Mahagwa Makokha

staffordmakokha@gmail.com

614-943-9240

Catholic Health Initiatives                        08/2013-03/2016

Title: Solutions Architect

Responsibilities:

·   Derived business requirements from business users (lines of business), translating said requirements into systems (infrastructure) requirements. Evolved said infrastructure requirements into discipline specific (data network, voice network, wireless network, datacenter, network security, application security, data presentation, data storage, infrastructure virtualization, user access security, operating systems) requirements. From said requirements, developed discipline specific soluton architectures, integrating them into a wholistic infrastructure architecture solution.

·   Functioned as project manager and subject matter expert in deployment of infrastructure solutions

·   Consulted with application developers to assess potential impacts of proposed (in house built or COTS – off the shelf) applications on infrastructure. Where remediation (infrastructure) was required, developed solution to accommodate said application

·   Consulted with developers to assess storage and virtualization needs for proposed applications, developing infrastructure solutions to accommodate such

·   Aligned with executive strategic committee on proposed business strategies. Advised committee on potential impacts to infrastructure, proposed solutions and probable costs of said solutions. Performed financial analysis on proposed solution (NPV, IRR, Payback period) and presented such to executive committee.

·   Developed and managed IT budgets related to infrastructure deployments (such budgets included fixed materials, variable labor costs, additional costs incurred). Worked with finance, IT leadership and line of business owners to deploy a charge back mechanism converting IT into a profit center, as opposed to cost center

Accomplishments:

·   Developed architecture for a consolidated datacenter (with replication to regional and backup data center) for organization

o   Security design for external entities entering corporate data premises (customer, business partners)

o   Load balancing design for external and internal users seeking access to corporate data stores (servers)

o   QOS metrics to restrict impact of external user data on internal users

o   Design and configuration of CUCM and CUC as well as CUCCX clusters in data center, and access to said applications from corporate and external entities

o   Routing design for data center (OSPF stub area for data center; BGP redistribution at data center edge to internet connectivity, MPL and VRF configuration from data center across WAN)

o   Mulicast design for multi-cast providers hosted in data center to external (corporate and other) users

·   Developed architecture for organization’s national network of hospitals

o   Standardization on OSPF

§   Area design (subnets, summarization, type)

§   Area summarization and injection into backbone area

§   Authentication MD5 between OSPF speakers

o   BGP as EBGP

§   Redistribution (filters, distribute lists, etc) defined

§   AS path filtering defined

§   AS path attribute manipulation for route control defined

o   Multicasting deployed PIM_DM

o   Layer 2 standards and design

§   PVST+ defined

§   Port and bridge priorities defined

§   Port types defined

·   Developed security governance framework for organization

o   Edge interested and uninteresting traffic (source/ destination; port) defined

o   Firewall rules defined

o   IDS/IPS signatures and actions defined

o   ICE deployment strategy defined

o   AD (Active Directory) design

·   Developed architecture for new (build) 200 bed critical care hospital (new acquisition). Architecture components included:

o   Data network architecture

§   IP addressing and subnetting design

§   IP routing design (OSPF as IGP; BGP as EGP. Redistribution between OSPF and BGP; BGP Path manipulation attributes definition)

§   Layer 2 network design (VLAN specificiation and assignment, Spanning tree design – PVST+, bridge port designations)

§   IP Multicast routing design

o   Voice network architecture

§   Multi-site WAN with distributed call processing model design (integrated acquire into larger voice footprint)

§   CUCM design:

·                 CUCM groups, device pools, media resources specification

·                 Dial plans, trunking, call admission control specification

§   Cisco Unity Connection design (high availability, dial plan, call handlers)

§   CUCCX design (ACD, IVR)

o   Storage architecture

§   Fiber Channel SAN design

§   LUN, Thin provisioning design

§   Data replication (to regional data center – active-active) and backup scheduling specification

o   Data security architecture

§   Security protocols (TACACS, ipSEC, ssh, wireless security design)

