IT Infrastructure Management, including Security
- Data Center Implementations and Relocations.
- Cloud Migrations - Public and Private - Cloud Operations.
- Definition, implementation, test and validation of your DRP (possibly BCP).
- Management of your low-level technology layers. Updates and strategic changes.
- Infrastructure security
"And you ? How can I help you with your infrastructure projects ?"
Major Data Center Relocation Projects ↗
- Relocation of a Tier III equivalent Data Center and a Tier II equivalent DC to 2 Tier IV certified DCs in Luxembourg.
- These two complex projects took place in demanding environments with SLAs > 99.9% in accordance with the requirements of the aviation sector.
➡️ Remarkable details
- ✔️ ZERO downtime (aviation industry)
- 🛠️ Oracle, MS SQL, Java and several other technologies involved in this movement
- 🛠️ Advanced Replication Mechanisms
- 🛠️ An evolving network architecture throughout the project, from the project's starting point to its end point
- ⚡ 50 kW per computer room
- ⚙️ ️1000 virtual machines...
➡️ Timeline
- ⌛ Project timeline: 2 x 10 months
- 📅 When: 2019 and 2024
🧭 What I can bring you
- ➡ I can help you prepare and execute your Data Center migration
Building a Data Center from scratch. ↗
- The challenge here was to build a Data Center from scratch and recruit its team of specialists... which we did!
- Hiring 10 people, experts in their field.
- Installation of a first room serving 22 sites, including 4 sites in the Pacific.
- Installation of a second Data Center for redundancy based on metro-cluster technologies.
➡️ Remarkable details
- 🛠️ Second lines provided by a 100 Mbps radio link
- 📄 Printed materials in 6 languages, including Chinese and Korean
- 🛠 More than 500 Progress databases replicated in real time (in 2007, this was an achievement)
- 🧠 Consultant from Atos Singapore plus independent consultants
➡️ Timeline
- ⌛ Project timeline: 2 years
- 📅 When: 2006-2011 (and still active)
🧭 My value proposition
- ➡ I can help you radically evolve your IT infrastructure to its next model.
- ➡ I can help you structure/develop your IT operation teams.
Implementation of a room in a Data Center for a game publisher. ↗
- For an game publisher company based in Asia: installation of high-density racks.
➡️ Remarkable details
- The 📡 project was carried out entirely remotely, with the client not present during the installation.
🧭 My added value
- ➡ I support you independently, leaving you to concentrate on your core business.
Implementation of a room in a Data Center in a military context. ↗
- Setting up a computer room in a highly regulated environment.
➡️ Remarkable details
- ⌛ Project timeline: 1 year
- 📅 When: 2014
🧭 Concretely
- ➡ I bring you efficiency in managing highly regulated and secure environments.
Specifications of a room in a Data Center ↗
- Preparation and validation of technical infrastructure specifications for the new IT room of a major player in fund management in Luxembourg.
➡️ Technical detail
- ⚡ Power
- 🖧 Wiring
- 🧱 Access Management and Integration
- 🗄️ Rack architecture
🧭 The little extra that I bring
- ➡ Understanding and a taste for field realities and physical dimensions in IT room management and furnishing projects.
From public cloud to private cloud. ↗
- Repatriation to our Private Cloud in Luxembourg of one of the largest airlines in the Pacific, initially hosted in Hong Kong in the Public Cloud of a major Telco operator.
➡️ Remarkable details
- Rationale for migration: Simplification of operations management and simplification of incident management.
- 📡 Challenge: Pacific <=> Europe Latencies
- 🕒 Challenges: 7200 seconds of downtime allowed for this trip, not one more (exactly 2 hours)...
- 👥️️ Hundreds of simultaneous users worldwide.
➡️ Timeline
- ⌛ Project timeline: 12 months
- 📅 When: 2023
🧭 What I can bring you
- ➡ Managing your migration projects from one cloud to another, from one form of infrastructure hosting to the next...
- ➡ A meaningful experience to help you decide between Public Cloud, Private Cloud, Hybrid Cloud hosting.
Managing IT operations in the Public Cloud. ↗
- I was responsible for operations for clients expressing a desire to outsource their infrastructure to the cloud. Primarily on AWS. These environments included, for each client, several dozen virtual machines per customer, as well as, in some cases, large Oracle databases.
- I oversaw the teams responsible for administering the Microsoft tenant in Azure as well as all related licenses.
➡️ Remarkable details
- 🌐 24 x 7 x 365
- 🌍 Stations located all over the world
- 👥️ Hundreds of simultaneous users worldwide
- 🐳 Containerization of certain applications
- 🛢️ Oracle Database
- ☁️ AWS Cloud
- ☁️ Cloud AZURE (mainly for AD and O365, but not only.)
🧭 What I put at your service
- ➡ 7 years of experience in managing large environments (several thousand users distributed worldwide), managed, for some clients in the Public Cloud, for others in the Private Cloud (Hyrid mode)
Operation of SaaS solutions in the Public Cloud and in the Private Cloud ↗
- Context: Implementation and maintenance of SaaS solutions in Public Cloud or Private Cloud mode.
- Managing different versions and migrations between versions
➡️ Remarkable details
- ⚙️ ️1000 virtual machines shared between Public Cloud and Private Cloud...
- Containerization of certain application
- ✔️ Same SLA 99.9% → 99.95% in both hosting modes
🧭 The experience I bring
- ➡ A thorough understanding of the strengths and weaknesses of different hosting methods. ("SWOT")
- ➡ Expertise in managing the lifecycle of an application operated in SaaS mode.
