Tour ZPE Systems’ Nodegrid and ZPE Cloud

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
so my name is renee newman i'm a solutions architect with zp systems and i'm just going to take you on a small tour and i have a couple of slides not too many um i really want to show you the product how the product works and and and go from there so what i want to look at today is literally so how would you would how would you typically run a branch office how would you deploy a bench office what i've done here is essentially i've built out a small little rack which could stand in a small branch in a small office a small shop at the very top we have a note with a gate sr which is part of our service water family in the same rack we have um oh it's cisco router sorry i know it cisco switch we have a white box server which will run some form of edge compute solution we have a rack pdu which controls the power and provides the power to the rack we have a temperature sensor an access point and in the camera and really the goal of the demo is i want to take you on that road is okay what happens if it's a brand new rack none of that is configured yet you don't have access to any of those and essentially you just send smart hands on site with the boxes how do you get them up and running that is a that is the premise of the of the presentation of the demo um so more from a network networking perspective what are the different parts which we're going to look at overall in the presentation i break it down into different uh sections but overall we are going to use the zb cloud to push the configuration down to our zpe system and that will provide access to an overlay network in which i have a real automation orchestration system here in our case as an example and the tower it can be you can use cp cloud as a if you wanted to but one of the um important things from us is we try to be vendor neutral so if you already have an orchestration uh software like enzyme tower like ub cube like blueware or you name them we will enable you to use them already because you you already use them very lucky in your networking and and with your other equipment um so at the very first step we use the big cloud to provision the note grid and as part of that provisioning we will gain access to the overlay network and then going from there from the overlay network we will then uh finalize the provisioning of the device um and we will start getting access to all the different components which are on site and which our smart hand was clever enough to cable up properly um so for any questions so i have a question yeah i see here lte and vdsl so vds and access technology so um actually so what protocol basically you're you you're using on this access mpls so what exactly do you use so lte is standard lte vdsl is uh normal home consumer dsl lines vds airlines uh we have them a lot here in in europe uh where you just have your normal subscription lines typically what what you see a lot in i'm living in ireland what you have here a lot in ireland is your fiber to the cabinet and then the last mile is uh provided through some form of edsl connection uh you see that the actual the actual interface is ethernet right you're getting ethernet drop to drop in from the vdsl right you're on the other side of that device no actually we are we are getting a real vdsl connection we have a small sfp module where you plug the rg11 cable in okay okay so you're not using any uh overlay here it's just uh as it is the vdsl then correct is it's vdsl as it comes out of the box okay correct okay uh so let's let's directly start because we're lagging a little bit behind so the very first step is zero touch provisioning uh what we're going to uh what i want to show you first is we will have a quick look at cpcloud i will show you a little bit around there uh to save time i will directly jump at the very beginning to provision the box that would take a minute or so or a couple of minutes in that time i will show you a little bit more around the zip cloud and what we're going to end up is here at that point is literally that we the unit will have a very uniform configuration which you can apply to any box and uh the goal is that we get access to our orchestration software that is a goal from uh for step one uh okay so what you're going to see here right now is a login page for our cp cloud system so when you log in the very first page which you're going to see is our dashboard is a map view i created a couple of sites with a couple of devices in our demo environment and essentially what you can do is you can associate a device to a site and then you can directly see if the site is up or if this site is in a failover mode and you can then drill down onto a site and get access to the site i'm going to show you that in a minute um if you go to devices you will see a list of all of your devices and we are differentiating between android devices so these are systems which are already managed which are already have a configuration which you're using on a day-to-day basis and then we you have devices which are available so these would be typically devices which are currently on the way to remote sites uh you might have an outage you know that the site is down or something like it so you can have devices in that available state um my system which i'm going to use right now is that sr that is currently in a factory default state so there's nothing on it the only thing what is currently on it is literally there's an ate connection which connects the device back to the cloud and that's it okay um so all what you need to do is you just highlight the device you click on unroll and what is going to happen in the background is that at that moment i can drag over a console connection so that you can see that a little bit yeah that doesn't work oh yeah because i'm a full screen and essentially in the moment i pushed it over to uh to involve it and default configuration is being pushed out to the device that is a profile which i defined early on i do that under profiles here you can upload your own profiles you can use existing templates if you wanted to but essentially what you we are providing is two types of um of configurations you can have just a script that can be any script you want to write that can be a bash script can be python script can be node.js or any anything of the form um or we are providing configuration uh files as well these are essentially uh cli files which you can write so we have a cli like most network devices what you can do is the same commands which you would write down in the cli to achieve something you can just paste them into a text file that becomes that configuration file i'm going to briefly show you what is in the default settings one um if you click on edit and essentially these are the cli commands which i spoke about um they're just simple set commands you have a couple of uh