12/06/2025, 10:41 Course Transcript

CompTIA Network+: Modern Network Environments

Network environments refer to the settings or contexts in which computer networks are deployed
and operate. These environments can vary significantly based on their size, scope, purpose, and
complexity. In this course, explore software-defined networks (SDN) and software-defined wide
area networks (SD-WAN). Next, learn about Virtual eXtensible Local Area Network (VXLAN), zero
trust architecture (ZTA), and secure access service edge (SASE) architecture. Finally, examine
automation and source control aspects of Infrastructure as Code (IaC), compatibility requirements,
and how to mitigate address exhaustion when working with IPv6. This course is one of a collection
that helps prepare learners for the CompTIA Network+ (N10-009) certification exam.

Table of Contents
1. Video: Course Overview (it_csnetp24_07_enus_01)
2. Video: Software-defined Networking (SDN) (it_csnetp24_07_enus_02)
3. Video: Software-defined Wide Area Network (SD-WAN) (it_csnetp24_07_enus_03)
4. Video: Virtual eXtensible Local Area Network (VXLAN) (it_csnetp24_07_enus_04)
5. Video: Zero Trust Architecture (ZTA) (it_csnetp24_07_enus_05)
6. Video: Secure Access Service Edge (SASE) (it_csnetp24_07_enus_06)
7. Video: Infrastructure as Code (IaC) (it_csnetp24_07_enus_07)
8. Video: IPv6 Addressing (it_csnetp24_07_enus_08)
9. Video: Course Summary (it_csnetp24_07_enus_09)

1. Video: Course Overview (it_csnetp24_07_enus_01)

https://cdn2.percipio.com/secure/c/1749750175.edf6fe535f0594c4bc2b4966530a4779ace16de1/eot/transcripts/b5a6d83a-9595-4d91-94f7-ccd3… 1/14
12/06/2025, 10:41 Course Transcript

In this video, we will discover the key concepts covered in this course.

discover the key concepts covered in this course

[Video description begins] Topic title: Course Overview. Presented by: Chris Gash. [Video
description ends]

Hello, my name is Chris Gash. Network environments refer to the settings or contexts in which
computer networks are deployed and operate. These environments can vary significantly
based on their size, scope, purpose, and complexity. In this course, I'll explore software-defined
networks (SDN) and software-defined wide area networks (SD-WAN).

I'll also discover Virtual eXtensible Local Area Network (VXLAN), zero trust architecture (ZTA
), and Secure Access Service Edge (SASE)/Security Service Edge (SSE). Lastly, I'll explore
automation and source control aspects of Infrastructure as code or (IaC), and discover
compatibility requirements and how to mitigate address exhaustion when working with IPv6.
This course is one of a collection that helps prepare learners for the CompTIA Network+ (N10-
009) certification exam.

2. Video: Software-defined Networking (SDN) (it_csnetp24_07_enus_02)

Upon completion of this video, you will be able to outline the key components of software-
defined networking (SDN).

outline the key components of software-defined networking (SDN)

[Video description begins] Topic title: Software-defined Networking (SDN). Presented by:
Chris Gash. [Video description ends]

In this video, we're going to explore some of the features of software-defined networking. Now,
before software-defined networking, we have traditional networking devices which are
hardware-based devices like a switch or a router. Now these devices, they are physical devices
on the network and they are like mini computers.

They have a memory, they have a processor, they have an operating system and they have
software. Now, unlike a traditional PC, all these components are directed at only two jobs. One
is moving data through the network and the other is deciding how the data moves through the
network. So the hardware and the software are tied together.

And if we want to centrally manage these devices, it's very difficult because again, they're
independent devices and they all have their own operating systems and they all vary slightly
between vendors first of all, and devices themselves, different set of commands configure a
switch than it is to configure a router. And managing these centrally has traditionally been
difficult. Also the vendor-specific protocols are run on each of these devices, depending on
where you buy the device from, the command languages are different. So, it's always been
difficult to manage physical devices.

Now, with software-defined networking, what we do is, we separate out the two components
of the physical device itself. Remember, I just said that one of the jobs is to move data through
the network. That's called the data plane. The other is deciding how the data moves through
https://cdn2.percipio.com/secure/c/1749750175.edf6fe535f0594c4bc2b4966530a4779ace16de1/eot/transcripts/b5a6d83a-9595-4d91-94f7-ccd3… 2/14
12/06/2025, 10:41 Course Transcript

the network. And in the case of routers, incoming data is examined against a routing table, then
the best path is chosen, and then finally, it is routed through the network.

But the decision process is called the control plane, so it separates some of the software from
the hardware. There's still some well, routing and actually moving the data can be done with
the chips themselves, but there's a small amount of software there. But we're talking about the
control plane we're separating. And again, so it allows software now to control the network and
take that whole control plane, set of decisions and do it centrally. So, some of the components
of software-defined networking. First is the application.

