Engineer (Networks)
Aga Khan University
Total years of experience :13 years, 3 Months
International Projects:
- Campus LAN Revamp : AKU - Kenya, Tanzania & Uganda
(Project Lead) - Planning, Designing & Implementation of Cisco 3-Layered switching infrastructure at International AKU sites using Cisco 4500, Cisco 3750X and Juniper ex-2200 switches.
- Cisco Unified Wireless Solution: AKUH, Nairobi, Kenya
(Project Lead) - Deployment of Cisco WLC 5508 in HA with Cisco 2702E Access Points leveraging CAPWAP.
- Internet Edge Security: AKU ISMC, London, UK
(Project Lead) - Installation of Palo Alto NGN Firewall in virtual wire mode behind Internet gateway for application based traffic filtering and shaping.
- International connectivity: Full mesh between global sites (Pakistan, Kenya, Tanzania, Uganda, Afghanistan and UK)
(Project Lead) - Route based IPSEC VPN over GRE Tunnel between Global AKU entities, using Cisco ISR-G2 2921 routers.
Local Projects:
- Data Center Network Security, AKU, Karachi, Pakistan
(Project Lead) - Implementation of 2 x Fortigate 1500D NG Firewalls in Transparent Mode with HA, to scan and enforce
policies on the North-South traffic of the Datacenter, also utilizing the IPS capabilities of Fortigate.
- Internet Edge Network Security, AKU, Karachi, Pakistan
(Project Lead) - Implementation of 2 x Fortigate 800c NG Firewalls in Routed Mode with HA and Multiple VDOMS, to
protect the Data Center Systems from cyber-attacks initiated through/from Internet. Plus Replacement of Microsoft
Forefront TMG with Fortinet FortiWeb 1000C Appliance for Web Publishing and as Web Application Firewall for AKU’s
Webfarm.
- WAN Connectivity of AKU, Karachi with Secondary hospitals across Pakistan.
(Project Lead) - Leveraged BGP over IPSEC VPN to provide redundant auto-failover connectivity at WAN sites using Cisco
ISR-G2 2921 Routers & Juniper SSG5 Firewalls.
- Branch Firewall Replacement
(Team Lead)- Replacing EOL Juniper SSG5 with Fortinet Fortigate 60D Firewall configuring IPSEC VPN, NGN Firewall and
SSL-VPN services.
- DR Site Firewall, AKU, Karachi, Pakistan
(Team Member) - Layer 3 / Layer 2 configuration of Cisco ASA 5510 at AKU’s Disaster Recovery Site, with Cisco
AnyConnect Remote Access VPN.
- Data Center Switching, AKU, Karachi, Pakistan
(Team Member) - Data Center Switching with Cisco Nexus 5k (VPC) & Cisco Catalyst 4500X (VSS) and Catalyst 2960s.
- Campus Core Switching, AKU, Karachi, Pakistan
(Team Member) - Campus Core Switch Migration to dual Cisco Nexus 7009 with 10G Backbone utilizing vPC.
- Network Monitoring System, AKU, Karachi, Pakistan
(Team Member) - Global AKU-wide NMS implementation; Manage Engine’s OPManager.
Operational Responsibilities
- Global Tier 3 Network Operations Support; LAN, WAN, WLAN & Data Center infrastructure (Pakistan, East Africa,
London & Afghanistan)
- Monitoring and Evaluation of network performance, reliability and scalability; troubleshooting & resolving data
network issues.
- Managing and Controlling the Internet Architecture with over 8000+ internet users distributed across the several
campuses.
- Planning, Designing & Implementation of all scalability projects related to Campus LAN, WAN, WLAN & Data Center
infrastructure.
- Interfacing with leadership and vendors to develop and implement new solutions to meet business requirements.
- Research, evaluation and recommendation on alternative technologies and architectures in relation to infrastructure
needs.
- Infrastructure documentation including Diagrams, IP scheming and Configuration Templates.
Product Experience;
Cisco; Routers (72xx, 39xx, 38xx, 28xx) Switches (3750, 3560, 2960) Security (ASA 5510) Wireless (WLC 5510, WCS, APs),
Juniper; Routers (M7i, M5i) Switches (ex-2200) Security (SSG and SA-4500)
Microsoft; Windows 7, Server 2008 R2, Hyper-V, TMG
Others; HP Procurve Switches, Huawei Layer 3 & Layer 2 Switches Palo Alto NGN Firewall(PA 2050); Linux CentOS
Operation & Maintenance of IP Core Network.
Problem monitoring & escalations as per standard operations procedure.
Monitoring of Internet backbone & related services.
Optimize network topology and services based on Juniper, Huawei and Cisco.
Monitoring BGP and OSPF sessions.
Assisting L2 and L3 connectivity to the IP Transit customers