§   Firewall (rules) definition

§   IDS/IPS (signatures) and deployment definition

§   Network access control design

o   Wireless network architecture

§   Access Point deployment design (autonomous mode; ssid specification, qos design)

§   Radio resource design

§   Wireless LAN Controller (WLC) design

§   Wireless security design (roaming, guest access, authentication)

§   Wireless qos design

§   Wireless network (WLANs and mapping to VLANs) design

 

 

 

Southern California Edison                       07/2009- 08/2013

Title: Solutions Architect

Responsibilities:

·   Attached to PMO (Project Management Office) as a technical expert

o   Consulted with PMO on proposed business initiatives and their potential impact on infrastructure

o   Provided financial analysis to PMO as to proposed cost for infrastructure remediation, timing of payback and potential source of funds, as well as proposed long-term and short term saving

o   Develop infrastructure solution architectures for line of business proposed projects (such might include: data network designs, voice network designs, wireless network designs, storage designs, active director – user authentication designs, virtualization designs, application designs – at a very high level)

·   Attached to Enterprise Architecture Group as Technology Architect

o   Responsible for translating enterprise architecture framework into applicable technology architecture to support data requirements (transit, at rest, security, access, availabilility, integrity, security)

o   Responsible for developing appropriate architecture definition modules (ADMs – per TOGAF) with respect to Technology architecture (inclusive of Voice ADM, Data transport ADM, Data in Transit security ADM, Data at Rest ADM, Data access ADM, Data security integrity and availability ADM)

o   Responsible for developing roadmap to transition enterprise from as-is state to target state (with respect to ADMs)

o   Responsible for organizing, launching and executing projects to deliver Technology ADMs to fruition

o   Responsible for vendor (hardware, software, human resources) assessment and selection for delivery of ADMs

·   Attached to a variety of projects as infrastructure architect and SME

o   Responsible for deriving business requirements from line of business user

o   Responsible for translating (dependent on situation, might work in concert with lead developer or application architect) said business requirements into systems requirements

o   Responsible for extracting infrastructure requirements from systems requirements

o   Responsible for developing appropriate infrastructure architectures (data network, voice network, storage, vritualization, active directory .. IP infrastructure – smtp, snmp, dns, dhcp, ftp, tftp, etc, wireless)

o   Responsible for delivering (involved management of various resources as a project manager) relevant infrastructure solutions

 

Accomplishments:

·   Served as infrastructure lead on migration from main-frame to linux and wintel servers

o   Identification of applications targeted for migration

o   Identification of users of said applications

o   Identification of data requirements (latency, interactivity, bandwidth)

o   Design of storage solution to accommodate application and user data  (SAN)

o   Design of network (data) to accommodate data transit (included: routing, qos)

o   Design of virtualization solution to optimize storage utilization and enable thin clients at the user end

·   Architected and led deployment of a fiber channel storage network

o   Assessment of users and targets

o   Assessment of devices that need access to storage

o   Definition of: Worldwide Naming, Service classes, addressing, FCIP, FCoE, redundant fabric, LUN provisioning, thin provisioning, backup scheduling, site redundancy)

·   Architected data warehouse systems as well as relevant architecture to support the ETL process flow

·   Worked alongside enterprise architecture group in developing ADMs for TOGAF enterprise architecture undertaking; served as lead on the Technology architecture phase

 

 

 

JP Morgan Chase                             05/2006-07/2009

Solutions Architect

Responsibilities:

·   Acquisitions

o   Responsible for integrating acquires business entities into the larger JPMChase footprint.

o   Responsibilities centered around:

§   Data network integration

·                 Integrating acquired companies IP network (addressing, routing, multi-casting, Layer 2) into larger JPCHase footprint

§   Voice network integration

·                 Integrating acquired companies voice network (if legacy voice .. ie DS0/DS1 digitial subscriber then migrating to VoIP; if existing VoIP then integrating into larger JPMChase footprint)

