CPE Credits for CCIE Recertification

conted

Every year at Cisco Live the CCIE attendees who are also NetVets get a special reception with John Chambers where they can ask one question of him (time permitting).  I’ve had hit-or-miss success with this in the past so I wanted to think hard about a question that affected CCIEs the world over and could advance the program.  When I finally did ask my question, no only was it met with little acclaim but some folks actually argued against my proposal.  At that moment, I figured it was time to write a blog post about it.

I think the CCIE needs to adopt a Continuing Professional Education (CPE) route for recertification.

I can hear many of you out there now jeering me and saying that it’s a dumb idea.  Hear me out first before you totally dismiss the idea.

Many respected organizations that issue credentials have a program that records CPEs in lieu of retaking certification exams.  ISACA, (ISC)^2, and even the American Bar Assoication use continuing education programs as a way of recertifying their members.  If so many programs use them, what is the advantage?

CPEs ensure that certification holders are staying current with trends in technology.  It forces certified individuals to keep up with new advances and be on top of the game.  It rewards those that spend time researching and learning.  It provides a method of ensuring that a large percentage of the members are able to understand where technology is headed in the future.

There seems to be some hesitation on the part of CCIEs in this regard.  Many in the NetVet reception told me outright I was crazy for thinking such a thing.  They say that the only real measure of recertification is taking the written test.  CCIEs have a blueprint that they need to know and they is how we know what a CCIE is.  CCIEs need to know spanning tree and OSPF and QoS.

Let’s take that as a given.  CCIEs need to know certain things.  Does that mean I’m not a real CCIE because I don’t know ATM, ISDN, or X.25?  These were things that have appeared on previous written exams and labs in the past.  Why do we not learn them now?  What happened to those technologies to move them out of the limelight and relegate them to the same pile that we find token ring and ARCnet?  Technology advances every day.  Things that we used to run years ago are now as foreign to us as steam power and pyramid construction.

If the only true test of a CCIE is to recertify on things they already know, why not make them take the lab exam every two years to recertify?  Why draw the line at simple multiple choice guessing?  Make them show the world that they know what they’re doing.  We could drop the price of the lab for recertification.  We could offer recert labs in other locations via the remote CCIE lab technology to ensure that people don’t need to travel across the globe to retake a test.  Let’s put some teeth in the CCIE by making it a “real” practical exam.

Of course, the lab recert example is silly and a bit much.  Why do we say that multiple choice exams should count?  Probably because they are easy to administer and grade.  We are so focused on ensuring that CCIEs retrain on the same subjects over and over again that we are blind to the opportunity to make CCIEs the point of the spear when it comes to driving new technology adoption.

CCIE lab revamps don’t come along every six months.  They take years of examination and testing to ensure that the whole process integrates properly.  In the fourth version of the CCIE lab blueprint, MPLS appeared for the first time as a lab topic.  It took years of adoption in the wider enterprise community to show that MPLS was important to all networkers and not just service provider engineers.  The irony is that MPLS appears in the blueprint right alongside Frame Relay, a technology which MPLS is rapidly displacing.  We are still testing on a twenty-year-old technology because it represents so much of a networker’s life as it is ripped out and replaced with better protocols.

Where’s the CCIE SDN? Why are emerging technologies so underrepresented in the CCIE?  One could argue that new tech needs time to become adopted and tested before it can be a valid topic.  But who does that testing and adoption?  CCIEs?  CCNPs? Unwitting CCNAs who have this thrust upon them because the CIO saw a killer SDN presentation and decided that he needed it right now!  The truth is somewhere in the middle, I think.

Rather than making CCIEs stop what they are working over every 18 months to read up and remember how 802.1d spanning tree functions or how to configure an NBMA OSPF-over-frame-relay link, why not reward them for investigating and proofing new technology like TRILL or OpenFlow?  Let the research time count for something.  The fastest way to stagnate a certification program is to force it in upon itself and only test on the same things year after year.  I said as much in a previous CCIE post which in many ways was the genesis of my question (and this post).  If CCIEs know the only advantage of studying new technology is gaining a leg up with the CxO comes down to ask how network function virtualization is going to benefit the company then that’s not much of an advantage.

CPEs can be anything.  Reading an article.  Listening to a webcast.  Preparing a presentation.  Volunteering at a community college.  Even attending Cisco Live, which I have been informed was once a requirement of CCIE recertification.  CPEs don’t have to be hard.  They have to show that CCIEs are keeping up with what’s happening with modern networking.  That stands in contrast to reading the CCIE Certification Guide for the fourth or fifth time and perusing 3-digit RFCs for technology that was developed during the Reagan administration.

I’m not suggesting that the CPE program totally replace the test.  In fact, I think those tests could be complementary.  Let CPEs recertify just the CCIE exam.  The written test could still recertify all the existing CCNA/CCNP level certifications.  Let the written stand as an option for those that can’t amass the needed number of CPE credits in the recertification period.  (ISC)^2 does this as do many others.  I see no reason why it can’t work for the CCIE.

There’s also the call of fraud and abuse of the system.  In any honor system there will be fraud and abuse.  People will do whatever they can to take advantage of any perceived weakness to gain advantage.  Similarly to (ISC)^2, an audit system could be implemented to flag questionable submissions and random ones as well to ensure that the certified folks are on the up and up.  As of July 1, 2013 there are almost 90,000 CISSPs in the world.  Somehow (ISC)^2 can manage to audit all of those CPE submissions.  I’m sure that Cisco can find a way to do it as well.


Tom’s Take

People aren’t going to like my suggestion.  I’ve already heard as much.  I think that rewarding those that show initiative and learn all they can is a valuable option.  I want a legion of smart, capable individuals vetting new technology and keeping the networking world one step into the future.  If that means reworking the existing certification program a bit, so be it.  I’d rather the CCIE be on the cutting edge of things rather than be a laggard that is disrespected for having its head stuck in the sand.

If you disagree with me or have a better suggestion, I implore you leave a comment to that affect.  I want to really understand what the community thinks about this.

