I have been a passionate technologist for nearly as long as I can remember, from the earliest days of building an "alarm system" out of a Radio Shack "150 in one" kit, to learning C and PASCAL as a teen.
I have also always been fascinated by the way that people communicate and commune using technology. Reflecting on things, I believe this is the reason that I operated BBS' as a teen as well; allowing people to connect and share their thoughts and knowledge. That is also the joy I get from "Networking" computers together. It's more than just connecting systems together to exchange bits, but to enable people to laugh, do business, communicate, exchange ideas and to connect in different ways.
Below I have outlined briefly some of the experiences I have had in various areas of computing. For more detailed point-form summary of my accomplishments, please have a look at my resume.
As mentioned above, networking is my main specialization. I have worked mostly with small and medium-sized networks, ranging from 10 workstations to 600 users with 12 remote sites.
I have mostly focussed on LAN switching and IP networks, with some consideration for WAN design and management, although the WAN portion has mostly been vendor relations and management. Basic routing and IP network design have been the areas of work.
Of particular focus since 2006/2007 have been the design and performance considerations of virtualization on networking; primarily the SAN design and Virtual Machine (VM) networking. For the SAN end of things, I have maintained some FibreChannel SANs, and designed and implemented multiple IP-based SANs, using iSCSI for block-level data access and NFS for file-level access. Each of these networks was designed with reliability and performance in mind, as well as cost-effectiveness. As with everything, there is a fine balance between "ideal" and "good for now".
For VM Network design, reliability and performance are as well factors, but also manageability. Different VM profiles require tuning and performance design and monitoring. The added complexities of these requirements make for a harder to manage environment. Thus the balance lies in too much management and individual "tuning" can lead to over-management and overly complex networks.
One of my most challenging networking projects was a multi-phased approach to a) replace the existing firewall system to a more advanced one, and b) reassigning the entire internal network IP ranges for the main office and remote locations. The first phase required a significant amount of time to research the existing rules and their usefulness; there were dozens of rules that were still in place for systems that had been moved, changed, or decommissioned. As an example of the total change in efficiency, the previous system contained approximately 280 rules, the newly migrated system contained 40, and after the cut-over, all the existing systems continued to operate as expected. The new firewall system and its enhanced rules allowed for changes during primary business hours; whereas the previous system would take so long to process rule changes, that sessions would be reset, the new system had no such failings.
For the IP address reallocation, the project was undertaken to more efficiently segment the broadcast domains in the main office. Whereas before the change, the network segment allowed for 1,024 hosts on a flat network, and created such a large broadcast domain that some broadcast storms were affecting network performance, the new design segmented network address ranges into functionality: desktop systems, servers, secure systems (for PCI and credit-card processing systems), wireless, guest network access, and network management. This created a controllable environment where rules could be put into place to secure systems or segments more thoroughly than previously possible. The transition required significant coordination between myself, the project team and stakeholders (each server was managed by an individual, not necessarily in the IT department), and end users. The project was completed ahead of schedule and with minimal user impact and interference.
While I have always used one method of virtualization or another, in the form of Solaris contains, FreeBSD Jails, virtual hosting in Linux, or desktop virtualization using QEMU or VMWare workstation, it was not until I tested VMWare ESX 3 ("VI3") that I realized the implications of virtualization on the way that computing is done.
At the time, Rocky Mountaineer had nearly 80 physical servers, ranging from Exchange servers to simple web servers, each a dedicated server typically with two processors, two hard drives, two power supplies, etc. A spectacular amount of wasted power for servers that were 10-20% utilized, simply for the argument of Operating System segregation. After realizing the management and efficiency benefits of virtualization, the IT team pursued a "virtualize first" policy, ensuring that unless extreme circumstances were present, and real justification could be proven for requiring a physical server rather than a virtual one, all new systems would be created as virtual machines.
This created an environment where many eggs were in one basket; the reliance on a single shared-storage platform was not the typical way of approaching IT resources from a reliability perspective. This type of environment requires tight controls on changes to networking and storage environments, so that administrators do not inadvertently make major modifications that could impact the entire virtual infrastructure.
The initial rewards of virtualizing existing servers were immediately apparent: reduction in square footage, cooling and power requirements, higher availability through VMotion, as well as overall reduction in cabling made the initial conversion of servers to virtual machines a "no-brainer". The long term benefits that have arisen are even more beneficial to the organization: Disaster Recovery planning is simpler to manage, reduction in backup license costs, reduction in Operating System licensing costs (via Microsoft Datacenter licensing), enhanced availability through mirrored VMs, BIOS-level KVM without requiring a physical KVM and cable, ease of modifying server performance profiles, and more.
Realizing the benefits of virtualizing servers, the next logical step was to begin virtualizing user desktops. This is a more delicate matter in many ways, since IT projects should actually be viewed as an improvement in user abilities and efficiency; if user experience is negatively impacted, then the benefit of a technology is lost. After evaluating the VMware VDI (Virtual Desktop Infrastructure) with IT, a test plan was created small group of users was selected to test the experience.
