Riyaz - Network Architect |
[email protected] |
Location: Duluth, Georgia, USA |
Relocation: |
Visa: |
|Network Design & Implementation| |Data Center / Cloud / Automation / Virtualization / Security / Load Balancer / SDWAN|
A results-driven IT Network and Cloud engineer with 17+ years of extensive experience in working with multi-vendor environments and handling projects of Network/Cloud Design, Implementation, Transition, Migration, Operation, technical solutions, and documentation of network infrastructure services. Experienced in various network projects implementation for Data Centers infrastructure LAN/WAN/Cloud/SD-WAN / Equinix / Load balancer F5 LTM-GTM-Viprion (vCMP) and Security. Proven ability to lead and motivate teams to ensure success track record for diagnosing complex problems and consistently delivering effective solutions. Large Scale Network Engineering and Management Project Planning, Execution & Leadership Troubleshooting & Best Practices Implementation Transition and Transformation Risk Assessment and Mitigation Analytical and problem-solving skills Vendor Management Technical Skills: Routing/Switching: BGP, EIGRP, OSPF, MPLS, VRF, HSRP, VRRP, VLANs, PBR, IP SLA, Route filter, Redistribution, VTP, STP, RSTP, PVSTP, SPAN, Ether Channel, IP Multicast, NAT, SNMP, IOS Upgrade, ACI, ISE, Nexus. Cloud: AWS/AZURE/GCP VPC, EC2, Subnet Private/Public, Route Table, Security Groups, NACL, IGW, NAT GW, Transit GW, VGW, Direct Connect, VPC Peering, ELB, Application/Network LB, ENI, GWLB, Flow- logs, Endpoints, S3, Route53, CloudFront, Private Link, VNET, Express route, NSG, VPN Gateway, MFA, Ap- plication Gateway, Traffic Manager, VM, VNICs, UDR, DNS, Load Balancer, Front Door, RBAC, Policy, Azure Network Watcher, Private Link, VNET Peering Multi-cloud: Aviatrix Controller, Co-pilot, HUB & Spoke. Load Balancer: F5 LTM, GTM, Viprion (vCMP guests) & Big-IQ Automation: Terraform, Python scripting Network Virtualization: Equinix Network Edge, BYOL, Device link, BYOC, Virtual Connections, Metro Connect, Fabric Port, OOB connectivity. SD-WAN: Cisco Meraki, FortiNet Out-of-Band - Raritan Security: Cisco ASA, FortiGate and Checkpoint firewalls, FTD. VPN: IPSec, Remote access, GRE, DMVPN Web Proxy: Websense, Barracuda, ZScaler. DNS: Internal & Public (Akamai) Network Applications: Logic Monitor, NetFlow, Wire Shark, Host Monitor, AAA, DNS & IPAM. Ticketing Tools: ServiceNow, Remedy, Assyst. Education: B. Sc. Information Technologies (2011) from Punjab Technical University, India 3yrs Diploma in Electronics & Communications (2005) from Bord of Technical Education Delhi, India Senior Secondary School (2003) from CBSE Board Delhi, India Certifications and Trainings: Cisco Certified Network Professional (CCNP) - Active CCIE R&S Written Exam - Active Cisco Certified Network Associate (CCNA)-Expired Cloud-AWS/AZURE/GCP Training and hand-on experience Multi-cloud Aviatrix - Certified Virtualization Equinix Training and hand-on experience SD-WAN - Cisco Meraki & FortiNet Training and hand-on experience Automation-Terraform/Python - Training and hands-on experience. Security Firewalls CheckPoint, FortiNet and Cisco ASA, FTD - Training and hand-on experience F5 Load Balancer - LTM/GTM/Viprion/vCMP, BIG-IQ Training and hand-on experience Agile framework and ITIL Foundation - Expired MCP Microsoft Certified Professional - Expired Major Projects Delivered: Data Center commissioning and decommissioning. Build Cloud AWS/Azure environment and extended connectivity to on-prem data centers. Applications migration from on-prem to public cloud platform. Build virtual network on Equinix platform, incorporate physical environment, and extend connectivity to other regions, MPLS and Cloud AWS/AZURE/GCP. Build Cisco Meraki SD-WAN environment for multiple regions, enabled regional based failover and mi- grate remote sites. LAN/WAN upgrade for Data Center, CORP offices and Remote sites. Remote sites IPSec VPN migration and 3rd party vendor connectivity management. Application services integration and migration on to F5 LTM/GTM & Viprion (vCMP guest) Cisco Router/Switch and F5 device (LTM/GTM/vCMP) implementation and firmware upgrade. EoSL Network device upgrade, replacement and decommission. Network device hardening, vulnerability checks and remediation. Professional Experience: HCL America