Somewhere in the network there is a computer, even a virtual machine that contains the
software used to configure the devices. So this is one piece of software that the administrator
can use to configure different types of switches and routers in a network and the differences
between them as well. So we can configure from a central computer which hosts this
application. Now the application sends commands to these controllers and if we want to
configure the network to take a specific path, the controller will translate the commands that
we want as far as a path is concerned into the commands that actually operate these devices.

And then the controller will send those commands down to the physical networking devices
themselves and configure them. The other thing I'd like to mention here as well is that the
physical networking devices also send statistical data back to the controllers, like traffic
patterns and monitoring and the flow of traffic and amount. And those are again collected by
the application at the top so that the administrator can see how busy the network is, if there
are any problems. So, there's a two-way communication through these components.

So, the application itself, it's used by software administrators to configure the environment. So,
it's an interface that someone sits in front of and configures and reads statistics, things like
that. And again, it provides information to those routers or switches in our network
configuration desires or it accepts requests sometimes from these devices to, for instance,
explore a path. Perhaps a device receives a packet headed for a network that it doesn't really
have a path for.

What it will do is through the controller, send a request for a path to this network. So, then the
application can send that back down, configure the device, and it can forward that information
through the network. So the controllers themselves in the middle, they process the information
from the application where the administrator is working and they decide how the package
should be routed and pass that information down to the physical device.

So, they're doing the configuration so that the control language here to those devices are
interpreted by the controllers. So when we're talking about the physical networking device at
the very bottom of this organization here, we're talking about their responsibility is to actually
move the data, or they're responsible for the data plane, the control plane as they call it,
commands to decide which way the data traffic is moving is done at those applications and
converted through the controller. So the physical networking device itself, though, is still
responsible for forwarding data through the network.

We're talking about things like physical switches, routers, those sorts of things, but they're
controlled now not through configuring them directly. They're controlled from the application
that we are using on our central location. And again, they receive their commands from the
controller. So the controller takes decisions we make at the application, translates those into
the proper configuration language for those devices, and sends those commands down to the
devices to configure.

All right, so some key software-defined networking considerations. One of the things that they
talk about a lot in software-defined networking is this thing called application awareness.
When we're filtering traffic and deciding where it's going to go in the network at the network
layer and at the sublayers from the network layer, we were talking about IP addressing and
port numbers. Sometimes that's not enough for us to monitor our traffic or prioritize our traffic
at a level that we want. For instance, if we have an application, two applications, you're using
the same port number, but I want to prioritize one over another.

The software needs to be aware of the application that's making a request at the application
layer. This is something that software-defined networking can do that traditional networking
https://cdn2.percipio.com/secure/c/1749750175.edf6fe535f0594c4bc2b4966530a4779ace16de1/eot/transcripts/b5a6d83a-9595-4d91-94f7-ccd3… 3/14
12/06/2025, 10:41 Course Transcript

cannot. So, software-defined networking is aware of the application and can route traffic based
on the application. Zero-touch provisioning. Again, these devices on the network, they're are
physical devices we don't have to go to, we don't have to do anything with them. We can
configure them at a distance with software. Transport agnosticism. This one here is basically
saying that we're not really dealing with the transport or the network layer as far as our routing
awareness is concerned.

We'll do it in an application layer, which gives us a lot more control, a lot of finer control about
how that traffic moves through the network. And again, because it's centralized, our policy
management is centralized, which avoids things like errors. When we're repeating the same
configuration over and over again manually, errors creep into the system. And there are other
advantages that we'll discuss in other videos as they come up.

3. Video: Software-defined Wide Area Network (SD-WAN)

(it_csnetp24_07_enus_03)

After completing this video, you will be able to identify how software-defined wide area network
(SD-WAN) allow companies to scale cloud-based applications.

identify how software-defined wide area network (SD-WAN) allow companies to scale cloud-based
applications

[Video description begins] Topic title: Software-defined Wide Area Network (SD-WAN).
Presented by: Chris Gash. [Video description ends]

In this video, we're going to take a look at software-defined wide area networking, or (SD-
WAN). First, let's talk about traditional networking using cloud applications. In a traditional
network, we are trying mostly with remote users to have them access their work accounts at
the head office. Today, many of our services are offered in the cloud and the clients at home are
accessing things like Infrastructure as a Service, Software as a Service, and they have multiple
cloud connections going on while they're also connected to the head office. Now, traditionally
the traffic was controlled and secured by having the client at home connect directly to the head
office and then the head office would connect to these cloud services on the client's behalf. So
all the traffic going to the client at home passed through the security measures in place at the
head office. But that meant that the data from those cloud services had to travel all the way to
the head office and then to the person working remotely. And that pulling of traffic from the
cloud to the head office is called the backhaul, and it's really a duplication of traffic.

