Figura professionale: Senior System & Network Architect and Engineer
Nome Cognome | : A. B. | Età | : 61 |
Cellulare/Telefono | : Riservato! | : Riservato! | |
CV Allegato | : Riservato! | Categoria CV | : Network / Security Engineer |
Sede preferita | : Milano |
Accesso Full al database con 30.001 CV a partire da € 5,00 ABBONATI SUBITO!
03/01/2017–Present ING Bank Italy Spa, Milano (Italy) Senior System & Network Architect and Engineer
Remediation Program Team • Architecture Team member with the goal to evaluate the Internal Architecture Change Request. • Performed the network auditing according ING Operational Security Guides identifying 4500 vulnerabilities on the appliances setup using Nessus and • Performed Network Gap Analysis and Risk Assessment applying then Operational Security Guides patches to the network appliances. By a bash script, based on RANCID, wrote by me, the right Cisco configuration was updated automatically on 180 appliances (Cisco Nexus and Catalyst). The use of this tool allowed the90%save time compared the human job. • Solved complex problems with many variables such as the restore of Checkpoint VSX cluster after the crash due the fail of fiber optic 10 GB PVC on the Nexus 7000 core switch due the Checkpoint SFP (Small Form Factor) interface module malfunction. In this case my troubleshooting and equipment test has been useful when I engaged the service support and during the escalation procedure. • Wrote a bash script based on RANCID to audit and patch automatically Cisco, Checkpoint, F5 appliances Non Personal Account; integrated the CyberArk repository writing the right scenario for each platform. The shell script, generates the password using my proprietary algorithm. It updates each appliance then it sends an encrypted document, including the password, to the security managers as they can store the secret documents in safe to use it in case of disaster. This automatic procedure allowed the organization to save time, reducing it from an estimate time of 18 manager hours to 18 manager minutes. • Firewall Checkpoint management, firewall rules tuning, using Tufin orchestrator reduced the 35% the db rules increasing the VSX cluster performances of the 25%. Due this action the Security Department has been able to deploy a new virtual firewall need to deploy a new domain. • Performed Data Domain Segmentation redesigning the L2 switching on the Data Center architecture design, rolling out a simple HA architecture in HA active-active architecture contributing to reduce the infrastructure investments and improving the performance of the system with effective benefits for the company and the end user Quality of Experience • Wrote functional requirements/specifications documents to increasing the managers and employees knowledge base concerning my tools and the network architecture.
01/01/2015–31/12/2016 HP Italia Spa, Milano (Italy) Senior System & Network Architect and Engineer
Fastweb Lab Team • Performed setup, kernel patching and tuning SBC Oracle 7000 based on Linux RH; • Solved complex problems with many variables such as the appliance cluster recovery after crash due a malformed kernel patch bundle supplied from the vendor. My presence in IDC reduce consist recovery time and costs. Thanks my information the vendor identified quickly the mistake resending in very short time the right bundle. • Designed and develop infrastructure monitoring introducing MRTG in the project. Following my advice the operation team manages the 7000 cluster performances increasing the QoS and QoE. The SNMP trap acquired allowed to generate graphs for VOIP KPI such as PDD or ACD, Call per second, Connection per second, Bandwidth used by each interface. • Setup the configuration management system from ground based on ESXi 5 in an HP BLADE C3000-bl460 chassis and Linux CentOS 5.5 • Developed a shell script to automate the test frameworks based on SIPp. Thanks the tool many simultaneous calls was generated from different virtual-caller, acquiring thousands of traces by Wireshark. This job method suggested from me allowed the organization to reach the best setup according the VOIP network requirements. The SBC has been fully integrated in the operator core in time respecting the project Gantt and with full satisfaction of the client. • Wrote functional requirements/specifications documents
01/07/2004–30/03/2012 Mediterranea TLC srl, Pisa (Italy) CEO & CTO – System & Network Architect and Engineer