Inc. Client: IHG (InterContinental Hotels Group) - Atlanta GA Role: Consultant Network Design/Implementation Dec-2018 to Dec-2021 Offshore INDIA Jan-2022 to till date. Atlanta GA, USA Project Description IHG-Intercontinental Hotels Group Works as Network design and implementation engineer, handling projects of network and cloud design, implementation, technical solution, migration, and operational support in multivendor environment. Manage Data Centers, corporate offices, remote locations, and vendor connectivity. Manage and support LAN/WAN/Cloud/SD-WAN/Security/Cisco-ISE/ACI/Routing-Switching/F5 LTM-GTM Traffic Load Balance / Multi Cloud Aviatrix / Equinix / Virtualization and Automation. Works as escalation point for major and escalated incidents. Job responsibilities: Data Center network infrastructure, Cloud and SDWAN design, build and implementation, troubleshooting, testing, feasibility, validation, and overall delivery of network projects. Participating in network project planning and execution to build and implement network infra as per agreed scope of work. Prepare and review network architecture diagrams and documents, Identify and mitigate risks in the existing network infrastructure. Led the strategic development and implementation of Software-Defined Wide Area Network (SD-WAN) solutions, ensuring optimal network design and functionality. Responsible for deployment, Integration and Troubleshoot LAN/WAN, Cloud-AWS/GCP, Cisco Core Routers/Switches, Nexus, ACI, SDWAN, CheckPoint, F5-LTM/GTM, IPSec/Remote VPN. Design and manage AWS/AZURE cloud services of network connectivity, applications delivery, private access and security and support based on requirements and in alignment with existing Data Centers infrastructure. Design and manage Cisco Meraki and FortiNet SD-WAN environment and traffic failover. Manage Cisco Meraki dashboard and integrated Cisco Meraki Cloud managed Switches (MS250, MS350, MS410) and SDWAN (MX65, MX100, MX400) Build and manage virtual network on Equinix platform, incorporate physical environment and extend connectivity to other regions, MPLS and Cloud AWS/GCP. Manage F5 LTM/ GTM, applications integration and implement virtual servers, SNAT, Pools, Monitors, profiles, iRules, self IP, Network configuration, SSL, Curl, tcpdump, WideIP s, Topology zone/regions, traffic swing between data centers. Implemented and managed Cisco Identity Services Engine (ISE) solutions, ensuring seamless integration for robust network security, authentication, and access control. Provide support for complex layer 2, layer 3 issues and other services (STP, VLAN, IPsec, VPN, NAT, MPLS, BGP, EIGRP, OSPF) Architected and implemented robust network solutions, leveraging advanced switching and routing technologies expertise to enhance system reliability, scalability, and overall performance. Manage and configure policy-based routing for complex network systems and configured Multiprotocol Label Switching (MPLS) with multiple VRF. Tuned BGP internal and external peers with manipulation of attributes such as as-path, local preference, weight, metric, origin, and community-based traffic filtering. Network automation configuration and testing using Ansible, Python scripting to manage, monitor, test and configure network devices. Implement and manage Cisco Nexus 9K, 7K, 5K, 2K, configuration of VDC, VPC and FEX. Manage Cisco ACI Spine Leaf Architecture, configuration of Overlay and Underlay Architectures, VXLAN, EVPN, MP-BGP, BGP, Cisco ACI. Migration from legacy Data Center Architecture to Spine Leaf. Establish Direct Connect, VPN network connections between cloud and on-prem data center. Migrate existing on-premises applications to public Cloud AWS/GCP. Manage AWS Accounts, Subscriptions, Virtual Networks, Subnets, Security Groups, NAT Gateways, Ap- plication Gateway, VPN Gateway, Traffic Manager, ExpressRoute, etc. Implement and manage Transit Gateway and having good knowledge to manage and route traffic among multiple VPCs. Experience in provisioning Infrastructure as Code (IaC) using Terraform, support and tshot on issues reported from existing Terraform scripts. Build Terraform modules for Cloud Networking products as per requirements. Implementing, managing, and troubleshooting Routing protocols (RIP, EIGRP, OSPF, BGP, MPLS), route filter and redistribution, redundancy