§   Security (network, infrastructure, application) integration

·                 Assessing acquires security policies

·                 Performing penetration testing on acquire

·                 Design of network, infrastructure security architecture and providing application security recommendatons to applications team(s)

·                 Deployment of integrated solution (served as PM and SME during this phase)

§   Application integration

·                 Application inventory (as to functionality.. example: MAS 90 is a financial accounting application)

·                 Identification of similar (functionality) applications resident within JPMC applicaton inventory (example: acquire uses MAS 90 an accounting application; JPMChase utilizes SAP FI/CO)

·                 Design of migration strategy for acquire to migrate from current application to JPMCHase standard (example: migrating from MAS 90 to SAP FI/CO might involve migration of chart of accounts, migration of relevant general ledger and subsidiary account balances, etc)

§   Storage (and virtualization) integration

·                 Identification of acquires storage utilization and dispersal (by dispersal is meant the number of variant devices that accommodate specific storage .. example the customer information database is distributed across 5 RAID striped disks)

·                 Determination of trend data related to acquires storage utilization (example: the sales data store grows by 10% a year)

·                 Identification of utilization metrics per acquires data stores (example: the sales data store is set at 500MB but only 100 MB is currently utilized, with a projected growth of 50 MB per year)

·                 Design of solution to accommodate acquires data storage requirements within the larger JPMChase footprint

·                 Design of virtualization solution to optimize storage utilization (per acquire) yet meet service level agreements

·   Mergers

o   <acquisitions.. focused on merging the IT infrastructure of 2 large enterprise entities>>

Accomplishments

·   Engaged with enterprise architecture to ensure the architecture of the optimum infrastructure to support the merged JPM Chase and Bank One

·   Integrated several smaller acquired companies into the larger footprint of JPM Chase

·   Developed security governance framework for web facing elements of JPM Chase

British Telecom                              2/2003-5/2006

Program Architect

Responsibilities:

·   Develop infrastructure to support organizations renewed strategic plan (deploying additional and diversified telcom products, as well as expanding the global footprint of service provision)

·   Engage with customer facing units to ascertain the products they intend to offer, translating such offerings into infrastructure requirements, as well as deriving relevant performance metrics based on expected user experience

·   Engage industry groups to obtain clarity on existent and proposed technologies and how to best integrate them into the organization’s framework

Architecture Approach and Methodology

o          Business Requirement

o New build

§  Step1 : Gather LOB requirements, ensure clarification

§  Develop systems requirements and requirements traceability document to ensure each business requirement is addressed in full by one or more system(s) requirements

§  Identify system requirements that are infrastructure related

§  Identify descended infrastructure requirements that devolve from application specific systems requirements (these become infrastructure application requirements)

§  Develop infrastructure requirements and ensure that each maps to one or more systems (infrastructure related) or application (infrastructure) requirements

§  Perform gap analysis to ascertain deficiencies in existent infrastructure In accord with systems requirements

§  Identify new infrastructure requirements (as pertains to system requirements demanding something of infrastructure which is non-existent.. example.. system requirement calls for – at a high level – provision of voice mail, infrastructure does not support voice mail)

§  Segregate infrastructure requirements into relevant discplines (data network, voice network, wireless network, operating system, user authentication and resource access, storage, virtualization, security)

§  Identify dependencies between variant discplines (ex: voice data is dependent on data network provision of sufficient bandwidth and latency, jitter constraints)

§  Develop relevant discipline architectures and tie them together for a wholistic architecture

§  Perform validation (by meeting with LOB, application architects, vendors) of proposed solution, making revisions as necessary

§  Obtain sign-off on proposal

§  Develop implementation plan/ strategy .. involves project plan (resource plan, budget, schedule, risk management plan, quality management plan)

§  Deploy solution as to plan

o Exisitng environment

§  < .. customer service representatives. Business would like to enhance this application and open it to customers. Gap analysis focuses on additional bandwidth requirements, storage requirements and security requirements)

o          Technical Requirement

Such requirement is sourced from IT, the CIOs office or the applications group(s), includes enterprise architecture group. Such requirement lacks a business requirement, hence the process is initiated with a systems requirement.

