# sdnog workshops sdnog workshops provide hands-on training and technical sessions for network operators in Sudan, focusing on areas like network security, IPv6, routing, DNS , etc. These workshops aim to build local capacity and enhance skills among IT professionals, fostering a stronger internet infrastructure in the region. # Understanding GPON Technology This workshop introduces participants to GPON (Gigabit Passive Optical Network) technology , one of the most widely adopted fiber-optic access solutions used globally by service providers. The session explains how GPON works, its architecture, real-world use cases, and why it has become essential for modern broadband networks. The workshop is designed for network engineers, telecom professionals, and ICT students interested in fiber-optic access networks and next-generation broadband technologies. ##### Delivered by: Louai Modawi [https://www.linkedin.com/in/louaimodawi/](https://www.linkedin.com/in/louaimodawi/) ##### Learning Objectives By the end of this workshop, participants will: \- Understand what GPON is and how it differs from other fiber technologies. \- Learn the main components of GPON architecture: OLT, splitters, and ONT/ONU. \- Explore GPON features such as bandwidth capabilities, long-reach performance, and cost efficiency. \- Learn how GPON supports triple-play services (voice, video, data). \- Discover key deployment models: FTTH, FTTB, FTTC, enterprise networks, smart cities, and backhaul. \- Understand the evolution toward XG-PON and next-generation fiber technologies. ##### Key Topics Covered 1\. Introduction to GPON 2\. GPON Architecture & Components 3\. GPON Capabilities 4\. Real-World Deployment Scenarios 5\. Future of GPON ##### Target Audience \- Network engineers & NOC teams \- ISP & telecom professionals \- University students in ICT and computer engineering \- Anyone interested in fiber-optic and broadband technologies ##### Expected Outcomes Participants will leave with: \- A practical understanding of how GPON networks are designed, deployed, and operated \- Knowledge of different fiber deployment models \- Awareness of GPON’s role in national broadband and smart-city projects \- Insights into future fiber technologies and capacity upgrades ##### Session Recording [https://drive.google.com/file/d/1c5UUNXgA76FGAQJr7P312v5LTD5J\_bWY/view?usp=share\_link](https://drive.google.com/file/d/1c5UUNXgA76FGAQJr7P312v5LTD5J_bWY/view?usp=share_link) # مقترح جلسة لطلبة وخريجي الجامعات بمجال تقنية المعلومات والشبكات **التاريخ:** الأحد 14 ديسمبر **الوقت:** 7:00 مساءً بتوقيت السودان **نوع الجلسة:** غير تقنية **المدة:** 60–90 دقيقة ##### **فكرة الجلسة** تهدف الجلسة إلى مساعدة طلاب وخريجي الجامعة على فهم المجالات الأساسية في **نظم وتقنية المعلومات ، و الشبكات**، وتزويدهم بصورة واضحة عن التخصصات المختلفة، سوق العمل، المهارات المطلوبة، وكيف يبدأ الخريج الجديد طريقه في المجال بشكل صحيح الجلسة غير تقنية، وتركّز على التوجيه، تبسيط المعلومات، وفتح المجال أمام النقاش ##### **فيديو الجلسة المسجل** [https://drive.google.com/file/d/1kfcUHi2T2yEFJnzLH8esqHgTyZuyaOd3/view?usp=share\_link](https://drive.google.com/file/d/1kfcUHi2T2yEFJnzLH8esqHgTyZuyaOd3/view?usp=share_link) ##### **الفئة المستهدفة** طلبة السنوات النهائية الطلبة الخريجون حديثاً أي شخص مهتم بمجال الشبكات وتقنية المعلومات ##### **أهداف الجلسة** توضيح المجالات المختلفة داخل الشبكات وتقنية المعلومات تعريفهم بمتطلبات سوق العمل محلياً وإقليمي توضيح المهارات التي يجب البدء فيها بعد التخرج مباشرة ##### **المحاور المقترحة للجلسة**
**استقبال المشاركين (3–5 دقائق)**ترحيب سريع بالمشاركين تعريف بسيط بعنوان الجلسة وهدفها تذكير بأن الجلسة غير تقنية وتركّز على التوجيه وفتح النقاش
**مقدمة قصيرة عن المجال (5 دقائق)**شرح مبسّط جداً عن مجالات IT ما الذي يجعل هذه التخصصات متنوعة ومهمة تمهيد لما سيأتي في الجلسة
**تقديم الخبراء (5 دقائق)**يُقدَّم كل خبير في نصف دقيقة: الاسم المسار المهني أو التخصص
**مداخلات قصيرة من الخبراء (10–15 دقيقة)**تفصيل اكتر عن المسار المهارات المطلوبة للتخصص في هذا المسار الوظائف المتاحة
**فقرة الأسئلة المفتوحة (Q&A) – الجزء الأساسي (30–40 دقيقة)** أهم فقرة في الجلسة فتح الباب للطلاب لطرح أسئلتهم (مايك – شات) ⁠يوجّه مدير الجلسة الأسئلة للخبير الأنسب الحفاظ على سرعة الإيقاع وعدم الإطالة في الإجابات (1–2 دقيقة لكل إجابة)
**نصائح ختامية من الخبراء** كل خبير يقدم نصيحة واحدة مجهزة مسبقا: مثلاً: كيف يبدأ الطالب؟ أهم مهارة يجب تعلمها؟ خطأ شائع يجب تجنبه؟ **نصائح** أخذ دورة أساسيات وممكن متخصصة بناء سيرة ذاتية بسيط وموفق أهمية تطوير المهارات بالتطبيق العملي بالجهاز الشخصي او اي بيئة تعليمة التطوع أو التدريب او المشاركة في اي فعاليات تساعد في تطوير المهارات التقنية
##### **المسارات المقترحة و المتحدثين**
مسار الشبكاتطارق يس [Profile](https://www.linkedin.com/in/tarig-yassin-ahmed-722b8551/)
مسار أمن المعلومات محمد الحافظ [Profile](https://www.linkedin.com/in/mo-hafez/)
DevOps & Cloud محمد عشاري او احمد حسن [Profile](https://www.linkedin.com/in/mohammed-ibrahim-448905115/)
مسار البرمجة وتطوير التطبيقات محمد عصام[Profile](https://www.linkedin.com/in/hassanien-mohamed/)
System Administration / Linux Admin محمد عشاري او احمد حسن[Profile](https://www.linkedin.com/in/ahmed-soria-8231299a/)
مسار الذكاء الاصطناعي محمد يوسف [Profile](https://www.linkedin.com/in/mrabkoo/)
##### **مراجع مفيدة للاطلاع عليها**
DevOps Skills Roadmap session [معلومات الجلسة](https://docs.sdnog.sd/books/sdnog-workshops/page/devops-skills-roadmap)
Cyber Security Roadmap [معلومات الجلسة](https://docs.sdnog.sd/books/sdnog-workshops/page/cyber-security-roadmap-what-you-need-to-know-and-do)
IT Infrastructure Roadmap [معلومات الجلسة](https://docs.sdnog.sd/books/sdnog-workshops/page/it-infrastructure-roadmap)
##### **ورش اخري مقدمة** [https://docs.sdnog.sd/books/activities-calendar/page/workshops-schedule](https://docs.sdnog.sd/books/activities-calendar/page/workshops-schedule) # Shift-Left AppSec CI/CD Pipeline This introductory workshop provides a practical foundation in Application Security (AppSec) and demonstrates how to integrate security early in the software development lifecycle using a shift-left approach. Designed for beginners, the session covers essential terminology, key concepts in DevSecOps, and enforcement methods that help maintain secure and high-quality code. The workshop concludes with a hands-on demo of an AppSec-enabled CI/CD pipeline. ##### Instructor Omar Aladdin [https://www.linkedin.com/in/omar-aladdin/](https://www.linkedin.com/in/omar-aladdin/) ##### What You Will Learn \- Types of Application Security Assessments \- Terminologies of AppSec \- What is DevSecOps \- Enforcement Techniques in DevSecOps (Quality Gates) \- Challenges of DevSecOps \- Hands-On Demo - a Shift-Left AppSec CI/CD Pipeline ##### Who Should Attend Developers, DevOps engineers, junior security engineers, and anyone new to AppSec or DevSecOps who wants a practical introduction to securing applications early in the development lifecycle. ##### Outcome Participants will leave with a solid understanding of basic AppSec concepts, how DevSecOps improves security, and how to implement a simple shift-left AppSec pipeline. ##### Session Recording [https://drive.google.com/file/d/1dT1aeX-jQZwM0ZBnHft8xYkZfD1JRMqL/view?usp=share\_link](https://drive.google.com/file/d/1dT1aeX-jQZwM0ZBnHft8xYkZfD1JRMqL/view?usp=share_link) # Master IPv6 Subnetting and Address Planning This hands-on workshop is designed to give network engineers a solid and practical understanding of IPv6 subnetting, address planning, and deployment strategies. Participants will learn how to design scalable IPv6 address plans, allocate subnets efficiently, and avoid common mistakes seen in real-world networks. ##### Instructor Bashir Mudeheri [https://www.linkedin.com/in/bashir-mudeheri/](https://www.linkedin.com/in/bashir-mudeheri/) ##### What You Will Learn - Introduction to IPv6 Addressing Understanding IPv6 structure, notation, address types, and how IPv6 differs from IPv4. - IPv6 Subnetting Fundamentals How to create and calculate IPv6 subnets, choose the right prefix sizes, and design hierarchical subnet plans. - Best Practices for Address Planning Techniques for building clean, scalable, and future-proof IPv6 addressing schemes for enterprises, ISPs, and data centers. - IPv6 Deployment Considerations Operational tips, common pitfalls, and practical guidance for integrating IPv6 into existing networks. - Hands-On Exercises Real calculation tasks, subnetting drills, and designing an address plan for a sample network. ##### Who Should Attend Network engineers, system administrators, and technical professionals who want to strengthen their IPv6 knowledge and prepare for real operational deployment. ##### Outcome By the end of this workshop, participants will be able to confidently design IPv6 address plans, perform accurate subnetting, and apply best practices to their organization’s IPv6 rollout. ##### Session recording [https://drive.google.com/file/d/1WWAm4dnsRmsl58oMH1sBLZxrVmOum4Bs/view?usp=share\_link](https://drive.google.com/file/d/1WWAm4dnsRmsl58oMH1sBLZxrVmOum4Bs/view?usp=share_link) # Kubernetes Introduction: Hands-on This hands-on session introduces participants to Kubernetes, the industry-standard platform for deploying, scaling, and managing containerized applications. The workshop focuses on core concepts, architecture, and practical deployment methods suitable for engineers working with both on-premises and cloud-based environments. ##### Instructors Mohammed Ibrahim Oshari [https://www.linkedin.com/in/mohammed-ibrahim-448905115/](https://www.linkedin.com/in/mohammed-ibrahim-448905115/) Omar Aladdin alhaj Ahmad [https://www.linkedin.com/in/omar-aladdin/](https://www.linkedin.com/in/omar-aladdin/) ##### Level: Basic to Intermediate — open to anyone interested in Kubernetes. ##### Topics Covered \- What is Kubernetes? An introduction to container orchestration, Kubernetes use cases, and why it has become essential for modern infrastructure management. \- Core Components of Kubernetes (k8s) Understanding the architecture: - Nodes - Pods - Deployments - Services - etcd - Control Plane components (API server, scheduler, controller manager) - Add-ons and networking basics \- On-Premises vs Cloud Kubernetes Comparison of running Kubernetes clusters on your own infrastructure versus managed services: - Operational complexity - Cost considerations - Scalability and availability - Popular cloud offerings (EKS, GKE, AKS) \- Deployment Methods A practical look at how to deploy Kubernetes clusters: - Minikube / kind (local) - kubeadm - Managed cloud clusters - GitOps-based deployment workflows - Basic application deployment on k8s during the hands-on lab ##### Session Recording [https://drive.google.com/file/d/147iQN6c-dFs2zzTX0eVdb5cR2KWjOrNs/view?usp=share\_link](https://drive.google.com/file/d/147iQN6c-dFs2zzTX0eVdb5cR2KWjOrNs/view?usp=share_link) ##### Slides [https://drive.google.com/file/d/19M8KTjn3KuDwgdmWTCg9uy3Cw7HwMiMI/view?usp=share\_link](https://drive.google.com/file/d/19M8KTjn3KuDwgdmWTCg9uy3Cw7HwMiMI/view?usp=share_link) # Navigating the LLM Landscape: A Practical Implementation Guide for Engineers Join us for a focused, engineer-friendly deep-dive into modern Large Language Models (LLMs) and their practical applications in network engineering, operations, and automation. This weekly workshop series is designed to give participants hands-on knowledge, real deployment insights, and actionable skills. ##### Instructor Mohammed Bakheet [https://www.linkedin.com/in/mrabkoo/](https://www.linkedin.com/in/mrabkoo/) ##### Who Should Join? Network engineers, cloud engineers, systems operators, students in ICT, and anyone interested in practical AI applications in technical operations. ##### Workshop Topics 1\. Prompt Engineering Learn how to craft effective prompts to get accurate, reliable, and context-aware outputs from LLMs. We cover: - Prompt structure and templates - System vs. user instructions - Prompt optimization techniques - Avoiding hallucinations 2\. RAG (Retrieval-Augmented Generation) Pipelines Understand how to integrate your own data sources with LLMs to deliver accurate and domain-specific responses. We cover: - Vector embeddings - Knowledge bases - Architecture patterns for production RAG 3\. Fine-tuning LLMs Dive into customizing LLMs for your environment, dataset, or operational workflows. We cover: - Types of fine-tuning (SFT, LoRA, QLoRA) - Data preparation - Training workflows - Evaluating and validating tuned models 4\. AI Agents Explore how AI agents can automate tasks, perform reasoning, and integrate with systems and APIs. We cover: - Multi-step task execution - Tool calling - Agent architectures - Practical use cases for NOGs and ISPs ##### Why Attend? - Hands-on, practical focus - Real examples from engineering and operations - Learn how to deploy and use LLMs effectively in your environment - Open discussion, demos, and shared learning with the sdnog community ##### Session's record [https://drive.google.com/file/d/1\_FUkQgAddEermA45m-1FYyx8tNQi6Itx/view?usp=share\_link](https://drive.google.com/file/d/1_FUkQgAddEermA45m-1FYyx8tNQi6Itx/view?usp=share_link) # Optics 101 for Non-Optical (IP) Folks ##### Overview Many IP engineers (myself included) still view transceivers as simple devices that convert electrical signals to optical signals and back again. In this session, we’ll dive deeper to uncover what’s really happening inside exploring the evolution from basic optical modules to today’s advanced coherent pluggables. We’ll recap key optical fundamentals relevant to IP professionals, discuss recent advances in coherent pluggable optics, and examine the industry’s growing move toward IP over DWDM (IPoDWDM). By the end of