Poaching CCIEs

CCIEIce

During the CCIE Netvet Reception at Cisco Live 2013, a curious question came up during our Q&A session with CEO John Chambers. Paul Borghese asked if it was time for the partner restriction on CCIE tenure to be lifted in order to increase the value of a CCIE in the larger market. For those not familiar, when a CCIE is hired by a Cisco partner, they need to attach their number to the company in order for the company to receive the benefits of having hired a CCIE. Right now, that means counting toward the CCIE threshold for Silver and Gold status. When a CCIE leaves the the first company and moves to another partner their number stays associated with the original company for one year and cannot be counted with the new company until the expiration of that year.

There are a multitude of reasons why that might be the case. It encourages companies to pay for CCIE training and certification if the company knows that the newly-minted CCIE will be sticking around for at least a year past their departure. It also provides a lifeline to a Cisco partner in the event a CCIE decides to move on. By keeping the number attached to the company for a specific time period, the original company has the time necessary to hire or train new resources to take over for the departed CCIE’s job role. If the original partner is up for any contracts or RFPs that require a CCIE on staff, that grace period could be the difference between picking up or losing that contract.

As indicated above, Paul asked if maybe that policy needed to change. In his mind, the restriction of the CCIE number was causing CCIEs to stay at their current companies because their inability to move their number to the new company in a timely manner made them less valuable. I know now that the question came on behalf of Eman Conde, the CCIE Agent, who is very active in making sure the rights and privileges of CCIEs everywhere are well represented. I remember meeting Eman for the first time back at Cisco Live 2008 at an IPExpert party, long before I was a CCIE. In that time, Eman has worked very hard to make sure that CCIEs are well represented in the job market.  It is also in Eman’s best interests to ensure that CCIEs can move freely between companies without restriction.

My biggest fear is that removing the one-year association restriction for Cisco Partners will cause partners to stop funding CCIE development.  I was very fortunate to have my employer pay the entire cost of my CCIE from beginning to end.  In return, I agreed in principle to stay with them for a period of time and not seek employment from anyone else.  There was no agreement in place.  There was no contract.  Just a handshake.  Even after I left to go work with Gestalt IT, my number is locked to them for the next year.  This doesn’t really bother me.  It does make them feel better about moving to a competitor.  What would happen if I could move my number freely to the next business without penalty?

Could you imagine a world where CCIEs were being paid top dollar to work at a company not for their knowledge but because it was cheaper to buy CCIEs that it was to build them?  Think of a sports team that doesn’t have a good minor league system but instead buys their talent for absurd amounts of money.  If you had pictures of the New York Yankees in your head, you probably aren’t far removed from my line of thinking.  When the only value of a CCIE is associating the number to your company then you’ve missed the whole point of the program.

CCIEs are more valuable than their number.  With the exception of the Gold/Silver partner status their number is virtually useless.  What is more important is the partner specializations they can bring it.  My CCIE was pointless to my old employer since I was the only one.  What was a greater boon was all the partner certifications that I brought for unified communications, UCS implementation, and even project management.  Those certifications aren’t bound to a company.  In fact, I would probably be more marketable by going to a small partner with one CCIE or going to a silver partner with 3 CCIEs and telling them that I can bring in new lines of partner business while they are waiting for my number to clear escrow.  The smart partners will realize the advantage and hire me on and wait.  Only an impatient partner that wants to build a gold-level practice today would want to avoid number lock-in.

I don’t think we need to worry about removing the CCIE association restriction right now.  It serves to entice partners to fund CCIEs without worrying about them moving on as soon as they get certified.  Termination results in the number being freed up upon mutual agreement.  Most CCIEs that I’ve heard of that left their jobs soon after certification did it because their company told them they can’t afford to pay a CCIE.  Forcing small employers to let CCIEs walk away to bigger competitors with no penalty will prevent them from funding any more CCIE training.  They’ll say, “If the big partners want CCIEs so badly that they’ll pay bounties then let the big partners do all the training too.”  I don’t even think an employer non-compete would fix the issue as those aren’t enforceable in many states.  I think the program exists the way it does for a reason.  With all due deference to Eman and Paul, I don’t think we’ve reached the point where CCIE free agency is ready for prime time.

Devaluing Experts – A Response

I was recently reading a blog post from Chris Jones (@IPv6Freely) about the certification process from the perspective of Juniper and Cisco. He talks about his view of the value of a certification that allows you to recertify from a dissimilar track, such as the CCIE, as opposed to a certification program that requires you to use the same recertification test to maintain your credentials, such as the JNCIE. I figured that any comment I had would run much longer than the allowed length, so I decided to write it down here.

I do understand where Chris is coming from when he talks about the potential loss of knowledge in allowing CCIEs to recert from a dissimilar certification track. At the time of this writing, there are six distinct tracks, not to mention the retired tracks, such as Voice, Storage, and many others. Chris’s contention is that allowing a Routing and Switching CCIE to continue to recertify from the Data Center or Wireless track causes them to lose their edge when it comes to R&S knowledge. The counterpoint to that argument is that the method of using the same (or updated) test in the certified track as the singular recertification option is superior because it ensures the engineer is always up on current knowledge in their field.

My counter argument to that post is two fold. The first point that I would debate is that the world of IT doesn’t exist in a vacuum. When I started in IT, I was a desktop repair technician. As I gradually migrated my skill set to server-based skills and then to networking, I found that my previous knowledge was important to continue forward but that not all of it was necessary. There are core concepts that are critical to any IT person, such as the operation of a CPU or the function of RAM. But beyond the requirement to answer a test question is it really crucial that I remember the hex address of COM4 in DOS 5.0? My skill set grew and changed as a VAR engineer to include topics such as storage, voice, security, and even returning to servers by way of virtualization. I was spending my time working with new technology while still utilizing my old skills. Does that mean that I needed stop what I was working on every 1.5 years to start studying the old CCIE R&S curriculum to ensure that I remembered what OSPF LSA types are present in a totally stubby area? Or is it more important to understand how SDN is impacting the future of networking while not having any significant concrete configuration examples from which to generate test questions?

