Over the past few years I've been working to modernize and automate our deployment of Linux VM's. As such I've developed our VM environment to use Puppet for configuration management and application deployment. We had a need to deploy FreeRadius to many sites to support our WPA-Enterprise wireless network. Each site required a separate instance of FreeRadius as we have requirements to run the site with the internet temporarily down. I've been using Puppet to deploy new websites, email servers, load balancers, high availability configurations, and reverse proxies. I've developed custom Puppet modules and classes to suite the need of
Microsoft Azure As part of our on going migration to the Cloud I've successfully integrated our On-Premise Active Directory with Microsoft Azure. I was charged with creating and configuring the ADFS authentication complete with Multi-Factor Authentication for All users. I also configured and integrated the Azure AD Connect component. For running VM's and other services we provisioned a Azure ExpressRoute and integrated the routing tables via BGP and OSPF allowing quick access to the whole company.
Chocolatey For managing commonly deployed applications and tools I've built Chocolatey with integration with SCCM into our environment. This offers the reporting and compliance of SCCM with the easy to use and easy to update software packages of Chocolatey. Saving the hassle of creating new SCCM packages every time a new piece of software is deployed. Chocolatey is a very easy to use package manager that can quickly wrap any software packages in a handy .nuget file which is pushed to the clients. Chocolatey is built on PowerShell so it is easy and quick to adapt to any software requirements
As part of our on going security and content management concerns we have implemented Cisco Umbrella company wide. We currently use Cisco Umbrella at all our locations and have locked down the DNS to use only the Cisco Umbrella Servers. On sites with Hyper-V or VMware servers we have deployed the Cisco Umbrella Virtual machine with Active Directory integration allowing us to track and monitor individual use and issues. I've developed various PowerShell scripts for streamlining the deployment of Cisco Umbrella servers to new Projects and sites. In addition I've configured Cisco Umbrella with SAML authentication to allow our administrators
Cisco Meraki
Cisco Meraki For small sites the simplified cloud management of Cisco Meraki equipment allows us to quickly configure and deploy equipment without worry about management or remote access. We utilizes Meraki's VPN and mesh technology to rapidly setup VPN tunnels and access points. The reports allow us to track usage statistics and points out any problems with the network. I've configured and deployed the Switches, Routers, and Access points complete with RADIUS authentication using in house FreeRadius3 servers. I've also written a PowerShell library that allows us to setup remote site systems and configure their networking instantly with a single
PFsense and Netgate Routers Our company uses PFsense for many of our sites. We utilize PFsense ability to be customized to provide various services to remote and local sites. We implemented our PFsense routers using the built in CARP based High Availability, allowing us to do maintenance and upgrades on the routers without downtime. We also utilize OSPF to propagate routes through out the company. PFsense can be configured with various parameters to support VoIP phones and various network requirements. We utilize OpenVPN internally to setup SSL based connections with various sites. On Client sites with locked down firewall rules
Skype for Business
Microsoft Skype for Business 2013/2015/2016 In 2015 we successfully migrated from Lync 2013 to Skype for Business 2015. Skype for Business allows the company to quickly and effectively locate and route calls and messages to individuals in the company. Skype for Business has been deployed to all the major offices including several of our smaller offices. Skype for Business offers major benefits to our organization allowing users to quickly setup meetings, calls, and desktop sharing. This is of major benefit since users can be in remote difficult to contact locations at any time. IT uses Skype for Business to offer
Built with site to site fail-over in mind I designed and deployed Exchange 2016 in an Active-Active setup across 2 sites. A software load balancer (HAProxy) has been placed in front of each Exchange server to automatically switch clients to the remote site in the event of a local server failure. HAProxy will monitor each Exchange server for HTTP failure codes in addition to checking TCP failures. It monitors services on Exchange individually to control the fail-over. Inbound and Outbound emails are routed through a Barracuda V400 Spam and Virus Firewall, which monitors and compares messages against Barracuda's spam checking
I designed and configured our SCCM 2012 environment. We utilize SCCM for asset and license tracking. SCCM 2012 was deployed with full HTTPS support allowing us to monitor and track assets that are not locally in the office or on the VPN. HTTPS support entails deploying a Microsoft Certificate Authority with Auto Enrollment enabled and configuring appropriate enrollment policies for all Computers. I built and extended SCCM to include additional software reports, for all our major purchased software. Additional User reports and collections allow us to quickly audit Active Directory attributes, security permissions, and produces quick reports against our HR
I am proficient in Microsoft 2010, 2013, 2016 and Office 365. I can deploy (silently or otherwise) all Microsoft Office products, and can diagnose and solve almost any issue with them. I am proficient in using these products as well. I commonly build Visio diagrams for IT documentation. I've packaged Office 365 using Chocolatey packaging and using the SCCM deployment tools. I've completed setup and management of Office 365 with ADFS authentication and Directory Synchronization. In addition I've setup Multi Factor Authentication Company Wide.
VMware Horizon View High Availability
In 2015 Packt Publishing contacted me to write a book about VMware Horizon View High Availability. The book was completed and published in Nov 2015. This book includes 9 chapters on VMware Horizon View and how to configure and build an environment to maximize build time. Chapters include: 1. VMware View Connection Server HA 2. VMware View Security Server HA 3. Load Balancers and deployments planning 4. HA planning for Floating & Dedicated Pools 5. Storage HA with VMware Virtual SAN 6. Hardware Redundancy planning for Fiber Channel Storage 7. NFS & Network planning 8. Monitoring 9. Upgrade and Downtime
VMware Horizon View Desktop Virtualization Cookbook
I was included in the review process of Packt Publishing’s VMware Horizon View Desktop Virtualization Cookbook. I provided feedback and advice regarding the guide and the information contained within. I was accredited as a reviewer for the book.
