Engineer Network
Resume:
Nusrat Khwaja
**** ******* *****, ********, **. L6J 7K5
************@*****.***
Profile
. Network Architecture / design, implementation of private Cloud design
for major financial institutions like CIBC, CSA, CPA providing cloud
services IaaS, SaaS, PaaS.
. LANs / WANs / Voice over IP / QOS, Network performance management and
monitoring using latest technologies like CISCO Data Center
architecture including Nexus switches, as well as Unified Computing
Architecture with UCS, UCS-FI in a service provider environment.
. Designing-implementing private cloud networks for major financial
organizations like CIBC, BDC (Bank Development Canada), CPA (Canadian
Payment Association) and CSA (Canadian Securities Authority) at CGI.
. Established from the scratch a new data center and move-consolidate
4000 employees to a central location for ING (now, Intact Insurance).
. Bare-metal disaster recovery planning and executions.
. Planning and implementing CISCO Nexus 1000V switches.
. Led and mentored a team of 10 technical administrators (LAN,
Mainframe, AS/400), Production Control, Helpdesk and Computer
Operation) for 10 years, transitioning my company from pure Mainframe
environment to the Personal Computing, LAN and other evolving
technologies.
. Over 15 years of experience in Service provider environments offering
services to multiple customers using part shared, part dedicated
network architecture, having a common IP backbone to serve all clients
across the country.
. Network Security experience including Cisco Firewalls (PIX, ASA as
well as IOS firewalls), Checkpoint firewalls. Also designed for
prevention-mitigation of DDOS attacks on large financial institutions.
. Awarded on numerous occasions for designing effective Mainframe and
Networking solutions to save company time and money.
. As Technical Lead, implemented a country-wide IBM SNA network for
implementation of ASI (Atlanta) Inventory control system on IBM
Mainframe (in 1984-5), and later upgraded it to support TCP/IP.
. Over 15 years of IBM large Mainframe Systems Programming, SNA
networking.
. As a Business/Systems Analyst, designed DB-based application systems
for Personnel and Payroll at United Bank Limited.
. Effective team player with excellent interpersonal, customer service
and problem-solving abilities.
. Excellent communication skills and effectively deal with Vendors as
well as communicate with and render presentations to non-technical
senior management.
. Follow new trends in the networking industry like SDN that I am
watching with interest as it takes shape.
. Security Clearance: SECRET
Technical Skills Summary
CISCO LAN/WAN, and Software Applications skills:
. Network design and implementation for Cloud services - IaaS, PaaS and
SaaS.
. CISCO LAN/WAN Design/Implementation, Integration, and Testing
. Virtualization (VMWARE), Cloud technology expertise, Private Cloud
. VOIP, IP phones, VoIP protocols (H.323 Suite, MGCP, SIP, SCCP), Nortel
IP phones i2004, Nortel IP PBX CS1000E
. Call centre applications set up with Multicast: Symposium, Agent
Desktop Display (ADD), Call Pilot, Turret Call Center
. QOS Design and Implementation (DiffServ Model), QOS Policy Manager
server (QPM)
. Cisco UCS-5108 Server Chassis, UCS-FI
. Cisco switches: Nexus 7000/5000/2000/1000V, Catalyst 6500, 4500 with
POE, 3750, 3500, 2950, 2900, 1900 with CATOS, IOS, Nexus IOS as well
as Nortel 8600/5500 and HP switches.
. Cisco routers : 12000, 7500, 7200, 4000, 3600, 2600, 1600, CISCO ONS
15454 MSTP optical Network Equipment
. Load balancers : Cisco ACE, F5 BigIP LTM, GTM
. Security: CISCO PIX/ASA, IOS Firewall, Checkpoint firewalls, Juniper
firewall
. VPN: Cisco 3030 VPN servers
. WAN: MPLS, ATM, IP VPN, LAN extension, Frame Relay, ISDN, X.25, dark
fibre links
. LAN: Token Ring, Ethernet, Fast Ethernet, Gigabit, 10-Gigabit
. Infrastructure wiring (Cat6/5/5e UTP cabling, multi-mode/single-mode
fibre)
. Protocols: TCP/IP, IPX/SPX, RIP, EIGRP, OSPF, BGP, Multicast
. Storage Area Networks (SAN) - Hitachi VSP, IBM and HP
. Cisco Secure Access Control AAA server (TACACS+ and RADIUS)
Installation, setup, Configuration and administration
. Network monitoring / Capacity Planning tools: CiscoWorks, NetScout,
NetView, SnifferBasic, Wireshark/Ethereal, NAM, NBAR, MRTG
. DNS, SNMP, SSL, TLS, SSH, IPSEC, FTP, S/FTP (ssl), SFTP (ssh2)
. Email applications and messaging architecture, SMTP
. Operating Systems (OMVS, MVS, TSO, JES, Z/OS, VSE, MS Windows 9x,
Win20xx, Windows7, NT, XP, Novell, UNIX/AIX) and Software Applications
like VISIO, PowerPoint, Office2010, Access, CITRIX Metaframe, etc.