paths which are going to through essentially what i'm doing is i'm creating a user i'm setting a couple of passwords defining a couple of default services just to harden the box a little bit further um like disabling tls 1.1 which is this by default but disabling 1.1 um a white list a couple of ip addresses which i trust these kind of things um i push a couple of firewall rules which are very very basic very very generic and then at the very end i'm pushing my overlay network probably worthwhile mentioning here um as an overly led network i'm using tail scale and this scenario is not something which comes by default with the box but we make it really easy if they are already pre pre-compiled packages available for linux then there's an easy way that you can typically port them onto our box and directly run them so tears gear for example is is an overlay network based on wire guard we have wire guard in the box and that is reason why it's really really easy to install it to set it up and to directly run it if you just want to use the connectivity which comes out of the box then we support vpn your standard vpn connectivity like open ssl ipsec and wirecart directly out of the box you just need to configure it okay so um let's go briefly go back to devices my device is here that is a gate sr you can see it's currently on the ate connection still has a default name note grid and what i can do from here or i can do it from the dashboard both are identical i can click on connect web and that will open up a new page now the very first time that can take a while specifically over ate my ide connection isn't the fastest in the world i have a quick question i i think i might have missed it for the zero touch provisioning how do you allocate an unprovisioned device to a specific customer's cloud account uh you didn't really miss it um so we have multiple ways of doing it typically during the sale cycle we can directly provide you either with an um with a claim key and essentially what the jmk is it associates the serial number to your account or uh second option is if we know upfront with the customers we can directly assign the serial numbers to the to the customer as well worst case scenario if you receive a box in the box wasn't assigned to you at all you can claim it as soon as a box is in your hands okay thank you so let me log on as you can see the speed isn't fast and trust me i don't have ate in my area here and that is good old umts so as you can see there is nothing really configured here the sensor is plugged in so if i would click just on the sensor i would directly get an overlay i can actually see the temperature and humidity values here but essentially for even from a networking perspective if i go to network connections all really what i had to do is just put this uh just put the sim in turn the device on and and it picked up the lte connection okay so that is essentially the very first part so there's literally nothing what you need to do as a customer to provision a box you turn it on the unit will automatically talk to rcp cloud the unit was assigned to you beforehand as part of the seeds process you have a profile there you assign it to the unit and as soon as unit comes up the unit puts the profile down and you're done you're ready to go okay and you can make the profile as complex or as simple as you want to i just choose a very simple one which i can assign to any box no ip addresses no host names nothing which is box specific at this point okay we're going to get there in in a moment so as the second part we're now going to push the final configuration the full configuration what i'm going to use here is i'm going to use ansible power and with a tower i have a couple of ansible playbooks in a git in the git story uh git repository and the tower has my inventory i can show you that if you if you haven't uh if you want to take a look the configuration will contain the ate configuration the vdsl configuration the entire network configuration for the internal network will contain more firewall rules and a couple of other settings essentially a full configuration for the box at the end of that step you have access to the out-of-band interfaces of all of these devices okay so if it's for example for the cisco switch we will have console access if it's the meraki we will have access to the meraki setup wm ssid and we are going to have a small camera as well so we directly going to have access to to that camera okay so that is the goal of of that step so let me briefly uh go over here you probably all well i i'm not sure if you're familiar with enzyme tower but essentially it's just an orchestration or it's an orchestration software right so you have your if different projects which is essentially your git repository where you have your playbooks and you have your inventories which contain your hosts here i have a very very basic one the decpe that is a inventory that is the keeps or the settings for the note grid device in itself and we can go through that one in a second if if you're interested um and then you have your templates which are essentially your play box where you assign your playbooks to your user credentials and to the inventory that is what these templates are i have a couple of them here one thing which i really want to start off right now is the the full configuration because that's going to take a while specifically as a very first step takes a little bit longer as it's being pushed out over the ate connectivity okay so that will take now uh around about four minutes depends a little bit on on the speed do you have any questions at this point is there anything you want to see that would be i can show you a little bit more about the cp cloud how that looks like if you want to i have a question quick one um so how many uh 4g links you have like primary and backup link you have normally so in most units support up to two active ate connections so you have two modems each modem can have up to two sim cards so you can have one active sim card promote them with a backup but you can have two modems and most of our devices the note grid service router can can take more and all others have have the two these modems are built in or you have a usb port that supports a dongle they are built-in but they are optional so when you buy the unit you can either buy the unit with the ate modem or without but they are part of the unit they're not they're not soldered to the box as such they're module inside the box but they're not connected through usb or anything like that okay okay um so yeah so it's going to as i mentioned before it's going to take a while as you can see here start to push already a couple of things okay let's go near the network configuration okay typically after that one it goes a little bit faster because it brings up the main interface as well at this point so let's go briefly back then maybe to the zp cloud