Projects Print

Puppet
Puppet
Over the past few years I've been working to modernize and automate our deployment of Linux VM's. As such I've developed our VM environment to use Puppet for configuration management and application deployment. We had a need to deploy FreeRadius to many sites to support our WPA-Enterprise wireless network. Each site required a separate instance of FreeRadius as we have requirements to run the site with the internet temporarily down. I've been using Puppet to deploy new websites, email servers, load balancers, high availability configurations, and reverse proxies. I've developed custom Puppet modules and classes to suite the need of each application we need to run.
Puppet
Read more.
Azure
Microsoft Azure

Microsoft Azure


As part of our on going migration to the Cloud I've successfully integrated our On-Premise Active Directory with Microsoft Azure. I was charged with creating and configuring the ADFS authentication complete with Multi-Factor Authentication for All users. I also configured and integrated the Azure AD Connect component. For running VM's and other services we provisioned a Azure ExpressRoute and integrated the routing tables via BGP and OSPF allowing quick access to the whole company.
Azure
Read more.
Chocolatey
Chocolatey

Chocolatey


For managing commonly deployed applications and tools I've built Chocolatey with integration with SCCM into our environment. This offers the reporting and compliance of SCCM with the easy to use and easy to update software packages of Chocolatey. Saving the hassle of creating new SCCM packages every time a new piece of software is deployed. Chocolatey is a very easy to use package manager that can quickly wrap any software packages in a handy .nuget file which is pushed to the clients. Chocolatey is built on PowerShell so it is easy and quick to adapt to any software requirements necessary. Chocolatey can be built with a company hosted software server allowing corporate apps to be installed with ease.
Read more.
Cisco Umbrella
As part of our on going security and content management concerns we have implemented Cisco Umbrella company wide. We currently use Cisco Umbrella at all our locations and have locked down the DNS to use only the Cisco Umbrella Servers. On sites with Hyper-V or VMware servers we have deployed the Cisco Umbrella Virtual machine with Active Directory integration allowing us to track and monitor individual use and issues. I've developed various PowerShell scripts for streamlining the deployment of Cisco Umbrella servers to new Projects and sites. In addition I've configured Cisco Umbrella with SAML authentication to allow our administrators to seamlessly sign into the solution with Multi Factor Authentication.
Read more.
Cisco Meraki
Cisco Meraki

Cisco Meraki


For small sites the simplified cloud management of Cisco Meraki equipment allows us to quickly configure and deploy equipment without worry about management or remote access. We utilizes Meraki's VPN and mesh technology to rapidly setup VPN tunnels and access points. The reports allow us to track usage statistics and points out any problems with the network. I've configured and deployed the Switches, Routers, and Access points complete with RADIUS authentication using in house FreeRadius3 servers. I've also written a PowerShell library that allows us to setup remote site systems and configure their networking instantly with a single script. Greatly optimizing turn around time on our Project deployments. Our core routers utilize OSPF to automatically receive new routes from the Meraki Router about new sites automatically.
Cisco Meraki
Read more.
PFsense
PFsense and Netgate Routers

PFsense and Netgate Routers


Our company uses PFsense for many of our sites. We utilize PFsense ability to be customized to provide various services to remote and local sites. We implemented our PFsense routers using the built in CARP based High Availability, allowing us to do maintenance and upgrades on the routers without downtime. We also utilize OSPF to propagate routes through out the company. PFsense can be configured with various parameters to support VoIP phones and various network requirements. We utilize OpenVPN internally to setup SSL based connections with various sites. On Client sites with locked down firewall rules I've deployed PFSense with OpenVPN successfully running on port 443 or 123 or 53 ensuring that our infrastructure runs seamlessly without involving the client. I've built a PFsense configuration building module in PowerShell which will automatically generate configuration files for new Project Sites and locations greatly streamlining the setup process.
[caption id="attachment_120" align="alignnone" width="778"]PFsense PFsense[/caption]
Read more.
Skype for Business
Microsoft Skype for Business 2013/2015/2016