I mean that traffic could actually be sent from those cloud services directly to the people
working at home using their own connections to the Internet. And sometimes, it would cause
congestion at the head office, poor performance in those applications. But we still need it to
mitigate and control what the users accessed, when they accessed it and from where. What
we're looking at as far as the WAN area traffic is concerned is that it's very complex. Even
someone at home who was actually connected to the head office and maybe connected to
some cloud services, it was difficult for the people in the security department to really
guarantee that their data was coming through that connection and perhaps not through a
connection that they had made themselves to a cloud. Very difficult to control when the traffic
was complex.

https://cdn2.percipio.com/secure/c/1749750175.edf6fe535f0594c4bc2b4966530a4779ace16de1/eot/transcripts/b5a6d83a-9595-4d91-94f7-ccd3… 4/14
12/06/2025, 10:41 Course Transcript

So the way that those networks were being used was very unpredictable. Where is the traffic
at any one time, where's my data at any one time? So that had a real impact on security as well.
So trying to secure those connections meant well, if they were done correctly, multiple
connections to the head office causing more traffic than really what we needed and even
sometimes maybe not getting their data from that connection at all. So, security concerns in a
sense of availability and even privacy as well. In a software-defined wide area network, we're
talking about now hosting our security and our connection rules, our routing rules, and
everything else in the cloud itself. So that we can apply our policies to users who connect
directly to those cloud services instead of having to haul everything back through the head
office. In fact, someone working at home has connection, say to the head office for data or
applications that are available there, but also have connections to those cloud services directly.

But now they're being controlled by our software-defined wide area network. And it's used to
manage WAN connectivity from not only just say laptops at home, but tablets, phones,
whatever type of connection that they're making because the controls are being applied at the
cloud service itself. So, no matter how the user connects to it, we can control it from there. And
again, it creates a single dashboard, a web-based interface that we can control all of our
connections and all of our devices through. So, some of the aspects of SD-WAN, we can control
the routing from there, which way the traffic moves from users to say those Internet
connections or to the Head office.

The simplified management in the sense that everything is in one interface. It can control not
only what's going on in the Software as a Service or in the cloud, but it can also be used to route
traffic within our organization. Again, we can apply threat protection at the cloud level now
instead of having to source everything back through the Head office. And that reduces costly
hardware in the sense that now some of the traffic is offloaded from the main office. I don't
have to have the same high speed connections, the same hardware, and all the same security
devices that it would have if I were trying to route cloud through back to the Head office.

I apply those things now at the cloud services themselves. So, operations and management
with SD-WAN. It's simplified in the sense that we do it from one interface and then we can
apply our policies and rules all in one same similar method. We can automate it. We can create
a set of new rules and apply them across multiple clouds. Scalability, again this comes with
having anything in a cloud. Remember that they have the hardware and available all the time
that we can scale up if we want to or scale down. We also have the application performance for
the users themselves.

The application again is running in a cloud service. It doesn't have to send that traffic back
through a Head office. It can connect directly with the users. And so their experience with that
software is much improved because they're not having to go to two places basically to the
Head office and then to the cloud. They're getting their data directly from that service. So,
some key advantages of software-defined WAN, more efficient management. Again, if we can
use a single interface, if we can create our policies and apply them across multiple clouds at the
same time, we can greatly reduce one the training because these products that we're using at
our Head office are wide-ranging and of different vendors. But if we can use a same or similar
interface in the cloud for all of our services, of course, that creates more efficient management.
And again, it's a better overall experience for not only the clients at home, but the
administration themselves trying to manage these networks and we get improved cloud
connectivity because we're not moving the data twice. Users who are connecting to the cloud,
services are connecting to them directly, but with the controls that the operation has applied at
the cloud level. And again, greater security in the sense that no matter which way now the user
connects to that cloud service. Our policies have been applied at the service itself.

So there's no way to make a different type of connection to the cloud and override the security
because it does not depend on the connection anymore. It's now existing at the cloud service
itself. So those are some of the attributes of an SD-WAN.

4. Video: Virtual eXtensible Local Area Network (VXLAN) (it_csnetp24_07_enus_04)

https://cdn2.percipio.com/secure/c/1749750175.edf6fe535f0594c4bc2b4966530a4779ace16de1/eot/transcripts/b5a6d83a-9595-4d91-94f7-ccd3… 5/14
12/06/2025, 10:41 Course Transcript

Through this video, you will be able to recognize the key concepts of Virtual eXtensible Local
Area Network (VXLAN).

recognize the key concepts of Virtual eXtensible Local Area Network (VXLAN)

[Video description begins] Topic title: Virtual eXtensible Local Area Network (VXLAN).
Presented by: Chris Gash. [Video description ends]

In this video, we're going to take a look at the Virtual eXtensible Local Area Network (VXLAN).
When we're talking about local area networks in a traditional computing sense, we're talking
about machines connecting to each other at the physical layer over the same physical link using
MAC addresses in the case of Ethernet. In that same sense, we can at the switch level, create
what's called a VLAN where we can isolate certain ports and create a Local Area Network
using 3 or 4 ports on the same switch or a port from a second switch and those three. And
those computers would operate as if they were on the same physical piece of wire.