this workshop, you’ll understand how these innovations are simplifying and consolidating traditional multi-layer optical and IP networks into a single-layer IPoDWDM packet optical transport architecture — making networks more efficient, flexible, and scalable. ##### Instructor Tashi Phuntsho [https://www.linkedin.com/in/tashiphuntsho/](https://www.linkedin.com/in/tashiphuntsho/) ##### Key Takeaways - Refresh core optical networking concepts for IP engineers - Understand coherent pluggable optics and their role in modern networks - Explore the shift to IPoDWDM and what it means for network design - Learn how to simplify and unify IP and optical layers ##### Who Should Attend - IP and transport network engineers - NOC and infrastructure teams managing optical/IP layers - Network architects and planners - Students and early-career professionals interested in optical networking - Anyone curious about how light and packets work together in modern networks ##### Session's record [https://drive.google.com/file/d/16pOQ2wz9KrvSQ2NVWmkBgZqIgM\_UeRrA/view?usp=share\_link](https://drive.google.com/file/d/16pOQ2wz9KrvSQ2NVWmkBgZqIgM_UeRrA/view?usp=share_link) ##### About Tashi Tashi has been working in the Internet industry since 2004 and is currently an Evangelist Optician and APAC Lead for FLEXOPTIX. He comes with hands-on experience across Telecommunications and IP networks, having worked as a Transmission Engineer, IP Engineer and IP Network Lead for Bhutan Telecom. With his knowledge of "how not to do things", Tashi worked as a Senior Network Analyst and Training Delivery Manager at APNIC until 2022. Outside of his day job with FLEXOPTIX, Tashi also assists with NSRC workshops, especially at NOGs and other Direct Engineering Assistance engagements in the APAC region. Tashi volunteers as PC Chair for South Asia NOG and Bhutan NOG (founding member), while continuing to help as a PC member for APRICOT, India NOG, and Mongolia NOG (founding member). # Managing the Infrastructure Chaos (IaC) In today’s fast-moving IT world, managing infrastructure manually can quickly become messy and error-prone. This session introduces Infrastructure as Code (IaC) — a modern approach to automate, organize, and scale your infrastructure efficiently. You’ll learn the mindset, tools, and best practices that help turn chaos into clarity. ##### Instructor Mohammed Almustafa Balila [https://www.linkedin.com/in/mohammedbalila/](https://www.linkedin.com/in/mohammedbalila/) ##### Level: Basic to Intermediate — open to anyone interested in automation, DevOps, or cloud technologies. ##### Session Type: Instructor-led + discussion and demo session. ##### Workshop Outline: - Cloud-Native IaC Mindset Understand the principles behind IaC and how it simplifies managing infrastructure. - IaC Tooling Landscape Explore key tools like Terraform, Ansible, and CloudFormation — and when to use each. - IaC Workflow Overview Learn the typical workflow: plan, write, test, and deploy infrastructure code. - Version Control Best Practices Discover how version control keeps infrastructure changes safe, trackable, and collaborative. ##### Recording: [https://drive.google.com/file/d/1X6EWxZpW77hc60U3G9PLOgkViiIY8qUR/view?usp=share\_link](https://drive.google.com/file/d/1X6EWxZpW77hc60U3G9PLOgkViiIY8qUR/view?usp=share_link) ##### Slides: [https://drive.google.com/file/d/1frYDZxsHTj\_OYXbUGWk7Y-IhgiYd6MUE/view?usp=share\_link](https://drive.google.com/file/d/1frYDZxsHTj_OYXbUGWk7Y-IhgiYd6MUE/view?usp=share_link) # From Code to Cloud: Building a DevOps Pipeline Step by Step In this hands-on workshop, we’ll explore how to take an application from your laptop all the way to the cloud using modern DevOps practices and tools. Participants will learn how to build a complete CI/CD pipeline that automates testing, deployment, and monitoring — helping make software delivery faster, more consistent, and reliable. Through guided demonstrations and real examples, you’ll see how tools like Jenkins, Docker, Terraform, Prometheus, and Grafana fit together in a modern DevOps environment. ##### Led by : Samir Abdullatif [https://www.linkedin.com/in/samirsomer/](https://www.linkedin.com/in/samirsomer/) ##### Workshop Level: Intermediate — open to anyone interested in DevOps, cloud computing, or modern software delivery practices. ##### Recommended Requirement: Basic knowledge of **Docker** is preferred, as we’ll use it throughout the session to containerize and deploy applications. ##### Agenda: - Introduction to DevOps concepts and workflows - Building CI/CD pipelines with Jenkins - Containerization using Docker - Automating infrastructure with Terraform - Monitoring with Prometheus and Grafana - Connecting all tools for a full end-to-end workflow ##### Objectives**:** By the end of this session, participants will be able to: - Understand how different DevOps tools integrate to streamline software delivery - Build a simple CI/CD pipeline from scratch - Automate deployments and infrastructure management - Set up basic monitoring for deployed applications ##### Session's Record [https://drive.google.com/file/d/1IeNuT498hGfyeIbR3TlDDkY-FQVPZkJ9/view?usp=share\_link](https://drive.google.com/file/d/1IeNuT498hGfyeIbR3TlDDkY-FQVPZkJ9/view?usp=share_link) # Banking on Innovation: FinTech in Fragile vs. Flourishing Markets This session takes a look at how innovation in financial technology (FinTech) evolves under two very different realities: fragile markets affected by instability, and flourishing markets driven by steady growth and regulation. Drawing from Sudan’s digital financial landscape before the conflict, the workshop highlights how crisis conditions can accelerate creative problem-solving and drive the adoption of consumer-centric FinTech models. ##### Session led by Mohamed Essam [https://www.linkedin.com/in/hassanien-mohamed/](https://www.linkedin.com/in/hassanien-mohamed/) ##### Target Audience Developers, QA engineers, FinTech professionals, and anyone curious about how technology can empower financial ecosystems in challenging environments ##### Outlines - Understanding Sudan’s Digital Financial Landscape Before the Conflict - Navigating the Shift to Consumer-Centric FinTech - Crisis to Opportunity: Applying FinTech Lessons from Conflict - Open discussion ##### Session's Record [https://drive.google.com/file/d/1maMWitif20x2Cjnz2vq7HOt0LeYtT4cX/view?usp=share\_link](https://drive.google.com/file/d/1maMWitif20x2Cjnz2vq7HOt0LeYtT4cX/view?usp=share_link) # Different Paths in Mobile Development Mobile development continues to evolve, offering developers many ways to build a successful career — from freelancing and app monetization to full-time jobs in regional and global markets. This workshop will highlight different paths and opportunities in mobile development, how to choose the right one for you, and the skills needed to grow in the field. ##### Workshop Level Beginner to Intermediate An open and free discussion session ! everyone interested in mobile development is welcome to join! ##### Instructor [](https://www.linkedin.com/in/musabagab/overlay/about-this-profile/) Musab Nasreldin [https://www.linkedin.com/in/musabagab/](https://www.linkedin.com/in/musabagab/) Ayman Barakat [https://www.linkedin.com/in/0x4ym4n/](https://www.linkedin.com/in/0x4ym4n/)
##### Agenda 1\. Freelancing as a Mobile Developer - Choosing the right tech stack (Android, iOS, Flutter, React Native) - Freelance platforms and local client opportunities - Managing projects and building a strong profile 2\. App Monetization - Different revenue models: ads, in-app purchases, subscriptions - Best practices for generating sustainable income - Case studies and real-life examples 3\. The Impact of AI on the Freelance Market - How AI tools are changing the way developers work - New opportunities and challenges for freelancers 4\. Full-Time Jobs and the Global Market - What skills companies in the Gulf and worldwide are looking for - Career development tips and interview preparation - Building a professional portfolio and online presence ##### Session Record [https://drive.google.com/file/d/1-WKFd1358IF2zKWOhVhrb\_kluAR4nMaO/view?usp=share\_link](https://drive.google.com/file/d/1-WKFd1358IF2zKWOhVhrb_kluAR4nMaO/view?usp=share_link) ##### References have been mentioned on the session : - [https://www.youtube.com/@freecodecamp](https://www.youtube.com/@freecodecamp) - [https://owasp.org/www-project-mobile-app-security/](https://owasp.org/www-project-mobile-app-security/) - [https://sweep.dev/](https://sweep.dev/) - [https://www.augmentcode.com/](https://www.augmentcode.com/) - [https://firebender.com/](https://firebender.com/) - [https://www.giac.org/certifications/mobile-device-security-analyst-gmob/](https://www.giac.org/certifications/mobile-device-security-analyst-gmob/) - [https://github.com/payatu/diva-android](https://github.com/payatu/diva-android) - [https://www.revenuecat.com/state-of-subscription-apps-2025/](https://www.revenuecat.com/state-of-subscription-apps-2025/) - [https://adapty.io/state-of-in-app-subscriptions/](https://adapty.io/state-of-in-app-subscriptions/) - [https://roadmap.sh/](https://roadmap.sh/) - [https://androidweekly.net/](https://androidweekly.net/) # about Cloud Architecture Cloud architecture is the backbone of modern IT systems, enabling scalable, flexible, and cost-effective solutions for businesses, developers, and individuals. This workshop will provide an overview of the core building blocks of cloud environments, focusing on practical concepts and services that participants can apply in their own projects. ##### Workshop Level: Basic + Intermediate (Open and free for anyone interested in learning) ##### Instructor Abdelrahman Mohamed [https://www.linkedin.com/in/abdelrahman-mohamed-9b0487210/](https://www.linkedin.com/in/abdelrahman-mohamed-9b0487210/) ##### Agenda - Introduction Overview of cloud concepts and the role of cloud architecture in today’s digital world. - Resources and Access Management Identity, permissions, and policies for secure and efficient resource management. - Compute and Storage Options Understanding virtual machines, containers, object storage, and block storage. - Network Services How networking in the cloud works, including load balancers, VPCs, and security groups. - References Useful learning materials, documentation, and resources to continue your cloud journey. ##### Objectives By the end of the workshop, participants will be able to: - Understand the fundamental components of cloud architecture. - Compare different compute and storage options for their needs. - Identify where to find reliable references for deeper learning and get certified. ##### Slides [https://drive.google.com/file/d/19G41OmC7Z2z3qrzfTQJ9ZT0HCgaF3JsI/view?usp=share\_link](https://drive.google.com/file/d/19G41OmC7Z2z3qrzfTQJ9ZT0HCgaF3JsI/view?usp=share_link) ##### References AWS Certified Solutions Architect [https://drive.google.com/file/d/1Ery9v06NK9PkKFIac9Vsw98zFveXlR9e/view?usp=share\_link](https://drive.google.com/file/d/1Ery9v06NK9PkKFIac9Vsw98zFveXlR9e/view?usp=share_link) Official Google Cloud certified Professional Cloud architect [https://drive.google.com/file/d/1KyE8PBEQ2aC8g2mzRZ6D\_CbNOzPigeZ3/view?usp=sharing](https://drive.google.com/file/d/1KyE8PBEQ2aC8g2mzRZ6D_CbNOzPigeZ3/view?usp=sharing) ##### Recording [https://drive.google.com/file/d/1ERNtSyOb30qJjY7qg18xr5TqkPugAwMp/view?usp=share\_link](https://drive.google.com/file/d/1ERNtSyOb30qJjY7qg18xr5TqkPugAwMp/view?usp=share_link) ##### Links - [https://cloud.google.com/innovators/getcertified?hl=en](https://cloud.google.com/innovators/getcertified?hl=en) - [https://docs.aws.amazon.com/](https://docs.aws.amazon.com/) - [https://cloud.google.com/docs](https://cloud.google.com/docs) - [https://discuss.google.dev/](https://discuss.google.dev/) - [https://www.examtopics.com/](https://www.examtopics.com/) - [https://learn.microsoft.com/en-us/azure/?product=popular](https://learn.microsoft.com/en-us/azure/?product=popular) # The Missing Layer: Network Know-How & NetSec from the App’s Point of View Applications don’t run in isolation, they rely on the network to function securely and efficiently. This workshop bridges the gap between application understanding and network fundamentals, giving participants the skills to see networking and security from an application’s perspective. ##### Instructor Mohamed Omer Eljack [https://www.linkedin.com/in/omer-eljack/ ](https://www.linkedin.com/in/omer-eljack/) ##### Level Beginner to Intermediate. Open to all. ##### Format Interactive discussion with practical examples and troubleshooting demos. ##### Topics to be Covered: - Key Networking Concepts Understand the essentials of how networks operate and why they matter for application performance and security. - OSI Layers & Addressing Explore the OSI model, IP addressing, and how these layers impact application delivery. - App & Network-Based Scenarios Dive into real-world cases showing how applications interact with networks — and where things can go wrong. - Troubleshooting Learn how to spot, analyze, and resolve issues where the application and network layers meet. ##### Who Should Attend: - Developers and sysadmins who want to strengthen their networking and security knowledge. - Early-career professionals looking to connect application performance with network behavior. - Anyone curious about the “missing layer” between apps and networks. ##### Session Record [https://drive.google.com/file/d/106WnD9V7T1BAvXwBPkGYRfzcgO5c50TY/view?usp=share\_link](https://drive.google.com/file/d/106WnD9V7T1BAvXwBPkGYRfzcgO5c50TY/view?usp=share_link) # Automation