I would argue that giving an engineer an option to maintain existing knowledge badges by allowing new technology to refresh those badges is a great idea for vendors that want to keep fresh technology flowing into their organization. The risk of forcing your engineers into a track without an incentive to stay current comes in when you have a really smart engineer that is not capable of thinking beyond their certification area. Think about the old telecommunications engineers that have spent years upon years in their wiring closets working with SS7 or 66-blocks. They didn’t have an incentive or need to learn how voice over IP (VoIP) worked. Now that their job function has been replaced by something they don’t understand many of them are scrambling to retrain or face being left behind in the market. As Steven Tyler once sang, “If you do what you’ve always done, you’ll always get what you’ve always got.”

Continuous Learning

The second part of my counterpoint is that the only true way to maintain the level of knowledge required for certification shouldn’t rely on 50-100 multiple choice questions. Any expert-level program should allow for the use of continuing education to recertify the credential on a yearly basis. This is how the legal bar system works. It’s also how (ISC)2’s CISSP program works. By demonstrating that you are acquiring new knowledge continually and contributing to the greater knowledge base you are automatically put into a position that allows you to continue to hold your certification. It’s a smart concept that creates information and ensures that the holders of those certifications stay current on new knowledge. Think for moment about changing the topics of an exam. If the exam is changed every two years there is a potential for a gap in knowledge to occur. If someone were recertified on the last day of the CCIE version 3 exam, it would have been almost two years before they had to take an exam that required any knowledge of MPLS, which is becoming an increasingly common enterprise core protocol. Is it fair that the person that took the written exam the next day was required to know about MPLS? What happens if that CCIEv3 gets a job working with MPLS a few months later. According to the current version 4 curriculum they CCIE should know about MPLS. Within the confines of the certification program the user has failed to demonstrate familiarity with the topic.

Instead, if we ensure that the current certification holders are studying new topics such as MPLS or SDN or any manner of networking-related discussions we can be reasonably sure they are conversant with what the current state of the industry looks like. There is no knowledge gap because new topics can be introduced quickly as they become relevant. There is no fear that someone following the letter of the certification law and recertifying on the same material will run into something they haven’t seen before because of a timing issue. Continuous improvement is a much better method in my mind.


Tom’s Take

Recertification is going to be a sticky topic no matter how it’s sliced. Some will favor allowing engineers to spread their wings and become conversant in many enterprise and service provider topics. Still others will insist that the only way to truly be an expert in a field is to study those topics exclusively. Still others will say that a melding of the two approaches is needed, either through continuous improvement or true lab recertification. I think the end result is the same no matter the case. What’s needed is an agile group of engineers that is capable of not only being an expert at their field but is also encouraged to do things outside their comfort zone without fear of losing that which they have worked so hard to accomplish. That’s valuable no matter how you frame it.

Note that this post was not intended to be an attack against any person or any company listed herein. It is intended as a counterpoint discussion of the topics.

CCIE Loses Its Voice

ccievThe world we live in is constantly adapting and changing to new communications methods.  I can still remember having a party line telephone when I was a kid.  I’ve graduated to using landlines, cellular phones, email, instant messaging, text messaging, and even the occasional video call.  There are more methods to contact people than I can count on both hands.  This change is also being reflected in the workforce as well.  People who just a few years ago felt comfortable having a desk phone and simple voice mail are now embracing instant messaging with presence integration and unified voice mail as well as single number reach to their mobile devices.  It’s a brave new world that a voice engineer is going to need to understand in depth.

To that end, Cisco has decided to retire the CCIE Voice in favor of an updated track that will be christened the CCIE Collaboration.  Note that they aren’t merely changing the blueprint like they have in the past with the CCIE SP or the CCIE R&S.  This is like the CCIE Storage being moved aside for the CCIE Data Center.  The radical shift in content of the exam should be a tip-off to the candidates that this isn’t going to be the same old voice stuff with a few new bells and whistles.

Name That Tune

The lab equipment and software list (CCO account required) includes a bump to CUCM 9.1 for the call processor, as well as various 9.x versions of Unity Connection, Presence, and CUCME.  There’s also a UCS C460, which isn’t too surprising with CUCM being a virtualized product now.  The hardware is rounded out with 2921 and 3925 routers as well as a 3750-X switch.  The most curious inclusion is the Cisco Jabber Video for Telepresence.  That right there is the key to the whole “collaboration” focus on this exam.  There is a 9971 phone listed as an item.  I can almost guarantee you’re going to have to make a video call from the 9971 to the video soft client in Cisco Jabber.  That’s all made possible thanks to Cisco’s integration of video in CUCM in 9.1.  This has been their strategy all along.

The CCIE Voice is considered one of the hardest certifications to get, even among the CCIE family.  It’s not that there is any one specific task to configure that just wrecks candidates.  The real issue is the amount of tasks that must be configured.  Especially when you consider that a simple 3-point task to get the remote site dial plan up and running could take a couple of hours of configuration.  Add in the integrated troubleshooting section that requires you to find a problem after you’ve already configured it incorrectly and you can see why this monster is such a hard test.  One has to wonder what adding video and other advanced topics like presence integration into the lab is going to do to the amount of time the candidate has to configure things.  It was already hard to get done in 8 hours.  I’m going to guess it’s downright impossible to do it in the CCIE Collaboration.  My best guess is that you are going to see versions of the test that are video-centric as well as ones that are voice-centric.  There’s going to be a lot of overlap between the two, but you can’t go into the lab thinking you’re guaranteed to get a video lab.

Hitting the Wrong Notes

There also seems to have been a lot of discussion about the retirement of the CCIE Voice track as opposed to creating a CCIE Voice version 4 track with added video.  In fact, there are some documents out there related to the CCIE Collaboration that reference a CCIE Voice v4.  The majority of discussion seems to be around the CCIE Voice folks getting “grandfathered” into a CCIE Collaboration title.  While I realize that the change in the name was mostly driven about the marketing of the greater collaboration story, I still don’t think that there should be any automatic granting of the Collaboration title.