We can also take another set of ports and put it in a separate VLAN and those computers can
communicate with each other. In order for the communication to happen between those two
sets of computers, they would have to move the layer 3, use IPs, and be routed. Now the idea
about having things connected in their own LAN is that they don't have to be routed. The
connection is very fast and we're connecting at a layer 2 type of conversation. So, VLANs have
been around a long time and the way that VLANs are distinguished in the Ethernet world is
part of the frame.

The Ethernet frame itself has been reserved for VLAN addresses, and the maximum amount of
VLAN addresses allowed in Ethernet is 4096 or about 4000 networks. Now, well that sounds
like a lot of networks, when we talk about virtual servers using multiple virtual hosted servers,
they may need more than one MAC associated with them. So when you plug that physical
machine into a network switch, there's more than one LAN associated or VLAN associated with
that one physical device. And in that case, the switch has to learn multiple MAC addresses. So,
the MAC address table gets a little larger when we take that in and we expand that out, say to
an Internet service provider who is managing many companies and they're connecting over
multiple VLANs. We can quickly run out of VLANs if we have a lot of customers. For instance, if
we have 500 customers, we end up with around 80 VLANs available for each of those
customers. So this becomes a problem, especially in the world of virtualization where we might
need a lot of VLANs. So this newer protocol was developed here called VXLAN, which takes the
layer 2 addresses and tunnels them inside of layer 3 traffic. And remember, layer 3 traffic is
routable.

I can send it through routers, through the Internet. And the idea here is that two computers,
one on either side of a connection, will think that they are around the same VLAN because I
take the physical layer information and I encapsulate it or preserve it. Now in a normally routed
network, the layer 2 information is discarded at every router hop. But in this case, we're going
to preserve a VXLAN number inside of our layer 3 traffic and deliver it on the other side. So
those two computers would think when they look at the physical addresses that they're on the
same LAN. So, some types of network traffic work better and are necessary at certain network
traffic requirement levels. So, we can actually use this protocol instead of our standard VLAN
protocol. So by doing this, first of all, let's just say that was created by the Engineering Task
Force, so it's an Internet standard, and it's available because it's an Internet standard.

https://cdn2.percipio.com/secure/c/1749750175.edf6fe535f0594c4bc2b4966530a4779ace16de1/eot/transcripts/b5a6d83a-9595-4d91-94f7-ccd3… 6/14
12/06/2025, 10:41 Course Transcript

It's available on multiple newer devices. Now they understand this protocol built into the
network stack, so they share a single physical network among different organizations. Again,
because we can route these things, we can connect two devices across the company through
several routers or around the world with several routers, and they still think that around the
same physical network which is a pretty cool aspect when you think about it. The tenant cannot
see the network traffic of other tenants because we're actually tunneling this inside of private
connection from point-to-point.

No one ever sees what's going on inside those packets, right? So what we get here is a logical
tunnel between the source and destination. The MAC is inside a UDP packet, which is then
addressed with an IP address which is routed through the external network. Then the
encapsulation with UDP packets, as I said, get IP and Ethernet headers because it still has to
travel through the physical network. Now again, don't confuse this with the virtual LAN. We
place these machines on all that's inside the frame. But when we're routing data through a
network, remember that it from hop to hop, it does have to get the Ethernet information or the
physical layer information as it's moving through the network. And then the packets are routed
like regular IP packets, which means they can go anywhere an IP can go, basically anywhere
around the world.

So we can now because the addressing space in this new protocol is wider, instead of 4096
VLANs, we can have theoretically up to 16 million VLANs or VXLANs in this case. And we can
create network segments between data centers. So, two servers in two different locations can
look like they're on the same physical network. Again, so we can have servers all over the world
still participate in the same VXLAN. And again, remember the idea about VLANs is anyone
inside that VLAN cannot see the traffic between those servers unless it's purposely routed into
that VLAN. So again, they're secure, they're private, they're connected to each other and have
a LAN level connection between those two servers. So some of the benefits, they can run on
any UDP-capable network, which is basically any IP network, as long as it can handle IP traffic,
it can handle this traffic as well.

And again, the physical layout and the geography are unimportant. No matter what kind of LAN
they're connected through or on, they look like they're on the same LAN segment. The virtual
network creation forms physical network ports. So again, they are connected at that physical
layer and they seem that they are connected directly to each other through the VXLAN.