with Ansible Automation is transforming the way we manage IT systems and networks. Instead of doing repetitive tasks manually, automation allows us to save time, reduce human errors, and ensure consistency across our environments. In this workshop, we will explore the fundamentals of automation, learn about popular tools, and dive into Ansible a simple, yet powerful automation engine. ##### Level Beginner to Intermediate Open and free session , anyone interested in learning is welcome! ##### Instructor Sander Steffann [https://www.linkedin.com/in/sandersteffann/](https://www.linkedin.com/in/sandersteffann/) ##### Agenda Automation in general • Benefits of automation • What to automate? • What not (yet) to automate? • Available automation tools Working with Ansible • What is Ansible? • Installing Ansible • How Ansible Works and its Key Components • Using the Ad-Hoc ansible command Ansible playbooks • YAML syntax • Creating an inventory • Playbook Basics • Available Ansible modules • Organising playbooks into roles ##### Objectives By the end of this workshop, participants will be able to: - Understand the role and benefits of automation in IT operations - Set up and use Ansible for basic automation tasks - Write and run simple Ansible playbooks - Structure automation workflows using roles and modules ##### Slides [https://ripe90.ripe.net/wp-content/uploads/presentations/60-2025-05-12-RIPE-90-Ansible-101.pdf](https://ripe90.ripe.net/wp-content/uploads/presentations/60-2025-05-12-RIPE-90-Ansible-101.pdf) ##### Session's record [https://drive.google.com/file/d/1EzVqjimo5yDTn8rlJ0Ks-nCrNHxCjAqv/view?usp=share\_link](https://drive.google.com/file/d/1EzVqjimo5yDTn8rlJ0Ks-nCrNHxCjAqv/view?usp=share_link) # DNS & DNSSEC
 operational best practices #### Sleep better at night with KINDNS in your network! In this workshop, we will cover the basics of DNS operations, explore the importance of DNSSEC for authentication and integrity, and introduce KINDNS — a practical framework that provides clear guidelines and self-assessment tools to help operators follow best practices. Together, these topics will give participants a roadmap for running DNS services more securely and reliably. ##### Workshop Level Intermediate Open and free for anyone interested in learning. ##### Instructor Philip Paeps > Trouble :-) [https://trouble.is/who/](https://trouble.is/who/) ##### Workshop Outline / Topics: - Core Guidelines (for everyone) - ACLs: How to restrict traffic to DNS servers - DNSSEC Validation: It’s easy – turn it on already! - Enabling DNSSEC - KINDNS Self-Assessment - Best Practices and Hands-On ##### Workshop Objectives By the end of this workshop, participants will: - Understand the importance of securing DNS operations. - Learn how to apply simple but effective access control to DNS servers. - Enable and test DNSSEC validation in their environments. - Perform a KINDNS self-assessment to measure their operational health. - Explore best practices through real-world examples and hands-on demonstrations. ##### Target Audience - Network engineers - System administrators - Students and newcomers interested in DNS security - Anyone running or planning to run DNS infrastructure ##### Slides and Materials - Slides: [https://docs.google.com/presentation/d/1Sm6HtkCz1SONqyt5su4WCP59fsavORhl/edit?usp=share\_link&ouid=115115255437803652362&rtpof=true&sd=true](https://docs.google.com/presentation/d/1Sm6HtkCz1SONqyt5su4WCP59fsavORhl/edit?usp=share_link&ouid=115115255437803652362&rtpof=true&sd=true) - Hands-on: [https://drive.google.com/file/d/1-5ZgJmLRu8wFQvf9ULaw3mlV6C1MgdMl/view?usp=share\_link](https://drive.google.com/file/d/1-5ZgJmLRu8wFQvf9ULaw3mlV6C1MgdMl/view?usp=share_link) ##### Session's record [https://drive.google.com/file/d/1P\_PehD939T5D53DELvrVr0HfDNJ7vbo0/view?usp=share\_link](https://drive.google.com/file/d/1P_PehD939T5D53DELvrVr0HfDNJ7vbo0/view?usp=share_link) # Getting Started with AI: Tools, Skills, and Pathways for Newbies Artificial Intelligence (AI) is now part of our daily lives ; in school, work, and beyond. This workshop is for students, new graduates, and anyone curious to learn what AI is, which tools to use, and how to start building skills step by step. ##### Workshop Level Basic /Intermediate. This is an open and free session for anyone interested in learning. All are welcome! ##### Trainer Adebowale Aduloju [https://www.linkedin.com/in/adebowaleaduloju/](https://www.linkedin.com/in/adebowaleaduloju/) ##### Outline: - What AI is today (and what it cannot do yet) - Useful AI tools for students and beginners (ChatGPT, Claude, Canva AI, etc.) - How to build AI knowledge and skills - Jobs and career opportunities with AI - A simple 90-day action plan to get started ##### Objectives By the end of this session, you will: - Understand what AI can and cannot do - Know which tools to use for studying and work - See different ways to learn AI (technical and non-technical) - Learn how AI is used in different industries - Have a clear plan for the first 90 days of learning AI ##### Who Should Join - Students who want to use AI in their studies - Fresh graduates starting their careers - Young professionals who want to add AI to their skills - Anyone who wants to start learning AI but does not know where to begin ##### Slides [https://gamma.app/docs/Getting-Started-with-AI-Tools-Skills-and-Pathways-for-Newbies-ehfv2t9ybkzx2fm](https://gamma.app/docs/Getting-Started-with-AI-Tools-Skills-and-Pathways-for-Newbies-ehfv2t9ybkzx2fm) ##### Session's record [https://drive.google.com/file/d/1AAG5Fnf7owZ\_FdQuUal0yYPhqQt6AvJ\_/view?usp=share\_link](https://drive.google.com/file/d/1AAG5Fnf7owZ_FdQuUal0yYPhqQt6AvJ_/view?usp=share_link) # Proxmox Virtual Environment (PVE) ##### Overview This workshop will take participants through real-world lessons learned from deploying and managing Proxmox Virtual Environment (PVE) and Proxmox Backup Server (PBS). From core principles to practical deployment scenarios, we’ll cover the truths every sysadmin should know, common pitfalls, and strategies for building reliable, secure, and scalable infrastructure. ##### Workshop Level Intermediate to Advanced Designed for sysadmins, network engineers, and IT professionals who want practical insights into deploying and running PVE/PBS in production. [![PVE.jpg](https://docs.sdnog.sd/uploads/images/gallery/2025-08/scaled-1680-/pve.jpg)](https://docs.sdnog.sd/uploads/images/gallery/2025-08/pve.jpg) ##### Trainer Hendrik Visage [https://www.linkedin.com/in/hendrik-visage/](https://www.linkedin.com/in/hendrik-visage/) ##### Learning Objectives By the end of the workshop, participants will: - Understand key principles of system administration (truths & best practices). - Learn what PVE & PBS are, and how they fit into modern IT infrastructure. - Compare LXC/containers vs QEMU/VMs and when each is appropriate. - Explore ZFS (strengths, weaknesses, and gotchas) and discuss CEPH. - Review deployment examples with SSDs, HDDs, and NVMes. - Understand PVE networking models (Linux Bridge vs OpenVSwitch, MCLAG, L3 networking). - Learn about IPv6 adoption challenges with PVE/PBS. - Gain practical tips on backup strategy, offsite storage, and firewalling. ##### Agenda 1. **Introduction: The Sysadmin Truths** - General truths (what applies globally vs locally). - RFC1925 – truths to remember. - Hendrik’s Rule of Computers: Backups, backups, and checking backups. 2. **Proxmox VE & PBS – What & Why** - Overview of PVE & PBS features. - Containers vs Virtual Machines: LXC vs QEMU. - ZFS: the Good, the Bad, and the Ugly. - CEPH? When to consider distributed storage. 3. **Deployment Insights** - Real-world deployment experiences (SSD, HDD, NVMe combinations). - Still using HDDs + NVMEs effectively. - PBS storage considerations (SSD vs HDD, offsite backup strategies). - ZFS warnings and performance tips. 4. **Networking in PVE** - Linux Bridge vs OpenVSwitch. - MCLAG, bonding, and L3 networking – choosing the right setup. - SDN integration. - IPv6 support: what works, what doesn’t. - Security: firewalling everything, example architectures. 5. **Q&A and Open Discussion** ##### Slides [https://drive.google.com/file/d/19bk7Hl27lbt7\_iJx7wOXjS\_spIKKwu\_Y/view?usp=share\_link](https://drive.google.com/file/d/19bk7Hl27lbt7_iJx7wOXjS_spIKKwu_Y/view?usp=share_link) ##### Session's record [https://drive.google.com/file/d/1gWS-xeqLVtPqNM5j0WEy\_PYK18Pvkui2/view?usp=share\_link](https://drive.google.com/file/d/1gWS-xeqLVtPqNM5j0WEy_PYK18Pvkui2/view?usp=share_link) ##### interesting reading/watching - [https://postgresconf.org/conferences/SouthAfrica2018/program/proposals/using-zfs-on-linux-with-postgresql](https://postgresconf.org/conferences/SouthAfrica2018/program/proposals/using-zfs-on-linux-with-postgresql) - [https://www.youtube.com/watch?v=o3iCXk7d0Ss](https://www.youtube.com/watch?v=o3iCXk7d0Ss) - [https://archive.org/details/lcza18-ZFS\_on\_Linux\_and\_inside\_VMs](https://archive.org/details/lcza18-ZFS_on_Linux_and_inside_VMs) # IPv6 101: Basics & Fundamentals ##### Overview: This introductory workshop is designed to demystify IPv6 and help participants understand why it is the foundation of the Internet’s future. We will walk through the basics of IPv6, highlight its key differences from IPv4, and show how it enables the continued growth of the Internet. Whether you’re a student, a network engineer, or just curious about Internet technologies, this session will give you the knowledge to get started. ##### Instructor Saleh Shihabeldin Mahmoud [https://www.linkedin.com/in/saleh-shihabeldin-mahmoud-abdelhameed-b9451b189/](https://www.linkedin.com/in/saleh-shihabeldin-mahmoud-abdelhameed-b9451b189/) ##### Level Discussion Workshop, Open to everyone! No prior experience required. Whether you’re just starting out or already have knoweldge, you’re welcome to join, share your knowledge, and learn from others. ##### Language Arabic ##### Topics Covered - Why IPv6? Understanding the limitations of IPv4 and the need for IPv6 - IPv6 address structure and representation - Types of IPv6 addresses - IPv6 configuration basics - Introduction to IPv6 routing - Transition mechanisms - Real-world applications and adoption status - How to get IPv6 certified - Q&A and open discussion ##### Materials Slides here : [https://drive.google.com/file/d/1lQZR4Ex2qYdQ3zivAQi5uNPHRUj6eUtK/view?usp=share\_link](https://drive.google.com/file/d/1lQZR4Ex2qYdQ3zivAQi5uNPHRUj6eUtK/view?usp=share_link) ##### Session's record [https://drive.google.com/file/d/1gYH6hiHkZa7skkDYA9uariokVWRx3iYl/view?usp=share\_link](https://drive.google.com/file/d/1gYH6hiHkZa7skkDYA9uariokVWRx3iYl/view?usp=share_link) # IT Infrastructure Roadmap The IT Infrastructure Roadmap workshop is designed to guide participants through the essential building blocks of IT infrastructure, from foundational concepts to advanced practices. This session provides a comprehensive view of the technologies, platforms, and skills needed to build a solid career in IT infrastructure. ##### Instructor Sufyan Abdalkarim [https://www.linkedin.com/in/sufyan-abd-el-kareem](https://www.linkedin.com/in/sufyan-abd-el-kareem) ##### Level Discussion Workshop – Open to everyone! No prior experience required. Whether you’re just starting out or already working in IT, you’re welcome to join, share your knowledge, and learn from others. ##### Language Arabic ##### Topics Covered - Overview of IT Infrastructure - Compute, Networking, Storage - Foundational Knowledge for IT Infrastructure - Key Vendors and Their Offerings - Certifications and Hands-On Experience - Cloud Computing Essentials - Windows and Linux Servers - Virtualization Platforms - Advanced Topics: Monitoring, Security, DevOps, Databases, Web & App Development - Q&A ##### Learning Outcomes By the end of this workshop, participants will: - Understand the building blocks of IT infrastructure. - Gain awareness of major vendors and their certifications. - Be equipped with a roadmap for advancing in the IT infrastructure field. - Learn how cloud, security, and DevOps fit into modern infrastructure. ##### Zoom Link [https://us06web.zoom.us/j/86772045603?pwd=mhaC1C4bWiRjLc3zs42qKAQhnKuSi3.1](https://us06web.zoom.us/j/86772045603?pwd=mhaC1C4bWiRjLc3zs42qKAQhnKuSi3.1) ##### Materials - RHCSA roadshow: [https://xmind.ai/share/Ll0UiqtN?xid=KT34nYY6](https://xmind.ai/share/Ll0UiqtN?xid=KT34nYY6) - IT Skills roadshow: [https://xmind.ai/share/K6eG68vp?xid=o2GY1fpS](https://xmind.ai/share/K6eG68vp?xid=o2GY1fpS) - IT Skills: [https://drive.google.com/file/d/1BschRH4AlQV0byNhkoJpH-FCAxc8wuD1/view?usp=share\_link](https://drive.google.com/file/d/1BschRH4AlQV0byNhkoJpH-FCAxc8wuD1/view?usp=share_link) - IT Infrastructure Roadmap [https://drive.google.com/file/d/1PAphHcJ911uFZkdz9xYVjn3IIvVpGZ2x/view?usp=share\_link](https://drive.google.com/file/d/1PAphHcJ911uFZkdz9xYVjn3IIvVpGZ2x/view?usp=share_link) ##### Books : CompTIA.Network+ [https://drive.google.com/file/d/1WAnSn5K8OklAMTkTKv9pz8tt39S4PrhN/view?usp=share\_link](https://drive.google.com/file/d/1WAnSn5K8OklAMTkTKv9pz8tt39S4PrhN/view?usp=share_link) CompTIAExamCram2-Server-Plus [https://drive.google.com/file/d/1yYhL6PSjXLKFbowN1WC968ekburMD5ri/view?usp=share\_link](https://drive.google.com/file/d/1yYhL6PSjXLKFbowN1WC968ekburMD5ri/view?usp=share_link) Data.Storage.Networking-Real.World.Skills [https://drive.google.com/file/d/1si16o1l5S-e-qCJ7y1oDRezj-EDeuwEO/view?usp=share\_link](https://drive.google.com/file/d/1si16o1l5S-e-qCJ7y1oDRezj-EDeuwEO/view?usp=share_link) ##### Session's record [https://drive.google.com/file/d/1iHI8nbEc7x1SZ5vHuG8ph7riVCL6vmNd/view?usp=share\_link](https://drive.google.com/file/d/1iHI8nbEc7x1SZ5vHuG8ph7riVCL6vmNd/view?usp=share_link) # Cyber Security Roadmap: What You Need to Know and Do This session will introduce you to the core principles of cybersecurity, helping you understand common threats and how to build better digital safety habits. also The session will guide you on how to start your career in the field, what you need to learn, and what to focus on. The trainer will share his personal journey and practical tips that may help you along the way. ##### Workshop Level Awareness and Discussion ##### Instructor - Ashraf Salah [https://www.linkedin.com/in/ashrafsalahibra/](https://www.linkedin.com/in/ashrafsalahibra/) ##### Language Arabic + English ##### Date & Time - Date : Saturday 9 August 2025 - Time: 11:00 UTC ( 13:00 Sudan Time) ##### We will cover: - What cybersecurity is and why it’s essential - Key Terms & Concepts - How to recognize threats like phishing, malware, and social engineering - Best practices for staying secure online - What are the Skills you need to know : - Networking Fundamentals - OSI / TCP/IP Model - Core Protocols - Operating Systems - Programming & Scripting Basics - An overview of well-known cybersecurity certifications you can pursue to deepen your knowledge This session is friendly for all experience levels, perfect for anyone looking to become more security-aware. Who Should Attend: - Students and early-career professionals - NGO or business staff with digital responsibilities - Anyone interested in online safety and cybersecurity awareness ##### Session's record [https://drive.google.com/file/d/1Vx\_ZvaEFcPAag0ptTPyremDzN5DGP4\_U/view?usp=share\_link](https://drive.google.com/file/d/1Vx_ZvaEFcPAag0ptTPyremDzN5DGP4_U/view?usp=share_link) ##### Reference Cisco Certified Support Technician (CCST) Cybersecurity 100-160 Official Cert Guide [https://drive.google.com/file/d/1AczATVZh9dIfyaSp-XmDSGzffhJPsh7R/view?usp=share\_link](https://drive.google.com/file/d/1AczATVZh9dIfyaSp-XmDSGzffhJPsh7R/view?usp=share_link) دورات الأمن السيبراني بالعربية [https://netriders.academy](https://netriders.academy) قناة تكناوي دوت نيت [https://www.youtube.com/@technawidotco](https://www.youtube.com/@technawidotcom) # DevOps Skills Roadmap This workshop offers a **beginner-friendly** introduction to the essential skills required for anyone interested in DevOps. Whether you're a student, aspiring DevOps engineer, or just exploring the field, this session will help you understand the path to becoming skilled in DevOps. ##### Instructor Omar Elhaj [http](https://www.linkedin.com/in/omar-aladdin/)[s://www.linkedin.com/in/omar-aladdin/ ](https://www.linkedin.com/in/omar-aladdin/) ##### Trainers - Mohamed Oshari - Ahmed Soria ##### Level Discussion Workshop – Open to everyone! ##### Language Arabic ##### Workshop Content We will walk through the DevOps Skills Roadmap, focusing on what you need to learn for each area, and what tools or technologies are commonly used in these points: - Network basics - System admin (Linux - windows) - Webserve - Scripting - Database management - Source Code Management - Containeraztion - Container orchestration - Cloud computing - CI/CD - Configuration management - Infrastructure as a code - Secret management - Observability - Extra: - Gitops - DevSecOps By the end of the session, participants will have a clear picture of the DevOps landscape, the progression of skills, and how to start learning each area. ##### Materials [https://drive.google.com/file/d/1f5J9cvfE2EZf2wpYlgTdlZYHTqCgvj2-/view?usp=share\_link](https://drive.google.com/file/d/1f5J9cvfE2EZf2wpYlgTdlZYHTqCgvj2-/view?usp=share_link) ##### Session's record [https://drive.google.com/file/d/1XtbRDgGJp7aBvLA4azaQa8fQggzSguKu/view?usp=share\_link](https://drive.google.com/file/d/1XtbRDgGJp7aBvLA4azaQa8fQggzSguKu/view?usp=share_link) # Load Balancing Strategies: From Theory to Practice with HAProxy ##### Date & Time - Event: sdnog weekly workshops - Date: Saturday 19 July 2025 - Time: 13:00 - 15:30 (Sudan Time) - language : Arabic ##### Intended Audience This workshop is specifically designed for Senior Systems Engineers who are looking to deepen their understanding of load balancing and HAProxy configuration. ##### Description This workshop is a comprehensive 2-hour session that includes both theoretical concepts and practical hands-on labs, with a short break about the Importance of load balancing in modern infrastructure ##### Instructor - Manhal Mohamed [https://www.linkedin.com/in/manhalmohammed/](https://www.linkedin.com/in/manhalmohammed/) ##### Tutor - Abdelrahman Mohamed [https://www.linkedin.com/in/abdulrahmanfagiry/](https://www.linkedin.com/in/abdulrahmanfagiry/) ##### Agenda ##### Introduction (5 minutes) - Brief overview of load balancing concepts - Importance of load balancing in modern infrastructure ##### Load Balancing Fundamentals (15 minutes) - Types of load balancers: ``` * Layer 4 (L4) vs. Layer 7 (L7) ``` - Common load balancing algorithms: ``` * Round Robin * Least Connections * IP Hash ``` - Health checks and failure handling ##### Introduction to HAProxy (10 minutes) - Overview of HAProxy and its key features - Architecture and components of HAProxy ##### HAProxy Configuration Basics (20 minutes) - Structure of the HAProxy configuration file - Key sections: ``` * Frontend * Backend ``` - Access Control Lists (ACLs) and `use\_backend` rules ##### Advanced HAProxy Features (20 minutes) - SSL termination - Sticky sessions - HTTP rewriting and redirection - Logging and monitoring ##### Live Demo: Setting up HAProxy (30 minutes) - Installing HAProxy - Configuring a basic load balancer - Testing and verifying the setup - Demonstration of advanced features ##### Best Practices and Performance Tuning (10 minutes) - Optimization of HAProxy configuration - Security considerations - Scaling HAProxy ##### Session Hands-On - Slides ["click here"](https://drive.google.com/file/d/1FkagbjrE2u-B5TVzihiZ7idzuJ78iMP-/view?usp=sharing) - [HAProxy Lab Setup Guide - Multi-OS Installation](https://docs.sdnog.sd/books/sdnog-workshops/page/haproxy-lab-setup-guide-multi-os-installation "HAProxy Lab Setup Guide : Multi-OS Installation") ##### Session's Record [https://drive.google.com/file/d/1CllH3fveQhA-ZHfFC2ydCyyHaUXE6zka/view?usp=share\_link](https://drive.google.com/file/d/1CllH3fveQhA-ZHfFC2ydCyyHaUXE6zka/view?usp=share_link) # UNIX Boot Camp This bootcamp is designed to provide participants with a basic overview of essential Unix/Linux commands, enabling them to navigate the file system and perform tasks such as moving, copying, and editing files. It will also include a brief introduction to key networking commands in Unix. This workshop is suitable for BSc students, recent graduates, and anyone with a strong interest in learning Linux. ##### Workshop Level Basic Level ##### Instructor
- Mohamed Ayman [https://www.linkedin.com/in/kabantsh/](https://www.linkedin.com/in/kabantsh/)
##### Tutors
- Mojahid Mohammed [https://www.linkedin.com/in/mojahid-mohammed-765758204/](https://www.linkedin.com/in/mojahid-mohammed-765758204/)
##### Requirements
- Participants should have a Linux VM ready with sudo access
##### Language Arabic ##### Date & Time
- Date: Saturday, - Time: 11:00 UTC ( 13:00 Sudan Time)
##### Outlines
##### Part 1 5 July 2025 **Session 1 - Intro To Linux:** \- Birth of Linux. \- Linux features. \- Unix and Linux families. \- Command line vs Gui \- Accessing the command line **Session 2 - Managing Files from the command line:** \- List options (ls). \- Change Directory (cd). \- Absolute path and relative path. \- copy and move (cp & mv). \- Wildcards.
##### Part 2 26 July 2025 **Session 3 - Getting help in Linux:** \- help options. \- man pages. \- Locating Files on the System (locate command). \- Find command. **Session 4 - Managing files in Linux:** \- Using head, tail and grep. \- Creating and editing files. \- Nano text editor. \- Vim text editor. [**Lab3 Link**](https://github.com/kabantsh/Servers/blob/master/Linux%2FLinux%20Lab3%20%28Getting%20help%20in%20Linux%29.txt) **[Lab4 Link](https://github.com/kabantsh/Servers/blob/master/Linux%2FLinux%20Lab4%20%28Editing%20Files%20in%20Linux%29.txt)**
##### Part 3 16 August 2025 **Session 5 - Managing Local Linux Users and Groups:** \- Manage Linux users. \- Manage Linux groups. \- Files permissions. **Session 6 - Monitoring and Managing Processes and Services in Linux:** \- Monitoring Processes. \- Managing Processes. \- Managing Services and Daemons.
##### Material - Workshop materials are shared here: [https://drive.google.com/drive/folders/15ka8kxWEZ37aOxs7qBYkTjg2kxz-71O6?usp=share\_link](https://drive.google.com/drive/folders/15ka8kxWEZ37aOxs7qBYkTjg2kxz-71O6?usp=share_link) ##### Session's Record Part 1 : [https://drive.google.com/file/d/10UvuheZ\_2IqvX58cDIGmlZ02wOMMPqvz/view?usp=share\_link](https://drive.google.com/file/d/10UvuheZ_2IqvX58cDIGmlZ02wOMMPqvz/view?usp=share_link) Part 2: [https://drive.google.com/file/d/1Fa\_buz4wWKG81ew7zKDS\_1pHR3GneoqU/view?usp=share\_link](https://drive.google.com/file/d/1Fa_buz4wWKG81ew7zKDS_1pHR3GneoqU/view?usp=share_link) Part 3: [https://drive.google.com/file/d/18C2-0mVMtyznoGZ3iMpPDZM4PBgxAip5/view?usp=share\_link](https://drive.google.com/file/d/18C2-0mVMtyznoGZ3iMpPDZM4PBgxAip5/view?usp=share_link)
# BGP Resource Management Workshop The IRR system is a global databases where network operators publish their routing policies and announcements in order for other interested network operators to use that data, for ease of interconnecting and working together. In this workshop we will discuss in details the IRR system and to use it to manage your resources. Attendees will learn how to use common automation techniques to use the IRR easily and efficiently to perform network management. ##### Special Thanks To Our Sponsors We Would like to Thanks our wonderful sponsors! without whom our workshop would not be possible: - **Infrastructure Provider** : [INX-ZA](https://www.inx.net.za/) - **Meeting Platform Support**: [Global NOG Alliance](https://nogalliance.org/) - **Supporting Organization** : [Packet Clearing House](https://www.pch.net/) ##### Objectives By the end of this workshop you will be able to : - Understand the Internet Routing Registry system - Understand the importance of Registering IRR Objects - Know how to confirm that your resources are accurately registered (and fix shortcomings) - Learn how to automate your network filtering. - Know what is RPKI and How to get a ROA ##### Workshop Level Intermediate Level ##### Who should attend Individuals involved in BGP, BGP network filtering. ##### Requirements - You should have some idea of how Internet peering and transit works - You should have conceptual BGP skills - You should know how to manipulate objects in a WHOIS database ##### Date & Time - Date: Sunday, 27 March 2022 - Time: 08:00 - 11:00 UTC ( 10:00 - 13:00 Sudan Time) ##### Instructors - Alkhansaa Abdalla - IP Number Resource Analyst (AFRINIC) - Dibya Khatiwada - Global Peering Coordinator (Packet Clearing House) - Edd - Hiba Abbas - Nishal Goburdhan ##### Fees Free :-) ##### Materials You can download the slides from [here](https://drive.google.com/file/d/1hM9vApd2rdN59Po0ReVBe1eff_K5n8s3/view?usp=sharing) ##### Reference Some useful reading material - [AFRINIC’s Internet Routing Registry (IRR)](https://www.afrinic.net/internet-routing-registry#guide) - [A Quickstart Guide to Documenting Your Prefixes with IRR](https://fcix.net/whitepaper/2018/07/14/intro-to-irr-rpsl.html) # ISOC Chapters collaboration (Sudan & Lebanon) : DNS/DNSSEC Workshop The Internet Society (ISOC) Chapters of Sudan and Lebanon have joined forces to strengthen regional expertise in DNS and DNSSEC technologies. This collaboration aims to foster knowledge exchange, build technical capacity, and promote best practices in secure domain name system management. The DNS/DNSSEC Workshop serves as a platform for participants to learn from experienced trainers and peers, enhancing their skills in DNS operations, DNSSEC implementation, and overall internet security. By working together, the Sudanese and Lebanese ISOC Chapters are creating opportunities for technical advancement and regional cooperation, contributing to a safer and more resilient internet. ##### Workshop Level Intermediate Level. Anyone working with DNS in their corporate or carrier infrastructure will find this class worthwhile. IT technicians, Systems administrators,.. ##### Instructor - Mohamed Alnour Hafez ##### Date & Time - Date: 17-20 December 2024 - Time: 5:00pm Beirut time ##### Workshop Modules
**Module 1: Introduction to DNS**
Gain a solid foundation in how the Domain Name System works, including its critical role in the internet infrastructure. This module also includes practical exercises using tools like dig and drill for testing and troubleshooting DNS configurations, ensuring participants thoroughly understand DNS operations.
**Module 2: DNSSEC**
Understand the importance of DNS Security Extensions (DNSSEC) in ensuring the authenticity and integrity of DNS responses, protecting against attacks like DNS spoofing. This module will cover all aspects of DNSSEC, from key management to signing zones, and will include testing using tools like dig to verify DNSSEC implementation.
**Module 3: Hands-on Deployment of DNSSEC**
Participants will deploy DNSSEC using a real domain on provided Virtual Private Servers (VPS). This practical exercise will ensure a deep understanding of DNSSEC implementation and validation processes.
