Engineer Network
HAI (MICHAEL) T. NGUYEN
ac4pwy@r.postjobfree.com
SKILLS PROFILE:
Internet routing protocols: BGP, OSPF, ISIS, EIGRP, RIP, IGRP
Other protocols: HSRP, ICMP, UDP, TCP, IP, MLSP.
LAN switching protocols: VLAN Trunking protocol (VTP), Spanning tree protocol, ISL, 802.1q. Proficiency with DNS, WINS, DHCP, TCP/IP, OSI Data Model, VLSM, IP addressing and Sub netting.
Routers and switches configuration: Cisco 2960x stackable, C4500, C6500, C6800, ISR 4K, ASR 1K, ASR 9K, Nexus 9K, 5K, 3K, 2K, Juniper MX104 & MX240, Palo Alto firwall, SRX, ASA.
Media types: ISDN, Frame-Relay, ATM, Ethernet, FDDI, ISDN DDR.
Cisco Technology: DMVPN, VSS, EVPN, VPC, VPC+, FabricPath, Trill, MP-BGP EVPN VXLAN, ECMP, Azure Cloud, VRF, CLOS IP Fabrics, Spine and Leaf.
PROFESSIONAL EXPERIENCE:
Citrix Inc.
4/15/2016 to present
Cloud & Network Architect
Architect and deploy BGP traffic engineer to all Citrix Data Center.
Architect and Convert EIGRP to OSPF to multiple site and data center.
Architect and deploy Engineer 80 racks Colo with DMVPN and VSS.
Architect and deploy MP-BGP EVPN VXLAN on Cisco 9K.
Architect and deploy Citrix SD-WAN.
Audit and redesign WAN/LAN Qos for Skype for Business.
Architect and Design Azure Cloud environment.
Architect and Design Cisco SDN ACI Infrastructure to Citrix Data Center.
Architech data storage network with FC, FCIP, FCoE.
Machine Zone Inc.
7/15/2015 to 4/15/2016
SR, Network Engineer/Architect
Deploy F5 LTM redundant pair and configure VIP.
Deploy Palo Alto Firewall Redundant Pair.
Deploy Juniper MX104, MX240 redundant route processor.
Deploy Nexus 9k Core with VPC and 3172 TOR.
Deploy ASR 9K Edge Router.
Deploy HP FlexFrabric 5930, 7k and 12K Switches for Data Center.
Build Data Center with Trill, VXLAN, Spine and Leaf with Layer 2 and 3.
Use Advance EBGP and IBGP with add path, vrf and BFD to create a layer 3 from CORE to TOR.
Neophotonics Inc.
5/15/2013 to 7/15/2015
SR, IT Manager,
Design and Architect network infrastructure for new manufacture fab in Tokyo.
Implement Riverbed Shark to troubleshoot and monitor the network health worldwide.
Implement Riverbed WAN Optimizer to optimized WAN traffic worldwide manufacturing site.
Implement Aruba Wireless and Aruba Clearpass to all manufacturing sites
Implement complex BGP and EIGRP routing for redundant network infrastructure which include BGP route performance.
Implement and converted Global Netscreen firewall to Junos OS SRX210, SRX240, SRX250.
Implement Cisco ISE for AAA and 802.1x.
Negotiate and administer vendor, outsource, and consultant contracts and service agreements.
Global Budgeting and Develop business case justifications and cost/benefit analyses for IT spending and initiatives.
Manage IT Staffing, including recruitment, supervision, scheduling, development, evaluation and lastly disciplinary action.
Oversee provision of end user services include helpdesk, server team, and infrastructure team.
Deploy SSL clientless and AnyConnect client VPN worldwide.
Atheros Communication Inc.
7/15/2008 to 5/15/2013
Sr. Network Engineer. (Qualcomm Atheros Inc.)
Core team member to integrate Atheros to Qualcomm network using BGP community attribute and BGP Inbound Optimization Using performance Routing which use dynamic policy route to load balance BGP prefixes among the two MPLS DS3.
Implemented IPV6 dual Stack tunnel and OSPS V6 routing.
Implemented end to end QOS.
Implemented Multicast and IPV6 multicast tunnel.
Implemented nexus 7010,5000 and 2000 with Virtual Port Channel for redundant.
Architect and Implement IPsec site to site redundant to back up the Corporate MPLS using BGP and IP floating Static route, this design allows the MPLS link to go down and automatically fail over to the site to site IPSec. Atheros Headquarter IPSec will be the hub to reach all remotes site once the MPLS link go down. This set up also allow Atheros to handle our own routing across sites by advertise our routes through BGP.