Microsoft Skype for Business 2013/2015/2016


In 2015 we successfully migrated from Lync 2013 to Skype for Business 2015. Skype for Business allows the company to quickly and effectively locate and route calls and messages to individuals in the company. Skype for Business has been deployed to all the major offices including several of our smaller offices. Skype for Business offers major benefits to our organization allowing users to quickly setup meetings, calls, and desktop sharing. This is of major benefit since users can be in remote difficult to contact locations at any time. IT uses Skype for Business to offer quick support sessions to remote users. In addition we have implemented the 3rd Party add-in FonComfort by Bressner.We currently use Polycom CX600, Polycom CX3000, SNOM PA1, Polycom VVX 411 and Apple iPhones with the Skype for Business Servers. The system in place uses 2 ISPs for redundant call routing preventing VoIP outages in the event of a ISP failure. The system is engineered with redundant Mediation Servers running Windows 2012 on VMware Virtual Machines. VMware is further configured to ensure that the VMs are running on separate hosts, preventing outages in the event of a host outage, and allowing us to do hardware maintenance without taking any call outages. I've implemented various PowerShell libraries that will automatically do the upkeep on our Skype Users. This includes automatically activating/deactivating skype users, managing Unified Messenging, and updating our Thinktel configuration and labels.
[caption id="attachment_117" align="alignnone" width="778"]Skype for Business Skype for Business[/caption]
Read more.
Exchange
Microsoft Exchange 2010/2013/2016/O365/Hybrid
Built with site to site fail-over in mind I designed and deployed Exchange 2016 in an Active-Active setup across 2 sites. A software load balancer (HAProxy) has been placed in front of each Exchange server to automatically switch clients to the remote site in the event of a local server failure. HAProxy will monitor each Exchange server for HTTP failure codes in addition to checking TCP failures. It monitors services on Exchange individually to control the fail-over. Inbound and Outbound emails are routed through a Barracuda V400 Spam and Virus Firewall, which monitors and compares messages against Barracuda's spam checking rules. The Barracuda Spam Firewalls were deployed along with the Outlook plugin and LDAP authentication. This allows users to check and monitor their Quarantine and Spam that hasn't been delivered to their mailbox, and redeliver rejected messages. Reducing IT overhead. Each Exchange 2016 server is capable of acting as a Unified Messaging server for Skype for Business 2015. I've also successfully configured Exchange Online Unified Messaging for our Hybrid Migration. In 2017 and 2018 we tackled an Exchange Hybrid Migration allowing us to migrate users to Office 365 and Exchange Online. I was responsible for the setup and configuration of ADFS and Azure AD Connect. I've created routing rules to allow both environments to send emails back and forth. I've also written PowerShell automation libraries to simplify the maintenance and upkeep of users in both On-Premise and Exchange Online situations.
Read more.
SCCM
System Center Configuration Manager 2012/2016/1806 (SCCM)
I designed and configured our SCCM 2012 environment. We utilize SCCM for asset and license tracking. SCCM 2012 was deployed with full HTTPS support allowing us to monitor and track assets that are not locally in the office or on the VPN. HTTPS support entails deploying a Microsoft Certificate Authority with Auto Enrollment enabled and configuring appropriate enrollment policies for all Computers. I built and extended SCCM to include additional software reports, for all our major purchased software. Additional User reports and collections allow us to quickly audit Active Directory attributes, security permissions, and produces quick reports against our HR system to determine if employees are still on the payroll. Our cooperation with CDW and our advances in software tracking prompted an article in CDW's Aptitude Magazine regarding this work. I've successfully migrated and upgrade the environment through 2012->2016->1806. I've recently migrated many of the software installation tasks to use Chocolatey allowing me to quickly turn around software updates without creating new SCCM packages.
Read more.
Microsoft Office 2010/2013/2016
I am proficient in Microsoft 2010, 2013, 2016 and Office 365. I can deploy (silently or otherwise) all Microsoft Office products, and can diagnose and solve almost any issue with them. I am proficient in using these products as well. I commonly build Visio diagrams for IT documentation. I've packaged Office 365 using Chocolatey packaging and using the SCCM deployment tools. I've completed setup and management of Office 365 with ADFS authentication and Directory Synchronization. In addition I've setup Multi Factor Authentication Company Wide.
Read more.
VMware Horizon View High Availability
VMware Horizon View High Availability
In 2015 Packt Publishing contacted me to write a book about VMware Horizon View High Availability. The book was completed and published in Nov 2015. This book includes 9 chapters on VMware Horizon View and how to configure and build an environment to maximize build time. Chapters include:
1. VMware View Connection Server HA 2. VMware View Security Server HA 3. Load Balancers and deployments planning 4. HA planning for Floating & Dedicated Pools 5. Storage HA with VMware Virtual SAN 6. Hardware Redundancy planning for Fiber Channel Storage 7. NFS & Network planning 8. Monitoring 9. Upgrade and Downtime Planning
Read more.
VMware Horizon View Desktop Virtualization Cookbook
VMware Horizon View Desktop Virtualization Cookbook by Packt Publishing