A critical part of managing IT resources is an efficient system management centre. Through the years, I have used many solutions that were designed for various scenarios: system monitoring, application monitoring, performance tuning, desktop management, patch management and so forth.
I have implemented system and application monitoring and performance monitoring through Nagios, a UNIX/Linux solution that is quite extensible, and easy to create plugins using the Nagios plugin language. As well, I have maintained the IBM Director management system to manage servers and desktops. The most complex and broad system I have deployed, though, would be System Center: Operations Manager (SCOM) and Configuration Manager (SCCM). Each system has a different purpose, and each is quite extensible and powerful in its own right.
While at Rocky Mountaineer I was primarily responsible for the initial deployment of SCOM and SCCM. Utilizing Group Policy and integrating WSUS, clients for SCCM were automatically deployed to desktop and server computers to provide: patch management, software tracking, remote support, software deployment, application packaging, and overall reporting of hardware and software usage and requirements.
For SCOM, slow and methodical deployment of management packs (MPs) was necessary since each MP would make many abnormalities and misconfigurations apparent to the IT Team. Enabling every MP would create an overwhelming situation. Before another MP would be enabled, all of the outstanding alerts would need to have been resolved, either by correcting the fault, or by creating an override when necessary. This allowed IT to create a more resilient system, preventing false positives in the future, and also familiarizing the whole team with the inner workings of the servers, services and applications.
The real advantage of a platform like SCOM is the preventative alerting, allowing IT to address issues before they are user impacting, and creating an environment where IT is working to enhance performance, and not just alert when there is a problem. A superb example of this is during the initial deployment of our Exchange 2010 migration, we received alerts indicating the mailbox servers were swapping large portions of memory, indicating the server was starved for memory, a potentially user-impacting situation if left unchecked. Upgrading the memory (another advantage of VMWare) resolved the issue before any user was impacted.
Every organization needs some form of centralized storage, whether it is in the form of a single server with disks and file shares, or a large storage array for virtual machines.
Throughout the years I have worked with various solutions, from hodgepodge servers with "JBOD" and file shares to powerful storage appliances that deliver high-end performance across many different levels of storage (60TB+) and multiple protocols (NFS,CIFS,iSCSI,FC).
The biggest challenge with storage is performance monitoring and capacity planning. With performance, it is an art and a science in its own right, with so many variables and application or server profiles to keep in consideration (by that I mean: CIFS has a different usage pattern than SQL). For capacity monitoring, having the right tools that integrates with your system management platform is essential to predicting usage patterns and future growth requirements.
Surprisingly, it's difficult to find systems that report on file system usage that are not specific to Windows or Linux, so for example if you have a NetApp filer as your fileserver, you will have a hard time finding software that works efficiently and provides any useful data. To this end, with the help of our DBA, I developed a script which scanned the CIFS file systems, and dumped file ownership, size and timestamp information to a text file, which the DBA took and placed into a database which the SQL Reporting Services transformed into a very useful reporting site that you could use to show worst offenders, highest rate of change by user, or folder, and general file type statistics (ex: MP3 and AVI information). This is an example of a team working together to find a solution to an ongoing problem where there is no solution that meets our needs.
Although I was "trained" as a network engineer, I have spent some time as a developer as well. While at NetNanny software, I was employed as a developer on the BioPassword product, which uses Keystroke Dynamics to determine a higher level of identity verification than just regular passwords, without requiring any specialized hardware. I was primarily responsible for converting the BioPassword windows product to a platform-independent set of libraries that would be usable in a UNIX/Linux environment.
Scripting has always been a part of my day to day activities as an administrator; whether it's using Perl, BASH, KSH, or newer PowerShell environments, the motivation is the same: "If I have to do it more than twice, script it". My primary scripting strengths are in Linux Shells (e.g.: BASH), and PowerShell.
My other development efforts in the past few years revolve around the typical LAMP stack, so utilizing Linux, Apache, MySQL and PHP. This stack offers an incredibly quick development environment, making the cycle from idea to prototype to final product incredibly easy. In addition to the back-end languages, I also enjoy working with HTML, CSS and JavaScript, and all the frameworks and fascinating things you can do with them.
In addition to all of the above, I have been the primary person responsible for Active Directory, E-Mail (Microsoft Exchange as well as Postfix/Sendmail on UNIX servers), certificate authority services, general server administration, infrastructure projects involving any of the above topics, and vendor relationships.
As for Project Management, I have applied myself with many projects that required several team members, other business units, vendor coordination and scheduling management. I have seen each of these projects through from inception to completion, with a high rate of user, stakeholder and vendor satisfaction. Each project undertaken required managing scope, budgets and schedules, as well as expectations from all those involved.