Process is similar to above, but begins at the system requirement decomposition level

 

 

 

Skillsets:

·   Professional Certifications/ Credentials:

o   CCIE Written – Route and Switch track

o   CCIE Written – Wireless Track

o   CCIE Written – Service Provider track

o   CCIE Written – Voice (Collaboration) Track

o   CCIE Written – Security track

o   CompTIA Storage

o   VMWare Certified Professional

o   Certified Ethical Hacker

o   PMP

o   CISSP

o   Oracle Java 7 Certified Developer

o   Oracle Certified on Enterprise Java Beans development

o   Oracle Certified web components developer

o   Oracle Certified Web Services (SOAP, REST) developer

o   Microsoft Certified C++ Desktop and Business applications developer

·   Data Networks:

bridging and lan switching
	spanning tree protocol (rstp, pvst+)
ip addressing
	sub-netting
	arp
	hsrp
	vrrp
	tcp load distribution
ip routing
	ospf
	eigrp
	rip
	static routes
	bgp
	route reflectors (bgp)
	route confederations (bgp)
	as path attributes (bgp)
	route summarization
	route redistribution
	distribute lists
qos
	tos, ip precedence (ipp)
	cos (class of service)
	dscp
	marking
	queuing
	dropping
	traffic shaping
multicast
	igmp snooping
	distribution trees
	pim dm mode
	pim sparse mode
	rendesvous points
mpls
	label switch router
	label distribution
	label switched path
	layer 3 VPNs
	VRFs

 

·   Wireless Networks

l2/l3 network infrastructure wireless support
	network connectivity
		wlan clients
		standalone wlc
		integrated wlc (wism)
		access points
	PoE
	qos
	multi-cast
autonomous deployment mode
	management access
	network services
	modes/ roles
		standalone
		p2p, p2mp bridge
		repeater
		workgroup bridge
	ssid/mbssid
	security
		l2 security on ssid
		l2 encryption on vlan
		local eap authentication
	igmp snooping
	qos
		clear channel assessment
		wlan qos tagging
	wds
		infrastructure access points
cisco unified wireless deployment model
	management access
		wlc
		lightweight Aps
	interface settings
		ports
		interfaces
	lightweight Aps
		CAPWAP/LWAPP protocol
		802.1x authentication
		locally significant certificates
		AP modes

 

·   VoIP Networks

Infrastructure
	Multi site WAN centralized call processing
	Multi site WAN distributed call processing
	Voice VLAN, Wireless Voce WLANs
	QOS (L2 COS, L3 QOS -- marking, queuing and prioritizatio of voice traffic; traffic shaping)
Telephony Standards and protocols
	RTP
	RTCP
	SCCP
	MGCP
	SIP
		SIP SDP
	Gatekeepers
		H.323
		MGCP
	Gateways
		H.323
		MGCP
	Analog telephony
		FXO
		FXS ports
	Signalling (telephony)
		T1 CAS
		ISDN (Q signalling; PRI, BRI)
	Fax services over IP
	Modem services over IP
CUCM
	CUCM Groups
	CUCM Device pools
	codec specifications
	Media resources
	Dial plan
		Partitions and calling search spaces
		Translation patterns
		Route patterns
		Route lists
		Application dial rules
		Directory dial rules
		SIP dial rules
		Digit manipulation
	Trunks
		H.323
		SIP
	SIP URI dialing
	Call Admission Control
	CUCM mobility
	Service Advertisement Framework
	Call Control Discovery
Cisco Unity Connection
	High Availability
	Integration with CUCM and CUCME
	CUC dial plan
	Call handlers
	Single inbox
	Visual voicemail
	voicemail for jabber
	CUC voicemail networking
Cisco Unified IM and presence
	CUCM IM and presence cluster
	cisco jabber
	Presence federation
Cisco Unified Contact Center Express (CUCCX)
	ACD (Intelligent Call distribution)
	IVR (Interactive Voice Response)
	Two server (cluster) deployment
	Integration with CUCM
IOS
	SRST(Survivable Remote Site Telephony)
	MGCP Fallback
	Dial plan
		voice translation rules
		dial peers
	Media resources
		dsp
		conferencing
		transcoding
	Call queueing
		Automatic Call Distribution
		Hunt groups
		call blast

