My Items
I'm a title. Click here to edit me.

Monitoring Envoy proxy using Zabbix
Envoy is a high-performance C++ distributed proxy designed for microservices and service-oriented architecture, as well as a scalable communication bus and “universal data plane” designed for large scale service meshes. Envoy runs alongside every application and abstracts the network by providing common features in a platform-agnostic manner. When all service traffic in an infrastructure flows via an Envoy mesh, it becomes easy to centralize cross-cutting concerns like observability, security, in addition to adding substrate features in a single place. Envoy, supports a static configuration model, also allows configuration via gRPC/protobuf APIs simplifying management at scale. Envoy also has a variety of filters to add support for gRPC, rate limiting, shadowing, canary routing, and API observability. The objective of this project is to monitor envoy proxy using Zabbix, for that we created an open-source template of Zabbix to monitor envoys. We are using auto-discovery of all clusters exist behind envoy proxy and getting their parameters, and response codes for each listener, and some envoy parameters. The template contains 11 items as dependent items and 3 other that use HTTP Agent to get parameters from the status page of envoy in JSON form. You could add new items by just consulting the "envoy: clusters_stats" item that contains all parameters of envoy in JSON form. For more details about this template: https://github.com/Zen-Networks/Zabbix_envoy . This project is done as part of our monitoring business unit opensource contributions.
The monitoring BU is in charge of offering full-stack highly customized monitoring solutions.