um so as i mentioned before you have a dashboard here let me do one small thing let me take the device which we just had and assign it to to a site so this specific device i want to assign to to germany you might have already noticed it doesn't say note grid anymore uh and that is because i already started the configuration part of the contribution as a host name the hosting was already updated and in our in our mcp cloud so the zp cloud is continually updating the configuration which is seized um on the device so i just select it click on add sign it to frankfurt click on um on that site and now if i go to the dashboard you will see that frankfurt is green if i click on frankfurt i will directly brought down to the device and again i have here now my console interface of my web interface and what is going to happen after a while after the devices and managed devices are getting populated on the device they will become directly available here as well so that i can directly jump onto them if i wanted to so if i want to start a console session i can directly do it from this interface as well if i directly want to jump to the web interface of my camera i can directly do it from here if i wanted to or if i have a virtual machine running on it my firewall my uh my iot data collector i have directly a console connection or an out-of-band connection to that one as well if it's on the transport of that is it just so is the control just tls uh come you know from the box back and then when you're actually having to port forward to say a vnf or you know to a web interface or you know ssh or whatever is that that just some sort of socket forwarding that you guys are are pulling back over tls back to this controller it's it's actually perfect question so the number one probably to address how do we connect how does box connect back up to the cloud yes that is purely tls connectivity all the connectivity is initiated from the device going out so there's no option that the cloud can actively connect down to the device the first initiation the session needs to be started off by the device that allows us a couple of things number one it allows us to punch through most of the standard firewalls if you have web access on your firewall the device will just work the second thing is if you don't want to use cp cloud there's no way that cp cloud can force itself onto the device okay there's an option on the device where you can disable it so from from a pure security perspective the connections the sessions are always initiated from the device to the cloud we maintain a permanent session from the device to the cloud we use a message bars to exchange a couple of messages and let's say you want to start the web console or a session to a device then yes first of all we exchange a couple of messages over the message bus and then we use a web proxy as a forwarder what is probably worthwhile noting though is like the web pages everything which happens um all the sessions which are happening from the device from the note grid down to the end device are happening from the note grid from the appliance down to the end device and then they're getting forwarded so the web page gets actually rendered or gets terminated first on the note grid and then forward it so in that sense we're acting like a terminal server and that allows you access to internal web pages for example so even where you have no network access or anything like it you get access to um to your cameras to the to the meraki setup page for example which which are typically web pages or interfaces which you don't even want to expose to any internet traffic typically i wouldn't trust any camera to have internet net access in any shape or form number one i don't trust the software and number two those cameras are probably in your site for the next 10 years and any software which can survive securely without security holds for 10 years i think that still needs to be written so you probably want to separate all of those traffic or the operational traffic into a separate network make sure that they only need access to what they really need to have access to and the rest you can directly uh half from the from the northridge okay so let me see briefly how far we are i think we only have a few minutes left as well yeah and quick question do you have feature parody on both ipv4 and ipv6 across the board yes we do yes excellent thank you yeah unfortunately i wanted to show you a little bit more but i can definitely show you some of the basics at least hang on a second probably send the wrong password yes i did so what you can see right now is the unit is already configured the first device is already up and what you can do now from here is literally access all the devices as i mentioned before so for example for the rack pdu you can just click on its name you get the outlet starters in a couple of minutes that page will fully populate itself you will get the outlet names if they are on the pdu maintained you will see the outlet names you have outlet control from here so you can turn on and off outlets directly from here you can even associate them to end devices for the meraki i mentioned that before if you click on the on the link you will get to the to the troubleshooting page of the meraki which is only accessible from the inside for example you can you have no full visibility to it um so for example if the meraki currently doesn't have internet connectivity you from the notegrit you still can get to it you can troubleshoot it from here um the same is true for the camera or for the for the cisco switch i mean the cisco switch is just just a standard serial connectivity as uh as you probably know uh from from other out of band systems yeah i just wanted to point out the url the top if you guys are looking at it how the traffic actually goes through that access.dpecloud.com through that unique link and you know that's that's essentially how we are bridging um those devices from an out-of-band access in that secure way into this infrastructure yeah um so i realized that we are literally essentially out of time i was hoping to get a little bit um to show you a little bit more um other options what you can do is like doing bare metal deployment often of an edge server by just deploying a couple of docker applications and then essentially do a pixel boot on the server um and and so forth so there are multiple use cases um for the for the unit directly on site and um yeah yeah perfect rene thank thank you for that i think we'll probably you know do a recording of those demos and put them on our website so that uh folks can come back and watch the rest of your valuable demos you
Info
Channel: Tech Field Day
Views: 105
Rating: 0 out of 5
Keywords: Tech Field Day, Gestalt IT
Id: y8W_6etglhU
Channel Id: undefined
Length: 26min 0sec (1560 seconds)
Published: Fri Sep 17 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.