Update OTP Code labels and related images, Fix few typos, Add the Optional Tasks Section

Author: Emmanuel Girard

docs/class3/module2/lab01.rst

@@ -1,6 +1,17 @@
 Lab 1: Deploy PUA with Client Certificate Authentication
 ===============================================================
 
+Overview
+---------------------------------------------------------------
+
+In this lab, we will focus on configuring and testing MFA (Multifactor Authentication) with F5 APM (Access Policy Manager). 
+
+We will be leveraging a client certificate for authentication to the webtop (HTML webpage) and creating ephemeral authentication (one-time password) to the endpoint (router, switch, management UI). 
+
+Users will begin the lab by starting the PUA containers and it’s dependencies. We will then access the PUA UI and deploy PUA Smartcard. 
+
+The lab will commence with testing and validating user access. 
+
 Solution Design
 ---------------------------------------------------------------
 
@@ -78,7 +89,7 @@ Task 1 - Start PUA
 
    |image_udf_dep_pua_access|
 
-#. In the new browser Tab, execute the flowing shell commands to launch the PUA containers and it dependencies :
+#. In the new browser Tab, execute the following shell commands to launch the PUA containers and it dependencies :
 
    .. code-block:: console
 
@@ -265,7 +276,7 @@ Task 3 - Review Deployment details and Deploy
 Task 4 - Track Deployment progress 
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-If you go back to the **PUA Deploy Agent WebSSH** tab in your local browser, you should see the logs generated by the the deployment of the PUA (SmartCard) Playbook.
+If you go back to the **PUA Deploy Agent WebSSH** tab in your local browser, you should see the logs generated by the deployment of the PUA (SmartCard) Playbook.
 
 #. Confirm that the deployment is successful by looking for **Playbook deployed successfully** log.
 
@@ -305,11 +316,11 @@ Task 2 - Validate user1 Access
 
 #. In the **Applications and Links** section of the Webtop
 
-   * Click on **bigip1** and observe the the username at the bottom left corner
+   * Click on **bigip1** and observe the username at the bottom left corner
 
      |image_chrome_incognito_pua_webtop_user1_bigip1|
 
-   * Click on **bigip5** and observe the the username at the bottom left corner
+   * Click on **bigip5** and observe the username at the bottom left corner
 
      |image_chrome_incognito_pua_webtop_user1_bigip5|
 
@@ -349,11 +360,11 @@ Task 4 - Validate user2 Access
 
 #. In the **Applications and Links** section of the Webtop
 
-   * Click on **bigip1** and observe the the username at the bottom left corner
+   * Click on **bigip1** and observe the username at the bottom left corner
 
      |image_chrome_incognito_pua_webtop_user2_bigip1|
 
-   * Click on **bigip5** and observe the the username at the bottom left corner
+   * Click on **bigip5** and observe the username at the bottom left corner
 
      |image_chrome_incognito_pua_webtop_user2_bigip5|
 
@@ -387,6 +398,77 @@ Task 5 - Acces PUA Webtop using an invalid certificate
 
    |image_chrome_incognito_pua_webtop_denied|
 
+.. warning:: Close the Incognito window before going to the next task
+
+
+
+
+
+
+Optional Tasks
+---------------------------------------------------------------
+
+Task 1 - Access PUA Webtop as user1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+#. Right click on the **PUA Webtop** Bookmark and click on **Open in Incognito window**
+
+   |image_chrome_incognito_pua_webtop|
+
+#. Select certificate associated with **User1** in the  **Select a certificate** dialog box and Click **Ok**.
+
+   |image_chrome_incognito_pua_webtop_user1_cert|
+
+#. Click **Click here to continue**
+
+   |image_chrome_incognito_pua_webtop_banner|
+
+#. Webtop should now be available
+
+   |image_chrome_incognito_pua_webtop_links|
+
+Task 2 - Validate user1 Access to BIG-IP 5 TMUI
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+#. In the **Applications and Links** section of the Webtop
+
+   * Click on **bigip5-tmui** and observe at the top of the newly open browser tab that your are connected to the **bigip5.f5lab.local** as **user1** with the **Administrator** role.
+
+     |image_chrome_incognito_pua_webtop_user1_bigip5_tmui|
+
+
+Task 3 - Validate user1 Access to a Linux Host
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+#. In the **Applications and Links** section of the Webtop
+
+   * Click on **linux-host** and observe the username at the bottom left corner
+
+   |image_chrome_incognito_pua_webtop_user1_linuxhost|
+
+
+
+
+#. In the **linux-host** tab, elevate access to root by typing the following command:
+
+   .. code-block:: console
+
+     sudo -i
+
+   |image_chrome_incognito_pua_webtop_user1_linuxhost_sudo|
+
+#. Click on **Menu** at the bottom left of the screen and select **Credentials** when prompted with **[sudo] password for user1:**
+
+   |image_chrome_incognito_pua_webtop_user1_linuxhost_menu_credentials|
+
+#. This will automatically type the ephemeral password for **user1** and the linux prompt should now display **root**
+
+   |image_chrome_incognito_pua_webtop_user1_linuxhost_sudo_success|
+
+.. warning:: You successfully completed this lab Close the Incognito window before going to the next lab.
+
+
+
 |image_end_of_lab|
 
 .. |image_pua_sol_design| image:: media/lab01/pua_smartcard_solution.png
@@ -450,4 +532,21 @@ Task 5 - Acces PUA Webtop using an invalid certificate
   :width: 480
 