The CCIE Collaboration is a different test.  While the blueprint may be 75% the same, there’s still the added video component to take into account (as well as cluster configuration for multiple CUCM servers).  People want an upgrade test to let the CCIE Voice become a CCIE Collaboration.  They have one already: the CCIE Collaboration lab exam.  If the title is that important, you should take that lab exam and pass it to earn your new credential.  The fact that there is precedent for this with the migration of the Storage track to Data Center shows that Cisco wants to keep the certifications current and fresh.  While Routing & Switching and Security see content refreshes, they are still largely the same at the core.  I would argue that the CCIE Collaboration will be a different exam in feel, even if not in blueprint or technology.  The focus on IM, presence and video means that there’s going to be an entirely different tone.  Cisco wants to be sure that the folks displaying the credential are really certified to work on it according to the test objectives.  I can tell you that there was serious consideration around allowing Storage candidates to take some sort of upgrade exam to get to the CCIE Data Center, but it looks like that was ultimately dropped in favor of making everyone go through the curriculum.  The retirement of the CCIE Voice doesn’t make you any less of a CCIE.  Like it or not, it looks like the only way to earn the CCIE Collaboration is going to be in the trenches.

It Ain’t Over Until…

The sunsetting officially starts on November 20th, 2013.  That’s the last day to take the CCIE Voice written.  Starting the next day (the 21st) you can only take the Collaboration written exam.  Thankfully, you can use either the Voice written or the Collaboration written exam to qualify for either lab.  That’s good until February 13, 2014.  That’s the last day to take the CCIE Voice lab.  Starting the next day (Valentine’s Day 2014), you will only be able to take the Collaboration lab exam.  If you want to get an idea of what is going to be tested on the lab exam, check out the document on the Cisco Learning Network (CCO account required).

If you’d like to read more about the changes from professional CCIE trainers, check out Vik  Malhi (@vikmalhi) on IPExpert’s blog.  You can also read Mark Snow’s (@highspeedsnow) take on things at INE’s blog.


Tom’s Take

Nothing lasts forever, especially in the technology world.  New gadgets and methods come out all the time to supplant the old guard.  In the world of communications and collaboration, Cisco is trying to blaze a trail towards business video as well as showing the industry that collaboration is more than just a desk phone and a voice mailbox.  That vision has seen some bumps along the way but Cisco seems to have finally decided on a course.  That means that the CCIE Voice has reached the apex of potential.  It is high time for something new and different to come along and push the collaboration agenda to the logical end.  Cisco has already created a new CCIE to support their data center ambitions.  I’m surprised it took them this long to bring business video and non-voice communications to the forefront.  While I am sad to see the CCIE Voice fade away, I’m sure the CCIE Collaboration is going to be a whole new barrel of fun.

Change The CCIE Portal Login!

It’s been said that achieving the CCIE is one of the more painful processes in networking and certification.  There’s a lot of time and effort that must be expended to obtain those singular digits that identify you as an internetworking expert in the eyes of Cisco.  However, the pain doesn’t always end after you get your CCIE.

All the information accrued by a CCIE candidate lives in a database somewhere at Cisco.  The access method for this database is somewhat archaic.  When you attempt to access any information from the http://www.cisco.com/go/ccie landing page, you must first log in using your Cisco Connection Online (CCO) login.  This is a pretty standard login for anything on the Cisco website, from software downloads to partner page access.  Once you input the information to log into your CCO account, you aren’t automatically granted access to the CCIE portal.  Instead, you are redirected to https://tools.cisco.com/CCIE/Schedule_Lab/CCIEOnline/jsp/UpdateProfile_Form.jsp.  For those that might not otherwise be familiar with this page, here’s what it looks like:

CCIE Login Page - Thanks to @MrTugs

CCIE Login Page – Thanks to @MrTugs

Anyone that has taken the CCIE written, tried to schedule the CCIE lab, or has passed the lab knows the pain of this page.  In order to access your score report or CCIE logos or even schedule a lab exam, you must first provide the laundry list of random information.  The candidate ID is easy enough to find since it’s the CSCO number that tracks you through the Cisco certification program.  The rest of the info is the pain point.

Why is it that almost twenty years after the inception of the program that I still need to provide my written score report information?  I could understand providing all this information the first time I log into the system.  PearsonVUE and Prometric require similar information from your first testing score report in order to tie your database record to a test and begin to track you in their system.  If I had to provide the score report for the first time to tie the CCIE written exam to my CSCO number, I would totally understand.  However, I need to provide my written score EVERY. TIME. I. LOG. IN.  Even after I pass the CCIE lab, I still need to remember that score to access my certification record.  If you’re someone that has taken several recertification exams it can be painful.  If you’re been a CCIE as long as Terry Slattery, it’s downright excruciating.  If you’re considering a multiple CCIE, the process is even worse.  You have to log into the system with your specific track score report in order to schedule a lab.  Don’t have your CCIE Voice score report handy?  Better not log in with your CCIE R&S information.  You won’t have access to schedule the lab for Voice.  It’s almost like the CCIE database is a series of separate databases running on someone’s desktop in RTP.

EDIT: Marko Milivojevic (@icemarkom) pointed out to me that the database is consistent if you are a multiple CCIE holder.  Using any one of your written exams allows you to log in and see all of your records.  You still need to use a track-specific written test to schedule the associated lab exam, however.

Cisco has a certification tracking database located at http://www.cisco.com/go/certifications/login.  It holds all the information related to non-CCIE certifications.  It also happens to be integrated with the CCO login completely.  I used to have to login to the Cisco Cert Tracker with my CSCO ID, but now I just have to login with my regular CCO login and I’m passed right on through to the pertinent information.  There’s even a field in the Cert Tracker for my CCIE number.  However, there is no information to be found related to the CCIE itself.  I’m pretty sure this has a lot to do with the historical separation between the CCIE team and the rest of the certification organization.  The CCIE was always held apart from everything else, both due to its grandfatherly status in the certification industry and the lack of any prerequisites to take the written exam.  It has only been recently that the CCIE team has been folded into the greater Cisco Certifications team.  If they truly are a part of the greater whole, it’s high time to start bring the CCIE portal over to the Cert Tracker.