. Cisco Prime Infrastructure
. Currently working towards Cisco Data Network Engineer certifications
CCNA, CCIE
IBM Mainframe skills:
. Administered TCP/IP, 3745 FEPs set up, VTAM, CICS, CSP, VSAM, MVS,
Z/800, Z/900, Z/VM, Z/OS, VSE, COBOL, Assembler, EasyTrieve/+, Xerox
4050 printers JDL/FDL
. Planned for Disaster Recovery, designed backup procedures, and
performed regular DR exercises.
Professional Experience
Government of Ontario (IBM) Dec 2014 - March 2015
Network Engineer
. Designed disaster recovery and laid down procedures for Government of
Ontario for Disaster Recovery site at IBM.
City of Mississauga July 2014 - September 2014
Network Engineer
. Migrated Cisco 6500 based infrastructure to Nexus Data center
architecture using NX-7000, 5000 and 2000 in a fully redundant High
Availability design with each NX7000 carved into two VDCs, with
redundant CISCO ASAs 5585 as core firewall, and ASA 5545 as Perimeter
firewalls, BigIP F5 GTM and LTM (Load Balancers), and Hot Disaster
Recovery site.
. Migrated McAfee Intrushield IDS/IPS systems sensors (I-3000 & I-2700)
to CISCO IDS/IPS on ASA5585.
. Migrated Cisco Ironport from old infrastructure to the new.
CGI, Canada July 2010 - April 2014
Network Architect / Engineer
Over 4 years, designed, implemented and supported data center
architecture private cloud (IaaS, PaaS, SaaS) networks for financial
institutions like CIBC, Bank Development Canada (BDC), Canadian
Payment Association (CPA), Canadian Securities Authorities (CSA) as
well commercial and Government enterprises leveraging latest CISCO
Nexus switches (7K, 5K, 2K) as well as CISCO UCS & UCS-FI, VMware
platform, F5 Load balancers, and firewalls, also developing technical
documentation and artifacts for each project.
Some of the projects are listed below:
. Major network design/implementation of a large Enterprise Data center
private cloud (IaaS and PaaS) for CSA (Canadian Securities Authority)
with Production site at Mississauga DC (data center) and backup/non-
prod at Montreal DC. The design includes UCS, UCS-FI, Commvault
backup, Nexus 5548, Nexus 2000, NX-OS, IOS, SAN, monitoring and remote
access (RNAS/SNIS), replication. It features a bubble design having
its own isolated Layer2 environment. CSA users would access and use
the Software in the cloud (SaaS) as well as access virtual desktops in
the cloud (PaaS).
. Network redesign/implementation/transition for Cloud services (IaaS,
SaaS) for a major commercial bank (CIBC) with Production site at
Mississauga and DRP site at Ottawa, with dual LAN extension circuits,
firewalls and load balancers. Also, developed a DR plan and executed a
DRP test. CIBC users would access the application in the cloud (SaaS)
via internet or a dedicated MPLS link.
. Designed for CIBC the DDOS mitigation solution by Verisign as well as
AllStream.
. Designed and implemented a WiFi network with CISCO AP and WLCs.
. Major network design/implementation/deployment of a large Enterprise
Data center private cloud (IaaS, SaaS) for a major Canadian Billion
dollars payment processing association (CPA-Canadian Payment
Association) linking Mississauga and Regina data centres and providing
centralized IDS/IDP, SMARTS (SNMP) monitoring and remote access. CPA
users would access the web applications and Mainframe based
applications in the cloud.
. Designed and implemented a large Enterprise Data center private cloud
(IaaS, SaaS, PaaS) network infrastructure for a new eHealth project
for a Ministry of Health, Ontario Canada. Users would access the
application in the cloud and use virtual desktops in the cloud. It
includes a Test, Production site in Toronto and a Disaster Recovery
site at Ottawa, including CISCO 6500 switches in a VSS, ACE load
balancers, and Firewalls at Toronto site connected to DRP site at
Ottawa with synchronous and asynchronous data replication between the
two sites offering zero-data loss in case of disaster at primary site.