5. Video: Zero Trust Architecture (ZTA) (it_csnetp24_07_enus_05)

In this video, we will outline characteristics of the zero trust architecture (ZTA) and policy-based
authentication, authorization, and least privilege access.

outline characteristics of the zero trust architecture (ZTA) and policy-based authentication,
authorization, and least privilege access

[Video description begins] Topic title: Zero Trust Architecture (ZTA). Presented by: Chris Gash.
[Video description ends]

In this video, we're going to take a look at zero trust architecture. In a zero trust architecture
environment, all aspects of the network are verified before access is granted to any resource or
data. In the traditional network, we used to work in a office, in a cubicle with equipment that

https://cdn2.percipio.com/secure/c/1749750175.edf6fe535f0594c4bc2b4966530a4779ace16de1/eot/transcripts/b5a6d83a-9595-4d91-94f7-ccd3… 7/14
12/06/2025, 10:41 Course Transcript

was owned by the corporation, that was managed by the corporation, and security was really
focused on the perimeter network that is our connection to the rest of the world. But because
of the way people work these days, meaning working from home or bring your own device or
those types of things, our security has to look at more than just that perimeter.

And in fact, we need to place those protections as close as we can to the protected assets.
Meaning if there's a database server there that needs to be protected, we need to protect it at
that location. Then, no matter which direction people are coming from, they are checked and
verified before they get access to that asset. One of the portions of this is Identity and Access
Management, where we're trying to record the identity of a server or a person,

it should come from what they call a single source of truth. And what that means is that there's
one database that's protected and managed that contains all the information we need to verify
someone or something's identity. Usually, when we provide proof of identity we use multi-
factor authentication. So the days of just having a password is gone. We use not only a
password but maybe a one-time code that's sent. So we need more than one factor to identify.
Logging and auditing are also part of Identity and Access Management, and they're there as a
measure of maintaining our security stance.

And that if something happens or occurs with our security, we can look back at the logs and the
audit logs to see what has happened and further take actions to secure our network. Identity
governance is again part of the solution and is a framework for not only verifying individuals
and equipment, but storing that information securely and using it across the entire network. So
the difference between managed and unmanaged devices. Again, a managed device is
something that the company has control of. They usually have installed their own security
software and applied their own security policies.

When we're using a combination of both managed and unmanaged devices, we first need to
understand which devices are owned by the company and management company. So we have
to take an inventory of those devices. Once we know which ones are which, we need to create
access scenario based on whether that device is managed or unmanaged because an
unmanaged device we can't guarantee its security stance. So do we allow access from
unmanaged devices, and if we do. Do we allow the same level of access that our managed
devices have? Usually it's less for unmanaged devices because we really can't be sure of the
configuration.

So, it all comes down to endpoint security. Those endpoints will have different security stances
depending on whether they're managed or unmanaged. Some of our access scenarios, we can
choose to control access by destination or the resource itself. For instance, if it's a sensitive
resource, it has more secure protocols added to it or security policies. And if it's less critical,
and we can also do it by source, like who is the user, first of all, and do they have access to this
information. And the device itself, is it managed, is it unmanaged? And where is it in the
network?

So, all of these that would be considered when we're talking about a complete security picture.
When we talk about the secure trust access platform, there's a criteria that we need to look at,
and when we're choosing a platform, for instance, is it going to be cloud-based or a local?
Obviously in a cloud, it's usually a common interface. It's very scalable and it's the same across
all of our different devices. We're using something as local, sometimes it's proprietary-based
on the equipment. So it depends on what we have full control at, we own that piece of software.

So it depends on what the company's requirements are. So once we decide on a platform, how
is it going to integrate with all the technologies that we have? So we have to look at that before
we actually decide on a platform. And we're looking for something that can access all of our
inventory and all of our assets through a common interface if we can find it. And again, this
actually comes down then to user action governance as well. How detailed do we want to be
when we're watching user actions? Are we creating logs on everything that they touch? Are we
keeping track of when they log in all that information? So different platforms will track
different levels of information. So all of these come into play when we're deciding on what to
actually use.

So once we have that, we're going to start migrating our network-level access policy. So
traditionally in the network, there are different policies of different servers and different
https://cdn2.percipio.com/secure/c/1749750175.edf6fe535f0594c4bc2b4966530a4779ace16de1/eot/transcripts/b5a6d83a-9595-4d91-94f7-ccd3… 8/14
12/06/2025, 10:41 Course Transcript

devices. But if we're going to use our zero-level policies, we're going to actually migrate these
and we're going to migrate then they're going to block the network-level access. So once we
have a policy now transferred into our new platform, we stop using our network-level access
policies, then it's only available via our zero trust platform. So now when individuals are
accessing those devices, they're actually going through zero access platform software. And
applications, servers, and workloads are now protected from network-level attacks.