5G Cloud-based NWDAF on AWS
Introduction Amazon Elasticsearch Service (Amazon ES) is a fully managed service that makes it easy for you to deploy, secure, and operate Elasticsearch in AWS at scale. It is a widely popular service and different customers integrate it in their applications for different search use cases. Zen Networks developed a big data analysis platform for mobile networks. The platform takes root in 5G releases 15+ for Network Data Analysis Function (NWDAF) as well as general 5G guidelines for Cloud-native and Service Based Architectures. As network automation becomes more and more present, NWDAF plays a central role in mobile networks in order to provide data-driven optimizations. In this post, we will also cover how Amazon Managed Streaming for Kafka played a key role in the architecture. Overview of Amazon ES Amazon ES makes it easy to deploy, operate, and scale Elasticsearch for log analytics, application monitoring, interactive search, and more. It is a fully managed service that delivers the easy-to-use APIs and real-time capabilities of Elasticsearch along with the availability, scalability, and security required by real-world applications. It offers built-in integrations with other AWS services, including Amazon Kinesis , AWS Lambda , and Amazon CloudWatch , and third-party tools like Logstash and Kibana, so you can go from raw data to actionable insights quickly. Amazon ES also has the following benefits: Fully managed : Launch production-ready clusters in minutes. No more patching, versioning, and backups. Access to all data : Capture, retain, correlate, and analyse your data all in one place. Scalable : Resize your cluster with a few clicks or a single API call. Secure : Deploy into your VPC and restrict access using security groups and AWS Identity and Access Management (IAM) policies. Highly available : Replicate across Availability Zones, with monitoring and automated self-healing. Cost-effective : Deploy automatically Elasticsearch without need for a team to manage it and resize it on demand as per your usage. Overview of Amazon MSK Amazon MSK is a fully managed service that makes it easy for you to build and run applications that use Apache Kafka to process streaming data. Apache Kafka is an open-source platform for building real-time streaming data pipelines and applications. With Amazon MSK, you can use native Apache Kafka APIs to populate data lakes, stream changes to and from databases, and power machine learning and analytics applications. Overview of Zen Networks Zen Networks offers innovative solutions for Communications Service Providers (MNO & MVNO) by bridging cloud and big data technologies with mobile networks expertise. Our mission is to provide full 360-degree visibility to mobile networks with open technologies, leveraged to build observability solutions as well as value-added services on top. We also bridge these technologies with our SIM Over-The-Air server and other steering services to build new capabilities and optimize OPEX. How Zen Networks Innovates for the telecommunications Industry using AWS 5G NWDAF Solution Release-15 and Release-16 define the framework for data analytics in 5G by introducing the Network Data Analytics Function (NWDAF). See figure below. This entity is key to better network automation using AI and ML capabilities powered by extensive network data events. In fact, it is a central part in zero-touch network management. The NWDAF usages are very broad and cover (non-exhaustive list): Customized mobility management per mobility pattern. 5G QoS enhancement. Dynamic traffic steering based on UE service usage . NWDAF consumes data from different NF and AF sources to analyse it then provide it to AF, 5GC NF and OAM. The NWDAF answers use cases in different domains such as QoS, steering, security and dimensioning. At the same time, the ingested data mixes between a wide range of sources. Using AWS managed services, we were able to spin up an NWDAF bringing high value to the CSP. Below is a simplified architecture of the build. Telco-centric data analysis Network events and EDRs flow through enrichment services to give them more context from BSS and other dimensioning data before being centralized in AWS Elasticsearch Service. Using this method, we build a highly reliable and fast data platform that can be used for real-time analysis. Below some of the key use cases: Troubleshooting and support : Enriched and correlated data empowered by an efficient query language are key to drill-down and find out abnormal patterns related a specific customer or SIM card usage. These capabilities reduce by a lot the MTTR and enhance by far customer experience Network Operations Center and monitoring : NOC requires synthetic and real-time dashboards to monitor the health of the network. By enriching streamed data, dashboards become more meaningful. Also, by using AWS Elasticsearch Service, we can drill-down to the actual impacting network events to find out the incident pattern. Market analysis : Marketing decisions should be data-driven. The platform permits advanced data analysis queries to take product and marketing decisions as well as to evaluate the impact of product choices. Security and signalling optimization : Over-signalling is a long-lived issue that requires continuous improvements to reduce the amount of useless signalling. In fact, the latter can be quite costly in a roaming environment. AWS Elasticsearch Service shows abnormal behaviour and overly verbose modules that can be targeted for optimization using statistical algorithms. Data-aware real-time services AWS MSK service is key to build real-time services. In fact, by combining it with AWS serverless technologies like Lambda or Fargate, network automation becomes a quickly grasped reality. In fact, network steering and automated provisioning decisions can be automatically taken by ingesting network events in real-time and building AI-based or explicitly defined rules. NFV Using AWS serverless technologies, we build highly reliable telecom workloads and have them scale on-demand using AWS auto-scaling mechanisms. In fact, at Zen Networks, we have found AWS cloud offering to be very compatible with the current 5G Service Based Architecture trends. Evolutions The platform helped us answer key use cases and while new opportunities show up to leverage it better, we already prepare for the next steps using it. Some on them are: Leveraging AI/ML capabilities for better aberrant behaviour detection. For this, we are benchmarking AWS EMR (SparkML) and AWS Sagemaker Add newer integrations towards NFV for enhanced automation Conclusion In this post, we explained how AWS Elasticsearch Service helped us bring data analysis capabilities to a mobile network with low effort. In fact, managing an Elasticsearch cluster can be daunting when done on premise. The same goes for Kafka where AWS MSK was a game-changer. AWS services allowed us to focus on the business and development parts instead of the underlying infrastructure. This proved priceless and ended up with a very low time-to-market for the services we provided to the CSP.

Zabbix meetup
Zen Networks CEO was part of the panel list for the first Zabbix virtual meetup that took place the 10th of September. Our use case revolved around monitoring and industry 4.0 challenges. We show-cased how we leveraged Zabbix for industry monitoring requirements to ensure operational excellence for our clients. The meetup was a great opportunity to share with the community and learn new insight on how effective Zabbix can be.