I was included in the review process of Packt Publishing’s VMware Horizon View Desktop Virtualization Cookbook. I provided feedback and advice regarding the guide and the information contained within. I was accredited as a reviewer for the book.
Read more.
Unitrends Enterprise Backups
We utilize Unitrends Backup Appliances to provide automated backups of our VMware environment. We currently have the Unitrends Appliances deployed as a redundant pair. With backups replicating between our two major data centers. In the event of a data center failure the backups from the other site can be used to restore the VMs in a timely manner.
Read more.
Packt Publishing's VMware Horizon Workspace Essentials
VMware Horizon Workspace Essentials from Packt Publishing
I was included in the review process of Packt Publishing's VMware Horizon Workspace Essentials. I provided feedback and advice regarding the guide and the information contained within. I was accredited as a reviewer for the book.
Read more.
Riverbed Wan Optimization (Steelhead)
In high latency and low bandwidth environments, it is very important to have WAN optimizers to improve user experience. WAN optimizers can setup along a VPN connection and configured to reuse TCP sessions. This allows TCP sessions to be setup without waiting for 3 link trips. In environments with 600-3000ms latencies this can mean the difference between timing out and setting up a timely session. WAN optimizers also de-duplicate traffic between endpoints, traffic over the VPN connection can be reduced up to 80%. On high cost satellite links, this can result in savings of thousands of dollars on bandwidth costs. Configured correctly the WAN optimizer can de-duplicate SSL sessions and NTLM authenticated sessions, allowing Exchange and Windows File Share sessions to be 20-80% more efficient. Riverbed also offers the Steelhead Mobile Client for laptop users. Allowing VPN users at remote sites to enjoy the benefits of de-duplicated and optimized traffic.
Read more.
VMware ThinApp
When dealing with legacy software that is difficult to run on newer platforms VMware ThinApp can be essential to upgrades and roll outs. ThinApp creates a portable application that is independent of the source operating system. It can be deployed wherever need without prerequisite software and configurations. ThinApp allows upgrades to Windows 7 and beyond without being held up by legacy applications.
Read more.
Kaspersky Anti-Virus
Kaspersky is used in a VMware vSphere environment to provide hypervisor level anti-virus to various VMs in conjunction with vShield. Kaspersky has a centralized management suite that allows for one stop management and configuration of all clients. Kaspersky Anti-Virus compares favorably to solutions from Trend Micro and F-Secure.
Read more.
VMware vShield
VMware vShield allows us to monitor scan and remediate virus and malware issues on our Virtual Machines. vShield works at the hypervisor level allowing a single anti-virus suite to be loaded and monitored per host rather than per VM. This has major resource savings in that only one copy of an anti-virus program has to be running per host. In addition to that malware cannot hope to disable or remove the anti-virus software since it cannot escape to the hypervisor level. This greatly increases the performance, security and manageability of a virtual environment. In our environment we have used Trend Micro and Kaspersky Anti-Virus, however we found Kaspersky's deployment and reliability to be far superior than Trend Micro's.
Read more.
VMware vSphere (ESXi)
As a VMware Certified Professional I am trained and knowledgeable in all aspects of VMware ESXi infrastructure. Deployments include a primary multisite datacenter, remote standalone ESXi servers, and HA Pairs in busy locations. I've utilized SRM to meet my organization's disaster recovery targets. I've architected and deployed redundant HA designs, complete with 10GB backbones. I've secured VMs using VMware vShield in combination with Kaspersky Anti Virus solutions. VMware vCenter servers are standard at all sites. VMware vSphere is also used in conjunction with VMware View's Composer services for automated desktop deployments.
Read more.
VMware Horizon View
VMware Horizon View
I've designed and built the current VMware Horizon View environment running at our office. VMware Horizon View allows us to maintain and deploy applications to dozens of computers in under 15 minutes. VMs are built with base images tailored to each department's needs. Finky software can be consistently deployed without worry across a large environment. We use VMware View's Linked Clone technology to keep disk space requirement small. Users have Roaming profiles that allow them to log in and maintain their customizations without the hassle or worry about patching or waiting for windows updates. The entire environment is run on SSD disks and 10GB Ethernet connections to ensure high performance. VMware Horizon View is based on and uses VMware vSphere for automatic provisioning.
Read more.
Microsoft SQL Server
We use Microsoft SQL server for a large number of applications and uses. I maintain Microsoft SQL server as a backend for major business critical applications such as Microsoft Lync, SharePoint, SCCM, and numerous custom applications. I am charged with deploying, maintaining and backing up SQL Databases and services. I have written custom SQL code, queries and have extensive knowledge of SQL Reporting services.
Read more.
MySQL
I can deploy and maintain MySQL Servers. Commonly I maintain these in association with a websites hosted on Linux servers running Apache. Applications include Drupal, Wordpress, cPanel, OwnCloud, and ICTFax.
Read more.
PostgreSQL
I can deploy and maintain PostgreSQL Servers, usually providing a backend database to an Apache website. Used by some internal website databases.
Read more.
Active Directory
Active Directory