 

·   Data Network Security

security protocols
	RADIUS
	TACACS
	ipSEC
	TUNNELS
	ssh
	secure sockets layer
	wireless security
application and infrastructure security
	https
	smtp
	ftp
	dns
	tftp
	ntp
threats, vulnerability analysis and mitigation
	ICMP attacks
	ping floods
	man in the middle attacks
	replay attacks
	spoofing attacks
	back door attacks
	bot and botnets
	wireless attacks
	DOS and DDOS attacks
	header attacks
	tunneling attacks
security and attacks tools
	packet sniffer and capture tools
	network service mapping tools
	vulnerability assessment tools
content filtering
	active x filtering
	java filtering
	url filtering

 

·   Storage:

NAS (Network Attached Storage)
	UNC addressable storage
	TCP/IP based storage
	NAS File systems
Storage Networking
	Fiber Channel
	iSCSI
	WAN based storage
STORAGE MANAGEMENT
	provisioning
	management protocols
	MONITORING, ALERTING AND REPORTING
business continuity
	backup scheduling
	storage location dispersal
design
	architecture
	high availability
	failover
	oltp
	cloud service
	storage as a service
	platform as a service
	redundancy
	failover clustering
	redundant paths to disk
	cache mirroring
	replication
	site redundancy

 

·   Cloud Architecture

o   MS System Center 2012

§   Cloud service deployment and management

§   Application delivery

§   Private clouds

·   Information Security

o   Information security governance and risk management

o   Software development security

o   Operations security

o   Business continuity and disaster recovery

o   Hacking and penetration testing

o   Footprinting and reconnaissance

o   Network scanning

o   Enumeration and ecnryption

·   Database Systems

o   Logical and Physical database design

o   MySQL

o   MS SQL Server 2012

o   Apache Hadoop

o   MapReduce

o   MongoDB

·   Virtualization

network virtualization
	virtual switches
	VLANs in virtual networks
	vNetwork distributed switches
storage
	fiber channel
	iSCSI
	NAS
	VMFS (Virtual Machine File System)
	Thin provisioning
virtual machines
	creation
	templates
	virtual appliances
	vApps
backup and high availability
	backup
	high availability

 

·   Operating Systems

o   Windows 2012 server

§   Active Directory design

§   DHCP Design

§   DNS File and storage design

§   Clustering

§   Business continuity

o   Linux

§   Security

§   Kernel compilation

§   Filesystem management

o   Sharepoint Server 2013

§   Logical and physical design

§   Web and service applications

§   Security and taxonomy

§   Search services

·   Enterprise Architecture

o   TOGAF

o   J2EE

o   SOA

·   Software development

o   Java

o   C+

o   Objective C

o   Ruby

o   Python

o   Assembly

o   SQL

o   R

o   Enterprise Java Beans

o   Java Web Services

o   Java Web Components

o   DHTML

o    

·   Business Skills:

o   Project Management

§   Project schedule

§   Project budget

§   Project risk management plan

§   Project resource management plan

§   Project monitoring and control plan

§   Action item tracking

§   Risk and issue tracking and remediation

o   Finance and Accounting

§   Cost accounting

§   Budget development

§   Budget tracking and correction for variances

§   Financial analysis (project based) utilizing tools such as NPV, ROI, IRR, payback period

Infrastructure Architect Addendum (Work Products)

Project A: (LOB Sourced)