We disable all of that network-level access, those other databases and we just do it through
our zero trust access platform. So that prevents them from getting on our network through
these network-level access policies. In policy-based authentication, first thing we have to do is
to find acceptable access policies and we have to enforce them consistently. So these policies
will vary depending on where the user is, where their equipment is, whether it's trusted or
untrusted? And those policies can be enforced dynamically as the user moves through a
network or as the user changes their devices or security stance, the policy also changes so that
we're secure no matter which direction they're coming from. So policy-based access control is
based on roles. This is the role of the individual. What is it that they're doing? What is it, are
they a manager? Are they an accountant? Are they someone who's supposed to edit this data or
just look at it?

The device types again, are they doing this through a phone or doing this through a laptop? And
do we consider those devices different as far as their security stance. Location, are they inside
our network? Are they home? Are they in different places? That will also play a role in deciding
the level of access and again, the sensitivity of the resource itself. How tightly secure must it
be? Some devices may not be able to access it unless they're inside the organization. But when
we're building a policy, we look at all of these combination and a good policy access control
software will consider all of these in our final yes or no we have access to that data.

6. Video: Secure Access Service Edge (SASE) (it_csnetp24_07_enus_06)

Upon completion of this video, you will be able to identify the components and advantages of the
secure access service edge (SASE) cloud-native architecture.

identify the components and advantages of the secure access service edge (SASE) cloud-native
architecture

[Video description begins] Topic title: Secure Access Service Edge (SASE). Presented by: Chris
Gash. [Video description ends]

In this video, we're going to take a look at Secure Access Service Edge or SASE. It's a cloud-
native architecture that combines the SD-WAN with security functions. Now, these security
functions are employed as service functions. Each one of these run as a separate service and
the types of services are cloud-delivered and they operate on the network edge. And let's just
say something here about the network edge. In a network edge, in a cloud hybrid environment,
you have the edge of the corporate network, but every entry point into your cloud services
remember in the WAN service means that users are connecting from many different locations
and pulling their data directly from the cloud now instead of pulling it back through the
company. So this service allows you to secure all of those edge points with one common
solution. So why SASE is needed?

https://cdn2.percipio.com/secure/c/1749750175.edf6fe535f0594c4bc2b4966530a4779ace16de1/eot/transcripts/b5a6d83a-9595-4d91-94f7-ccd3… 9/14
12/06/2025, 10:41 Course Transcript

Again, today's environments are very complex. They're not just a corporate environment with a
network edge. We have our cloud Software as a Service, Infrastructure as a Service, and all
these have entry points as well. We need SASE because we've divided the network. Now
instead of having a central point where we always go back to the main office for our services,
we're actually connected to the cloud from clients outside the corporate network. So the need
for speed and efficiency is granted by being able to create those separate connections without
having to go through a central point. And we also have multicloud environments. So employing
this not only allows us to secure those entry points, but also connections to other clouds. And it
follows that SD-WAN architecture. So the components of SASE, it's a software-defined wide
area network that it operates on top of.

It has functions such as the secure web gateway, which is responsible say for encrypting
connections to the cloud, also has Firewall as a Service, remember allowing or disallowing
traffic again across all those network connection points. As well it has something called a cloud
access security broker. So when the client is accessing the cloud, this software watches that
connection and checks it for malware and all those sorts of things. And it also employs the zero
trust network access.

And remember, not only is the user checked for credentials, then the servers and the cloud
points are actually checked as well with things like certificates to make sure what you're
connecting to is actually that service. So some advantages of SASE, you get more control in the
sense that this is a single interface that controls all connections. Remember, one of the
difficulties was if we can't control the user's access through a central control point like we
historically did, we had ways that those individuals could connect to our cloud services and
bypass our security functions that we implemented at the corporate edge. Well, with the new
model that we have, we can actually incorporate these controls at every point of access
throughout the cloud environment. So it gives us more control. Additionally, we get data
protection. Again, the transfer of data back and forth to the clients is in an encrypted format
and using that single control center, we can watch data movement through the common
interface. It increases network performance because we don't have what's called the backhaul.
Remember, the backhaul is data traffic that moves from a cloud to our corporate demarcation
point, then to our clients, and that was the traditional model.

Now we can use direct connections to the cloud from the clients because we applied those
controls at the cloud demarcation points as well. It's less complex because the equipment that
we normally employ at the corporate edge really came from many manufacturers, had different
setups, had different training. We're talking about a common interface here now that not only
controls the access to the cloud environment, but also our corporate edge. And that means
simplified management, less skills to learn and different types of equipment and a common
interface. So with this, we get better monitoring and reporting because we know we got it all in
one place it's one tool. We're looking at all the data movement through one interface. Visibility
across clouds we see all the traffic wherever it's moving because we're implementing our
controls at our cloud edges and at our corporate edge all in one interface.

There's no data traffic sort of sneaking behind connections that users are making to the cloud
because they're making it through these policies and procedures that we set up here in SASE at
every demarcation point that we have as a company, whether it be a Platform as a Service or
Software as a Service or a corporate edge. And the reduced need for integration is the sense
that we have this interface and we have this operations through the cloud. It's all a common
interface, we don't have software that we need to make work with different types of firewalls
or hardware or any of that kind of stuff because we've moved it now into a software.