protocols (HSRP, GLBP and VRRP) on Layer 3 VLANs, Standard and Extended ACLs, VTP, EtherChannel, STP, RSTP, and MST on Layer 2 technologies, IP addressing and NAT/PAT, Deployment of IPSec Site to Site and Remote VPN. Experience in installing, configuring, and managing AAA Authentication servers RADIUS & TACAS+, DNS and DHCP servers and management by means of IPAM and Active Directory Database. CheckPoint Firewall rules implementation and troubleshoot. Preparing SOP, Runbook, and technical documents for existing infra and new projects delivery. Technical transition of network projects to operation team and ensuring smooth handover and documentation. Environment: Cisco 3750, 3850, 9300, 6500, 4500, Nexus-9k,7k,5k,2k, Cat1Kv, Cat8Kv, MS250, MS450, ASR1001, ACI, ISE, F5 LTM/GTM/Viprion, Big-IQ, SSL, Firewalls CheckPoint, FortiNet,Meraki-MX450, MPLS, BGP, OSPF, EIGRP, PBR, Meraki-Wireless, Equinix Virtualization, SDWAN Meraki/FortiNet, VPN, Cloud AWS/GCP, Aviatrix, Terraform, Raritan, ZScaler, Splunk, ServiceNow, Skybox, Rally, Logic Monitor, Wireshark, IPAM, DNS, Akamai. British Telecom Client: NBS (Nationwide Building Society) - Gurgaon, India Feb 2015 to Aug 2018 Role: Lead-Network Build and Implementation Project Description NBS-Nationwide Building Society (Banking, Mortgage and Finance) Worked as Lead Network build and implementation engineer. Network project planning, implementation, troubleshoot, maintenance, operational support and change management. Escalation points of contact for major and highly escalated incidents. Managed Data Centers, Corp offices, remote locations, and vendor connectivity. Man- age and support LAN/WAN/Traffic Load Balance/Wireless/VPN/Web filtering-Proxy/DNS internal, external/Cisco-ISE/ACI, Nexus/Routing-Switching and Security. Job responsibilities: Manage Data centers, which include DC/DR, Corporate offices, and Remote sites. Contribute technically to the strategic direction of the team and to act as the lead technical interface between the client and the rest of the business during the project delivery phase. Planning and discussion with customers to understand their technical needs to provide better solutions based on project and requirement. Prepared Project plans, Network diagrams, proof-of-concept, Major Incident Analysis. Provided complete presentation to business and Network team for all Change Management activities in Network infrastructure. Network implementation, LAN/WAN up-gradation and 3rd party connectivity. Configure Nexus 7K, 5K switches for Data Center and implementing vPC for servers and LAN devices, configure 2K FEX for Data center connectivity expansion. Worked on F5 LTM and GTM modules. Installed F5 LTM and GTM from scratch, configured Virtual servers, SNAT, Pools, Monitors, profiles, iRules, self IP, Network configuration, CSR, SSL, Curl, tcpdump, Wide IP s, Listener IP, Topology Zone/Regions etc. F5 GTM/LTM Load balance rule creation and troubleshoot as per specific applications and customer requirements. Experienced in troubleshooting, maintaining, and integrating on F5 Big-IP LTM/GTM. Web traffic filtering through Proxy server and Firewall rules and troubleshoot. Extensive experience in implementing, managing, and troubleshooting IP addressing and VLSM subnet- ting, NAT, Routing protocols (RIP, EIGRP, OSPF, BGP, MPLS), First Hop redundancy protocols (HSRP, GLBP and VRRP) on Layer 3, VLANs, VSS, Standard and Extended ACLs, VTP, WLANs, EtherChannel, STP, RSTP, and MST on Layer 2 technologies. Install, configure, and manage AAA Authentication servers RADIUS & TACAS+, DNS and DHCP servers and management by means of Infoblox and Active Directory Database. Deployment of Site-to-Site IPSec VPN to connect with 3rd party vendor. Monitor and manage networks using SolarWinds NetFlow Traffic Analyzer, Network Performance Monitor (NPM), Network Configuration Manager (NCM); Cisco Prime, Security Device Manager (SDM), Cisco Works; Infoblox and Wireshark. Configured redundancy mechanisms for multi homed BGP network by tuning attributes for various net- work segments. Designed and integrated 10 gigabit networks using Cisco Nexus 7k series switches to improve performance of existing network. Involved in migration projects and replaced EOS/EOL devices. Network device hardening to remove erroneous and unwanted configuration. Coordinated