• Designed the data center architecture based on etherougeneous gerachical Linux VOIP systems. MERA MVTS and SIPHIT to collect calls from national and international PTTs.Asterisk to terminate the collected traffic towards media gateways tailored for the specific needs using ISDN and Analog cards Sangoma or Digium or chinises few times. Elements of Content Network Distribution was applied to the infrastructure over runned millions of minutes since 2003 up to 2012. The service assurance was guaranteed thanks to an architecture designed without single point of failure, a fault tolerant system deployed by me balanced the traffic on more servers, the network link was always redundated and thanks to the multihoming BGP the external boundary was too. The organization was owner of its main Data Center in Pisa interconnected in Internet by an Interoute Fiber Optic 100Mbps circuit and peering on MIX (Milan Internet Exchange). The International and National peering was managed by AS12474.The hardware such as cables, switches and routers was installed by myself. By a proprietary Content Delivery Network other regional content collection centers was deployed in the main countries of presence to cuts down on round-trip time (RTT), giving better experience to the VOIP callers. Each regional PoPs was interconnected with local PPTs establishing a direct peering as to reduce the bandwidth usage and increasing the RTT performances. • International Project Management: Mediterranea TLC was owner of PoP in France, Bulgaria, Romania, Haiti, Brazil, and Cuba. These direct terminations was deployed using a virtualized architecture with cost benefits, simplifying the management and reducing the risk of fault. The main cluster of Asterisk based in Pisa was interconnected with the PoPs by the proprietary Content Delivery Network. The network security was deployed by IPsec tunnels between the main Data Center and the PoPs. Inside each PoP was installed DDoS scrubbing-servers and firewalls to preserve the quality of the bandwidth usage maintaining constantly under control at low level the latency (RTT), ultimate value to reduce the PDD(Post Dial Delay) increasing the QoE(Quality of Experience). • Service management and business continuity assurance;. A NOC 24/7 attended the network and servers performances thanks to the monitoring system based on MRTG and shell scripts tailored on my needs. The shell scripts was able to check the availability of all servers of the system proceeding to pool out the out of order switch and pool in the backup resource producing no stop of voice call termination or billing. This technique granted me to maintain up and running all the servers by myself respecting the KPIs (Key Performance Indicator) RTT(Round Trip Time) TU(Trunk Utilization), PDD(Post Dial Delay), ACD(Average Call Duration), ASR(Answer Seizure Ratio)towards the SLA (Service Level Agreement) guaranting the QoS (Quality of Service) for the best customer QoE (Quality of Experience). Performed SIP and H323 headers analysis using Wireshark. Strong experience in VOIPcodec translation and conversion. Thanks to the architectural philosophy adopted, with “no single point of failure”, the proprietary CDN was able to guarantee a high availability commitment (99,999%). • Deployed a centralized disk replication system, based on Clonezilla-SE, for all Linux platform. The solution allowed me to restore a server/media-gateway in case of fault or replicate an exact copy of a server/mediagateway in very short time in case of need (traffic improvement). • Deployed a centralized backup, based on AMANDA, for the servers, Linux and MS Windows also. The solution allowed me to back up all the billing log file and reconcilate them for each customer in the same time. The backup procedure was integrated with the billing procedure.
Curriculum vitae
24/10/17 © European Union, 2002-2017 | Page 3 / 9
• Managed the work order system, including invoice logging, and generate service invoices using a self-made bash/Perl billing system. Hourly all the billing logs rotate and every week, on Monday at 00:01 all the hourly logs was reconciliated sending the out to the employee to get ready the invoice during the Monday business hours. All the invoices was send to the customers in time to be received on Tuesday as to be able to receive the payment the next Monday. All the company was managed successfully from two people, me included. • In the R&D area was applied the idea of virtualization applied to an enterprise shared softswitch. It’s named BRUNO, project financed by Italian Minister of Research and European Community and included in the POR 4 of the Sicily Region. I has been pioneer of VNF (Virtual Network Function). The enterprises was able to cut the investment and management costs replacing the traditional switch with a Virtual Soft Switch with benefits with the organization efficiency too. Bruno was deployed on Linux based server and Asterisk tailored for the need.