Problem definition
Business expressed desire to establish additional revenue channels utilizing the internet (i.e. provide for customer purchases and interaction via internet)
Business expressed desire to enhance customer relationship management activities at reduced cost, via internet
Infra requirements
Provide internet connectivity for customers to related business applications
provide connectivity for internet based customers to connect with corporate (customer service) employees
Data Arch
Network connectivity between internet and hosted web servers
Load balancing at ingress to distribute traffic amongst web servers
Network connectivity between internet users and customer service group
QOS implemented and WAN entry and exit points to minimize adverse impact o internet user trafic
Security Arch
Definition of RADIUS authentication to ensure only authorized users gain access
Definition of method of https deployment to ensure secure connection between users and corporate web servers
content filtering definition (active X, java, url) to ensure only permitted content allowed
Storage Arch
storage network design (to accommodate web servers, application servers, databases)
	fiber-channel network design
		world-wide naming definition
		service class definition
		addressing definition
		redundant fabric design
	provisioning
		lun provisioning definition
		thin provisioning definition
	backup
		schedule definition
		site redundancy definition
Virtualization Arch
storage virtualization design
host backup definition
host failover capacity planning
Data Arch
Data sources
Data format
Data quantity
Data metrics
Data transformation
Data output and targets
App Arch
Data inputs
Objects and classes
Tables and rows
Business rules applied to data and how implemented
Data transformation features of application
Data output of application
Presentation (to end user) format
Inter-application exchanges (identify all involved applications)
Data exchanged with related applications
Middleware to facilitate inter-application data exchange
Application concurrency requirements
Application interactivity requirements

 

 

Project B(LOB sourced):

Problem definition
Business expressed need to deploy an expanded customer service center
Business expressed need to contain costs in such deployment
Business expressed need to integrate deployed customer service center with existing corporate infrastructure
Business expressed need to be able to monitor and record customer service calls
Infra requirements
WAN link from existing corporate offices to new customer service center
Minimization of call tarrifs
Integration of new customer service center with corporate offices
Ability to record and monitor voice calls
Voice Arch
	CUCM
	VLAN specification (Voice VLAN, data VLANs) at remote site
	Device pools definition for new site	QOS (ingress and egress) specification for new site
	codec specifications for new site	Routing design (OSPF stub at new site)
	media resource(s) specification for new site
	dial plan specification for new site
	trunking (sip) specification for new site
	call admission control specification for new site
	Cisco Unity
	CUC dial plan for new site
	Call handlers specification for new site
	single inbox specification for new site
	cuccx
	ACD (intelligent call distribution specification)
	Interactive Voice Response specification
	Cluster specification
	ios
	srst
	mgcp fallback design
	dial plan design
	call queueing design
storage architecture
NAS defined at remote site to host recorded communications
replication between remote site (NAS) and corporate data center defined
virtualizatio architecture
Virtualization architecture defined at remote site for NAS storage
Virtual networks (virtual switches, virtual VLANs) defined at remote site
VMFS (LUN design) defined at remote site
Virtual machines defined at remote site
virtual machine backup defined at remote site

 

 

Project C (LOB sourced):