 
+
+.. |image_chrome_incognito_pua_webtop_user1_bigip5_tmui| image:: media/lab01/chrome_incognito_pua_webtop_user1_bigip5_tmui.png
+  :width: 480
+.. |image_chrome_incognito_pua_webtop_user1_linuxhost| image:: media/lab01/chrome_incognito_pua_webtop_user1_linuxhost.png
+  :width: 480
+.. |image_chrome_incognito_pua_webtop_user1_linuxhost_sudo| image:: media/lab01/chrome_incognito_pua_webtop_user1_linuxhost_sudo.png
+  :width: 480
+
+
+
+.. |image_chrome_incognito_pua_webtop_user1_linuxhost_menu_credentials| image:: media/lab01/chrome_incognito_pua_webtop_user1_linuxhost_menu_credentials.png
+  :width: 480
+.. |image_chrome_incognito_pua_webtop_user1_linuxhost_sudo_success| image:: media/lab01/chrome_incognito_pua_webtop_user1_linuxhost_sudo_success.png
+  :width: 480
+
+
+
 .. |image_end_of_lab| image:: media/lab01/end_of_lab.png

docs/class3/module2/lab02.rst

@@ -1,6 +1,20 @@
 Lab 2: Deploy PUA Alternate Webtop
 =====================================================
 
+Overview
+---------------------------------------------------------------
+
+In this lab, we will focus on configuring and testing an ALT webtop with F5 APM (Access Policy Manager).  
+
+The ALT webtop creates a single tile (webtop link), that launches a portal containing more endpoints specified from a .csv configuration file.   
+This will allow us to configure multiple endpoints faster and more efficiently.  
+
+We will also leverage the Smartcard Client Authentication (created in Lab 1) for authentication to the webtop.  
+
+We will begin the lab by adding the .csv file as a resource and deploying the ALT webtop.  Next, we will need to update the Access Policy to include the new ALT webtop tile (webtop link) to the webtop.  
+
+This lab will commence with testing and validating user access.
+
 Expected time to complete: **15 minutes**
 
 .. note:: This is an add-on playbook that works with an existing PUA deployment (such as :doc:`/class3/module2/lab01`)
@@ -108,7 +122,7 @@ Task 3 - Review Deployment details and Deploy
 Task 4 - Track Deployment progress 
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-If you go back to the **PUA Deploy Agent WebSSH** tab in your local browser, you should see the logs generated by the the deployment of the PUA ALT WEBTOP Playbook.
+If you go back to the **PUA Deploy Agent WebSSH** tab in your local browser, you should see the logs generated by the deployment of the PUA ALT WEBTOP Playbook.
 
 
 #. Confirm that the deployment is successful by looking for **Playbook deployed successfully** log.
@@ -172,7 +186,7 @@ Task 3 - Add Alternate Webtop to the Webtop Links
 
    |image_bigip1_tmui_access_profiles_pua_smartcard_ressources|
 
-#. Click the **Webtop Links 3/5** tab.
+#. Click the **Webtop Links 4/5** tab.
 
    |image_bigip1_tmui_access_profiles_pua_smartcard_ressources_acls|
 
@@ -228,13 +242,13 @@ Task 2 - Validate user1 Access
 
      |image_chrome_incognito_pua_webtop_user1_altwebtop|
 
-   * Click on the **>_** icon of **bigip15** and observe the the username at the bottom left corner
+   * Click on the **>_** icon of **bigip15** and observe the username at the bottom left corner
 
      |image_chrome_incognito_pua_webtop_user1_altwebtop_bigip15_arrow|
 
      |image_chrome_incognito_pua_webtop_user1_altwebtop_bigip15|
 
-   * Click on the **>_** icon of  **bigip17** and observe the the username at the bottom left corner
+   * Click on the **>_** icon of  **bigip17** and observe the username at the bottom left corner
 
      |image_chrome_incognito_pua_webtop_user1_altwebtop_bigip17_arrow|
 

docs/class3/module2/lab03.rst

@@ -1,6 +1,15 @@
 Lab 3: Deploy PUA with Multifactor Authentication
 ===========================================================
 
+Overview
+---------------------------------------------------------------
+
+In the final lab of this lab series, we will focus on deploying F5’s Privileged User Access solution incorporating multi-factor authentication (MFA) using a one-time-password (OTP) with F5's Access Policy Manager (APM). 
+
+This lab is similar to Lab 1. However, it will demonstrate the use of token-based MFA rather than smartcard/client certificate. We will begin the lab by accessing the PUA UI, then deploying PUA MFA. 
+
+The lab will conclude with testing and validating user access.
+
 Expected time to complete: **15 minutes**
 
 .. _Access PUA:
@@ -126,7 +135,7 @@ Task 3 - Review Deployment details and Deploy
 Task 4 - Track Deployment progress 
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-If you go back to the **PUA Deploy Agent WebSSH** tab in your local browser, you should see the logs generated by the the deployment of the PUA MFA Playbook.
+If you go back to the **PUA Deploy Agent WebSSH** tab in your local browser, you should see the logs generated by the deployment of the PUA MFA Playbook.
 
 #. Confirm that the deployment is successful by looking for **Playbook deployed successfully** log.
 
@@ -199,15 +208,15 @@ Task 2 - Validate user2 Access
 
 #. In the **Applications and Links** section of the Webtop
 
-   * Click on **bigip1** and observe the the username at the bottom left corner
+   * Click on **bigip1** and observe the username at the bottom left corner
 
      |image_chrome_incognito_pua_webtop_user2_bigip1|
 
-   * Click on **bigip5** and observe the the username at the bottom left corner
+   * Click on **bigip5** and observe the username at the bottom left corner
 
      |image_chrome_incognito_pua_webtop_user2_bigip5|
 
-.. warning:: Close the Incognito window before going to the next task
+.. warning:: You successfully completed this lab, Close the Incognito window.
 
 |image_end_of_lab|