. Designed and implemented for Bank Development Canada (BDC) access
private cloud (IaaS, SaaS) network to access, from their two data
centers, AS/400s located at CGI Montreal with High availability, and
replication between the two redundant AS/400s, with secured access.
. Design with BGP dual homing to ISPs
. Design with Verisign DDOS mitigation services with GRE tunnels to
Verisign.
. Design/Implementation of UCS, UCS-FI architecture from ground up.
. Design/implementation for SAP implementation with VMware
virtualization and Cloud technology to maximize data centre resource
usage (Plexxus).
. Design/implementation for SAN replication between Toronto and Ottawa.
. Designed Network hardware upgrade project involving AS/4000, DLSW.
. Designed SAN management network architecture across all CGI locations.
. Designed for vendor support teams dial up access to the HP SAN behind
the firewall.
Ministry of Public Works and Government Services, Ottawa Feb.2009 -
June2010
Network Engineer
. Ministry provides IT services to all Federal Ministries as a Service
Provider.
. Led the support team of 7 engineers and coached other team members on
Nexus 1000V virtual switch and prepared a presentation and presented
to fellow colleagues and Senior Engineers that was much appreciated.
Also led liaison with CISCO for trouble tickets and with other teams
and external suppliers for successful project delivery.
. Designed, implemented and supported Data Center switch architecture
over VMware platform using CISCO Nexus switches, providing LAN, WAN
services to all Ministries of Federal Government of Canada.
. Configuring CISCO routers, switches including CISCO Nexus 7000, 5000,
2000 and 1000V, GSR12406, ASR, 6513, 6509, 3750, MDS 9500, 4500, 2800,
1800s with MPLS, BGP, OSPF, EIGRP, CISCO IOS and NX-OS, SAN as well as
Nortel 8600 and 5520, HP switches and CISCO ONS 15454 MSTP optical
Network Equipment.
. Configuring and managing CISCO ASA, Checkpoint and Juniper firewalls.
. Maintained LAN/WAN using Network Performance/monitoring tools
including IBM Tivoli Netview, Solarwinds Orion, Whats Up, Concord
network performance analysis tool, Cirrus/Orion Network Config
Management, SolarWind, CiscoWorks as well as EXFO fiber testing
equipment.
. Designing and implementing transition of sites from Allstream to Bell
CNS with OSPF and BGP.
. Designing Network for new sites or upgrading it as well as Costing and
implementation (SR process).
. Implementing MPLS on sites transitioning from Allstream circuits to
dark fiber.
. Support Servers running AIX/Linux
. Set up and administration of CITRIX, XENAPP, XENMOBILE, Windows
Servers and MS SQL servers
. Set up and administration of MOVEIT DMZ secure File transfer by
IPSWITCH Inc.
Ministry of Public Works and Government Services, Ottawa March 2008-
Feb.2009
Mainframe Network Engineer
. Installed, maintained and supported the Mainframe network
infrastructure - TCP/IP, SNA, APPN, OSA cards, ICCs for 27 LPARs over
5 IBM Z9s.
. Installed, maintained and supported Intruder Detection System (IDS) on
z/Unix (OMVS) on the IBM Mainframes.
. Installed, maintained and supported IPSEC VPN and firewall on the IBM
Mainframe
. Installed and maintained new version of Connect:Direct for all
financial institutions and upgraded its network to be fault-tolerant.
ING Insurance (Now, INTACT)/CSC November 1999 - February 2008
Lead Network Engineer
. Designed and implemented for the large enterprise Datacenter
'Consolidation Project' consolidating 3600 users from 7 dispersed
buildings into newly rented 7 floors of OPG building in Toronto (Year
2005-2007). Led the Design, from scratch, the LAN, WAN, VOIP
infrastructure for the new building and planned-executed relocation of
infrastructure from old sites.
- Designed/Configured network for Turret IP call center
- Two 6509 switches formed the core/distribution layer while two
4506s on each floor are access layer switches.
. VOIP solution is a hybrid solution with Nortel CS1000 IP PBX behind
a firewall, Nortel i2004 IP phones, with QOS (Diffserv) in all
Cisco switches.
. Introduced the new features of 'command macros' and 'Trunk VLAN
filtering/load balancing' in switches.
. Led the Network team to design and implement disaster
recovery/business resumption capabilities that aligned with the
business needs for mission critical infrastructure components with two
disaster recovery scenarios, one is User-Site loss (deploying Agility
mobile trailers and Wireless/Satellite), and the other is the Data
Centre loss.