Architect and Implement Riverbed WAN optimization and QOS to achieve maximum WAN traffic performance on the corporate MPLS network, which allow Atheos to maximized bandwidth to remote sites.
Architect and Implement Aruba corporate Wireless to support 15 remotes sites by deploying Aruba AirWave.
Architect and implement DR with route redundant.
Architect and Implement core switches, Distribute switches, and access switches redundancy. As part of the Headquarter move, we have a chance to re-infrastructure the entire network by adding a Nexus 7010 for the core and stackable x platform switch to the distribute floor switches with 2 Gig ether-channel to floor access switches. This allow us not only create redundant for the fail switch, it’s also increase the bandwidth from 1Gig spanning Tree connection to 2 Gig Ether-channel connection to the access switch.
Architect and Implement BGP and HSRP for corporate Internet link redundant between two major ISP. This design and the MPLS IPSec redundant through BGP routing allow us to fail over the remotes sites internet link by using BGP default-originate.
Architect and Implement ASA firewall platform redundant pair with SSL, IPSec and DAP (Dynamic Access Policy for client VPN access which include site to site IPSec Redundant. and setting up ACS for network equipments Authentication which segregate to admin level site base access using NAF (Network Access Filtering) within ACS.
Integrated Intellon PLC and opulan to our redundant MPLS network
Work with IPV6 tunnel and dual stack environment.
Cashedge Inc.
9/15/2007 to 3/27/2008
Sr. Network Engineer.
Manage the Security aspect of Cashedge Inc. which includes:
ISG 1000 & 2000 Juniper Security Platform.
SSG 520 Juniper Security Platform.
ASA 5500 SSL, VPN, and IPS Platform.
Manage PCI Security Audit.
Manage a multi millions Data Center Upgrade to Cisco.
Covad Communications
5/15/2005 to 9/1/2007
Network Architect
Design and Implemented Enterprise Distributed wireless for Covad Communications:
Configure WLSE for enterprise wireless radio management which includes self healing of APs.
Configure WLSM for Layer2, 3 seamless roaming.
Configure Cisco Aironet 1130AG AP for enterprise deployment.
Configure Window ACS 4.0 for enterprise wireless authentication.
Configure Catalyst 6500 for multiple tunnels which support multiple SSID.
Design and Implement BGP, HSRP and Production network redundant:
Configure BGP to address the issue of redundant on production network perimeter routers.
Fix the HSRP which provide redundant on the production distributed switch
Fix the issue with redundant on all production Catalyst 6500 supervisor.
Set up Infinity stream and MRTG to monitor and trouble shoot production network.
Set up IDSM2 module to monitor and blocking hacking activity:
Configure, trouble shoot and turn up multiple VPN tunnels to Covad partner using multiple equipments: Cisco concentrator, Pix525, Netscreen 5000, Nokia check point, Cisco client VPN.
Configure and troubleshoot Pix525 with inside NAT, outside NAT and Policy NAT.
Configure stateful fail over between Pix525
Implement redundant on corporate VPN concentrator
Manage and configure Enterprise video conference unit.
Trouble shoot complex routing environment which include BGP, HSRP, OSPF, EIGRP, IGRP, RIP
Design advance Load balancing and business continuity:
Load balance multiple firewall, VPN, Streaming Video Server, and SSL.
Design disaster recover data center using Cisco CSM and Global Site Selector with proximity.
Design corporate wide Enterprise Multicast.
Cisco System
5/2004 to 05/2005
Network Engineer
Set up Cat 6500 family switch for redundancy
Dual Sup 2 with dual router mode and Single router mode MSFC.
HSRP & High-availability with stateful protocols and versioning failover.
Installed dual Switch Fabric module to provide 256 Gig high bandwidth fabric switch, which also provides redundant to 32 Gig Bus Switching.
Dual Sup 720 to provide single route mode redundant routing engine.
Set up Network Analysis Module to trouble shoot network issue and monitor server performance.
Set up CSM module for server load balancing.
Set up firewall module to protect the core switch.
Set up IDS Module to protect the network from instruction.
Set up VPN accelerate Module to secure traffic.
Set up SSL accelerate Module to off load web server processor.
Set up NAT to support internal user.
Set up EIGRP routing protocol to support dynamic routing between multilayer switch and multiple vlans routing.
Set up branch router security with nm-ids9, nm-nam, nm-content_engine.
Provide excellent and courtesy network support.
