Cloud Solutions Architect
Invision Solutions
Total years of experience :21 years, 1 Months
Infrastructure:-
Configured and deployed the end-to-end cloud infrastructure for the client.
Established Site-to-Site(S2S) IPSec connectivity between Azure and Two sites.
Configured Point-to-Site(P2S) and routing to the sites and P2S users.
Designed and configured Azure VLAN of the organization.
Configured inter VLAN connection and routing to the site and P2S.
Configured and implemented Azure Kubernetes Cluster with nginx reverse proxy service, Kubernetes services, Replicaset, deploymentSet etc.
Configured and deployed Azure Web App for the front-end applications
Configured the Azure Application gateways for the backends connectivity and security.
Configured and deployed Azure Front door for Content delivery across the production and DR regions.
Designed and architected highly available and Disaster recovery infrastructure.
Configured and periodically monitored the Azure monitor solution for the Azure infrastructure.
Performed integration and monitoring of the Datadog SIEM with the Azure cloud.
Deployed and configured Kubernetes Clusters and Azure Container registries.
Configured and fine tuning of Web Application Firewall(WAF) on front door and Azure Application Gateway
Configured Azure Key Vault to store secrets, Azure Service Principal to access key vault and P2S VPN
DevOps:-
Configured Azure DevOps CI\CD pipeline for different environments like Dev, Stage and Production.
Built pipeline for PHP, nodesjs, Angular, Java applications
Built and configured pipelines related yaml files e.g, Deployment, Service, nginx for Azure Kubernetes deployment
Good hands-on on the Docker technology, Docker desktop
Built Dev, Stage, Production pipeline for Azure Kubernetes with deployments in DR Cluster for disaster recovery and high availability.
Configured and deployed Source code versioning solutions e.g. git, bitbucker, Azure DevOps Repositories.
Security scanning for code using SonarQube, SonarCloud, Snyk and integration of the same in the pipeline
Dynamic scanning of the deployed application with StackHawk and integration of the same with the pipeline.
Creation of the initial container images in Azure Container registries.
Updating the container images for security updates.
Configuration of various services like Apache2, Nginx etc in the container images
Installation of different container images to deploy services like Squid Proxy, SonarQube.
Configured OpenID Connect functionality in the Application.
Configured the initial cloud network architecture for the customer
Configured three tier architecture for dev/test and production
Established site-to-site connectivity between head office and cloud’s main region and peered disaster recovery region.
Established domain controllers on both main site and DR site of the cloud.
Configured and synced on-prem AD to Azure AD to extend the local identity to the cloud.
Deployed and configured Migration assessment tool for different workload assessment to assess the cost and performance of the current environment
Deployed and configured and then performed migration of the assessed workload to the cloud.
Performed Refactoring of the on-prem workload to different Azure services such as Azure Web App, Microsoft SQL Server and Microsoft SQL Managed instances.
Configured the Azure Site Recovery and Azure Back up for data and site protection.
Migration of around 1000 users from on-prem to online.
Migration of Exchange 2013 to Exchange 2019
Syncing on prem AD to Azure AD
Manage 24x7 operational support of existing network, capacity planning, conduct infrastructure audits, configure security policies/VPNs
Provide troubleshooting support to maintain all network systems and monitor them proactively to ensure that production downtime is minimized
Evaluate new and emerging technologies and suggest ways to add value to the existing infrastructure
Ensure an effective communication process is in place with all the stakeholders including Vendors, server, Network and desktop support teams
Implementing, maintaining and supporting network infrastructure (switches and routers)
Implementing, maintaining and supporting server and storage infrastructure
Implementing, maintaining and supporting Microsoft Core infrastructure technologies including Windows Server, Active Directory
Liaise with contractors and vendors to design, implement and maintain network technology solutions
Administration of Wi-Fi, access control, security devices and file share permissions
Produce network related documentation and diagrams
Create and implement IT policies in order to protect data, software and hardware to local IT infrastructure
Achievements:-
Configured VLAN on Cisco switches with inter-VLAN on Cisco Router
Configured ACL on the router for improving security
Configured IDS and IPS on the Network Edge for improved Security
Improved the user’s mobility and collaboration through implementation of Office 365.
Architected and restructured the Network Infrastructure to establish connectivity with CDK Autoline Drive in the cloud.
Installed and configured HP Bladesystem C7000 for cluster improving the bottom line of the company.