I can’t see any reason to continue to require CCIEs in good standing to remember a decade-old score report in order to access a logo or look up a lab exam date.  I can see logging in with the score report information the first time to tie everything together to a candidate record.  But after that, you should only need to login with your CCO login or your CSCO number.  That information should be a unique enough value to guarantee non-overlapping logins.  You already require the CCIE candidate to have a valid CSCO number in order to take the written at a PearsonVUE testing center.  Why not use it as the sole login credential?


Tom’s Take

I’ve known too many CCIE candidates that have frantically tried to recall their written test information when the dreaded lab score report email comes.  I had my info saved in Chrome so it would auto-fill when I got to that page.  It worked until I changed laptops and didn’t import my Chrome info.   I had to dig through a filing cabinet to track down the information I needed to login.  Think about the CCIEs that have been certified for more than a decade.  Why should they be forced to produce information that has been lost to time?  My written score has been displaced by RSTP timers and EIGRP admin distance numbers.  Sure, I could keep that info somewhere safe (like a 1Password entry), but I think the better fix would be to bring the CCIE database into the 21st century and integrate it with all the other tools that Cisco provides.  You can stage the migration over the course of a few months.  Even just allowing your CCO login to access the CCIE portal would be a huge step forward.  I know this is a delicate process that has been going on for many years.  But the process is broken and silly and it’s time that someone fixed it.

 

Learn Why Things Work

As a nerd, I can safely say that Star Trek II: The Wrath of Khan is the best of all the Star Trek films.  It has great character development, and engaging story, and even some fun dialog.  One throwaway line in particular caught my attention recently and made me think about certifications and studying.

In the first big dramatic scene, the bad guy (Khan) has the good guy (Kirk) outgunned and at his mercy.  While scrambling to find a solution to this unwinnable situation, he settles on the gambit of hacking the bad guy’s ship.  When the green lieutenant asks the good guy why he needs the secret code (prefix code) for the bad guy’s ship, the good guy admonishes the lieutenant with the following line:

You have to learn why things work on a starship.

In a movie filled with other great quotes and scenes, this one throwaway line goes unnoticed.  I even had to find a copy of the script to be sure I got it right.  But when it comes to certification, that line holds a lot of power.  You might even say that it sums up the totality of the certification process, as well as the reason why some people that pass still have trouble in the real world.

Everything in networking, or IT for that matter, follows a set of rules.  Programs execute based on a set of instructions.  Electrical signals follow the laws of physics.  Unlike the Matrix, these rules are very seldom flexible.  The same inputs almost always produce the same outputs.  There is no magic or mystical explanation for these behaviors.  Everything does what it does because of these rules.

When you take the time to learn why a protocol behaves in a specific way or why a device  exhibits a certain erratic behavior during troubleshooting, you have a more complete understanding of all the factors that go into that behavior.  Just like in the above example, the good guy is the old veteren of many starship voyages.  He knows why ships behave they way they do.  Because he knows why the ships have a prefix code, he knows how to exploit that behavior against someone that doesn’t know in order to escape the situation.  Someone without knowledge of why things are the way they are would miss that as a possibility simply because it doesn’t exist to them.

Far too often, people seeking certification don’t want to know why something behaves in the way that it does.  They simply want to know the answer to the question or they want to learn the trivia facts in order to satisfy the multiple choice part of the exam.  When it comes time to apply that knowledge those students that don’t understand things beyond fact memorization can’t cope.  For example, look at a simple layer 2 bridging loop.  Most people that have experienced this will tell you simply that it takes the entire network down. Easy enough to explain why it’s bad.  But why does it do this?  You have to dig a little deeper to find the answer.  You have to understand that bridges forward unknown unicast frames out of every port except the ingress port.  Then you have to know there isn’t a method for layer 2 Time To Live (TTL) so those unicast frames can eventually age out of the network.  Finally, you have to know that the impact of all those unicast frames being constantly forwarded out of the bridge eventually overwhelms the CPU and causes the bridge to stop forwarding traffic of all kinds because it can’t keep up.  There’s a lot of why in that explanation.  Learning all of it means you know a myriad of ways to prevent the problem from happening in the first place.  Knowing why means when you develop a new protocol down the road you can address those things and fix them (hello L2 TTL!)

If you skip the why, you miss out on a huge part of troubleshooting and configuration.  Every command has a reason for existing.  Every setting has a valid excuse for being included.  Taking the extra time to learn about those things is what separates the good network rock stars from the rest of the pack.  The dedication and time invested in learning something that completely really shows to potential employers and people conducting technical interviews.  But don’t take my word for it.  Instead, listen to CCIE Instructor Marko Milivojevic:

I couldn’t have said it better myself.

New Cisco Data Center Certifications

Last week, Cisco finally plugged a huge hole in their certification offerings.  Cisco has historically required its partner community to study for specific certifications related to technologies before offering them as specialized tracks for all candidates.  It was that was for voice, wireless, and even security.  However, until last week there was no offering for data center networking.  I think this is an area in which Cisco needs to concentrate, especially when you look at their results for the first quarter of their fiscal year that were just released.  Cisco grew its data center networking business by 61% and their UCS success has vaulted them into third place in the server race easily, though some may argue they are a tight contender for second.  What Cisco needs to solidify all that growth is a program that grows data center network engineers from the ground up.

Cisco’s previous path to creating a data center network engineer involved getting a basic CCNA with no specialization and then focusing on the Data Center Networking Infrastructure certifications.  After the networking is taken care of, there is a path for UCS design and support as well.  But that requires a prospective engineer to pick up NX-OS on the fly, not having started with it in the CCNA level.  Thankfully, Cisco has now addressed that little flaw in the program.