We utilize Unitrends Backup Appliances to provide automated backups of our VMware environment. We currently have the Unitrends Appliances deployed as a redundant pair. With backups replicating between our two major data centers. In the event of a data center failure the backups from the other site can be used to restore the VMs in a timely manner.
Packt Publishing's VMware Horizon Workspace Essentials
I was included in the review process of Packt Publishing's VMware Horizon Workspace Essentials. I provided feedback and advice regarding the guide and the information contained within. I was accredited as a reviewer for the book.
In high latency and low bandwidth environments, it is very important to have WAN optimizers to improve user experience. WAN optimizers can setup along a VPN connection and configured to reuse TCP sessions. This allows TCP sessions to be setup without waiting for 3 link trips. In environments with 600-3000ms latencies this can mean the difference between timing out and setting up a timely session. WAN optimizers also de-duplicate traffic between endpoints, traffic over the VPN connection can be reduced up to 80%. On high cost satellite links, this can result in savings of thousands of dollars on bandwidth costs.
When dealing with legacy software that is difficult to run on newer platforms VMware ThinApp can be essential to upgrades and roll outs. ThinApp creates a portable application that is independent of the source operating system. It can be deployed wherever need without prerequisite software and configurations. ThinApp allows upgrades to Windows 7 and beyond without being held up by legacy applications.
Kaspersky is used in a VMware vSphere environment to provide hypervisor level anti-virus to various VMs in conjunction with vShield. Kaspersky has a centralized management suite that allows for one stop management and configuration of all clients. Kaspersky Anti-Virus compares favorably to solutions from Trend Micro and F-Secure.
VMware vShield allows us to monitor scan and remediate virus and malware issues on our Virtual Machines. vShield works at the hypervisor level allowing a single anti-virus suite to be loaded and monitored per host rather than per VM. This has major resource savings in that only one copy of an anti-virus program has to be running per host. In addition to that malware cannot hope to disable or remove the anti-virus software since it cannot escape to the hypervisor level. This greatly increases the performance, security and manageability of a virtual environment. In our environment we have used Trend
As a VMware Certified Professional I am trained and knowledgeable in all aspects of VMware ESXi infrastructure. Deployments include a primary multisite datacenter, remote standalone ESXi servers, and HA Pairs in busy locations. I've utilized SRM to meet my organization's disaster recovery targets. I've architected and deployed redundant HA designs, complete with 10GB backbones. I've secured VMs using VMware vShield in combination with Kaspersky Anti Virus solutions. VMware vCenter servers are standard at all sites. VMware vSphere is also used in conjunction with VMware View's Composer services for automated desktop deployments.
VMware Horizon View
I've designed and built the current VMware Horizon View environment running at our office. VMware Horizon View allows us to maintain and deploy applications to dozens of computers in under 15 minutes. VMs are built with base images tailored to each department's needs. Finky software can be consistently deployed without worry across a large environment. We use VMware View's Linked Clone technology to keep disk space requirement small. Users have Roaming profiles that allow them to log in and maintain their customizations without the hassle or worry about patching or waiting for windows updates. The entire environment is run on
We use Microsoft SQL server for a large number of applications and uses. I maintain Microsoft SQL server as a backend for major business critical applications such as Microsoft Lync, SharePoint, SCCM, and numerous custom applications. I am charged with deploying, maintaining and backing up SQL Databases and services. I have written custom SQL code, queries and have extensive knowledge of SQL Reporting services.
I can deploy and maintain MySQL Servers. Commonly I maintain these in association with a websites hosted on Linux servers running Apache. Applications include Drupal, Wordpress, cPanel, OwnCloud, and ICTFax.
I can deploy and maintain PostgreSQL Servers, usually providing a backend database to an Apache website. Used by some internal website databases.
Active Directory
Microsoft Active Directory I am responsible for maintaining and configuring various aspects of active directory, including user permissions, Domain controllers, group management and security. I've configured cross forest trusts and sub-domains in AD. On occasion I have had to fix issues with services and configurations using ADSI edit.
Group Policy
Active Directory Group Policy I am responsible for Active Directory Group Policies. Our group polices include Folder Redirection Microsoft Office Skype client configuration Firewall configuration Application deployment Printer deployment Shared folders Various registry tweaks ext. Certificate Management Web Browser Management Roaming Profiles
I designed and deployed ICTFax as part of our VoIP migration. ICTFax integrates with any SMTP email server and uses a SIP Trunk to send and receive faxes to and from emails. ICTFax requires deploying a working FreeSwitch server and configuring it to work with the ICTFax software. I've contributed several bug fixes to the project. I've coded upgrades to the default install to include anonymous fax capability and I have added LDAP integration into the system. I maintain my own port of ICTFax on my github account
We utilize OpenVPN as part of our ever mobile fleet of offices and sites. OpenVPN allows us to quickly and reliably setup offices without the worry of static IPs, NAT or all the other problems that can be associated with IPSec or PPT firewalls. OpenVPN is an SSL/TLS based VPN solution. Clients and Servers are authenticated with trusted certificate infrastructure. Typically we implement OpenVPN using a micro-server at the site, this gives us the benefit of advanced configuration capabilities as well as being a low cost NAS.
I built and configured our current OpenNMS environment. It allows us to monitor and respond to network outages. It can monitor Windows Services using SMNP and alert us to service crashes. This is particularly useful for identifying when support services such as Backup, Anti-Virus, and VMware Tool services have stopped working.