So all this platform, these connection points are all software-based and have a common data
flow, common interface and that results in a better user experience because at the end of the
day, their experience in our corporate connection and our cloud connection is better because it
has more bandwidth available to it. We're not trying to pipe everybody through a common
connection which can slow us down. And the response times are much better for the clients as
well. So, those are some of the advantages of SASE.

7. Video: Infrastructure as Code (IaC) (it_csnetp24_07_enus_07)

https://cdn2.percipio.com/secure/c/1749750175.edf6fe535f0594c4bc2b4966530a4779ace16de1/eot/transcripts/b5a6d83a-9595-4d91-94f7-ccd… 10/14
12/06/2025, 10:41 Course Transcript

Through this video, you will be able to describe how Infrastructure as Code (IaC) is used for
infrastructure automation to create environments.

describe how Infrastructure as Code (IaC) is used for infrastructure automation to create
environments

[Video description begins] Topic title: Infrastructure as Code (IaC). Presented by: Chris Gash.
[Video description ends]

In this video, we're going to talk about Infrastructure as Code. Now remember, when we speak
of infrastructure, we're talking about virtual machines in the cloud, and our networking is
running as software, our machines are running in software. So, when we're creating new
machines, instead of doing it manually, we'll actually use code instead of the physical and
manual processes. So, typical components. When we create virtual machines, we're talking
about the operating systems and the processing. The storage, how large it is? Is it elastic? And
the databases and programming itself, because some of these could be Software as a Service
machines, but creating these can be time-consuming. So we use programs to do it instead. So
why is it necessary? Again, time-consuming management. Now we're talking about setting up
machines here, not one or two. But remember as a cloud provider could be hundreds or
thousands and even in the tens of thousands.

So, creating each of those manually would take a lot of time, whereas using a program code, as
it were, to create the machines would be much faster. The other thing is that once we set a
machine up and we use code to do that, setting up the second or third or thousandth machine is
exactly the same because the code doesn't change.

So, it eliminates errors when configuring new environments. And when we're managing
applications at scale, and I'll address that word again, scale, we're talking about maybe jumping
from 10 machines to 1000 machines in a day. Code can really help us set those machines up
quickly. And again, it avoids the cumbersome manual setup and management. Again, once the
machines are set up, we may need to make a change to the infrastructure. Instead of doing that
to each machine one at a time, we can create code that will whip through machines and make
those changes on the fly, which could take a lot less time. So again, some of the advantages of
IaC, faster deployment as we discussed, fewer errors.

Again, code isn't going to change from one machine to the next if it's correct in the first one, it's
correct in the second one. The more consistency again, where you could be creating virtual
machines or deploying Software as a Service and it could work. But maybe the configuration
from one machine to the other is slightly different, as in storage space for instance, and that
may make a difference in application performance. Using code, they're going to be consistent.
So, reduced configuration drift is another example of consistency.

Many times when you're creating machines, the configuration from one to the other may
change over time, especially if you're making changes after the fact. If we decide a change is
necessary and we want say, a network card to have a certain bandwidth and we want to make
that change across all of the machines, using a program to do it will make that change
consistent, so none of our machines are drifting out of that configuration that we desire. And
again, if we can do this quickly with less people doing it with less time, it's going to lower costs,
of course. So again, key considerations for IaC is the automated environment setup. We are
deploying Software as a Service, usually we're deploying machines for people to test the
applications. These people want these machines set up quickly and then later on torn down.

https://cdn2.percipio.com/secure/c/1749750175.edf6fe535f0594c4bc2b4966530a4779ace16de1/eot/transcripts/b5a6d83a-9595-4d91-94f7-ccd… 11/14
12/06/2025, 10:41 Course Transcript

When it goes into production, they may need another set of machines quickly available as well.
So, that automated setup environment really helps in software development, deployment, and
testing.

8. Video: IPv6 Addressing (it_csnetp24_07_enus_08)

After completing this video, you will be able to outline the key concepts of IPv6 addressing.

outline the key concepts of IPv6 addressing

[Video description begins] Topic title: IPv6 Addressing. Presented by: Chris Gash. [Video
description ends]

In this video, we're going to talk a little bit about IPv6. IPv6 is the newest form of IP addressing
available on the Internet and throughout corporations. Its previous version was IPv4. Now
IPv6 uses a 128-bit addresses, whereas IPv4 used 32-bit addresses.

Now what this means is that there are a lot more addresses available to the Internet and
Internetworking community in IPv6 than there were in IPv4. In fact, in IPv4, the world was
running out of addresses. And to resolve part of that problem, most corporations used what
they call IPv4 private addresses, which are translated for network traffic on the Internet only
when you're traveling over some of the major trunks.