##### Requirements
Participants are required to meet the following:
- Stable Internet Connection
- SSH Client (PuTTY for Windows, macOS/Linux: Built-in terminal)
- Background in Linux: command line, Managing files and directories, permissions and processes, vim & nano, installing packages
# ICANN DNS Workshop Domain Name System "DNS" is one of the core services in the Internet, it translates domain names to IP addresses. This is a 3-days, online theoretical workshop in collaboration with [ICANN](https://www.icann.org/). You’ll get a comprehensive overview of DNS operations, abuse and security. ##### Objectives By the end of the workshop, attendees will know what is DNS? how it works? how to prevent DNS abuse and how to secure it? ##### Workshop Level Beginner Level ##### Prerequisites - Good understanding of network basics (IP networking) ##### Date & Time - Day 1 : DNS Operations: 16 February 2021, 10:00 AM - 11:30 AM (KRT Time) - Day 2 : DNS Abuse: 17 February 2021, 10:00 AM - 12:00 PM (KRT Time) - Day 3 : DNSSEC: 18 February 2021, 10:00 AM - 11:00 AM (KRT Time) ##### Trainers This online workshop will be delivered by - [Paul Muchene](https://www.icann.org/profiles/169823) - [Yazid Akanho](https://www.icann.org/profiles/173837) ##### Agenda Day 1: DNS Operations 1. What is DNS? 2. Some common DNS records 3. DNS resolution process 4. Caching 5. Some best practices Day 2: DNS Abuse 1. What is abuse of DNS? 2. Categories of DNS abuse 3. Solutions overview 4. Recommendations Day 3: DNSSEC 1. Why DNSSEC ? 2. What does DNSSEC protect and what doesn’t it protect? 3. DNSSEC deployment status around the world and in the region. 4. Who can implement DNSSEC? 5. Overview of DNSSEC concepts and new resource records. ##### Offline Materials - DNS Operation - [DNSSEC](https://drive.google.com/file/d/1EajLcxufuwpzT515NzLYNvY60ouVpytZ/view?usp=sharing) - [DNS Abuse](https://drive.google.com/file/d/1Xwgiokd6x-0O_AbHBikMtna8Wx9GrpMB/view?usp=sharing) # Hardening a web-server for the modern internet ##### Introduction Hands on how to secure your network Three day course – [Philip Paeps](https://trouble.is/bio/) ##### Objectives By the end of the workshop, everyone should know how to run secure services in jails on FreeBSD and use the pf firewall to keep malicious people on the internet out of their jails. ##### Prerequisites Participants should be familiar with Unix-style operating systems. The course is taught on FreeBSD but the environment will be familiar to people with a systems administration background on Linux or Solaris. Participants should bring their own laptops. ##### Participants Systems administrators and network operators who are running Network services in their organization. ##### Workshop Requirements - Knowledge of Linux/UNIX command line - Good understanding of network basics (IP networking) - All participants will need to bring a laptop with WiFi access. You cannot use a tablet for this workshop. ##### Instructors [Philip Paeps](https://trouble.is/bio/) ##### Agenda
TimeDay 1: Sunday 14 AugustDay 2: Monday 15 AugustDay 3: Tuesday 16 August
08:30 – 09:15 (45 minutes)Registration and coffeeRegistration and coffeeRegistration and coffee
09:15 – 11:15 (120 minutes)• Installing FreeBSD in a VM • Where to find installation media • Which installation to choose •Installing on a clean machine • Advanced jails • Installing a jail from scratch • Isolating jails with pf • Nested jails • Jailing the Postfix mailserver • Installing Postfix from a package • Configuring a basic Postfix in a jail • letsencrypt.org certificate for SMTP
11:15 – 11:30 (15 minutes)Coffee breakCoffee breakCoffee break
11:30 – 13:00 (90 minutes)• FreeBSD is not Linux • Filesystem overview • init(8) and rc(8) (NO SYSTEMD!) •Starting and stopping processes • Package management with pkg(8) • Using ezjail for easier management • Installing a dozen jails in two minutes •Upgrading jails • Deleting and archiving jails • Package management across many jails • Hardening Postfix against spammers • DNS blacklists and whitelists •Sender and recipient restrictions •Fun tricks with multiple IP addresses
13:00 – 14:00 (60 minutes)LunchLunchLunch
14:00 – 15:30 (90 minutes)• pf: the BSD firewall • Default-deny ruleset • Allowing services • NAT and port forwarding• Jailing and securing nginx • Installing nginx in a fresh jail • Tuning nginx for maximum security •Obtaining and managing letsencrypt.org certificates •Online tools for confirming webserver security• Building your own custom packages • Introduction to Poudriere • Installing Poudriere in a jail
15:30 – 15:45 (15 minutes)Coffee breakCoffee breakCoffee break
15:45 – 16:30 (45 minutes)•Introduction to jails • Lightweight virtualisation • Jails vs. virtual machines • Mention bhyve•Exercises with nginx • Reverse proxies across multiple jails •Dodgy services locked up in nested jails• Putting it all together • ezjail, poudriere, nested jails •Mostly automated installations •Using multiple package repositories
# DNS Workshop The Domain Name System is one of those topics in IT that you hope is simple and straightforward even though you know everything in IT is complicated. And guess what? DNS is much more complex than first meets the eye! In this hands on focused class we start with the basics and work our way through all of the DNS complexity. The goal of the workshop is to enable the participants to understand the basics of DNS , How to build and activate a caching/authoritative DNS Server and also to understand the role of DNS on the Internet. This workshop is suitable Systems administrators and network operators responsible for the DNS services in their organization. ##### Workshop Level Intermediate Level. Anyone working with DNS in their corporate or carrier infrastructure will find this class worthwhile. IT technicians, Systems administrators,.. ##### Instructor - Mohamed Aymen - Abdelrahman Mohamed Hassan - Sara Mohammed ##### Requirements - A good understanding of core TCP/IP concepts is a requirement. - Basic knowledge of Unix/Linux systems - Students should have a reasonably solid understanding of LAN/WAN networking. - Laptop with Wireless card working and minimal of 4G RAM ##### Date & Time - Date: Saturday, x.x.x.x - Time: 9:30AM - 4:30PM ##### What you will learn - Learn the details of how DNS operates. Gain real world, practical DNS deployment and troubleshooting skills. - Comprehend Basic concepts of DNS - Learn how to host, dig, and nslookup - Comprehend Domain name registration - Comprehend Root zones - Comprehend BIND 9 installation from source code - Configure caching-only name server - Comprehend DNS (Domain Name System) administration - Set up Master DNS server and Slave DNS server - arpa zones - Delegate zones to other DNS servers - Comprehend Resource Records - Understand named logging - Comprehend DNS zones - Comprehend Techniques of DNS troubleshooting - Comprehend Common BIND error messages ##### Registration \*Registration link will be here\* ##### Workshop materials you can find this workshop materials at: [https://drive.google.com/open?id=1eI9PeE5KBad8Y\_BAPdal6QyaCmipk2Xp](https://drive.google.com/open?id=1eI9PeE5KBad8Y_BAPdal6QyaCmipk2Xp) # DNSSEC Workshop ##### Introduction Hands on DNS and DNSSEC Three day course – [Philip Paeps](https://trouble.is/bio/) ##### Objectives At the end of this course, participants will be familiar with the Domain Name System and Security Extensions to the Domain Name System (DNSSEC). The course is taught "hands-on" in a virtualised FreeBSD environment. Participants will configure authoritative and recursive domain name servers and will learn to analyse and debug common misconfigurations and bugs ##### Prerequisites Participants should be familiar with Unix-style operating systems. The course is taught on FreeBSD but the environment will be familiar to people with a systems administration background on Linux or Solaris. Participants should bring their own laptops. The virtualised lab environment is hosted on a server in Germany. Reliable internet connectivity with reasonable latency is required ##### Participants Systems administrators and network operators responsible for the DNS services in their organisation. ##### Workshop Requirements - Some understanding of DNS is required (for example, operational experience managing DNS servers is useful) - Some knowledge of Linux/UNIX command line - Good understanding of network basics (IP networking) - All participants will need to bring a laptop with WiFi access. You cannot use a tablet for this workshop. ##### Instructors [Philip Paeps](https://trouble.is/bio/) ##### Agenda
TimeDay 1: Sunday 23 AugustDay 2: Monday 24 AugustDay 3: Tuesday 25
08:30 – 09:15 (45 minutes)Registration and coffeeRegistration and coffeeRegistration and coffee
09:15 – 11:15 (120 minutes)• Introduction to DNS • Resource records • Delegation • Queries, responses and flags •Configuring authoritative nameservers • Setting up DNS zonefiles • Delegating authority • Debugging common zonefile problems • Introduction to DNSSEC • New resource records and flags in DNSSEC • Validating a domain from the root step by step
11:15 – 11:30 (15 minutes)Coffee breakCoffee breakCoffee break
11:30 – 13:00 (90 minutes)• DNS packet analysis • DNS data flow • DNS vulnerabilities• Very brief introduction to cryptography •Using TSIG to secure queries• Key management: ZSKs and KSKs • Theory of key rollover and best practices
13:00 – 14:00 (60 minutes)LunchLunchLunch
14:00 – 15:30 (90 minutes)• Tools: dig, drill, host, nslookup, tcpdump • Tools exercises • Resolving a domain from the root by hand• Configuring secondary nameservers • Configuring TSIG to secure zone transfers • Debugging common zone transfer issues• Manually signing a zone with BIND 9 • Configuring automatic DNSSEC with BIND 9 • Brief introduction to OpenDNSSEC
15:30 – 15:45 (15 minutes)Coffee breakCoffee breakCoffee break
15:45 – 16:30 (45 minutes)• Introduction to the lab environment • Discussion and Q&A • Configuring unbound as a recursive resolver • Discussion and Q&A• Configuring unbound with trust anchors • Demo with SSHFP and TLSA • Discussion and Q&A
# Ethical Hacking Workshop One Day workshop about Ethical Hacking and Information Security that will introduce a general background for students to know how to scan, test, hack and protect their own systems and gives each student in-depth knowledge and practical experience about the current essential security systems. It will also help them to understand how to secure and protect their networks. The goal of this course is to help participants to master an ethical hacking methodology that can be used in a penetration testing or ethical hacking situation and its techniques. This workshop is suitable for Network Engineers, Network Security Engineer, network administrators and for those who have strong interests in information security and hacking. ##### Workshop Level Intermediate Level ##### Instructor
- Farah almohager - Mohaund Altayib
##### Requirements
- Participants must have a good knowledge about networking and IP addressing; also know the basic commands of Linux and how to work in UNIX systems. - Participants should bring a laptop computer to participate in the lab, with 4GB RAM as minimum.
##### Date & Time
- Date: Saturday, x.x.x - Time: 9:30AM - 5:30PM
##### Outline
- Introduction CHE - Foot printing - Scanning network - Enumeration - System hacking - Social Networking - Web hacking - Metasploit - Web application attack - Kali installation and configuration network.
##### Registration \*Paste registration link here\*
# Containerization with Docker This workshop introduces participants to Docker and the fundamentals of containerization. You’ll learn how containers work, how they differ from virtual machines, and how to set up and use Docker to run, manage, and build containerized applications. ##### Workshop Level Medium Level ##### Instructor
- Mohammed Ibrahim [https://www.linkedin.com/in/mohammed-ibrahim-448905115/](https://www.linkedin.com/in/mohammed-ibrahim-448905115/) - Ahmed Soria [https://www.linkedin.com/in/ahmed-soria-8231299a/](https://www.linkedin.com/in/ahmed-soria-8231299a/)
##### Requirements
- Participants should have ubuntu as OS or VM ready with sudo access
##### Language Arabic ##### Date & Time
- Date: Saturday, 12 July 2025 - Time: 11:00 UTC ( 13:00 Sudan Time)
##### Outlines Introduction: What is a Container? \- Understanding containers and their benefits \- Why use containerization in modern development and operations? Containers vs Virtual Machines (VMs) \- Key differences in architecture and performance \- Use cases: when to choose containers vs VMs Setting Up Docker \- Installing Docker on Linux, macOS, and Windows \- Docker Desktop vs Docker Engine \- Running your first Docker command Running Your First Container \- Docker run, exec, and logs commands \- Working with interactive and detached modes \- Pulling images from Docker Hub Managing Containers \- Listing, stopping, restarting, and removing containers \- Understanding container lifecycle \- Using Docker Compose for multi-container apps (intro) Containers and Storage \- Volumes vs bind mounts \- Data persistence across containers \- Managing storage for stateful applications Building Docker Images \- Writing a Dockerfile \- Using docker build and tagging images \- Best practices in image creation Publishing and Sharing Images \- Pushing to Docker Hub or private registry \- Image versioning and access control \- Automating builds (intro to CI/CD pipelines with Docker) ##### Session's record [https://drive.google.com/file/d/12JgP2KjKJHn2T11-g7yxXB8VLqwlptC1/view?usp=share\_link](https://drive.google.com/file/d/12JgP2KjKJHn2T11-g7yxXB8VLqwlptC1/view?usp=share_link) # High Availability in LAMP Stack workshop The workshop will show how to deploy LAMP Stack web application in a high availability environment to avoid single point of failure by utilizing different tools and technologies such as load balancer, clustering and distributed storage. ##### Workshop Level Intermediate Level ##### Instructor Samir Abdullatif ##### Requirements - Knowledge about LAMP Stack - Ability to install software in Linux - Basic networking knowledge ##### OS, Software and tools used Ubuntu 16.04 LTS, - HAProxy - Keepalived - GlusterFS - Percona XtraDB Cluster ##### Date & Time - Date: Saturday, x.x.x - Time: 9:00AM - 4:30PM ##### Outline - LAMP Stack - Single Server Architecture vs. Multi-tier Architecture - High Availability and Scaling - Load balancing - Floating IP - Shared Storage - Database Clustering ##### Lab topology [![Lamp-ha-lab.jpg](https://docs.sdnog.sd/uploads/images/gallery/2024-10/scaled-1680-/lamp-ha-lab.jpg)](https://docs.sdnog.sd/uploads/images/gallery/2024-10/lamp-ha-lab.jpg) ##### Registration *paste registration link here* # HAProxy Lab Setup Guide : Multi-OS Installation ##### Prerequisites - 3 VMs (or use VirtualBox/VMware Workstation to create them) - Web browser access (for those using AFNOG infrastructure) ##### VM Setup 1. **VM1:** HAProxy - IP: 192.168.1.X 2. **VM2:** Apache Server - IP: 192.168.1.Y 3. **VM3:** Nginx Server - IP: 192.168.1.Z ##### Local Hosts File Configuration Add the following entries to your local hosts file, pointing them all to the HAProxy IP (192.168.1.X): ``` 192.168.1.X lb.lab.afnog.org 192.168.1.X www.lab.afnog.org 192.168.1.X nginx.lab.afnog.org 192.168.1.X apache.lab.afnog.org ``` ##### Step 1: Install and Configure HAProxy (VM1) Red Hat-based systems (CentOS, Fedora) ``` sudo yum update sudo yum install haproxy ``` Debian-based systems (Ubuntu, Debian) ``` sudo apt update sudo apt install haproxy ``` FreeBSD ``` sudo pkg update sudo pkg install haproxy ``` ##### Step 2: Install and Configure Apache (VM2) Red Hat-based systems ``` sudo yum update sudo yum install httpd sudo systemctl start httpd sudo systemctl enable httpd ``` Debian-based systems ``` sudo apt update sudo apt install apache2 ``` FreeBSD ``` sudo pkg update sudo pkg install apache24 sudo sysrc apache24_enable="YES" sudo service apache24 start ``` Create a custom index.html: `echo "This is the Apache Server" | tee /var/www/html/index.html ` On FreeBSD `echo "This is the Apache Server" | tee /usr/local/www/apache24/data/index.html ` ##### Step 3: Install and Configure Nginx (VM3) Red Hat-based systems ``` sudo yum update sudo yum install nginx sudo systemctl start nginx sudo systemctl enable nginx ``` Debian-based systems ``` sudo apt update sudo apt install nginx ``` FreeBSD ``` sudo pkg update sudo pkg install nginx sudo sysrc nginx_enable="YES" sudo service nginx start ``` Create a custom index.html: ``` echo "This is the Nginx Server" | tee /var/www/html/index.html # For FreeBSD: echo "This is the Nginx Server" | tee /usr/local/www/nginx/index.html ``` ##### HAProxy Configuration ##### Step 1: Basic Frontend and Backend Setup (Round-Robin) HAProxy Configuration: Edit the HAProxy configuration file: - **Red Hat and Debian:** /etc/haproxy/haproxy.cfg - **FreeBSD:** /usr/local/etc/haproxy.conf ##### Add the following configuration: ``` global log 127.0.0.1:514 local1 info chroot /var/empty pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 frontend http-in bind *:80 default_backend www_back backend www_back balance roundrobin server nginx_server vm1.log.afnog.org:80 check server apache_server vm2.lab.afnog.org:80 check ``` Restart HAProxy: ``` systemctl restart haproxy ``` ##### Step 2: Advanced Configuration with ACLs (Access Control Lists) Updated HAProxy Configuration: Modify the existing HAProxy configuration to include the following: ``` frontend http_front bind *:80 acl url_nginx hdr(host) -i nginx.lab.afnog.org acl url_apache hdr(host) -i apache.lab.afnog.org use_backend nginx_back if url_nginx use_backend apache_back if url_apache default_backend www_back backend www_back balance roundrobin server nginx_server 192.168.1.Z:80 check server apache_server 192.168.1.Y:80 check backend nginx_back server nginx_server 192.168.1.Z:80 check backend apache_back server apache_server 192.168.1.Y:80 check ``` To set up an active-passive configuration for your backend node, adjust the existing HAProxy configuration to include the following: ``` backend www_back balance roundrobin server nginx_server 192.168.1.Z:80 check server apache_server 192.168.1.Y:80 check backup ``` this setup will make node apache\_server as a passive node and will not recive traffic unless node nginx\_server is down Restart HAProxy: ``` sudo systemctl restart haproxy ``` ##### Step 3: Adding a Status Page Final HAProxy Configuration: Add the following configuration for the status page: ``` listen stats bind *:8404 stats enable stats uri / stats refresh 5s ``` Restart HAProxy: **sudo systemctl restart haproxy** Testing the Status Page: You can access the status page by navigating to [http://192.168.1.X:8404/](http://192.168.1.x:8404/) in your web browser. ##### SSL Termination on HAProxy Generate a Self-Signed Certificate: ``` openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/haproxy.key -out /etc/ssl/certs/haproxy.crt ``` Combine the Certificate and Key: ``` cat /etc/ssl/certs/haproxy.crt /etc/ssl/private/haproxy.key | tee /etc/ssl/certs/haproxy.pem ``` **Note:** For development SSL certificates, you can use the repository at [https://github.com/BenMorel/dev-certificates](https://github.com/BenMorel/dev-certificates) ##### Update HAProxy Configuration to Use SSL: Add the following to the `frontend http\_front` section: ``` bind *:443 ssl crt /etc/ssl/certs/haproxy.pem redirect scheme https if !{ ssl_fc } ``` Restart HAProxy: ``` sudo systemctl restart haproxy ``` ##### Example for Layer 4 Load balancing , DB port : ``` frontend mysql mode tcp bind :3306 default_backend mysql_servers ``` ``` backend mysql_servers mode tcp balance leastconn server s1 192.168.0.10:3306 check server s2 192.168.0.11:3306 check ``` ##### Configure Syslog for HAProxy Logging 1. Open the syslog configuration file for editing: ``` vi /etc/syslog.conf ``` 1. Add the following lines to configure logging: ``` *.err;kern.warning;auth.notice;mail.crit /dev/console local1.* /var/log/haproxy.log *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages ``` 1. Create the HAProxy log file: ``` touch /var/log/haproxy.log ``` 1. Set the appropriate ownership for the log file: ``` chown haproxy:haproxy /var/log/haproxy.log ``` 1. Update the syslogd flags to bind to localhost and run in compatibility mode: ``` sysrc syslogd_flags="-b localhost -C" ``` 1. Restart the syslog service to apply changes: ``` service syslogd restart ``` ##### Testing Using `web browser`: 1. Test round-robin for `www.lab.afnog.org`: 2. Repeat the command several times to see alternating responses from Nginx and Apache. - Test Nginx backend: ``` nginx.lab.afnog.org # This should consistently return the Nginx server response. ``` - Test Apache backend: ``` apache.lab.afnog.org # This should consistently return the Apache server response. ``` - Test SSL termination: ``` https://www.lab.afnog.org # This should return responses over HTTPS, with round-robin load balancing between Nginx and Apache. ``` ##### Troubleshooting: Common Issues and Solutions **HAProxy not starting:** - Check the configuration file for syntax errors: ``` haproxy -c -f /etc/haproxy/haproxy.cfg ``` - Verify that the ports HAProxy is trying to bind to are not in use by other services. **Backend servers not responding:** - - Ensure that Apache and Nginx are running on their respective VMs. - Check firewall rules to allow traffic between HAProxy and backend servers. - Verify the IP addresses and ports in the HAProxy configuration. **SSL certificate issues:** - - Double-check the path to the SSL certificate and key in the HAProxy configuration. - Ensure the combined PEM file has the correct permissions. **ACLs not working as expected:** - - Verify that your local hosts file is correctly configured. - Use `tcpdump` or `wireshark` to inspect the HTTP headers and ensure the correct `Host` header is being sent. ##### Performance Tuning: Optimizing HAProxy **Increase maximum connections:** - - Adjust the `maxconn` parameter in the `global` section based on your server's capacity. **Enable kernel TCP splicing:** - - Add `option tcpka` to the `defaults` section for keep-alive connections. **Use HTTP/2:** - - Update your SSL binding to support HTTP/2: ``` bind *:443 ssl crt /etc/ssl/certs/haproxy.pem alpn h2,http/1.1 ``` **Implement caching:** - - Consider adding a caching layer with Varnish in front of HAProxy for static content. ##### Optimal Configuration Options for Web-Based Frontends It's crucial to customize the following according to your application's specific requirements. ``` frontend http-in bind *:80 bind *:443 ssl crt /etc/haproxy/certs/cert.pem no-sslv3 mode http option httplog log global # Redirect HTTP to HTTPS (enforce HTTPS for all traffic) http-request redirect scheme https code 301 if !{ ssl_fc } # Set default security headers for responses # Enforce HSTS for HTTPS (1 year, include subdomains, preload) http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" # Clickjacking protection, allow only the same origin to embed this site http-response set-header X-Frame-Options "SAMEORIGIN" # XSS filtering enabled in browsers, block if an attack is detected http-response set-header X-XSS-Protection "1; mode=block" # Prevent MIME type sniffing (force browser to honor content type declared by the server) http-response set-header X-Content-Type-Options "nosniff" # Add Content Security Policy to mitigate XSS and data injection attacks http-response set-header Content-Security-Policy "default-src 'self'; script-src 'self'; object-src 'none'" # Disable referrer information leakage when navigating to a different origin http-response set-header Referrer-Policy "no-referrer-when-downgrade" # Prevent browsers and proxies from caching sensitive data http-response set-header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0" # Set secure cookies (only for HTTPS, HttpOnly, and prevent cross-site requests) acl secure_cookie hdr_sub(cookie) Secure http-response set-header Set-Cookie %[res.hdr(Set-Cookie)] if secure_cookie http-response set-header Set-Cookie Secure; HttpOnly; SameSite=Strict if secure_cookie # Forward client's original IP in X-Forwarded-For header http-request add-header X-Forwarded-For %[src] # Forward the protocol used by the client (HTTP/HTTPS) in X-Forwarded-Proto header http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto http if !{ ssl_fc } # Preserve the original Host header http-request add-header X-Forwarded-Host %[req.hdr(host)] default_backend servers ``` ##### Security Considerations 1. Regularly update HAProxy and backend servers 2. Implement strong SSL/TLS configurations 3. Use IP whitelisting for the HAProxy stats page 4. Consider implementing Web Application Firewall (WAF) rules in HAProxy 5. Regularly audit your HAProxy configurations and access logs This guide provides a comprehensive setup process for HAProxy, starting from a basic configuration and progressing to more advanced setups with ACLs, SSL termination, and performance optimization. Always ensure to test thoroughly in a staging environment before applying changes to production systems. ##### Author [Manhal Mohamed](https://wiki.sdnog.sd/index.php/User:Manhal.Mohamed "User:Manhal.Mohamed") , sdnog team # How to Secure your Network Workshop ##### Introduction Hands on how to secure your network Three day course – [Philip Paeps](https://trouble.is/bio/) ##### Objectives At the end of this course, participants will be familiar with new ways and methods to help them to secure their networks. The course is taught "hands-on" in a virtualised FreeBSD environment. Participants will configure some tasks and will learn to analyze and debug common mis-configurations and bugs ##### Prerequisites Participants should be familiar with Unix-style operating systems. The course is taught on FreeBSD but the environment will be familiar to people with a systems administration background on Linux or Solaris. Participants should bring their own laptops. ##### Participants Systems administrators and network operators who are running Network services in their organization. ##### Workshop Requirements - Some knowledge of Linux/UNIX command line - Good understanding of network basics (IP networking) - All participants will need to bring a laptop with WiFi access. You cannot use a tablet for this workshop. ##### Instructors [Philip Paeps](https://trouble.is/bio/) ##### Agenda
TimeDay 1: Sunday 14 AugustDay 2: Monday 15 AugustDay 3: Tuesday 16 August
08:30 – 09:15 (45 minutes)Registration and coffeeRegistration and coffeeRegistration and coffee
09:15 – 11:15 (120 minutes)• Introduction to security • Network layers • Defence in depth •Basic physical layer security • Firewalls • Inclusive and exclusive policies • Simple ACLs • Securing websites: HTTP and HTTPS • Configuring Apache and nginx
11:15 – 11:30 (15 minutes)Coffee breakCoffee breakCoffee break
11:30 – 13:00 (90 minutes)• Layer 1 and layer 2 • Ethernet: VLANS • Wireless basics• Statefull firewalls •pf: the BSD packet filter• Introduction to cryptography • PKI, basics of letsencrypt.org
13:00 – 14:00 (60 minutes)LunchLunchLunch
14:00 – 15:30 (90 minutes)• Wireless: WEP, WPA, WPA2? • Captive portals • Ethernet 802.1x• Securing higher layers (applications) • E-mail: what about spam? • Sensible outbound filtering• Generating letsencrypt.org certificates • Configuring nginx and Apache with HTTPS • Using SSL in other applications
15:30 – 15:45 (15 minutes)Coffee breakCoffee breakCoffee break
15:45 – 16:30 (45 minutes)•Introduction to firewalls (more tomorrow!) • Discussion and Q&A•Configuring postfix and dovecot to protect against spam (abuse) • Discussion and Q&A• Mitigation: what if it all goes wrong? • Discussion and Q&A
# Internet Governance Forum This is a half-day workshop. An introductory workshop about Internet Governance which focus on Internet ecosystem, key players, key issues and how Internet is governed? how we can take part? how it is affecting our life? ##### Objectives - Provide a safe and accommodating environment for new entrants to the field and increase their knowledge on IG. - Bring together people from government, civil society, business and other stakeholder groups to interact and build common ground around a public interest-oriented approach to IG ##### Workshop Level Basic Level ##### Instructor Hiba Abbas ##### Requirements - Participants must have a good knowledge about networking. ##### Date & Time - Date: Saturday, x.x.x - Time: 10:30AM - 2:30PM ##### Registration *Paste registration link here* # IPv6 Workshop by AFRINIC ##### Introduction This is the keystone foundation module for all our technical workshops. It gives the participants a solid understanding of IPv6's core concepts and is required for understanding all other IPv6 topics. ##### Objectives - Identify, write and shorten IPv6 addresses - List the types of IPv6 addresses and their unique characteristics - Create an IPv6 address plan for a network - Identify and list the equivalent IPv4 key protocols in IPv6 - Describe how NDP is used to deliver key IPv6 functions - Configure and verify basic IPv6 on hosts and routers for more details check: [http://learn.afrinic.net/en/course/ipv6/foundation](http://learn.afrinic.net/en/course/ipv6/foundation) ##### Registration The registration is closed. - Please note there will be a selection process, and selected candidates will be contacted to confirm their participation. ##### Instructors - [Stephan Musa](https://www.linkedin.com/in/honmuemusa) - Olatunde Awobuluyi ##### Feedback from Mr.Musa ``` Hello SdNOG, We had a great time thanks to you in Khartoum last week. On behalf of us all at AFRINIC, we thank you for joining us on this mission to ensure that no network engineer gets left behind on the skills required to build and run IPv6 networks. We rate our workshops using the Net Promoter System which has a range of -100 → 100.  - International benchmark for IT Training is 70 - On this workshop the score was 77.  ``` more info at: [AFRINIC blog](https://afrinic.net/blog/289-successful-conclusion-of-afrinic-training-in-khartoum-sudan) [![afrinic-ipv6-workshop-stats.png](https://docs.sdnog.sd/uploads/images/gallery/2024-10/scaled-1680-/1000px-ipv6-stat.png)](https://docs.sdnog.sd/uploads/images/gallery/2024-10/1000px-ipv6-stat.png) # IPv6 Fundamentals Workshop Ready or not, [IPv6](https://en.wikipedia.org/wiki/IPv6) is here! IPv6 was developed more than a decade ago, but now is being implemented by both service providers and companies alike primarily due to the lack of IPv4 addresses. This one day hands-on will cover IPv6 concepts, IPv6 Address Basics, and IPv6 basic configuration in a Cisco infrastructure. This workshop is suitable for network engineers, network operators or Systems/IT admin who are responsible about network operation in their organization. ##### Objectives This workshop will help to : - Understand the differences and similarities between IPv4 and IPv6 - Know that deploying IPv6 will enable continued IP networking growth - Understand the implications of running out of available IPv4 address space - also to remove some of the fear related to IPv6 deployment and to enable it ##### Workshop Level Intermediate Level ##### Instructor - Sara Alamin Mohamed - Salih Shihab Aldeen ##### Requirements - It is assumed you are familiar with common IP terminology and have practical knowledge of running an IP network. - Participants should bring a laptop computer to participate in the lab, with 2GB RAM as minimum. ##### Date & Time - Date: Saturday, x.x.x - Time: 9:00AM - 4:30PM ##### Outline - Internet Ecosystem - IPv4 Exhaustion - IPv6 Address Basics > notation, shortening rules - IPv6 Address Types - IPv6 vs IPv4 - transition mechanism - Basic Configuration ##### Registration \*Paste registration link here\* # IXP Best Practices ##### Introduction As at July 2015, there are known shortcomings to how the SIXP operates. With the assistance of [PCH](https://www.pch.net/), the SdNOG team will host this workshop on IXP best practices as a pre-cursor to the sdnog-2 event. It is intended that the event will attract the key stakeholders for the SIXP, as well as the relevant participants from the NTC and NIC. ##### Layout The workshop is intended to be a one day event, split between, an understanding of the economic elements, and strategic objectives of an IXP; it's role in the local Internet economy, and technical and operational management. The table below has a suggested overview of the topics that would be addressed.
