer** in the graphic as shown. | ++---------------------------------------------------------------------------------------------------------------+ +| |lab007| | +| | +| |lab008| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 11. Using the left-hand navigation and in the sections as shown, enter the following data. Values where | +| | +| **** is required, use the name of your given namespace. | +| | +| * **Metadata:Name ID:** *-lb* | +| * **Domains and LB Type: List of Domains:** *.lab-sec.f5demos.com* | +| * **Domains and LB Type: Select Type of Load Balancer:** *HTTP* | +| * **Domains and LB Type: Automatically Manage DNS Records:** *(Check the checkbox)* | +| * **Domains and LB Type: HTTP Port:** *80* | ++---------------------------------------------------------------------------------------------------------------+ +| |lab009| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 12. In the current window's left-hand navigation, click **Origins**. Next, click **Add Item Pools** section of| +| | +| **Origins**. | ++---------------------------------------------------------------------------------------------------------------+ +| |lab010| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 13. In the resulting window, verify **Origin Pool** is selected for **Select Origin Pool **Method**. | +| | +| 14. Select the **/-pool** from the **Origin Pool** dropdown. | +| | +| 15. Click **Apply** | ++---------------------------------------------------------------------------------------------------------------+ +| |lab011| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 16. In the resulting **HTTP Load Balancer** window, scroll to the **Other Settings** section and note the | +| | +| **VIP Advertisement** setting. | +| | +| 17. Click **Save and Exit** at the bottom of the **HTTP Load Balancer** configuration screen. | +| | +| .. note:: | +| *The VIP Advertisement selection controls how/where the application is advertised. The "Internet" setting* | +| | +| *means that this application will be advertised globally using the F5 Distributed Cloud Global Network* | +| | +| *utilizing Anycast.* | ++---------------------------------------------------------------------------------------------------------------+ +| |lab012| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 18. In the **HTTP Load Balancers** window, note the application hostname under the **Domains** column *(This* | +| | +| *was done in Task1: Step 19)*. | +| | ++---------------------------------------------------------------------------------------------------------------+ +| |lab013| | ++---------------------------------------------------------------------------------------------------------------+ + +Task 2: Testing the Application and Viewing Telemetry Data +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following steps will validate access to the application via web browser, review the +Performance Monitoring dashboard, and gather request details. + ++---------------------------------------------------------------------------------------------------------------+ +| 1. Open another tab in your browser (Chrome shown), navigate to the newly configured Load Balancer | +| | +| configuration: **http://.lab-sec.f5demos.com**, to confirm it is functional. | +| | +| 2. Navigate to the **HEADER** section under **Menu** to generate additional traffic. | ++---------------------------------------------------------------------------------------------------------------+ +| |lab014| | +| | +| |lab015| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 3. Returning to the F5 Distributed Cloud Console, use the left-hand navigation to navigate to Multi-Cloud App | +| | +| Connect section and expand **Virtual Hosts** and then click on **HTTP Load Balancers** | +| | +| 4. Click on **Performance Monitoring** link provided for your respective load balancer. | +| | ++---------------------------------------------------------------------------------------------------------------+ +| |lab016| | +| | +| |lab017| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 5. Change the viewable time period from Last 5 minutes (default) to **1 hour** by selecting the dropdown | +| | +| shown, click **Last 1 hour** then clicking **Apply**. | +| | +| 6. Note the **End to end Latency** tile. This shows the average latency for all requests to this load | +| | +| balancer. | +| | +| .. note:: | +| *As you have not run many requests, summary analytics may not be available in the dashboard view yet.* | ++---------------------------------------------------------------------------------------------------------------+ +| |lab018| | +| | +| |lab019| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 7. Click the **Requests** link to see detailed information about individual requests. | +| | +| 8. Note the **Chart** shows a graphical representation of all of the response codes for the selected time | +| | +| frame. | +| | +| .. note:: | +| *This data can be filtered to quickly narrow in on points of interest.