with ISP for link commissioning, link up-gradation and end to end connectivity. IT Network Vendor Management includes ISPs and infrastructure support providers for implementation, upgrades, and maintenance. Environment: Cisco Cat2960, 3750, 3850, 6500, 4500, Cisco 2800/2900/3600/3845/7200 routers, Nexus 7k, 5k, 2k, ASR1001, F5 LTM/GTM/Viprion, SSL, Firewalls CheckPoint, MPLS, BGP, OSPF, EIGRP, PBR, VPN, DNS/DHCP, Wi-Fi, WLANs, VPN, DMVPN, Infoblox, Splunk, Barracuda, Websense, Solar wind, Wireshark, MPLS, BGP, OSPF, EIGRP, PBR, IPsec VPN, DMVPN, Raritan, IPAM, DHCP, DNS, Wireshark, ServiceNow. TATA Consultancy Services Nov 2011 to Feb 2015 Client: Zimmer Business Solutions (Life Science) Gurgaon, India Role: Network and Security Administrator Job responsibilities: Managed Data Centers, corporate offices, and remote sites. Managed Cisco network consisting of a high speed, high availability core campuses by performing installations, technical administration, upgrades, and troubleshooting. Configure and manage complex layer 2, layer 3 issues and other services (STP, VLAN, IPsec, VPN, NAT, MPLS, BGP, EIGRP, OSPF) Worked on cisco routers series 7200, 6500, 4500, 1700, 2600 and 3500 series to perform routing, switching, Ethernet, NAT, and DHCP, LAN /WAN support. Implement, manage, and troubleshoot Routing protocols (RIP, EIGRP, OSPF, BGP, MPLS), VPN, NAT, HSRP, GLBP and VRRP on Layer 3, VLANs, VSS, Standard and Extended ACLs, VTP, WLANs, EtherChannel, STP, RSTP, and MST. Configured policy-based routing for complex network systems. Worked, managed, and maintained LAN networks, VLANs and database, Port Security. Maintained Cisco ASA security policies including NAT, VPN, and Secure Remote access, Configured IP- SEC VPN (Site-Site to Remote Access) Configure static NAT, dynamic NAT, inside Global Address Overloading, TCP overload distribution, Overlapping Address Translation Participated in L2/L3 Switching Technology Administration, creating and managing VLANs, Port security, Trunking, STP, Inter-VLAN routing, LAN security and server management. Modified internal infrastructure by adding switches to support server farms and added servers to existing DMZ environments to support new and existing application platforms. Worked on Cisco Nexus 7k, 5k, 2k series and successfully implemented VDCs and VPCs and configure VSS on the Cisco 4500 switches. Worked on RADIUS, TACACS+ authentication servers and DNS, DHCP servers. Completed service requests on IP readdressing, bandwidth upgrades, IOS/platform upgrades. Worked on Cisco WLC and successfully implemented and managed Wireless Access Point. F5 GTM/LTM Load balance rule creation and troubleshoot as per specific applications and customer requirements. Worked on F5 LTM and GTM modules and configured Virtual servers, SNAT, Pools, Monitors, profiles, iRules, self IP, Network configuration, CSR, SSL, Curl, tcpdump, Wide IP s, Listener IP, Topology Zone/Regions etc. Deployed, Managed, monitored, and supported Barracuda and Websense Proxy for content filtering, internet access between sites and VPN client users, forward proxy scenario and reverse proxy scenario for security and worked on adding URLs in Barracuda and Websense Proxy SGs for URL filtering. Maintained and Supported Multiprotocol Label Switching (MPLS) on WAN network. Worked with different vendors for company products, solutions, and performance. Environment: Cisco Cat2960, 3750, 3850, 6500, 4500, Cisco 2800/2900/3600/3845/7200, Nexus 7k, 5k, 2k, Cisco VoIP, F5 LTM/GTM/Viprion, SSL, CheckPoint FW, ASA 5505, IPS, IDS, LAN, WAN, MPLS, BGP, OSPF, EIGRP, PBR, VPN, DMVPN, DNS/DHCP, Wi-Fi, WLANs, Barracuda, Websense, Solar wind, DHCP, DNS, Wireshark, ServiceNow. Wipro Infotech Ltd. - Noida & Gurgaon, India Jun 2007 to Oct 2011 Client: Cairn Energy (Oil and Gas exploration) & Uninor (Telecom) Role: Network and Security Administrator Job responsibilities: Manage Data centers, which include DC/DR, Corporate offices, and Remote sites. Implement, manage, and troubleshoot Routing protocols (RIP, EIGRP, OSPF, BGP, MPLS), route filter and redistribution, redundancy protocols (HSRP, GLBP and VRRP) on Layer 3 VLANs, Standard and Ex- tended ACLs, VTP, EtherChannel, STP, RSTP, and MST on Layer 2 technologies, IP addressing and NAT/PAT, Worked on moving strategies for data center between