problem definition
Business expressed need to enhance its IT infrastructure
Included were expansion of wireless reach (BYOD, etc)
Expansion of voice reach (VoIP)
Standardization of network (especially as related to acquisitions)
Enhancement of security measures (IT security)
Reduction in IT costs
infrastructure requirements
Consolidate IT resources to reduce cost
Minimize tarriffed phone traffic (i.e. across PSTN)
Deploy VoIP corporate-wide
Establish infrastructure standards and establish roadmap for succesful deployment
Conduct penetration test to identify security weaknesses (such testing should be all encompassing to include data at rest and data in transit)
Develop mitigation strategies to remedy any identified security weaknesses
voice architecture
Gateway design
Gatekeeper design
Multi-site WAN with distributed call processing design model deployed
CUCM
	cucm GROUPS
	CUCM device pools
	codec specifications
	media resource specifications
	dial plan design
	sip trunking design
	call admission control design
	call mobility design
CUC
	CUC dial plan design
	high availability design
	call handler specification
	integration with cucm specification
CUCCX
	Intelligent CALL distirbution design
	interactive voice response design
	cluster deployment design
	integration with cucm specification
remote sites
	SRST design
	MGCP fallback design
	dial plan design
data network architecture
Standardized on OSPF as IGP and BGP as EGP
OSPF
	area definition (area number, subnets, type of area, summarization)
	route summarization defined
	route redistribution defined
		eigrp to ospf (during migration to standard IGP)
		ospf to bgp
bgp
	ibgp
		route reflector design for internal peering
	ebgp
		as path filtering defined
		distribute lists defined
		route maps defined
		path manipulation using bgp path attributes defined
		redistribution between bgp and ospf defined
layer 2 (pvst, rstp)
	spanning trees defined
	bridge and port priorities established
	bridge and port types defined
qos
	traffic classes defined (in terms of interested traffic)
	marking defined
	queuing defined
	traffic shaping at WAN edges defined
multicast
	sources and destinations defined
	PIM-DM design
	Rendesvous point definition
	PM RP Bootstrap router defined
MPLS
	MPLS Layer 3 VPNs defined
	VRFs defined
data security architecture
Protocols
	TACACS design
	ipSEC design
	tunnel design (GRE)
	ssh definition
	wireless security definition
applications/ infrastructue (security design for):
			https
			smtp
			ftp
			dns
			tftp
			ntp
penetration testing (utilizing following tools) to identify weaknesses
	password crackers
	windows access tools
	packet sniffers
	network service mapping tools
	threats introduced include
		ICMP attacks
		ping floods
		man in the middle attacks
		replay attacks
		spoofing attacks
		back door attacks
		bot and botnets
		wireless attacks
		DOS and DDOS attacks
		header attacks
		tunneling attacks
weakness remediation (to include)
	IDS/IPS design
		signatures
		alerts
	network access security design
	wireless security definition
	application security recommendations (to overcome issues such as buffer overflows, race conditions, object encapsulation, etc)
wireless architecture
network connectivity
	wlan client definition
	integrated wlc solution design
	access point design
	poe requirements budget
	qos specifications
	multi-cast specifications
autonomous ap deploymenty
	network services design
	repeater, workgroup bridge specification
	ssid definition
	l2 security on ssid specification
	local eap authentication specification
	qos design
	infrastructure access point specification
cisco unified wireless deployment model
	wlc design
	lightweight AP specification
	AP group specification
	radio setting(s) specification
	wpa layer 2 security design
	vpn pass-through, web authentication design
	rogue location discovery protocol deployment
	layer2/3 roaming design
	wireless gueat access design
	mulicast roaming design
	qos design
storage architecture
SAN architecture
	fiber channel design
		worldwide naming
		service classes
		addressing
		protocol (FCIP, FCoE)
		topology (redundant fabric)
provisioning
	LUN provisioning defined
	Thin provisioning defined
	<>
backup strategy defined
high availability design
failover design
virtualization arch
	network
		virtual switches design
		virtual VLAN design
		vNetwork distributed switch design
	storage
		storage virtualization design
		VSANs
		Fiber Channel based
		VMFS specification
	virtual machines
		templates defined
		virtual appliances defined
	backup and high availability
		virtual machine backup definition
		virtual host backup definition
		data recovery design
		host failover design

 

 

Project D (IT sourced, Director of Network Operations)

Responsibility: Served as Network architect responsible for delivery of entire solution. Developed high level architecture, served as project manager on the deployment aspect of solution.

Project deliverable: Comprehensive Network Architecture

Objective: Develop enterprise scale network architecture to encompass data traffic, voice traffic, wireless traffic as well as incorporate security aspects.