01/01/2000–31/12/2004 AleT.Net Spa, Pisa (Italy) CEO & CTO – System & Network Architect and Engineer • Internet Service Provider focused on high speed Internet access in the rural areas, AleT.Net deployed IP applications and communication solutions, tailored on the specific needs of its customers. AleT.Net Spa born thanks the evolution of AleT start up that was incorporated financially and technically. I developed technology roadmaps, test plans, implementation plans, and project timelines analyzing the business requirements and developing the technical network solutions for the second stint of the AleT start-up. I participated actively as hands-on man who I'm, deploying software tools, installing/patching Linux servers, installing hardware such as cables, fiber optics, switches, routers, ADM and wireless links. The proprietary experimental wireless network was expanded covering all Tuscany urban and rural areas, Small Islands Archipelago included, connecting private business enterprises and Public Institutions. The full project constituted the first example in Italy for the application of wireless on public area, it opened a route for the WISP (Wireless Internet Service Provider) in Italy, it was deployed under the egis of Italian Ministero delle Comunicazioni, giving from it an experimental general license, and regional Public Institutions. • AleT Data Center and Network was expanded at the state of the art architecture philosophy (Content Delivery Network) deploying a second IDC then fixing any single point of failure inside it. The CDN architecture was adopted on the network too rolling out the original backbone changing the technology from 2.4 GHz frequency hopping in a converged network SONET/SDH and narrowband (licensed 13GHz)/SDH radio links towards the PoPs. The 2.4GHz unlicensed links was maintained only on the existing customers reusing the backbone equipment to deploy new customer links. A network of small local PoP was deployed, according the scattered model of CDN topology. Inside these small IDC was installed local routers to whom was delegated the domain segmentation using OSPF and local http proxies responsible for communicating with Web users in their proximity. The network performances was globally increased. Peering between closed proxies was setup making life to a regional caching system constantly updated adopting LRU (Last Recently Used) algorithm. Last resource, the a long way proxy, the master cache of the network was setup in the main HA active-active IDCs, all the proxies had it as last peer to query before to address the queried URL on the Net. The master proxy was setup to cache general purpose web pages by a satellite link adopting MRU (Most Recently Used). What benefits for these architecture: Performance, the latency was minimize, Reliability, 99,999% availability, Scalability, thanks the high capacity on the backbone and the large amount of small local ICDs we was able to increase the cache capacity tailored to the traffic generated in each zone. • The adopted solution improve the QoS efficiency, QoE experience and the optimization of the investments for the customer premises interconnections. Also the network was expanded using new MPLS technology renting unbundled xDSL lines from the national PTT incumbent to connect customers on all the national territory. In terms of voice call was installed Alcatel 1240 switch. I adopted Asterisk solution to deploy VOIP media gateways. Good cheap and efficient solution to combine the needs of the Business and ROI for a business unit considered just a time a commodity. • I optimize the Business Process introducing aspioneer technology solutions such as VOIP over Wireless WAN and xDSL on the customer core business, their impact on the business reduced effective costs of voice service up to 60% in such cases (international calls) gained for the 50% from the company.
• Service management and business continuity assurance; I deployed the monitoring system based on MRTG and shell scripts tailored on my needs. The shell scripts was able to check the availability of all the network appliances and Data Center servers proceeding on the switch of the backup resource in case offail the running server producing no stop of the Data Center services. The Data center network was deployed adopting the idea of domain segregation adopting L2 switching. The solutions granted security and performances of the network. The WAN was deployed as HA converged network. The network business continuity was granted thanks dynamic routing protocol using BGP multihoming on the frontier and OSPF on the internal backbone deployed as HA ring active-active. The internal backbone performance was increased using a gerachical proxy system based on Squid, each node of the proxy network had a neighbor, the peering upgrade cache was established during non business hours (night) to have no impact on the customer’s bandwidth usage during the business hours. A satellite feed was deployed to improve the performances of the master proxy server. This solution increased drastically the http QoE reducing in the same time the bandwidth usage on the external trunk. • Performed system and/or network troubleshooting to isolate and diagnose common network problems Solved complex problems with many variables • Deployed a centralized backup, based on AMANDA, for the servers, Linux and MS Windows also. Concerning the Cisco platform I deployed a shell script based on tftp to back up the configuration of each network equipment. • Service management and business continuity assurance;. I deployed the monitoring system based on MRTG and shell scripts tailored on my needs. The shell scripts was able to check the availability of all servers of the system proceeding on the switch of the backup resource in case offail the running server. MRTG was used to perform network modelling, analysis and planning. • SLA (Service Level Agreement) monitoring. AleT.Net wa able to guarantee the 99.98% of the availability of its Wireless WAN network and the 99.9999% of the availability of the Data Center infrastructure thank the adopting proprietary Datacenter solution. I designed a redundant datacenter architecture thanks that all the services was redundated but in the same timethetraffic balanced on both our data centers. • Supplier relationship management, valorizing the human feeling I obtained from high profile supplier gaining TAG solutions as pioneer, such as MPLS (from Telecom Italia), VOIP Ip-centrex (from Interoute), wireless equipment (from BreezeCom and Aironet). This position was recognized from all the market suppliers and competitors. We was point of reference for IP TAG Solutions. • Relationship with Government Institutions in Roma, Ministry of Telecommunications and Fondazione Bordoni • Managed Stockholders and Border relationship, budget and control, stuffed and managed the NOC team, the commercial area team and the administrative area team. • Designed Regione Toscana Data Center, production and disaster recovery. HA on Optical Fiber and narrow band links. • Wrote functional requirements/specifications documents
01/01/1994–31/12/2000 AleT di Alessandro Battaglia, Pisa (Italy) CEO & CTO – System & Network Architect and Engineer
• Internet Pioneer as consultant I assisted, around Italy, many commercial and industrial enterprises, not only Italian companies, to introduce Internet in the IT services suite; moreover I startup many local ISP founding my personal domain AleT. The focus of AleT was to deploy IP applications and communication solutions, tailored on the specific needs of its customers. • Service management and business continuity assurance: • Provided customers with the information they need to rent AleT services for their projects • Train the sales staff using best practices in upselling, customer satisfaction and brand promotion • Managed the work order system, including invoice logging, and generate service invoices • Instructed customers on equipment operation, care and maintenance • Inspected rental equipment upon return and return deposits less any observed damage • Increased sales across all channels through effective hiring, training and management approaches • Analyzed business requirements to develop technical network solutions and their framework.