Day 3 : 25 August 2015Topic
Session 1Internet Economics; the value of peering and the role of the IXP in the Internet economy Discussion: Strategies for IXP development.
Session 2Regulatory best practices for economic growth Total Internet security of a country.
Session 3Technical operations and management
Session 4
##### Instructor List Nishal Goburdhan, [PCH](https://www.pch.net/) # Networks Fundamental Workshop A strong foundation of basic networking concepts is fundamental to have a successful career in information technology. This Workshop will help you understand Networking Fundamentals. By the end of this Workshop, you will gain real-world practical skills necessary for Networking This workshop is suitable for BSc Students, fresh graduate and for those who have strong interests in networking ##### Workshop Level Basic Level ##### Instructor - Mohaund Adil - Jadallah Mohamed ##### Requirements - Participants must have a good knowledge about networking and IP addressing; also know the basic commands of Linux and how to work in UNIX systems. - Participants should bring a laptop computer to participate in the lab, with 4GB RAM as minimum. ##### Date & Time - Date: Saturday, x.x.x - Time: 9:30AM - 5:30PM ##### Outlines 1.Basics of Networking - What is networking? - Types of Networks - Usefulness of networks - Types of network - OSI Protocol description 2.Network Devices 3.IP Addressing - IPv4 - IPv6 - IPv4 Vs. IPv6 - Understanding VLSM technology 4.Overview about Switching 5.Overview about Routing ##### Registration *paste registration link here* # Network Management and Monitoring Workshop ##### Introduction This workshop is designed for engineers and system staffs at ISPs and large networks including academic networks who are involved with system management, network monitoring and management and problem response. The course is for those who need to manage diverse Network and NOC operations. There will be hands-on for three days. ##### Objectives By the end of this course you will be able to: Distinguish between network management and monitoring. - Determined what should be monitored. - Install various network management/monitoring tools. - Track the changed on the network device’s configurations. - Use SNMP protocol and log management. ##### Requirements - laptop with wireless capability. - IPv4 addressing and general network concepts. - Knowledge of Linux. ##### Instructors - Salih Shihab - [Patrick Okui](https://nsrc.org/bios/PatrickOkui.html) ##### Agenda
TimeDay 1: Sunday 14 AugustDay 2: Monday 15 AugustDay 3: Tuesday 16 August
09:00 – 11:00Welcome, Introductions, Workshop DetailsCacti softwareNagios3 Software
11:00 – 11:30Coffee breakCoffee breakCoffee break
11:30 – 13:00Introduction to Network Monitoring & ManagementSmokeping softwareLOG Management
13:00 – 14:00LunchLunchLunch
14:00 – 16:30Cisco Configuration Basics and SNMPLimbreNMS softwareVersion control RANCID / WebSVN and NetFlow / NfSen
# Networking Best Practices Workshop ##### Introduction This tutorial is aimed at teaching Best Practices in network deployment. The intent is to sensitise operators, and participants to things that they should be aware of, from a macro level, and to stimulate discussion, interest, and knowledge in the mechanisms for operation. It is not intended for this to be extremely low level. ##### Layout The key ideas would be to talk about issues that operators should be engaged in already, in a 90min slot. Some topics for discussion could be: - the proper use of NMS systems - configuration management - IGP and EGP configuration and setup - routing and Switching - scaling virtualisation deployments Since this would be tutorial style, it's intended for the discussions to be as interactive as possible, and, where possible, include hands-on practical sessions. It is also intended to be an introductory/refresher tools that we can use to gauge interest, and competency, that will allow us to plan for future workshops. Note: sdnog-1 attendance showed us a significant student population attending, so we expect that this workshop would be more appealing to them, vs. a more low-level, specific workshop on a particular topic. A suggestion for the tutorial scheme could be:
Day 1Day 2Day 3
Session 1IP address space design and planningRouting - IGP and EGP best practicesDNS
Session 2IPv6 and its role in your networkBCP 38 and routing sanityConfiguration management
Session 3Designing a switching environmentNetwork management systemsRIPE ATLAS Tutorial
Session 4Designing a switching environment (cont)Network management systemsOpen Q&A
##### Instructor List It is desirable that the instructor be experts in their respective areas of presentation, and have significant experience in the topics that they are presenting. Additionally, a good mix of local, and foreign expertise would be desirable, to allow for different points of perspective. - Christian Teuschel - Daniel Shaw - Hiba Abbas - Nishal Goburdhan - Patrick Okui - Sirag Aldeen Mahgoob # UNIX/Linux, Networking and DNS Online Course [The Internet Society](https://www.internetsociety.org/) invites engineers from Africa to participate in an intensive online course titled “Introduction to Network Operations: UNIX/LINUX, Networking and DNS” This is an introductory course targeted at novice/entry-level UNIX/Linux users pursuing careers in Network or System Administration. This course provides the necessary skills to progress to more advanced topics in the future. This course is practically oriented and provides step-by-step guidance on how to configure a UNIX/Linux server and then run a Caching Domain Name System (DNS) server in a virtualized environment. The techniques covered in the course are applicable in real-world environments to set up Internet-ready caching DNS servers. Trainees who complete the course will be awarded with a **Certificate of Completion.** Trainees will also be provided a remote server to carry out the hands on parts of the course and the exercises. More info at: [https://www.internetsociety.org/inforum/network-operations/](https://www.internetsociety.org/inforum/network-operations/) ##### Course objectives The course follows the following schedule: ``` - Learn about and operate a UNIX/Linux operating system in a virtualized environment. - Develop competences in key networking topics: IPv4 and IPv6. - Install third-party software on a UNIX or Linux platform using common software management tools. - Work with the UNIX/Linux shell and become comfortable with the command line interface. - Edit files in UNIX/Linux environments without Graphical User Interfaces (GUI). - Understand the role of the Domain Name System (DNS) in the operation of the Internet. - Build and activate a caching Domain Name System (DNS) server. - Learn about the Internet Engineering Task Force (IETF) and the Request for Comments (RFC) process ``` ##### Who Should Attend Novice/entry level network engineers and system administrators (from Africa) who are interested in learning about UNIX/Linux, Networking and DNS. The course is targeted at upcoming network engineers and system administrators from Research Education Networks (RENs), Network Operator Groups, Universities, ccTLD registries or Internet Service Providers (in Africa). ##### Our Certified Participants Meet our [certified Participants who complete the online course successfully.](https://docs.sdnog.sd/books/feedback-and-comments/page/certified-participants-unixlinux-networking-and-dns-online-course "Certified UNIX/Linux, Networking and DNS Online Course Participants") ⭐️ ##### Participants' Feedback What former participants[ say about the courses.](https://docs.sdnog.sd/books/feedback-and-comments/page/participants-feedback-unixlinux-networking-and-dns-online-course "UNIX/Linux, Networking and DNS Online Course: Participants' Feedback") ##### Language Language of instruction will be English. ##### Moderation and Online Support This course will be moderated by **Eng. Manhal Mohamed**. and assisted by **Eng. Abdulrahman Mohammed Hassan**. Online remote support is available via Email or Telegram and also via Jitsi meet ##### Offline Content Offline training materials are available and are frequently updated. ##### Registration Form [https://docs.google.com/forms/d/e/1FAIpQLSd7MR1UkX4NoTS0OnHYeJCFCUxarBzuzIz3xpMxkawevBCQIg/viewform?usp=sf\_link](https://docs.google.com/forms/d/e/1FAIpQLSd7MR1UkX4NoTS0OnHYeJCFCUxarBzuzIz3xpMxkawevBCQIg/viewform?usp=sf_link) # Automation Tool: Ansible Hands-on how to use automation in your network. Three day course ##### Objectives By the end of the workshop, attendees will know how to use automation with Ansible to ease the burden of consistent configuration of servers and network devices and how to choose what/when to automate. ##### Workshop Level Advance Level ##### Prerequisites - Participants should be familiar with Unix-style operating systems. The course is taught on Linux (Ubuntu or CentOS) but the environment will be familiar to people with a systems administration background on FreeBSD or Solaris. - Knowledge of Linux/UNIX command line - Good understanding of network basics (IP networking) - All participants will need to bring a laptop with WiFi access. ##### Participants System administrators,Network engineers and Network technicians who are running network devices like servers, routers and switches in their organization. ##### Date & Time - Date: Sunday 30 Sep - Tuesday 2 Oct 2018 - Time: 8:30AM - 4:00PM ##### Instructors [Sander Steffann](https://www.ripe.net/participate/ripe/wg/previous-working-group-chair-bios/sander-steffann) ##### Agenda - Benefits of automation - What to automate? - What not (yet) to automate? - Available automation tools (Ansible, Puppet, Salt etc) - What is Ansible? - Installing Ansible - How Ansible Works and its Key Components - Playbook Basics - Organising your roles - Combining Ansible with other tools (bgpq3 etc) - Sharing playbooks and revision management (git etc) # IPv6 for Services hands-on workshop to teach the concept of IPv6 protocol on most common services expected of any network ##### Objectives by end of this workshop participants will be able to verify any application for IPv6 capability and Configure and test an dual stack DNS, HTTP and DHCP server. ##### Workshop Level Intermediate Level ##### Prerequisites
- Participants should be familiar with Unix-style operating systems. - Participants should have a good knowledge about IPv6 protocol architecture. - Participants should have a good knowledge about Network services like DNS, HTTP,... - Participants should bring their own laptops with WiFi access
##### Participants System administrators,Network engineers and Network technicians who are running Network services in their organization. The course is taught on FreeBSD but the environment will be familiar to people with a systems administration background on Linux. ##### Date & Time
- Date: Sunday 30 Sep - Tuesday 2 Oct 2018 - Time: 8:30AM - 4:00PM
##### Instructors
- Mohamed Alhafiz - Canar Telecom - Khansaa Abdallah - Canar Telecom - Rawan Shareef - MTN
##### Agenda
- IPv6 refresher - FreeBSD refresher - IPv6 Network Setup - Packet berkeley filter overview - DNS for IPv6 / DNS troubleshooting - DHCP for IPv6 - HTTP, SSH and SFTP for IPv6 - Network Tools for troubleshooting
# Network Services and Monitoring Online Course ##### Background This is an intermediate level course for network and system engineers/administrators aiming to get operational experience with IPv6 with a focus on specific Internet services provided by Internet Society. The course covers the following main areas: - Authoritative DNS - Introduction to Email - Network Monitoring The course is strictly 3 weeks long. Each trainee will be assigned a virtual server and will be required to build working services as mentioned above to provide services on an IPv6 address. The course is lab intensive (70%) with trainees provided with theory materials that they can read. Trainees are also encouraged to do their own research in order to cover the concepts in the course. ##### Course Timetable The course follows the following schedule: ``` Week 1: - Introduction to DNS - DNS Resolvers - DNS Authoritative - LAB ASSIGNMENT 1: install BIND - LAB ASSIGNMENT 2: Zone set up - LAB ASSIGNMENT 3 : Zone file creation Week 2: - Email introduction - Postfix Dovecot Introduction - LAB ASSIGNMENT 4: create MX record for your mail server - LAB ASSIGNMENT 5: Install Postfix and Dovecot - LAB ASSIGNMENT 6: Setup Postfix and Dovecot Optional Part - Securing mail system : ------------------------------------- - LAB ASSIGNMENT 7 SENDING EMAILS - LAB ASSIGNMENT 8 Apache setup - LAB ASSIGNMENT 9 letsencrypt Part01 - LAB ASSIGNMENT 10 letsencrypt Part02 - LAB ASSIGNMENT 11 Configure Dovecot - LAB ASSIGNMENT 12 Configure Squirrel-mail Week 3: - Nagios Introduction - LAB ASSIGNMENT 13 Installing Nagious - LAB ASSIGNMENT 14 monitor DNS on localhost ``` ##### Pre-Requisites to attend - Completion of the Introduction to [UNIX/Linux and Networking](https://docs.sdnog.sd/books/sdnog-workshops/page/unixlinux-networking-and-dns-online-course "UNIX/Linux, Networking and DNS Online Course") Course. - A Computer system with at least 2 browsers (Chrome and Firefox preferred. - Good Internet Connectivity. ##### Our Certified Participants Meet our [certified Participants who complete the online course successfully.](https://docs.sdnog.sd/books/feedback-and-comments/page/certified-participants-network-services-and-monitoring-online-course "Certified Network Services and Monitoring Online Course Participants") ##### Participants' Feedback What former [participants say about the courses.](https://docs.sdnog.sd/books/feedback-and-comments/page/participants-feedback-network-services-and-monitoring-online-course "Network Services and Monitoring Online Course: Participants' Feedback") ##### Language Language of instruction will be English. ##### Moderation and Online Support This course will be moderated by **Eng. Manhal Mohamed** & assisted by **Eng. Abdulrahman Mohammed Hassan**. Online remote support is available via Email or Telegram. ##### Offline Content Offline training materials are available and are frequently updated. ##### Registration Form [https://docs.google.com/forms/d/e/1FAIpQLSejyyI1yVwFjOFqNAjTUwr4irmh0YY5hv1Dv3HmOY2L24dCsw/viewform?usp=sf\_link](https://docs.google.com/forms/d/e/1FAIpQLSejyyI1yVwFjOFqNAjTUwr4irmh0YY5hv1Dv3HmOY2L24dCsw/viewform?usp=sf_link) # OpenStack Workshop OpenStack is a set of software tools for building and managing cloud computing platforms for public and private clouds. Backed by some of the biggest companies in software development and hosting, as well as thousands of individual community members, many think that OpenStack is the future of cloud computing. This workshop will help the participants to assess the architectures, components, operation and tools of OpenStack. Participate will have a hands-on labs showing how to build, use, and deploy an OpenStack Platform. ##### Workshop Level Intermediate Level ##### Instructor - Mohamed Ibrahim Oshari ##### Requirements - Participants must have a good knowledge about networking and IP addressing; - also know the basic commands of Linux and how to work in