CCNA Data Center

Cisco now has a CCNA Data Center certification that consists of non-overlapping material.  640-911Introduction to Data Center Networking DCICN is square one for new data center hopefuls.  It tests over the basics of networking much like the CCNA, but the focus is on NX-OS devices like the Nexus 7k and Nexus 5k.  It’s very much like the ICND1 exam in that is focuses on the basics and theory of general networking.  640-916 Introducing Cisco Data Center Technologies DCICT is the real meat of data center technology.  This is where the various fabric and SAN technologies are tested along with Unified Computing as well as virtualization technology like the Nexus 1000V.  Of these two tests, the DCICT is going to be the really hefty one for most candidates to chew on.  In fact, I’m almost sure that most CCNA-level engineers can go out and pass DCICN without any study beyond their CCNA knowledge.  The DCICT will likely require much more time with the study guides to get past.  Once you’ve gotten through both, you can now proudly display your CCNA: Data Center title.

CCNP Data Center

Once you’ve attained your CCNA Data Center, it’s time to delve into the topics a bit deeper.  Cisco introduced the CCNP Data Center certification track to compliment the entry level offering in the CCNA DC.  Historically, this is where the various partner-focused Data Center specializations have focused.  With the CCNP Data Center, you have to start with the Implementing Data Center Unified Computing DCUCI and Implementing Data Center Unified Fabric DCUFI exams.  Right now, you can take either version 4 or version 5 of these exams, but the version 4 exams will start expiring next year.  Once you’ve passed the implementation exams, you have a choice to make.  You can go down the path of the data center designer with Designing Cisco Data Center Unified Computing DCUCD and Designing Cisco Unifed Data Center Fabric DCUFD.  Those two exams also have a choice between version 4 and version 5, with similar expiration dates in 2013 for the version 4 exams.  If you fancy yourself more of a hands-on troubleshooter, you can opt for the Troubleshooting Cisco Unified Data Center Computing DCUCT and Troubleshooting Cisco Unified Data Center Fabric DCUFT exams.  Note that these exams don’t have a version 4 option.  There seems to have been some confusion about which exams count for what.  You must take the Implementation exams.  After that you can either take the Design exams or the Troubleshooting exams.

Tom’s Take

I’ve spent a lot of time in the last year talking about the CCIE Data Center.  One of the things that struck me about it was how focused it was in its present state on currently trained engineers.  Unless you work with Nexus and UCS every day, you won’t do well on the CCIE DC exam because there isn’t really a training program for it.  Now, with the additions of the CCNA DC and the CCNP DC, aspiring data center rock stars can get started on the road to the CCIE without needing to worry about learning IOS first.  I’m sure that Cisco will eventually retire the data center partner specializations and make the requirement for the Data Center Architecture focused around the CCNA DC and CCNP DC.  There’s no better time to jump out there and get started.  Just remember your jacket.

VMware Certification for Cisco People

During the November 14th vBrownBag, which is an excellent weekly webinar dedicated to many interesting virtualization topics, the question was raised on Twitter about mapping the VMware certification levels to their corresponding counterparts in Cisco certification.  That caught me a bit off guard at first because certification programs among the various vendors tend to be very insular and don’t compare well to other programs.  The Novell CNE isn’t the same animal as the JNCIE.  It’s not even in the same zoo.  Still, the watermark for difficult certifications is still the CCIE for most people, due to its longevity and reputation as a tough exam.  Some were wondering how it compared to the VCDX, VMware’s premier architect exam.  So I decided to take it upon myself to write up a little guide for those out there that may be Cisco certification junkies (like me) and are looking to see how their test taking skills might carry over into the nebulous world of vKernels and port groups.  Note that I’m going to focus on the data center virtualization track of the VMware certification program, as that’s the one I’ve had the most experience with and the other tracks are relatively new at this time.

VCP

The VMware Certified Professional (VCP) is most like the CCNA from Cisco.  It’s a foundational knowledge exam designed to test a candidate’s ability to understand and configure a VMware environment consisting of the ESXi hypervisor and vCenter management server.  The questions on the VCP tend to fall into the area of “Which button do you click?” and “What is the maximum number of x?” types of questions.  These are the things you will need to know when you find yourself staring at a vCenter window and you need to program a vKernel port or turn on LACP on a set of links.  Note that according to the VCP blueprint, there aren’t any of those nasty simulation questions on the VCP, unlike the CCNA.  That means you won’t have to worry about a busted Flash simulation that doesn’t support the question mark key or other crazy restrictions.  However, the VCP does have a prerequisite that I’m none too pleased about.  In order to obtain the VCP, you must attend a VMware-authorized training course.  There’s no getting around it.  Even if you take the exam and pass, you won’t get the credential until you’ve coughed up the $3000 US for the class.  That creates a ridiculous barrier to entry for many that are starting out in the virtualization industry.  It’s difficult in some cases for candidates to pony up the cost of the exam itself.  Asking them to sell a kidney in order to go to class is crazy.  For reference, that’s two CCIE lab fees.  Just for a class.  Yes, I know that existing VCPs can recertify on the new version without going to class.  But it’s a bit heavy handed to require new candidates to go to class, especially when the material that’s taught in class is readily available from work experience and the VMware website.

VCAP-DCA

The next tier of VMware certifications is the VMware Certified Advanced Professional (VCAP).  This is actually split into two different disciplines – Data Center Administration (DCA) and Data Center Design (DCD).  The VCAP-DCA is very similar to the CCIE.  Yes, I know that’s a pretty big leap from the CCNA-like VCP.  However, the structure of the exam is unlike anything but the CCIE in Ciscoland.  The VCAP-DCA is a 4-hour live practical exam.  You are configuring a set of 30-40 tasks on real servers.  You have access to the official documentation, although just like the CCIE you need to know your stuff and be able to do it quickly or you will run out of time.  Also, just like the CCIE, you are given constraints on some things, such as “Configure this task using the CLI, not the GUI.”  When you leave the secured testing facility, you won’t know your score for up to fifteen days until the exam is graded, likely by a combination of script and live person (just like the CCIE).  David M. Davis of Trainsignal is both a CCIE and a VCAP and has an excellent blog post about his VCAP experience.  He says that while the exam format of the VCAP is very similar to the CCIE, the exam contents themselves aren’t as tricky or complicated.  That makes sense when you think about the mid-range target for this exam.  This is for those people who are the best at administering VMware infrastructure.  They know more than the VCP blueprint and want to show that they are capable of troubleshooting all the wacky things that can happen to a virtual cluster.  Note that while there is a recommended training class available for the VCAP, it isn’t required to sit the test.  Also note that the VCAP is a restricted exam, meaning you must request authorization in order to sit it.  That makes sense when you consider that it’s a 4-hour test that can only be taken at a secured Pearson VUE testing center.