• Managed technology vendors • Performed network modeling, analysis, and planning • Installed hardware such as cables, hubs, routers, and wireless adaptors • Wrote functional requirements/specifications documents • Developed technology roadmaps • Developed test plans, implementation plans, and project timelines for various projects Pioneer of Wi-Fi, formerly known as Wireless LAN • Relationship with Government Institutions in Roma, Ministry of Telecommunications and Fordazione Bordoni • Performed setup of Fiber Links, Wi-Fi, DAS (Distributed Antenna System) • Strong experience in setup and maintaining IP services such as Bind, Apache, SMTP, POP3, IMAP, Gopher. • Strong Experience in primary DNS maintenance and domain registration. • Strong experience in virtual hosting setup and maintenance. • Performed the setup of server farm Linux servers acquiring strong experience on Slackware, CentOS Linux distribution. • Familiarity with VMWare virtualization on standalone servers. • Performed System & Network design: • Designed the data center architecture for Linux and Windows servers • Designed data center infrastructure, power continuity, AC system, network, security, software backup and backup procedures • Designed Network architecture • Data center network L2/L3 switched/routed • WAN wireless 2.4 GHz spread spectrum and narrow band on 10 GHz switched/routed network Performed setup of router and switches (BGP4, OSPF, VLAN) • Performed system and/or network troubleshooting to isolate and diagnose common network problems • Solved complex problems with many variables • Familiarity with the business continuity concepts. • Business Process optimization and effectiveness through technology solutions and their impact on the customer core business • Designed the company Service Level Agreement to apply to the server farm services (hosting and housing). • Service management and business continuity assurance • Client relationship management • Service management and business continuity assurance
01/01/1991–31/12/1994 IRCCS Fondazione Stella Maris (University of Pisa), Pisa (Italy) CIO – System & Network Architect and Engineer
• Working closely the Border I designed and deployed the integrated information system deploying personally part of that, the smart multimedia medical record (a procedure wrote in MF Cobol) project obtained funds from MURST (Ministero Università e Ricerca Scientifica); supervisioning the full project plan managing RFP (Request for Proposal), RFQ (Request for Quote) and supplier offer evaluation. In the same time I was manager of the server (AIX Risk and Linux) and client’s infrastructure and trainer of the FSM doctors and employees introducing them to the new technologies, last but not least Internet. • Perform setup and maintenance services such as Bind, Apache, Oracle, SMB, SLIP and PPP (to offer dialup Internet access at home to Doctors and Researchers) etc. • Knowledge of router and hubs. • Business Process optimization and effectiveness through technology solutions and their impact on the customer core business • Managed technology vendors • Analyzed business requirements to develop technical network solutions and their framework. • Developed technology roadmaps • Developed test plans, implementation plans, and project timelines for various projects
• Service management and business continuity assurance: • Provided customers with the information they need to rent AleT.Net service for their project Developed contracts for commercial contractors and • Train the sales staff using best practices in upselling, customer satisfaction and brand promotion • Managed the work order system, including invoice logging, and generate service invoices • Instructed customers on equipment operation, care and maintenance • Inspected rental equipment upon return and return deposits less any observed damage • Increased sales across all channels through effective hiring, training and management approaches • Wrote functional requirements/specifications documents • Installed hardware such as cables, hubs, routers, and wireless adaptors • Performed network troubleshooting to isolate and diagnose common network problems Solved complex problems with many variables