- ➡ A deployment experience in both modes (Public Cloud and Private Cloud).
DRP design, implementation, testing and validation ↗
- There are several DR strategies depending on yours goals and available budget.
- In different contexts, my experience has led me to develop strategies in active/active metro-cluster mode, (which have the great advantage of being able to be effectively tested in run mode).
- The Data Center relocation projects that I carried out with my teams have shown how effective and useful this type of technology can be beyond the sole DR context.
🧭 What you can expect from me
- ➡ That we conduct an audit of your current DR plan to measure its relevance and to take appropriate actions to adjust the identified changes.
- ➡ Let us develop and deploy together the approach that best suits your DR plan.
DRP, from design to regular test plan executions ↗
🧭 How I can help you
- ➡ I can help you shape your DR test plan by defining, with the teams involved, the unit test plan from its initial design to its transition to operational mode.
- ➡ The DR unit test plan must be executed, reviewed, and updated at least once a year. I can help you there.
Backup ↗
- What I led: The definition and regular review of the backup plan with the team in charge.
- The scope: 2 Data Centers backed up with a copy of the data exchanged between the 2 Data Centers on a weekly basis (off-site storage).
➡️ Remarkable details
- 🖧️Dedicated network backup // dedicated backup infrastructure
- 🛢️ ️Hundreds of Oracle and MS SQL databases backed up
- 🔁 ️Hourly backup (after image)
- 📷 Snapshots
- 🧬️Deduplication
- 📉 ️Compression
My proposal
- ➡ I can help you define or develop your backup plan.
- ➡ To ensure it is relevant to your context (internal audit), to find blind spots and address them.
Regular updates of the underlying layers of the infrastructure ↗
- Every piece of software needs to be updated... The initial installation is far from the most complicated part of the job.
- All layers require specific work, starting with the Data Center itself, then the network and security layer, storage, then the hypervision layer, then the OS, and finally the applications.
- This management is the core of the operations department's work, and the level of updating of the different layers often reflects the level of maturity of an operational team.
➡️ Remarkable details
- The update work concerns all elements of the IT infrastructure.
- It can take between 20 and 40% of the operational teams' time depending on the complexity of the environments to be managed
🧭 My expertise at the service of your organization
- ➡ Concrete experience in managing the lower layers of the IT infrastructure, in terms of approach, frequency, methodology, and communication plans. Let me advise you!
Renewal cycle of a critical IT infrastructure. ↗
- Technology Renewal: All technology has a limited lifespan.
- Implementing new technology is always a delicate operation, but it is not an option.
- Here as well, starting the renewal process at the right time is crucial, as this will avoid unnecessary and potentially significant support costs.
- With each renewal cycle, technological advances and major improvements are made. They must be integrated and taken advantage of.
➡️ Technical details
- 🔒 Replacement of Security elements (Firewall, Reverse-proxy)
- 🧮️ Renewing your hypervision layer
- 🖧️Replacement of critical network elements (core-switch or others)
- 🛢️ ️Replacing your storage bays
- 🗄️ Replacing your server park
🧭 My role in this type of context
- ➡ I can help you define or develop your infrastructure.
- ➡ To define a 3-5-7 year development plan, from its design to its implementation and its maintenance in operational conditions.
- ➡ To select the right product(s), then the right potential suppliers.
- ➡ To analyze the possible reuse of old equipment when this option is relevant.
Let's talk security ↗
- Security is THE issue that should not be overlooked. Everyone talks about it, but are adequate measures actually being taken?
- For this reason, security must be integrated into all discussions
- Security is certainly "equal to the security of the weakest link in the chain", but its effectivity is also the result of all the efforts that have been made in terms of security, and this on all subjects and all initiatives.
- Security is directly linked to the quality of the low-level layer maintenance cycle, which I discussed in the previous topic ("Regular updates of the underlying layers of the infrastructure").
- During my last 7-year tenure at a SaaS software company, we significantly improved the company's security posture by strengthening security into all access processes, and wherever else it made sense.
- Over the entire period, the security posture changed dramatically. (The time investment in security projects also increased significantly.)
➡️ Some examples...
- 🛡️ Integration of a double authentication factor for all VPN access
- 🛡️ Integration of a double authentication factor or access level to our product in SaaS mode, with coupling to the customer AD when technically possible.
- 🛡️ Integration of two-factor authentication on all cloud products used by company personnel.
- 🛡️ Implementation of a simple but effective solution to protect FTP access from attacks, especially brute force attacks ("fail2ban").
- 🛡️ Encryption of all FTP servers (more than 900 counterparties: FTP remains a widely used protocol between the different players in the aviation sector).
- 🛡️ Implementing DKIM DMARC to limit SPAM
- 🛡️ Using PingCastle-style dashboards to set goals at the AD and Microsoft product level
- 🛡️ Initializing a WAF
- 🛡️ Implemented a CMDB to quickly identify vulnerable components when new vulnerabilities are released.
- 🛡️ Setting up a bastion-hosts by technical team and 2FA to access it.
- 🛡️ Implementing an Effective and Cheap DDOS Solution
- 🛡️ Regular review of security events reported by the SOC
- 🛡️ Implementation of Illumio, a "zero trust segmentation" product that allowed us to secure our environment and overcome the lack of flexibility often observed at the VLAN level.
🧭 How I can support you
- ➡ With a simple and pragmatic approach, I offer you a review of your infrastructure from a security perspective, the development of the improvement plan, its costing, and support during the plan execution.