Deliverable components:

·   Data network

o   IP addressing scheme and allocation

o   VLAN definition and assignment (to departments, devices).. inclusive of VLAN trunking and tagging

o   Multi-casting (specifically PIM Dense mode)

o   QOS (traffic categorization, marking, queuing, and drop criteria definition)

o   WAN (MPLS traffic engineering, MPLS design)

o   Routing (interior gateway) – OSPF (area definition and allocation, route summarization, route redistribution, stub area definition)

o   Routing (exterior gateway) – BGP (as path attribute manipulation to control path selection, redistribution into and out of OSPF, route reflector definition for iBGP sessions)

·   Voice (over IP) network

o   Voice VLAN definition

o   QOS definition to prioritize voice (RTP) traffic (both at layer 2 – COS and Layer 3)

o   Gateway design (MGCP)

o   Gatekeeper design

o   Dial plan definition

o   Digit manipulation definition

o   SRST for remote sites, as well as MGCP fallback

o   Multi-site WAN with distributed call processing (incorporating CUCM clusters)

·   Wireless network

o   RF site survey, and AP placement definition

o   Radio (RF) settings definition

o   Wireless QOS

o   Wireless VLAN (WLAN) definitions and mapping to wired VLANs

o   Guest wireless definition

o   Wireless multicast

o   Voice and media over wireless design

·   Network security (wired and wireless)

o   IPS/ IDS deployment

o   VPN tunnel deployment

o   Cisco ISE deployment

o   Firewall deployment (Cisco ASA and Palo Alto)

 

Project E (IT Sourced CIO Office)

Project deliverable: Server Infrastructure/ Storage architecture

Responsibility: Served as Infrastructure architect responsible for delivery of entire solution. Developed high level architecture, served as project manager on the deployment aspect of solution.

 

Objective: Develop storage architecture and windows services infrastructure to support data resiliency, as well as business continuity

Deliverable components:

·   Windows Active Directory

o   DNS zone definition

o   Active directory sites definition and site to site replication definition

o   AD (Active Directory) Rights management services definition

o   AD Federation services

o   User and group account description

o   Group policy definition

·   EMC Storage services

o   RAID levels definition (specifically RAID1, RAID 5)

o   SAN (Storage Area Network) design

o   NAS (Network Attached Storage design) – fiber channel (over IP and Ethernet)

o    

·   VMWare storage virtualization

o   Virtual storage design (with failover – active/ active)

o   Virtual network design

o   Virtual machine design

o   ESX design

 

Project F (IT sourced VP Information Technology, reports to CIO)

Project deliverable: Data center architecture

Responsibility: Served as Solution architect responsible for delivery of entire solution. Developed high level architecture, served as project manager on the deployment aspect of solution.

 

Objective: Develop architecture for corporate data center, regional data centers, corporate primary and backup data center, regional primary and backup data center. Regional data centers utilize corporate data center as backup; corporate data center has primary and backup. All primary and backup data centers are active/ active.

Deliverable components:

·   Data network (WAN – MPLS, some remote sites use DSL):

o   Redundant links connecting regional primary and corporate backup data centers (sizing, QOS metrics)

o   Redundant links connecting corporate primary and backup data centers

o   Redundant links from sites to (a) regional primary data center; (b) regional backup data center

·   Server farms

o   Server farm allocation (either of internet, intranet, extranet – for business partners, corporate)

o   Routing design and layer 2 design for allotted server farms (i.e. intranet traffic should not hit corporate server farm)

o   VLAN design and assignment to server farms

·   Load balancing

o   Server load balancing (within server farms)

o   VPN/ IPsec load balancing (for extranet connections)

o   Firewall and IDS/ IPS load balancing

·   Security

o   VPN tunnel design

o   Firewall design and deployment

o   IDS/ IPS design (signatures, alerts, monitors) and deployment

·   Features

o   Streaming design (HTTP, RTP)

·   Storage architecture

o   Design of fiber channel over IP NAS

·   Virtualization architecture

o   Design of virtual storage (with fallover and disaster recovery)

o   Design of virtual networks