Juniper Network
02/15/04-10/15/04
Network Engineer
Voice over IP network (H.323, SIP, SCCP, MCGP)
Set up Gateway to support analog phone over IP (H323 and SIP Proxy)
Set up FXO, FXS, E&M interface to support analog phone and legacy PBX voip.
Set up Gatekeeper to route call between H323 endpoints
Set up Call manager to mange and process Skinny Phone.
Set up trunk to Gateway, Gatekeeper, and SIP Proxy server.
Provision the DSP for transcoder and Conference.
Configure Cisco IP Phone 79XX model.
Configure FXO, FXS, E&M interface.
Test all voice over IP ALG platform.
Mirrorplus Technology Inc. (American Reprographic Company)
05/01/01- 01/29/04
Network Infrastructure Manager
Architect and Implement Network Security.
Cisco IOS Firewall, Intrusion Detection System and IPSEC to protect perimeter access router.
Cisco Pix Firewall to protect the LAN & Production Network.
Cisco Host Base & Network Base Intrusion Detection provides real-time analysis and reaction to hacking attempts and protects the kernel of critical e-commerce servers.
Cisco Secure Scanner to defines, and enforces valid security policies.
Cisco Concentrator and VPN Client to manage hundred of VPN Tunnels Nation Wide.
Cisco Secure Policy Manager to monitor, control and enforce security policy.
Cisco Secure Access Control Server to centralized command and control for all user authentication, authorization, and accounting.
Cisco Encryption Technology: To protect traffic between Cisco Routers.
PKI Microsoft enterprise server.
Build a redundancy network using BGP & HSRP Traffic Engineering.
Implement Border Gate Way Protocol to engineer the inbound traffic redundancy between multiple ISPs. And efficiently utilize the DS3 links by engineering inbound traffic from LAN and Production Network to use a separate DS3 link to Mirrorplus site. However, if one ISPs DS3 connection is down, the other ISPs DS3 will pick up the inbound traffic to Mirrorplus Site.
Implement Hot Standby Routing Protocol to engineer the outbound traffic redundancy between multiple Mirrorplus high-end perimeter Cisco Router. And efficiently utilize the DS3 links by engineer the outbound traffic from LAN and Production Network to use a separate DS3 link to the upstream ISPs connection. However, if one Mirrorplus high end perimeter Cisco Router down the other Mirrorplus high-end perimeter Cisco Router will pick up the outbound traffic
Project manager to supervise installation of Pac-bell NT Fiber MUX. Install and configure Mirrorplus 7200 series Cisco router for DS3 link to multiple ISP using point-to-point Frame-relay technology.
Architected and build a high speeds wireless to connect Multiple buildings.
Implemented Cisco Aironet 350 bridge between building for high speed wireless point to multipoint 22 Mbps between site.
Implemented Cisco AiroNet 350 bridge for hot standby redundancy for wireless client access.
Implemented Cisco wireless security suite to protect wireless traffic
Implemented Microsoft Security update Server (SUS) to manage Enterprise window patches management.
Project Manager to build Disaster Recovery Data-center.
Configure the CSS11000 series for Web farm load balancing and advance load balance feature of the CSS1000 series stickiness.
Coordinate with SQL database department to configure SQL Merge replication to replicate Production data to Business continue data center for Disaster recovery. SQL Merge Replication allows us to have an active and active Data Center scenario, which serve as Business continuity for each other data center.
Automatic Fail over the entire SQL cluster and individual production server to the secondary site within seconds of disaster using the CSS11000 DNS feature.
Configure the CSS to issue command to Netscreen 100 to fail over 172 VPN tunnels to secondary site within second of disaster strike.
Configure Load balancing Transparent Bridging for data replication between data center.
Configure Cisco Work to manage all Cisco equipments between data centers.
Configure CSPM to mange Security policy and Network Base IDS span multi data center.
Configure the CSS to map multiple IP to one server to Change the DNS Server without any down time.
Configure MRTG to monitor the WAN Traffic between sites.
Configure Cisco QOS to efficiently control the network Traffic between sites that include: Classification, Congestion Management, Congestion Avoidance, Policy and Shaping, Signaling, Link efficiency.
EDUCATION:
Certification: Cisco Certified Network Associate CCNA (Certified June 7, 2000). Cisco Certified Network Professional CCNP (Certified Dec 14, 2000) Cisco Certified Internetwork Expert CCIE (Pre-qualification)
Certification: Microsoft Certified System Engineer MCSE (Certified April 15, 2000).
Coursework: Major in Business Finance. San Jose State University, San Jose, CA
Contact this candidate