VCAP-DCD

The other VMware Certified Advanced Professional (VCAP) exam is the Data Center Design (DCD) exam.  This is where the line starts to blur between people that spend their time plugging away and configurations and people that spend their time in Visio putting data centers together.  Rather than focusing on purely practical tasks like the VCAP-DCA, the VCAP-DCD instead tests the candidate’s ability to design VMware-focused data centers based on a set of conditions.  The exam consists of a grouping of multiple choice, fill-in-the-blank, and in-exam design sessions.  The latter appears to have some Visio-like design components according to those that have taken the test.  This would put the exam firmly in the territory of the CCDP or even the CCDE.  The material on the DCD may be focused on design specifically, but the exam format seems to speak more to the kind of advanced questions you might see in the higher level Cisco design exams.  Just like the DCA, there are recommended courses for the DCD (like the VMware Design Workshop), but these are not requirements.  You will receive your score as soon as you leave, since there aren’t enough live configuration items on the exam to warrant a live person grading your exam.

VCDX

The current king of the mountain for VMware certifications is the VMware Certified Design Expert (VCDX).  This the VMware’s premier architecture certification.  It’s also one of the most rigorous.  A lot of people compare this to the CCIE as the showcase cert for a given industry, but based on what I’ve seen the two certifications only mirror each other in number of attempts per candidate.  The VCDX is actually more akin to the Cisco Certified Architect (CCAr) or Microsoft Certified Master certification.  That’s because rather than have a lab of gear to configure, you have to create a total solution around a given problem and demonstrate your knowledge to a council of people live and in person.  It’s not a inexpensive, either in terms of time or cost.  You have to pay a $300 fee to even have your application submitted.  This is pretty similar to the CCIE written exam.  However, even if you submit the proposal, there’s no guarantee you’ll make it to the defense.  Your application has to be scrutinized and there has to be a reasonable chance of you defending it.  If you’re submission isn’t up to snuff, you get recycled to the back of the pile with a pat on the head and a “try again later” note.  If you do make the cut, you have to fly out to a pre-determined location to defend.  Unlike Cisco’s policy of having a lab in many different locations all over the world, the defense locations tend to move around.  You may defend at VMWorld in San Francisco and have to try again in Brussels or even Tokyo.  It all really depends on timing.  Once you get in the room for your defense, you have to present your proposal to the council as well as field questions about it.  You’ll probably have to end up whiteboarding at some point to prove you know what you’re talking about.  And this council doesn’t accept simple answers.  If they ask you why you did something, you’d better have a good answer.  And “Because it’s best practice” doesn’t cut it either.  You need to show an in-depth knowledge of all facets of not only the VMware pieces of the solution, but third party pieces as well.  You need to think about all the things that you would put into a successful implementation, from environmental impacts to fault tolerance. Implementation plans and training schedules could also come up.  The idea is that you are working your way through a complete solution that shows you are a true architect, not just a mouse-clicker in the trenches.  That’s why I tend to look at the VCDX as above the CCIE.  It’s more about strategic thinking instead of brilliant tactical maneuvers.  Read up on my CCAr post from earlier this year to get an idea of what Cisco’s looking for in their architects.  That’s what VMware is looking for too.


That’s VMware certification in a nutshell.  It doesn’t map one-to-one to the existing Cisco certification lineup, but I would argue that’s due more to the VMware emphasis on practical experience versus book learning.  Even the VCAP-DCD, which would appear to be a best practices exam, has a component of live drag-and-drop design in a simlet.  I would argue that if Cisco had to do it all over again, their certification program would look a lot like the VMware version.  I talked earlier this year about wanting to do the VCAP in some form this year.  I don’t think I’m going to get there.  But knowing what I know now about the program and where I need to focus my studies based on what I’m doing today, I think that the VCAP is a very realistic goal for 2013.  The VCDX may be a bit out of my league for the time being, but who knows?  I said the same thing about the CCIE many years ago.

Do They Give Out Numbers For The CCIE Written?

I’ve seen a bit of lively discussion recently about a topic that has vexed many an engineer for years.  It revolves around a select few that put “CCIE Written” as their title on their resume or their LinkedIn account.  While they have gone to great lengths to study and take the 100-question multiple choice written qualification exam for the CCIE lab, there is some notion that this test in and of itself grants a title of some sort.  While I have yet to interview someone that has this title, others that I talk to said they have.  I have been in a situation where some of my co-workers wanted to use that particular designation for me during the period of time when I passed the written but hadn’t yet made it through the lab.  I flat out told them “no.”

I understand the the CCIE is a huge undertaking.  Even the written qualification exam is a huge commitment of time and energy.  The test exists because the CCIE has no formal prerequisite.  Back before the CCNA or the CCNP, anyone could go out and attempt the CCIE.  However, since lab spots are a finite resource, some method of pre qualification had to be in place to ensure that people wouldn’t just book spot after spot in the hope of passing the lab.  The written serves as a barrier to entry that prevents just anyone from grabbing the nearest credit card and booking a lab slot they may have no hope of passing.  The written exam is just that, though – a qualification exam.  It doesn’t confer a number or a title of any kind.  It’s not the end of the journey.  It’s the beginning.  I think the rise of the number of people trying to use the CCIE written as a certification level comes from the fact that the exam can now be used to recertify any of a number of lower level certifications, including CCxA, CCxP, and almost all the Cisco Qualified Specialist designations.  That’s the reason I passed my first CCIE written.  At first, I had no real desire to try and get my brains hammered in by the infamous lab.  I merely wanted to keep my professional level certifications and my specialist tags without needing to go out and take all those exams over again.  However, once I passed the written and saw that I indeed knew more about routing and switching than I anticipated, I started analyzing the possibility of passing the lab.  I passed the written twice more before I got my number, both to keep my eligibility for the lab and to keep my other certifications from expiring.  Yet, every time someone asked me what my new title was after passing that test I reminded them that it meant nothing more beyond giving me the chance at a lab date.