Implementation of VLAN on HP Virtual connect Manager Switch interfacing with the HP Bladesystem.
Configured the HP 3PAR Storage device to carve out the Storage volume for HP Cluster
Backup of servers using TSM 3100 Tape library
Reduced the service availability and data protection gap by migrating the servers to Vmware virtual environment (ESXi clusters) and windows Hyper-V cluster hosts.
Planned, designed and rolled out the Microsoft Exhange 2013 email system in the organisation. Configuration of DAG (Database Access Group) for mail box’s high availability
Improved the access control to the company resources by designing and implementing Active Directory infrastructure.
Installation, configuration of Windows 2016 Standard R2 Operating systems.
Daily administration and configuration of Microsoft SQL backup.
Designed, implemented and maintained IPSEC VPN site to site connectivity between the main office and branch offices using Forigate firewall.
Configured the user connectivity through SSL VPN and L2TP VPN.
Improved the IT security posture of the company by implementing Intrusion detection and prevention system (IDS, IPS), Web filtering and antivirus at perimeter level.
Improved the security by segregating the company wifi network in Production network and guest network through Virtual Area Network (VLAN). Guest wireless users don’t have access to the corporate data.
Implemented and managed the voice network through NEC PABX system, also managed Etisalat’s internet and PABX lines for the company.
Improved the end point security through the implementation of Antivirus solution.
Improved the performance, security and visibility in the infrastructure through the implementation of Network monitoring system using SNMP and Netflow protocol
Provided the seamless access to the Wifi around company’s building through Unifi access points installed and distributed across the facility.
Developed and implemented the backup strategy to protect the data using LTO backup drive and Symantec software.
Provided secure access to IT vendors and service provider to the company’s network through Demilitarized zone (DMZ) implementation.
Planned, installed and upgraded the CCTV Camera in the office facility for ensuring physical security.
Sectional Head of Information Security section in the company. Responsible for the following:-
RESPONSIBILITIES:
Assets profiling
Risk assessment of IT assets (Servers, Network Devices, Applications)
Risk treatment strategy and plan
Risk Evaluation matrix
Suggestion of Control Objectives and Control
Monitoring of the Effectiveness of the control
OTHER SKILLS:
Vulnerability assessment of critical IT resources
Incident handling and response
Latest security advisory
Patch management of the servers
Events log review
IT process review and re-engineering for improved security
Penetration testing
Risk analysis and mitigation of high value IT assets
Security awareness for IT Administrators / Users
Access control to servers and IT devices
IT Policy and Procedure creation and periodic review
Others:-
Business Risk Management Coordinator for IT Division
IMS coordinator in the company
Working as System Administrator in the company, I was responsible for the following:-
RESPONSIBILITIES:
Server’s availability and maintenance
User’s authentication and authorization to IT Services
Data confidentiality and availability
Backup and Disaster Recovery planning and implementation
Active Directory Domain design, implantation, configuration monitoring and administration
Servers and Network Monitoring
Design, configuration and implementation of LAN / WAN in the organisation
Drafting of IT Policy and Standard Operating Procedures to improve IT Services in the organisation
Internet configuration, monitoring and authorization to users through ISA server 2004
CentOS 5.5 Linux administration
Squid, Apache and DNS server configuration
TOOLS AND SKILLS IN USE:
Microsoft Windows 2003 Active Directory (AD) Domain
Microsoft Domain Name System (DNS)
Microsoft ISA 2004 Server
Backup Exec continuous backup
SNMP, Netflow and WMI based Monitoring
Linux Server CentOS 5.5
Apache Server
Bind DNS Server
Squid Server
Linux and Microsoft AD integration
Hands-on Experience on Cisco Router and Switches
VB Scripting for ADSI for day to day AD management
Worked as a IT Officer in the company, I was responsible for the following:-
RESPONSIBILITIES:
Servers installation, configuration and monitoring
DHCP Server Configuration
Novell Netware installation, configuration and administration
Network troubleshooting.
Network Traffic analysis of WAN link
LAN design and installation
Design and implementation of Backup solution
Daily backups of Mail and Novell Server.
Help Desk support
Worked in Standard Chartered Bank as a Network Engineer.
Served in Head Office and Branches.
Worked as an IT Technician
Provided support to end users.
Fulfilled end users IT resource requirement.
Installed and configured Windows Operating System and desktop application, printers and peripherals.
Troubleshooting of the end users computers and networks.