Network equipment backups automation using Gitlab & Ansible
Introduction Prerequisites Installation & Configuration Gitlab Installation of Gitlab CE Gitlab Configuration Ansible Ansible installation Ansible configuration Linux server case Network equipment case (Cisco Router) Introduction This article shows how to automate backups of various equipments like Unix machines, switches, routers… using opensource solutions. In fact, we base our solution on Ansible for automation and Gitlab for UI and versioning. The goal is to apply the principles of Git code management for backup management in order to have a platform rich in functionality, flexibility and without breaking the bank. Git is a decentralized version management software. Git aims to allow several people to participate in the development of the same project. GitLab.com offers a SaaS platform based on Git with a web interface above. That said, it's also possible to install your own open-source Gitlab Community Edition platform.. Ansible is a configuration management tool that automates tasks with automation scripts. Prerequisites Before starting, you must have : A machine to install Gitlab. In this case, CentOS 8 A Linux machine for Ansible server. Here, in fact, another CentOS 8 Target machines (Linux, switches, routers, etc.) to retrieve their configurations. Windows machines are also supported. You can use other Git managers like Gogs . Another interesting point to note; backups should ideally not be located in the same site as the target equipment. This is very important to have a more solid Disaster Recovery Plan. A simpler option to avoid managing a Gitlab instance while having an excellent availability rate may simply be to take a paid account at gitlab.com or github.com and create a private repository. Installation & Configuration Gitlab So let's start by installing our own Gitlab repository manager. Installation of Gitlab CE : There are two versions of Gitlab, but we are going to focus on the Community Edition. (Mainly because it’s free ). The installation steps differ depending on the linux distribution used on our instance. Take the case of a CentOS 8 instance, we will need to type the following commands: a. SSH installation and configuration # installation of necessary packages
gitlab:~$ sudo dnf install -y curl policycoreutils openssh-server
# activation and launch of the ssh service
gitlab:~$ sudo systemctl enable sshd
gitlab:~$ sudo systemctl start sshd b. Firewall configuration # Check if the firewall status, to know if you need to execute the commands for the UI (http / https): sudo systemctl status firewalld ansible:~$ sudo firewall-cmd --permanent --add-service=http
ansible:~$ sudo firewall-cmd --permanent --add-service=https
# Loading the new firewall config
ansible:~$ sudo systemctl reload firewalld To enable email notifications, we must configure an email client, Postfix in our case: gitlab:~$ sudo dnf install postfix
gitlab:~$ sudo systemctl enable postfix
gitlab:~$ sudo systemctl start postfix The following command will add the Gitlab repository, useful for repatriating the RPM installation. (For paranoids, you can run the curl without a pipe, view the contents of the script and run it after ensuring no malicious code is there ) gitlab:~$ curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh | sudo bash You just have to execute gitlab:~$ sudo EXTERNAL_URL="https://gitlab.example.com" dnf install -y gitlab-ee As a last step, you may want to integrate Gitlab with your LDAP for user management. Gitlab Configuration To be able to automatically authenticate from your ansible server to your Gitlab server, one quick way is to import the SSH key from your ansible server to the Gitlab server. On your client, type : gitlab:~$ cat ~/.ssh/id_rsa.pub Copy the output and point to Gitlab UI> http://myURL/profile/keys [Settings> SSH Keys] Paste the content like this: Then click on Add Key You will now be able to synchronize content without problems. Now, we can create our first project: Fields to fill : name of the project Description Type (public / private) README initialization choice Now that we've created our project, we need to import it to our Ansible server. To do this, just copy the following link: Finally paste the command starting with git clone : ansible:~$ git clone ssh://git@myURL/tools/network-backups.git This command will clone your Gitlab project in a folder in the path where you executed your command /myPath/network-backups . Ansible
Ansible installation In your Linux server dedicated to Ansible, type the following command to install Ansible.
ansible:~$ sudo yum install ansible Inside your Ansible server : ansible:~$ cd /myPath/network-backups Create two new directories ansible/ and backup/