* | ++---------------------------------------------------------------------------------------------------------------+ +| |lab020| | +| | +| |lab021| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 9. Click the **Hide Chart** link to free up space in the browser window. | +| | +| 10. Expand one of the individual requests to view additional details about that request. | +| | +| 11. Note the **Duration** section. This shows the latency for this specific request. These values can be | +| | +| compared to the average latency data noted in step 6. | ++---------------------------------------------------------------------------------------------------------------+ +| |lab022| | +| | +| |lab023| | ++---------------------------------------------------------------------------------------------------------------+ + +Task 3: Configure an Application Firewall Policy to Protect the Application +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following steps will guide you through adding a Web Application Firewall (WAF) Policy. + +These steps will create a WAF Policy and apply the WAF policy to the load balancer created in Task 1. + ++---------------------------------------------------------------------------------------------------------------+ +| 1. Following **Task 2**, you should have the **Multi-Cloud App Connect** navigation panel on the left of your | +| | +| console. If for some reason you do not see the **Multi-Cloud App Connect** navigation panel, use the | +| | +| **Select Service** dropdown at the top left, and click **Multi-Cloud App Connect** as shown in the | +| | +| *Introduction section, Task 2, Step 9*. | +| | +| 2. In the left-hand navigation expand **Security** and click **App Firewall**. | +| | +| 3. On the resulting page click **Add App Firewall** | ++---------------------------------------------------------------------------------------------------------------+ +| |lab024| | +| | +| |lab025| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 4. In the resulting window's **Metadata** section enter **-appfw** for the **Name**. | +| | +| 5. Under **Enforcement Mode**, change the mode to **Blocking**. | +| | +| 6. Leaving all other values as default, scroll to the bottom and click **Save and Exit**. | ++---------------------------------------------------------------------------------------------------------------+ +| |lab026| | +| | +| |lab027| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 7. In the left-hand navigation expand **Manage** and click **Load Balancers > HTTP Load Balancers** | +| | +| 8. On the resulting page find the HTTP Load Balancer created in **Task 1** *(-lb)*. Click the | +| | +| ellipsis under Actions and select **Manage Configuration**. | ++---------------------------------------------------------------------------------------------------------------+ +| |lab028| | +| | +| |lab029| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 9. On the resulting page click **Edit Configuration**. | +| | +| 10. Click **Web Application Firewall** in the left-hand navigation. | ++---------------------------------------------------------------------------------------------------------------+ +| |lab030| | +| | +| |lab031| | ++---------------------------------------------------------------------------------------------------------------+ + + ++---------------------------------------------------------------------------------------------------------------+ +| 11. Under the **Web Application Firewall** section select **Enable** from the **Web Application Firewall** | +| | +| **(WAF)** dropdown. | +| | +| 12. Select the Web Application Firewall name that you created in *Steps 1-6* of this task | +| | +| *(-appfw)* from the **Enable** dropdown. | +| | +| 13. Scroll to the bottom of the page and click **Save and Exit** | ++---------------------------------------------------------------------------------------------------------------+ +| |lab032| | +| | +| |lab033| | ++---------------------------------------------------------------------------------------------------------------+ + +Task 4. Test the Application Firewall and View Security Events +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following steps will test and validate the Web Application Firewall, review the Security + +Monitoring dashboard, and gather security event details. + ++---------------------------------------------------------------------------------------------------------------+ +| 1. Open another tab in your browser (Chrome shown), navigate to the newly configured Load Balancer | +| | +| configuration: **http://.lab-sec.f5demos.com**, to confirm it is functional. | +| | +| 2. Using some of the sample attacks below, add the URI path & variables to your application to generate | +| | +| security event data. | +| | +| * /?cmd=cat%20/etc/passwd | +| * /product?id=4%20OR%201=1 | +| * /cart?search=aaa'> | +| | +| .. note:: | +| *The web application firewall is blocking these requests to protect the application. The block page can* | +| | +| *be customized to provide additional information.