I’m not mad at people that put “CCIE Written” as their title on a resume.  It’s not anger that makes me question their decision.  It’s disappointment.  I almost feel sorry that people see this as just another milestone that should provide some reward.  The reward of the CCIE Written is proving you know enough to go to San Jose or Brussels and not get your teeth kicked in.  It doesn’t confer a number or a title or anything other than a date taken and a score that you’ll need to log into the CCIE site every time you want to access your data (yes, even after you pass you still need it).  Rather than resting your laurels after you get through it, look at it as a license to accelerate your studies.  When someone asks you what your new title is, tell them your lab date.  It shows commitment and foresight.  Simply telling someone that you’re a CCIE written is most likely going to draw a stare of disdain followed by a very pointed discussion about the difference between a multiple choice exam and a practical lab.  Worst case scenario?  The person interviewing you has a CCIE and just dismisses you on the spot.  Don’t take that chance.  The only time the letters “CCIE” should be on your resume is if they are followed by a number.

Mental Case – In a Flash(card)

You’ve probably noticed that I spend a lot of my time studying for things.  Seems like I’ve always been reading things or memorizing arcane formulae for one reason or another.  In the past, I have relied upon a large number of methods for this purpose.  However, I keep coming back to the tried-and-true flash card.  To me, it’s the most basic form of learning.  A question on the front and an answer on the back is all you need to drill a fact into your head.  As I started studying for my CCIE lab exam, this was the route that I chose to go down when I wanted to learn some of the more difficult features, like BGP supress maps or NTP peer configurations.  It was a pain to hand write all that info out on my cards.  Sometimes it didn’t all fit.  Other times, I couldn’t read my own writing.  I wondered if there was a better solution.

Cue my friend Greg Ferro and his post about a program called Mental Case.  Mental Case, from Mental Faculty, is a program designed to let you create your own flashcards.  The main program runs on a Mac computer and allows you to create libraries of flash cards.  There are a lot of good example sets when you first launch the app for things like languages.  But, as you go through some of the other examples, you can see the power that Mental Case can give you above and beyond a simple 3″x5″ flash card.  For one thing, you can use pictures in your flash cards.  This is handy if you are trying to learn about art or landmarks, for instance.  You could also use it as a quick quiz about Cisco Visio shapes or wireless antenna types.  This is a great way to study things more advanced than just simple text.

Once you dig into Mental Case, though, you can see some of the things that separate it from traditional pen-and-paper.  While it might be handy to have a few flash cards in your pocket to take out and study when you’re in line at the DMV, more often than not you tend to forget about them.  Mental Case can setup a schedule for you to study.  It will pop up and tell you that it’s time to do some work.  That’s great as a constant reminder of what you need to learn.  Another nice feature is the learning feature.  If you have ever used flash cards, you probably know that after a while, you tend to know about 80% of them cold with little effort.  However, there are about 20% that kind of float in the middle of the pack and just get skipped past without much reinforcement.  They kind of get lost in the shuffle, so to speak.  With Mental Case, those questions which you get wrong more often get shuffled to the front, where your attention span is more focused.  Mental Case learns the best ways to make you learn best.  You can also set Mental Case to shuffle or even reverse the card deck to keep you on your toes.

When you couple all of these features with the fact that there is a Mental Case IOS client as well as a desktop version, your study efficiency goes through the roof.  Now, rather than only being able to study your flash cards when you are at your desk, you can take them with you everywhere.  When you consider that most people today spend an awful lot of time staring at their iPhones and iPads, it’s nice to know that you can pull up a set of flash cards from your mobile device and go to town at a moment’s notice, like in the line at the DMV.  In fact, that’s how I got started with Mental Case.  I downloaded the IOS app and started firing out the flash cards for things like changing RIP timers and configuring SSM.  However, the main Mental Case app only runs on Mac.  At the time, I didn’t have a Mac?  How did I do it?  Well, Mental Case seems to have thought of everything.  While the IOS app works best in concert with the Mac app, you can also create flash cards on other sites, like FlashcardExchange and Quizzlet.  You can create decks and make them publicly available for everyone, or just share them among your friends.  You do have to make the deck public long enough to download to Mental Case IOS, but it can be protected again afterwards if you are studying information that shouldn’t be shared with the rest of the world.  Note, though, that the IOS version of the software is a little more basic than the one on the Mac.  It doesn’t support wacky text formatting or the ability to do multiple choice quizzes.  Also, cards that are created with more than two “sides” (Mental Case calls them facets) will only display properly in slideshow mode.  But, if you think of the IOS client as a replacement for the stack of 10,000 flash cards you might already be carrying in your backpack or pocket the limitations aren’t that severe after all.

The latest version of Mental Case now has the option to share content between Macs via iCloud.  This will allow you to keep your deck synced between your different computers.  You still have to sync the cards between your Mac and your IOS device via Wi-Fi.  You can share at shorter ranges over Bluetooth.  You can also create collection of cards known as a Study Archive and place them in a central location, like Dropbox for instance. This wasn’t a feature when I was using Mental Case full time, but I like the idea of being able to keep my cards in one place all the time.

Mental Case is running a special on their software for the next few days.  Normally, the Mac version costs $29.99.  That’s worth every penny if you spend time studying.  However, for the next few days, it’s only $9.99.  This is a steal for such a powerful study program.  The IOS app is also on sale.  Normally $4.99, it’s just $2.99.  Alone the IOS app is a great resource.  Paired with its bigger brother, this is a no-brainer.  Run out and grab these two programs and spend more time studying your facts and figures efficiently and less time creating them.  If you’d like to learn more about Mental Case from Mental Faculty, you can check out their webiste at http://www.mentalcaseapp.com.

Disclaimer

I am a Mental Case IOS user.  I have used the demo version of the Mental Case Mac app.  Mental Case has not contacted me about this review, and no promotional consideration was given.  I’m just a really big fan of the app and wanted to tell people about it.