ansible:~$ mkdir ansible/ backup/ Inside ansible/ create two files : ansible:~$ touch hosts ansible:~$ touch backup.yml If you want to backup a Linux machine, just follow the following steps. For each linux machine to be backed up, execute the following code: ansible:~$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@ipdemamachine Make sure you can connect to SSH automatically without entering a password : ansible:~$ ssh root@ipdemamachine Ansible configuration
Linux server case 1-Put yourself on your Ansible server. 2-Complete the hosts file with : [linux_servers]
LIN-1 ansible_host=myip1 ansible_connection=ssh ansible_user=root
LIN-2 ansible_host=myip2 ansible_connection=ssh ansible_user=root PS: Replace myip1 and myip2 with the corresponding IP addresses of the target Linux machines. 3-remplir le fichier backup.yml avec : - hosts : linux_servers
vars :
root_dir : "myDir"
tasks :
- name : Specifying a path directly
fetch :
src : /etc/hostname
dest : "{{myDir}}network-backups/linux/{{inventory_hostname}}- hostname.txt"
flat : yes
- name : get date
command : date
register : mydate
- hosts : localhost
vars : root_dir : "myDir"
tasks :
- name : Store date as fact
set_fact : myCommitDate : "{{ ansible_date_time.date }}"
- name : sync git
shell : "cd {{root_dir}}network-backups && git add . && git commit -m {{myCommitDate}} && git push origin master" We should have a similar result : PLAY [linux_servers] **************************************************
TASK [Gathering Facts] ************************************************
ok: [LIN-1]
ok: [LIN-2]
TASK [Specifying a path directly] *************************************
changed: [LIN-1]
changed: [LIN-2]
TASK [get date] *******************************************************
changed: [LIN-2]
changed: [LIN-1]
PLAY [localhost] ******************************************************
TASK [Gathering Facts] ************************************************
ok: [localhost]
TASK [Store date as fact] *********************************************
ok: [localhost]
TASK [sync git] ******************************************************* changed: [localhost]
PLAY RECAP ************************************************************
LIN-1 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
LIN-2 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
localhost : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Network equipment case (Cisco Router) Now if we want to save the config of a network device (Let’s take a Cisco router as an example), all we need to do is : 1-complete the hosts file with : [cisco]
ROU-2691-2 ansible_host=myip ansible_user=admin ansible_password=cisco ansible_network_os=ios ansible_ssh_extra_args=-caes256-cbc 2-fill the backup.yml file with : ---
- name : BACKUP ROUTER CONFIGURATIONS
hosts : cisco
connection : network_cli
become_method : enable
gather_facts : no
vars : root_dir : myDir
tasks :
- name : BACKUP THE CONFIG
ios_command : commands : show run
register : config_output
- copy : content : "{{ config_output.stdout[0] }}"
dest : "{{root_dir}}network-backups/cisco/{{ inventory_hostname }}_running.txt"
- hosts : localhost
tasks :
- name : Store date as fact
set_fact : myCommitDate : "{{ ansible_date_time.date }}"
- name : sync git
shell : "cd {{root_dir}}/network-backups && git add . && git commit -m {{myCommitDate}} && git push origin master" Take care to replace myDir with the path where your project is located. 3-We execute the following command to retrieve the configuration and synchronize everything with Gitlab : ansible:~$ ansible-playbook ./maconfig.yml -i hosts -b PLAY [BACKUP ROUTER CONFIGURATIONS] ***********************************
TASK [BACKUP THE CONFIG] **********************************************
ok: [ROU-2691-2]
TASK [copy] ***********************************************************
ok: [ROU-2691-2]
TASK [sync git] *******************************************************
changed: [localhost]
PLAY RECAP ************************************************************
ROU-2691-2 : ok=2 changed=0 unreachable=0 failed=0
localhost : ok=3 changed=1 unreachable=0 failed=0 Now let's go to the Gitlab UI level: On the project page that we created we find our directory (either linux/ or cisco/ ) : Change directory to linux/ , we should find our backup (In this case, the hostname of our machine). To take advantage of Gitlab's versioning capabilities, click on the button history : Same is done to see the differences between two backups of the same network equipment. We choose the folder cisco > name of file then we click on history . Gitlab offers a chronological view for our projects modifications. Indeed, using Git Blame feature, we can get more details about our file versionning to know exactly at what time each change was made. To see this, let’s choose any backup file. Then we click on Blame . We will get a similar view : Daily execution : To ensure that our script will be executed daily, all we need to do is create a cronjob on the Ansible machine : ansible:~$ crontab -e 0 1 * * * /usr/bin/ansible-playbook /myPath/backup.yml