different locations, and from Cisco 4500 based data center to both Cisco 6500 and VSS based data center. Played an important role in a team by implementing and documenting Switching Topologies, VLAN management, Port security, Trucking protocols, STP configuration, Inter-VLAN routing, LAN security and preparing Microsoft Visio reports and designs. Worked, managed, and maintained LAN networks, VLANs and database, Port Security. Worked on Cisco ACE load balancer in data center environment and performed testing and trouble- shooting of load balancing mechanism. Maintained Cisco ASA security policies including NAT, VPN, and Secure Remote access, Configured IP- SEC VPN (Site-Site to Remote Access) Worked as a part of the security team and daily tasks included firewall rule analysis, rule modification, and administration. Implemented VoIP solutions using SIP & H.323 for Cisco routers 2851 and practiced sound knowledge of Avaya VoIP products. Experienced in working with Session Initiation Protocol (SIP) Trunking for voice over IP (VoIP) to facilitate the connection of a Private Branch Exchange (PBX) to the Internet Responsible for deployment, Integration and Troubleshoot Cisco Core Routers, firewall rules, LAN/WAN tshot and traffic load balancing. Redundancy mechanisms for multi homed Border Gateway Protocol (BGP) network by tuning attributes for various network segments. Vendor management for upgrade and maintenance activities. Environment: Cisco Cat2960, 3750, 3850, 6500, 4500, Cisco 2800/2900/3600/3845/7200, Nexus 7k, 5k, 2k, Cisco VoIP, F5 LTM/GTM/Viprion, SSL, CheckPoint FW, ASA 5505, IPS, IDS, LAN, WAN, MPLS, BGP, OSPF, EIGRP, PBR, VPN, DMVPN, DNS/DHCP, Wi-Fi, WLANs, Barracuda, Websense, Solar wind, DHCP, DNS, Wireshark, Assyst. HCL Info Systems Delhi, India Jan 2007 to Jun 2007 Client: GAIL (Gas Authority of India Ltd) Role: Network Engineer Job responsibilities: Configuration and Installation of all LAN Devices and post installation routine operational tasks and configuration of network infrastructure. Configure, support, and troubleshoot on Cisco routers and switches. Support for user/group administration, troubleshooting day-to-day problems, daily backup, network problems, software problems and Hardware problems. High CPU/ Memory Issues (Routers and Switches), Ethernet troubleshooting. Ensuring regular backup of network devices i.e. NMS, Servers, Routers, Switch& F5 (LTM)etc. LAN Security: DHCP Snooping, IP source guard, Port security. Coordination from third party vendors like ISP s & other IT Vendors. Ensured availability and integrity of Network, System and Data through preventive maintenance and upgrade plans and implementations. Incidents resolving included LAN, VTP, ISL/ 802.1Q, IPSec and GRE Tunneling, VLANs, Ether Channel, Trunking, Port Security, STP and RSTP Configured IP addressing scheme and coordinated with LAN/WAN engineers to develop and implement various security policies. Provided Troubleshooting for IP conflict, DHCP, NAT, VPN, and other security related tickets. Experience in Server building, troubleshooting, capacity planning, application monitoring, patch management, password, and security management. Experience Domain Name System/Dynamic Host Configuration Protocol/IP Access Management (DNS/DHCP/IPAM) appliances. Experience and implementation of services like NFS, SSH, DNS, DHCP, LDAP. Defined and configured Group policies, Organizational Units, Security policies, NAT and anti-spoofing for internal, external networks and gateways and, also configured VPN policies and connection for employees to access servers. Worked on FTP, HTTP, DNS, DHCP servers in windows server-client environment with resource allocation to desired Virtual LANs of network. All types of Installation, Configuration, Assembling & troubleshooting of Desktop PCs (Dell, IBM & HP etc.) Monitored network and provided analysis, improvement scopes and support using various monitoring tools such as SolarWinds Performance Monitor and coordinated with onshore support teams to ensure flawless operations. Environment: Cisco Cat2960, 3750, 3850, 4500, Cisco 2800/2900/3600/3845, LAN, WAN, DNS/DHCP, Wi-Fi, Active Directory, Linux, Windows Server 2003/2008. Keywords: sthree rlang information technology ffive hewlett packard Colorado Georgia Michigan South Carolina South Dakota Wisconsin |