* | ++---------------------------------------------------------------------------------------------------------------+ +| |lab034| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 3. Returning to the F5 Distributed Cloud Console, use the left-hand navigation to navigate to Multi-Cloud App | +| | +| Connect setion and expand **Virtual Hosts** and click on **HTTP Load Balancers**. | +| | +| 4. Click on the **Security Monitoring** link for your respective load balancer. | ++---------------------------------------------------------------------------------------------------------------+ +| |lab035| | +| | +| |lab036| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 5. From the **Dashboard** view, using the horizontal navigation, click **Requests**. | +| | +| 6. Note the **Chart** shows a graphical representation of all of the response codes for the selected time | +| | +| frame. | +| | +| .. note:: | +| *If you lost your 1 Hour Filter, re-apply using Task 2: Step 5* | ++---------------------------------------------------------------------------------------------------------------+ +| |lab037| | +| | +| |lab038| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| 7. Click the **Hide Chart** link to free up space in the browser window. | +| | +| 8. Expand your latest security event as shown. | +| | +| 9. Note the summary detail provided in the **Information** link. The **req_id** which is synonymous with | +| | +| **Support ID** (filterable) from the block page. | +| | +| 10. Scroll to the bottom of the information screen to see specific signatures detected and actions taken | +| | +| during the security event. | +| | +| .. note:: | +| *Note that Requests have additional detail in JSON format* | ++---------------------------------------------------------------------------------------------------------------+ +| |lab039| | +| | +| |lab040| | +| | +| |lab041| | ++---------------------------------------------------------------------------------------------------------------+ + ++---------------------------------------------------------------------------------------------------------------+ +| **End of Lab 1:** This concludes Lab 1. In this lab you created an origin pool to connect to the | +| | +| application, you then created a load balancer and associated the origin pool to the load balancer. This | +| | +| allowed the application to be advertised via the F5 Distributed Cloud Global Network. The Distributed Cloud | +| | +| Console was then used to review telemetry data gathered for the application. Next an Application Firewall | +| | +| policy was created and assigned to protect the application. Finally a sample attack was run against the | +| | +| application and the security event data was reviewed within the Distributed Cloud Console. | +| | +| A brief presentation will be shared prior to the beginning of Lab 2. | ++---------------------------------------------------------------------------------------------------------------+ +| |labend| | ++---------------------------------------------------------------------------------------------------------------+ + +.. |lab001| image:: _static/lab1-001.png + :width: 800px +.. |lab002| image:: _static/lab1-002.png + :width: 800px +.. |lab003| image:: _static/lab1-003.png + :width: 800px +.. |lab004| image:: _static/lab1-004.png + :width: 800px +.. |lab005| image:: _static/lab1-005.png + :width: 800px +.. |lab006| image:: _static/lab1-006.png + :width: 800px +.. |lab007| image:: _static/lab1-007.png + :width: 800px +.. |lab008| image:: _static/lab1-008.png + :width: 800px +.. |lab009| image:: _static/lab1-009.png + :width: 800px +.. |lab010| image:: _static/lab1-010.png + :width: 800px +.. |lab011| image:: _static/lab1-011.png + :width: 800px +.. |lab012| image:: _static/lab1-012.png + :width: 800px +.. |lab013| image:: _static/lab1-013.png + :width: 800px +.. |lab014| image:: _static/lab1-014.png + :width: 800px +.. |lab015| image:: _static/lab1-015.png + :width: 800px +.. |lab016| image:: _static/lab1-016.png + :width: 800px +.. |lab017| image:: _static/lab1-017.png + :width: 800px +.. |lab018| image:: _static/lab1-018.png + :width: 800px +.. |lab019| image:: _static/lab1-019.png + :width: 800px +.. |lab020| image:: _static/lab1-020.png + :width: 800px +.. |lab021| image:: _static/lab1-021.png + :width: 800px +.. |lab022| image:: _static/lab1-022.png + :width: 800px +.. |lab023| image:: _static/lab1-023.png + :width: 800px +.. |lab024| image:: _static/lab1-024.png + :width: 800px +.. |lab025| image:: _static/lab1-025.png + :width: 800px +.. |lab026| image:: _static/lab1-026.png + :width: 800px +.. |lab027| image:: _static/lab1-027.png + :width: 800px +.. |lab028| image:: _static/lab1-028.png + :width: 800px +.. |lab029| image:: _static/lab1-029.png + :width: 800px +.. |lab030| image:: _static/lab1-030.png + :width: 800px +.. |lab031| image:: _static/lab1-031.png + :width: 800px +.. |lab032| image:: _static/lab1-032.png + :width: 800px +.. |lab033| image:: _static/lab1-033.png + :width: 800px +.. |lab034| image:: _static/lab1-034.png + :width: 800px +.. |lab035| image:: _static/lab1-035.png + :width: 800px +.. |lab036| image:: _static/lab1-036.png + :width: 800px +.. |lab037| image:: _static/lab1-037.png + :width: 800px +.. |lab038| image:: _static/lab1-038.png + :width: 800px +.. |lab039| image:: _static/lab1-039.png + :width: 800px +.. |lab040| image:: _static/lab1-040.png + :width: 800px +.. |lab041| image:: _static/lab1-041.png + :width: 800px +.. |labend| image:: _static/labend.png + :width: 800px