Zenoss eXperience Tour - Dubai
Zen Networks was a Special Guest during the Zenoss Experience Tour in Dubai ( 19 november 2019), we were invited by our partner Zenoss to intervene during ZXT in Dubai. Zenoss is our privileged vendor with whom we offer high-value monitoring services enabling enhanced proactiveness and reduced downtime. During the event, our CEO show-cased how we use Zenoss to efficiently monitor our clients' mobile networks.

Alcatel-Lucent 7750 (for Zabbix)
We've found interest in monitoring Alcatel-Lucent routers, especially for Alcatel-Lucent 7750 devices. It's goal is to facilitate the monitoring of this device based on the auto-discovery of vprn, routes, interfaces. The plugin automatically populates graphs and statisics for these components.

Forti-elk
Fortigate is one of the most popular NGFW (Next Generation Firewalls) This project's main purpose is to create an open-source log monitoring platform dedicated for Fortigate based on this firewall's logs. It is based on ELK, which stands for ElasticSearch, Logstash and Kibana. This should be considered as a free alternative to FortiAnalyzer from a functional point of view. For more details about this plugin : https://github.com/Zen-Networks/forti-elk

FreeNAS (for Zenoss)
As we all know, FreeNAS is powerful enterprise-grade storage with a comprehensive user interface designed to make ZFS filesystem easier to use. We've answered to a community need to develop a dedicated zenpack for this tool. The goal here is to be able monitor FreeNAS/TrueNAS devices with auto-discovery for pools and datasets. We rely on SNMP to extract the needed performance metrics. For more details about this plugin : https://github.com/N-faycal/ZenPacks.iXsystems.TrueNAS

Zabbix Certification Training Session
Zen Networks is organizing two certification sessions for the Zabbix supervision tool at the Technopark in Casablanca during the week of March 4, 2019.
Zabbix is one of the most important supervision tools available today with great versatility and scalability. Thus, it can easily be adapted to networks of all sizes as well as to the different supervised layers (infra, applicative, business...) The sessions will be organized as followed: Zabbix Certified Specialist (3days):Installation and configuration of Zabbix for SMEs and large structures. Zabbix Certified Professional (2days): Management of distributed and highly available installations for large structures. Participants have the choice of taking the first training only or both to achieve the next level of certification. The training courses will be delivered by a renowned Zabbix Certified Trainer . At the end of these trainings, participants will have the opportunity to pass the associated exams in order to be officially certified ZCS or ZCP . For more information, do not hesitate to contact us at:
contact@zen-networks.ma
To register, please fill out the form by clicking here.

Zabbix partnership
Zen Networks is pleased to announce its partnership with Zabbix SIA. As it is one of the major opensource monitoring solutions there is and certainly one of the most complete ones, we see real value in our collaboration. Zabbix is a successful product providing centralized and efficient monitoring for major corporations. For years, Zabbix successfully competed with proprietary solutions while staying true to its opensource principles.
This model was key to building a thriving community that backed up Zabbix development alongside the core company, making it just as good or better than any proprietary solution.
This move comes in the context of Zen Networks strategy for monitoring services. In fact, at Zen Networks, we choose partners that enable high quality solutions for our customers. Our innovative monitoring stack enriched with the expertise of our developers are what empower tailored solutions for our clients to match their unique needs.
To learn more on how you can take advantage of our partnership, contact us as contact@zen-networks.ma