Microsoft Active Directory


I am responsible for maintaining and configuring various aspects of active directory, including user permissions, Domain controllers, group management and security. I've configured cross forest trusts and sub-domains in AD. On occasion I have had to fix issues with services and configurations using ADSI edit.
[caption id="attachment_49" align="alignnone" width="778"]Active Directory Active Directory[/caption]
Read more.
Group Policy
Active Directory Group Policy

Active Directory Group Policy


I am responsible for Active Directory Group Policies. Our group polices include
  • Folder Redirection
  • Microsoft Office
  • Skype client configuration
  • Firewall configuration
  • Application deployment
  • Printer deployment
  • Shared folders
  • Various registry tweaks ext.
  • Certificate Management
  • Web Browser Management
  • Roaming Profiles

[caption id="attachment_50" align="alignnone" width="778"]Group Policy Group Policy[/caption]
Read more.
IctFax
ICTFax (http://ictfax.org/)
I designed and deployed ICTFax as part of our VoIP migration. ICTFax integrates with any SMTP email server and uses a SIP Trunk to send and receive faxes to and from emails. ICTFax requires deploying a working FreeSwitch server and configuring it to work with the ICTFax software. I've contributed several bug fixes to the project. I've coded upgrades to the default install to include anonymous fax capability and I have added LDAP integration into the system. I maintain my own port of ICTFax on my github account
Read more.
OpenVPN
OpenVPN
We utilize OpenVPN as part of our ever mobile fleet of offices and sites. OpenVPN allows us to quickly and reliably setup offices without the worry of static IPs, NAT or all the other problems that can be associated with IPSec or PPT firewalls. OpenVPN is an SSL/TLS based VPN solution. Clients and Servers are authenticated with trusted certificate infrastructure. Typically we implement OpenVPN using a micro-server at the site, this gives us the benefit of advanced configuration capabilities as well as being a low cost NAS.
Read more.
OpenNMS
OpenNMS
I built and configured our current OpenNMS environment. It allows us to monitor and respond to network outages. It can monitor Windows Services using SMNP and alert us to service crashes. This is particularly useful for identifying when support services such as Backup, Anti-Virus, and VMware Tool services have stopped working.
Read more.