01/01/1990–31/12/1990 System srl, Livorno (Italy) CIO – System Architect and Engineer 01/01/1988–31/12/1989 Caribel srl, Pisa (Italy) MF Cobol Programmer on Olivetti Motorola68000 platform 01/01/1987–31/12/1988 Re.Co. srl, Pisa (Italy) RPG III/IV Programmer on S34/36/38 and AS400 platform 01/01/1984–31/12/1985 Gambogi Spa, Pisa (Italy) System administrator on IBM S38 platform
01/01/1991–31/12/1994 System & Network Architect and Engineer Ser.R.A. University of Pisa, Pisa (Italy) 01/01/1992–31/12/1992 Cooperative workgroup applications on TCP/IP network IBM European Networking Center, Nice – La Gaude (France) 01/01/1987–31/12/1987 Unix system architect HP Italia Spa, Milano (Italy) 01/01/1987–31/12/1987 UNIX System administrator E.L.E.A. – Olivetti Competence Center, Firenze (Italy) 01/10/1978–30/07/1983 Information Technologies Technician ITC Pacinotti, Pisa (Italy)
PERSONAL SKILLS Mother tongue(s) Italian Other language(s) English C2 French B2
Organisational / managerial skills Area Manager -Supplier relations – Service Level Agreement – Team building and resources management – Budget & Control – Business deploying or redesign – Border and stockholder relations Job-related skills System Manager Unix Setup HW e SW server Linux e AIX since 1991 up today Distro – Slackware since kernel 0.99a up to distro 10.x – RedHat since distro 2.x up to11.x included 6.x – CentOS since 4.x up to 6.x – Suse distro 9.x up to 11.x Kernel compliling and patching (hardening) Filesystem ext2, ext3, ext4, journal, NFS, samba, AFS Accounting LDAP, Radius, Diameter Networking install, setup and tuning TCP/IPV4 services Bind ver 4.9.1, 8 SMTP/POP3 (sendmail Berkeley) configurazione, troubleshuting e troublefixing Messaging: Postfix, Cpannel, Criticalpath FTP/SFTP TFTP HTTP Apache, Nginx VOIP patching, compiling, setup management Asterisk SIP/IAX/oH323 trunk o Media GW version, MERA MVTS and SipHit voipswitch class5 setup and managemnt , Cisco Call Manager. Cisco CUBE, Virtualizzation Ipaliasing, MACaliasing, Vmware, KVM Security Iptable, ntop, nmap, Ethereal, Wireshark, Shellscript bsh/Perl script HA RedHat e CentOS, Linux-HA Monitoring MRTG, Nagios, PRTG, SNMP, Netflow, iReasoning, Whatsup RDB MySQL e Oracle. Clustering NPACI, Red-Hat Network Manager Cisco-OS router 1xxx, 2xxx, 3xxx, 4xxx, 5xxx, 7xxx, 12xxx switch Catalist 29xx. 45Xx, Nexus 2xxx, 5xxx, 7xxx IOS 15.2 e NX-OS 6.1(4) setup L2 PO, VLN; L3 VPN, IPsec, static routes, OSPF and BGP4 sessions, ACL, traffic shaping Allot NetEnforcer Bandwidth management Firewall Checkpoint VSX PaloAlto Panorama Network Security Policy Orchestration Tufin Orchestration Suite Bilanciatori F5 BIG-IP 5000 LTM Allot Proxy BlueCoat SG Wireless -WaveAccess -Aironet – BreezeCom – Cisco WLC 5760 Voip -Mera MVTS/SIP-Hit – Voipswitch -Asterisk – OpenSER/Kamailio -ACMEPACKET Net-Net SBC – Cisco Call Manager – Cisco CUBE – HP Kiss Infrastructur Achitect DataCenter LAN design using Spanning Tree, Vlan, VPN e IPsec University of Pisa MAN design, member of the Technical Commitee sincel 1991 up to 1994 (Ser.R.A. Servizi di Rete d'Ateneo) Covering all the Tuscany region design, deploying and managing of a Wireless WAN using IP over L2 PDH/SDH protocol and spread spectrum last mile using BGP4 (AS12474) and OSPF Data Center Architect of the Regione Toscana, and private ISP: AleT.Net Spa and Nodalis Spa
216 total views, 1 today