UNIX systems; - also Participants should know basic knowledge about Virtualization Techniques. - Participants should bring a laptop computer to participate in the lab, with 4GB RAM as minimum. ##### Date & Time - Date: Saturday, x.x.x - Time: 9:30AM - 5:30PM ##### Outline - Whats OpenStack and its Present and Future - Learn about the individual OpenStack components - Learn about the OpenStack architecture. ##### Registration *Registration link will be here* # Network Monitoring Workshop ##### Introduction This workshop is designed for engineers and system staffs at ISPs and large networks including academic networks who are involved with system management, network monitoring and management and problem response. The course is for those who need to manage diverse Network and NOC operations. There will be hands-on for four days. ##### Objectives By the end of this course you will be able to: Distinguish between network management and monitoring. - Determined what should be monitored. - Install various network management/monitoring tools. - Track the changed on the network device’s configurations. - Use SNMP protocol and log management. ##### Workshop Level Intermediate level ##### Requirements - laptop with wireless capability. - IPv4 addressing and general network concepts. - Knowledge of Linux. ##### Date & Time - Date: Sunday 27 Oct - Wednesday 30 Oct 2019 - Time: 8:30AM - 3:30PM ##### Workshop Fees 200SDG ##### Instructors - Salih Shihab ##### Agenda - Introduction to Network Monitoring & Management - Cisco Configuration Basics and SNMP - Cacti software - Smokeping software - LibreNMS software - Nagios3 Software - LOG Management - {PHP}IPAM - Version control RANCID / WebSVN and NetFlow / NfSen # Security Workshop - Ethical Hacking ##### Introduction This workshop is designed for system administrators, network administrators, auditors and web developers to gain knowledge about the security assessment and penetration testing processes. In addition, it will help to improve network and systems by analyzing the existing vulnerabilities to defend systems against attacks. ##### Objectives By the end of this course you will be able to: - Define Ethical Hacking concepts - Determine different threats. - Apply techniques and use penetration testing tools - Provide defence against different types of attack. ##### Workshop Level Intermediate level ##### Requirements - Laptop with wireless capability. - Good Network concepts. - System concepts - Basic/intermediate Linux Knowledge. ##### Date & Time - Date: Sunday 27 Oct - Wednesday 30 Oct 2019 - Time: 8:30AM - 3:30PM ##### Workshop Fees 200SDG ##### Instructors - Hiba Alamin ##### Agenda - Introduction to Ethical Hacking - Foot-printing and Reconnaissance - Scanning Networks & Enumeration - System Hacking - Sniffing - Social Engineering - Denial-of-Service - Overview about other security fields - Security polices and Recommendations # Layer 2 Security Workshop LAN network protection is generally neglected, which is a high risk to the organization or company This Workshop will help you understand L2 vulnerabilities. By the end of this Workshop, you will gain real-world practical skills necessary for LAN security, this workshop is suitable for all interested in cybersecurity, Network Security and Penetration Testing. ##### Workshop Level Intermediate level ##### Instructor Mohanned Adil Omer ##### Requirements - Participants must have a good knowledge about networking, TCP/IP and IP addressing; also know the basic knowledge of Linux. - Participants must have a Good understanding of switching behavior and protocols. - Participants should understanding network services (DHCP, DNS, AD ... etc.). - Participants should bring a laptop computer to participate in the lab, with 4GB RAM as minimum. ##### Date & Time - Date: Saturday, x.x.x - Time: 9:00 to 15:30 ##### Outlines 1. Why L2 Security. 2. Switching review. - How switch work? - Switch weakness. 3. Sniffing Techniques - Packet Sniffers - PCAP and promiscuous mode. - Sniffing Tools. - Active and Passive Sniffing. 4. L2 Attacks and Defenses - Mac table Flooding. - ARP attack. 1. Introduction. 2. When ARP is used? 3. Types of ARP message. 4. Example use of ARP. 5. ARP cache. 6. RARP. 7. ARP Types. 8. ARP Attacks. 9. ARP Spoofing. 10. ARP Denial of Service. 11. Defenses. 12. S-ARP. 13. Conclusion. 5. DHCP attack - How DHCP Work. - DHCP Spoofing Attack. - DHCP Starvation Attack. - Defenses. - Conclusion. 6. Some Guides to Minimum Security Baseline for any organization. # Build your own e-mail Server This workshop is designed for engineers and system staffs at ISPs and large networks including academic networks who are involved with system management, system administration and operations and problem response. The workshop is for those who need to manage mail servers and systems. Anyone working with mail system in their corporate or carrier infrastructure will find this class worthwhile. this one day workshop describes how to setup a local Email with best practices using Postfix, Dovecot And Squirrelmail. ##### Objectives By the end of this workshop you will be able to:
- Understand the concept of the SMTP and electronic mail - Overview of common terms and protocols - How the mail system works - building a mail server using Postfix, Dovecot And Squirrelmail - knowing best practices on securing and setting your mail server
##### Workshop Level Intermediate Level ##### Requirements
- laptop with wireless capability , 64 bit OS , minimum 4G RAM "with enabled virtualization technology" - IPv4 addressing and general network concepts. - Good Knowledge of Linux.
##### Date & Time
- Date: Saturday, x.x.x - Time: 9:30AM - 4:30PM
##### Instructors Manhal Mohammed Mokhtar ##### Content
- SMTP concept - Mail System terms - How mail system works - Setup and configure Postfix, Dovecot And Squirrelmail - Mail system security
##### Registration *Registration link will be published here* ##### Workshop materials you can find this workshop materials at: [https://drive.google.com/drive/folders/1OnHplRXTB59VAgPi9pl\_fIZyX9tkB78A?usp=sharing](https://drive.google.com/drive/folders/1OnHplRXTB59VAgPi9pl_fIZyX9tkB78A?usp=sharing)
# Introduction to Git Workshop This workshop is an introduction to version control systems with Git. Version control systems are tools that keep track of the changes made on a document, and help version and merge files. They allow the user to decide which changes make up the next version, and keep useful data about them. Version control systems are usually used by developers and people who write code, but are very useful also for people working with documents in general. It is especially helpful for collaborative work with more than one person working on the same file. ##### Objectives This workshop is designed for people who have never used Git or a version control system before to : - Learn more about what version control systems can do for them and their research. - Help a team of people to work together, all using the same files. - Helps the team cope with the confusion that tends to happen when multiple people are editing the same files. ##### Who should attend? From web developers to system administrators, Git is useful to anyone who writes code, configuration files, scripts, and text documentation. ##### Workshop Level Basic Level ##### Requirements laptop with wireless capability , 64 bit OS , minimum 4G RAM ##### Date & Time - Date: Saturday, x.x.x - Time: 9:30AM - 4:30PM ##### Instructors Sara Mohammed Abdulraheem ##### Content 1. What is Git and Gitlab? - History of Git - Design Principles - Distributed Version Control 2. Installing Git 3. Git File Management - Common Git Commands - Configuring Git - Creating Repositories - Creating a Commit 4. Branching - Visualizing Branches - Branch Naming Conventions - Creating a new Branch - Handling Merge Conflicts ##### Registration *Registration link will be published here* ##### Workshop materials you can find this workshop materials at: [https://drive.google.com/open?id=12vGnb0TdEbxHif\_ywp-AQsTsG2agKFgM](https://drive.google.com/open?id=12vGnb0TdEbxHif_ywp-AQsTsG2agKFgM) # Automation with Ansible : The basics ##### Introduction Ansible is an open-source software provisioning, configuration management, and application-deployment tool to automate all your system work. this is one-day , hands-on workshop. You’ll get a comprehensive overview of Ansible and then dive into Ansible Roles and playbooks. ##### Objectives By the end of the workshop, attendees will know how to use automation with Ansible to ease the burden of consistent configuration of servers and network devices and how to choose what/when to automate. ##### Workshop Level intermediate Level ##### Prerequisites - Participants should be familiar with Unix-style operating systems. The course is taught on Linux (Ubuntu or CentOS) but the environment will be familiar to people with a systems administration background on FreeBSD or Solaris. - Knowledge of Linux/UNIX command line - Good understanding of network basics (IP networking) - All participants will need to bring a laptop with WiFi access. ##### Date & Time - Date: Saturday 14 March 2020 - Time: 9:30AM - 4:30PM ##### Instructors - Manhal Mohamed - Sara Alamin ##### Agenda - Introduction to Ansible - Installing and Configuration - Configuring Clients - ad-hoc commands - Ansible Playbook - Format& Function - Handlers - Variables - Conditions - Loops - Ansible Templates - Ansible Roles ##### Registration *Registration link will be published here* ##### Workshop materials you can find this workshop materials at: [https://drive.google.com/open?id=1OV4fWCRiLWAz4WQ-ohdT3msUXXY1EDPd](https://drive.google.com/open?id=1OV4fWCRiLWAz4WQ-ohdT3msUXXY1EDPd) # Automation with Ansible - Online Course ##### Introduction Ansible is an open-source software provisioning, configuration management, and application-deployment tool to automate all your system work. this is 10-days , hands-on online workshop. in this online workshop You’ll get a comprehensive overview of Ansible and then dive into Ansible Roles and playbooks.
- this is a 10-days , hands-on online Workshop . - Each trainee will be assigned a virtual server and will be required to build working services using Ansible tool - The Online Workshop is lab intensive (70%) with trainees provided with theory materials that they can read
##### Objectives By the end of the workshop, attendees will know how to use automation with Ansible to ease the burden of consistent configuration of servers and network devices and how to choose what/when to automate. ##### Workshop Level intermediate Level ##### Prerequisites
- Participants should be familiar with Unix-style operating systems. The workshop is taught on UNIX "FreeBSD" but the environment will be familiar to people with a systems administration background on Debian or RedHat. - Knowledge of Linux/UNIX command line - Good understanding of network basics (IP networking) - Each participant will be assigned a virtual server to work on it , you only need a laptop with an internet connection for remote access to the server
##### Date & Time
- Round One: 10 days. from 11 April 2020 to 21 April 2020 - Round Two: 10 days. from 20 to 31 May 2021 - Round Three: TBD
##### Moderation and Online Support This online workshop will be moderated by:
- Manhal Mohammed - Sara Alamin - Abdulrahman Mohammed - Shimaa babiker - Mohamed Ayman
Online remote support is available via **Telegram Group only** " group link will be sent to selected participates" ##### Agenda Day (1 & 2) : Introduction to Ansible
1. Module-01: Introduction to Automation 2. Assignment 01 : Introduction to Automation 3. LAB01 : deploying Ansible 4. Assignment 02: Ansible Ad-Hoc 5. Quiz #1
Day (3 & 4): Ansible Playbook
1. Module-02: Ansible Play and Play-books 2. LAB02: play book to install pkg 3. LAB03: show uptime of remote servers 4. LAB04 : Ansible Variables 5. LAB05: working with ansible loops
Day (5 & 6) : Ansible detailed Playbooks
1. Module-03: Ansible detailed Playbooks 2. LAB06: working with ansible loops-2 3. LAB07: Ansible conditions 4. Assignment 03 : Implementing Ansible Playbooks using templates
Day (7 & 8) : Ansible Roles
1. Module-04: Ansible Roles 2. LAB08: working with Ansible roles
Day (9 & 10): final Project ##### Participants Participants who complete this online course successfully. ⭐️ ##### Offline Materials You can find the offline contents for this online course here
# Introduction to Cloud Computing & AWS This introductory workshop provides participants with a practical foundation in Cloud Computing and Amazon Web Services (AWS). It is designed for students, fresh graduates, and IT professionals who want to understand cloud concepts and gain hands-on experience with AWS. ##### Workshop Overview We will start by covering the core concepts of cloud computing, comparing Cloud vs. On-Premises infrastructure, and discussing the key benefits of moving to the cloud. Participants will gain a clear understanding of cloud service models, including IaaS, PaaS, and SaaS, along with the fundamentals of resource virtualization. ##### Instructor Maryam Yousif [https://www.linkedin.com/in/maryam-yousif-9757a4133/](https://www.linkedin.com/in/maryam-yousif-9757a4133/) Ahmed Soria [https://www.linkedin.com/in/ahmed-soria-8231299a](https://www.linkedin.com/in/ahmed-soria-8231299a) ##### Content 1. Introduction to Cloud Computing 15 mins Ahmed. 1. What is Virtualization 2. What is Cloud Computing? Cloud vs. On-Premises 3. Benefits of moving to the cloud 4. Overview of Cloud Service Models (IaaS, PaaS, and SaaS) 3. Introduction to AWS 10 mins Maryam 1. What is AWS? Market share, listing other cloud providers, why people choose AWS, choosing your cloud provider, 2. Brief history and evolution of AWS 3. Overview of AWS Global Infrastructure 1. Regions 2. Availability Zones 3. Edge Locations 5. AWS services: 15 mins Ahmed 1. What is AWS services 2. Regional services vs global services 3. AWS services by category 4. Identity & Access Management (IAM) 20 mins Maryam 1. Understanding IAM Users, Groups, and Policies 2. Multifactor Authentication (MFA) 3. IAM Roles and when to use them 4. AWS CLI: How to install and configure the CLI 6. Amazon EC2 (Elastic Compute Cloud) 20 mins Ahmed 1. What is EC2 2. Instance types 3. Security Groups 4. Connect to EC2 instances 5. IAM roles for EC2 6. Exposing your hosted app using AWS load balancer 8. Hands-On Demo 30 mins Maryam from the console/ 5 mins TF script. Ahmed 1. Tour of the AWS Management Console 2. Launching EC2 instance 3. Deploying a simple web application 4. Creating an ALB ##### Outcome By the end of this workshop, participants will have: - A solid understanding of cloud computing fundamentals - Practical exposure to AWS core services - The confidence to start using AWS for learning, labs, or entry-level projects ##### Slides [https://drive.google.com/file/d/1c6W2ECSKtHilm7pnYFrWc1kOx5fydeDL/view?usp=share\_link](https://drive.google.com/file/d/1c6W2ECSKtHilm7pnYFrWc1kOx5fydeDL/view?usp=share_link) ##### Recording [https://drive.google.com/file/d/1IiBtlMH85kt9NwKQkItzYAS8BuTv1biu/view?usp=share\_link](https://drive.google.com/file/d/1IiBtlMH85kt9NwKQkItzYAS8BuTv1biu/view?usp=share_link)