Cloud Over-The-Air (OTA) Server
Customer Presentation Sierra Wireless is an Internet-of-Things market leader indexed on NASDAQ with a revenue of over 600M USD. Its device-to-cloud integrated solutions make their offer unique in the market. Sierra Wireless Smart SIM is now used in a wide variety of connected objects leveraging its global connectivity. Customer Critical Challenge Sierra Wireless needs a solution to remotely manage SIM cards deployed by its customers on connected objects over the world. This solution must respect the Over-The-Air standards defined by the 3GPP. Mobile operators need to remotely provision SIM cards as part of their lifecycle management. In fact, having customers return their SIM cards for newer versions is not a viable option. In addition, this process is often part of connectivity and cost optimization. As part of their mobile to cloud solution, the SIM card remote management enables efficient management of devices that are otherwise impossible to reach. This is especially true in Internet of Things deployments where SIM cards are often place in difficult locations. Sierra Wireless innovative Smart SIM offer includes the embedded UICC card (eUICC) which consists of multiple operators’ profiles in the same card. Managing its own profile among the rest is done remotely using an Over-The-Air solution as per the standard. Solution Over-The-Air (OTA) remote provisioning server development following 3GPP telecommunications standards Tight integration between the OTA and the information system (IS) for more agility Custom OTA campaigns adapted to Sierra Wireless Smart SIM requirements OTA solution must come with an API for an orchestration among the different network and IS elements OTA solution relies on AWS for fast and reliable delivery Benefits Remote SIM card lifecycle management Adaptability to the custom requirements of the Smart SIM Efficient integration with both telecommunication nodes and the information system Enhanced connectivity and better cost-efficiency Business Challenge As a mobile operator, Sierra Wireless needs its own platform to provision remotely its SIM cards. This is especially true since its network is that of a virtual mobile operator (MVNO) which poses specific constraints and relies more on an OTA solution due to its ever-changing mobile partner agreements. Off-the-shelf solutions exist and might answer general requirements found in traditional or virtual mobile operators. But, Smart SIM requirements are very specific and require a better integrated solution. Zen Networks Solution As part of our offering, we have an Over-The-Air platform compliant with relevant 3GPP and GSMA requirements. Our solution can easily be integrated in a mobile core network by leveraging its inbound API and information system hooks. Our OTA server follows a state-of-the art architecture relying on AWS services. Campaign management, retransmission and enhanced reporting are all part of our OTA server. The platform’s technological stack is based on state-of-the-art microservice architecture making it highly scalable and future-proof. Our experts assist our customers in integrating our Over-The-Air server and customizing it per his specific requirements. Results Using our Over-The-Server, Sierra Wireless is able to build efficient SIM card resource management and manage its Smart card lifecycle in an integrated fashion with its information system. Our Over-The-Air API enables integration with the operator’s orchestration platform while providing precise reporting to alleviate the unreliability seen in SMS communications. Being at the core of critical services, OTA deployment has been done using a scalable and highly available architecture. By leveraging AWS highly scalable managed services, we were able to deliver the solution with an efficient time to market. In fact, by correctly leveraging the different AWS services and adapting our software to it, deployment became faster and more reliable.

Automation
Customer Critical Challenge Our client provides innovative automation solutions. For that it needs a state-of-the-art software solution that can be both scalable and extensible. This solution is aimed at very large networks where the need for automation is most present. The automated devices are mostly network elements such as routers, switches, firewalls and mobile network elements. These targeted devices benefit less from known automation solutions such as Ansible since the latter are mostly focused on servers. As any automation software, it must provide massive campaign management and compliance reporting. Security is the other important requirement as automation solutions often have access to a large number of critical network elements. Also, to accommodate smaller networks, the automation solution’s architecture must be adaptable to become a cloud-based one following the Software-as-a-Service model. Solution Highly scalable automation solution Multiple automation modules and their easy creation Micro-service container-based architecture Enhanced and customizable reporting Benefits High throughput and secure solution Enhanced network automation features Future-proof software with efficient maintainability and fault-tolerance Business Challenge Automation is one of the fields shaping the IT world. IT managers nowadays are willing to take a chance at automating at least some parts of their network system to reduce errors and maximize productivity. However, others are arguing about the increased risks of data theft as automation often requires providing privileges and accesses to centralized software. Presenting businesses with the greatest benefit: lower operational expense (OPEX), network automation eliminates tedious tasks requiring manual processing, helps extend the network’s capabilities, and promises a faster ROI. Our client is addressing this automation need by building innovative solutions. Its flagship product called Optima automates network management tasks such mass configuration change, parsing and mass operating system update. In addition, it supports workflow-based automation with rollback conditions. Zen Networks Solution Our DevOps experts build state-of-the-art solutions providing both elasticity and scalability to our customers. By leveraging container and cloud technologies, they’re able to deploy innovative software. Zen Networks offers automation services to its clients by integrating automation software and adapting it to the customer specific environment. This service is often coupled with the monitoring service to enable high efficiency and control for our clients. Results Our client's automation solution is disrupting in the automation market where it answers a niche market where there is a wide room for improvement. In fact, network automation has many facets and mostly partial responses to it. Optima proposes a holistic and vendor-independent approach to network automation challenges. The software modular architecture makes it efficient and evolutive. In addition, the solution can easily be integrated with external orchestration software by leveraging its Application Programming Interface (API). Lastly, having a microservice, cloud-ready solution enables migration to a new service model with a minimal effort. Thus, making the software evolution a breeze.