So, that was really a way stop gap measure to try to resolve the address derivation problem we
were having with IP. So, IPv6 has enough addresses currently to service the entire globe. And
they use a different kind of a format. IPv4 was based on binary octets which were 8-bits, and
then it were represented by decimal numbers.

In IPv6, we're talking about colon-separated hexadecimal notation, and hexadecimal runs not
from 0 to 9, but from 0 to F, with the letters representing numbers like 10, 11, 12, 13, 14, 15.
And it's newer than IPv4. And it's still under continued adoption. There are still many many
places that are using IPv4 because it's well understood. The NAT server I mentioned before is
ended up being used as a security appliance when that wasn't its original intention.

And remember what we said about MAT NAT before with typical NAT servers in-ward or
inbound connections are not allowed across a NAT server simply by design. So people are using
it as a security device in some cases, but it is starting to be adopted across the Internet and in
major corporations. And again, it sits at the network layer of the OSI. This is where the
addressing comes in. Remember from our OSI conversation.

And as far as our IPv6 addressing, say it's eight hextets separated by colons, hextets meaning
hexadecimals being used and it uses values from 0 to F, so it's 0 to 15, which is 16 different
numbers and F representing 15. So you'll see addresses like this fe80::69 and you see the colon
separating each one. Now in IPv4 to indicate the subnet mask, which indicates which portion of
the address is network and which is node, they use the decimal numbers again like 2552550.0.
In this example now they use a slash notation, and the 24 means there's 24 bits in the subnet
mask rather than typing it out manually.

So again, subnet masks define which part is network and which part is host. Remember that
when routers are making decisions about network traffic, if the workstation isn't directly
https://cdn2.percipio.com/secure/c/1749750175.edf6fe535f0594c4bc2b4966530a4779ace16de1/eot/transcripts/b5a6d83a-9595-4d91-94f7-ccd… 12/14
12/06/2025, 10:41 Course Transcript

connected to the router, the router will only look at the network portion of the address to
determine the route it should take through the network.

So again, IPv6 uses something called CIDR notation, which is that slash at the end and a default
subnet mask on those, by the way, are /32. So when we're configuring IPv6 on a Windows
machine, in this case Windows Server, you can see the way it's typed in. The IPv6 address is
typed into the first box and then the subnet mask. And instead of typing in 255255, we type in
the length of the mask, which is 64. You'll also notice there's a default gateway mentioned here
the same way there is an IPv4, so it functions very much in a similar fashion.

Now you'll notice that that address is a lot shorter than the IPv6 address in the first box, so in
the third box here the default gateway looks shorter. And you'll also notice that there are two
colons that appear together. If the interceding numbers between this example 068 and the last
1111 are all zeros, you can shorten the notation by just putting in two colons so it will assume
that the rest of the address there is zeros.

DNS servers typed in the same way, but they're obviously the IPv6 address looks different. So
looking at that from the Command Prompt in Windows, if you run IP config that all you'll see
here that the IPv6 information is in here even on an IPv4 workstation because this address
called a link, local IPv6 address is an automatically configured address that every workstation
that's running on IPv6 stack will receive.

So it's self-configured. Now the fe80 indicates that this address is only valid on the local link,
which is basically the local area network or LAN. Now in this case here this number has been
self assigned to the machine and it allows the computer to talk to other computers on the local
link. Sometimes the address can be used for the workstation to go and obtain an IP address
from a DHCP server which may be sitting on the router.

And remember the router interface sits on the same network as the machines on that segment
of the network. So using Link-local Addresses, IPv6 can get things like a network configuration
without having to broadcast, and broadcast is sending a packet to every machine on the
network hoping that one of them hears it and maybe I get an IP.

In this case we can do a direct connection to the router on that subnet and get ourselves a IP
address using the link-local so it makes least local traffic a little less noisy.

9. Video: Course Summary (it_csnetp24_07_enus_09)

https://cdn2.percipio.com/secure/c/1749750175.edf6fe535f0594c4bc2b4966530a4779ace16de1/eot/transcripts/b5a6d83a-9595-4d91-94f7-ccd… 13/14
12/06/2025, 10:41 Course Transcript

In this video, we will summarize the key concepts covered in this course.

summarize the key concepts covered in this course

[Video description begins] Topic title: Course Summary. Presented by: Chris Gash. [Video
description ends]

So in this course, we've examined use cases for modern network environments. We did this by
exploring SDN, SD-WAN, VXLAN, and ZTA. SASE, IaC, and IPv6 addressing.

In our next course, we'll move on to explore characteristics of routing and switching
technologies.

© 2024 Skillsoft Ireland Limited - All rights reserved.

https://cdn2.percipio.com/secure/c/1749750175.edf6fe535f0594c4bc2b4966530a4779ace16de1/eot/transcripts/b5a6d83a-9595-4d91-94f7-ccd… 14/14