. As lead engineer migrated main links between two hub sites
(St.Hyacinthe and Toronto) from Frame relay to ATM. Planned uniform
numbered sub-interfaces for each site, and distributed configuration
changes workload among all team engineers.
. Mentored junior colleagues and provided consulting to other teams to
ensure timely delivery.
. Excellent troubleshooting record. Solved major problems with LAN/WAN
such as:
. Diagnosing and resolving a major problem with 'high CPU' at 4506s
that was causing frequent outages.
. Diagnosing and resolving a major problem causing slowdown of PCs
connected to IP phones.
. Executed capacity planning and configuration management using QPM (QOS
Policy Manager Server) to monitor QOS. Implemented NBAR and NAM,
NetScout with TAPS, Netview, and MRTG to monitor traffic performance.
Also, Implemented QOS WFQ for data traffic throughout the WAN.
. Designed/Implemented using CISCO 3030 VPN concentrator, Site to Site
and Dial Up VPNs with IKE, IPSEC, 3DES, SHA.
. Administered Content Switching Module (CSM) and Content Services
Switch (CSS11503).
. Configured and installed Cisco PIX/ASA/IOS firewalls securing
infrastructure.
. Set up TACACS for Authentication, Authorization and Accounting (AAA)
for all routers/switches in the LAN/WAN.
. Installed and maintained Websense.
. Installed, maintained and supported the core routing and switching
infrastructure including CISCO 6500, 4500, 3750, Nortel 8600, 5500, HP
switches as well as Checkpoint and Juniper firewalls.
. Designing and implementation of WAN based on MPLS, Frame Relay, ATM,
Dark Fiber and LAN extension.
. Set up sites for brokers with 1600/2600/3600 routers, 3750 switches
and ISDN/Frame Relay T1 links
. Installed/supported Cisco Access server AS5200.
. Set up NT, Win2000 servers, with IIS and RAS.
. Set up and support AIX/Linux servers.
Mainframe experience at ING:
. Led Network Team for Z/OS 1.7 upgrade project. Installed / Maintained
TCP/IP, Netview, 3745 FEP, VTAM, 3274s, SNA, on large IBM mainframes
(Z/800), z/OS (MVS), TSO, OMVS.
. As Lead, Designed and Implemented fault tolerance/redundancy by
designing/implementing 'Single Virtual IP' feature for multiple NICs
in a Z/VM mainframe Z/900 system.
. As Lead, Designed and Implemented Secure FTP (SSH2) solution from the
Z/800 mainframe direct to business partners.
. As Lead, Designed and Implemented SMTP server at the Z/800 mainframe.
. As Lead, Set up Mainframe network (TCP/IP, FEPs 3745) during DR
exercises.
CM Inc. July 1999 - October 1999
CISCO Network Engineer
. Evaluated CISCO VPN client for a Canadian Government site, with CISCO
Secure TACACS+ Servers for AAA (Authentication, Authorizations and
Accounting) and Entrust Servers for RSA Certificates along with
Entrust VPN connector as well as Policy based routing and Network
address Translation (NAT) and Port Address translation (PAT) at the
router/firewall.
Olayan Saudi Holding Co., Saudi Arabia March 1983 - June 1999
Technical Team Lead - IBM Mainframe, Network and Operation
. Led a team of 10 Technical Administrators (Mainframe, AS/400, LAN,
WAN, Helpdesk, Computer Operations, Production Control).
. Promoted to Technical Manager Position after contributing as Mainframe
Systems Programmer.
. Impressed IBM and saved turnaround time and money for company by
developing, from scratch, an Assembler program to route printouts from
LSTQ to remote CICS terminal printers.
. Optimized resource utilization by inventing solutions: 'CICS
Messaging', 'VSAMAID', 'Segmentation from batch jobs', and
'Integration of Xerox JDL (Job Description Language) with mainframe
JCL'.
. Designed and implemented LANs and WAN (3270 SNA/CISCO) country-wide
for implementation of ERP solution to replace mainframe before Y2K.
. Designed and implemented a VTAM SNA 3270 CICS network with leased
lines and X.25 throughout country. Setup CICS with Dynamic
Transaction Backout (DTB) for implementation of a real-time integrated
Inventory Control System (ASI) across the country.
. Configured 3174, 3274 control units, IBM SDLC modems.
. Designed automated COBOL Source Code Change Control procedures for ASI
using ICCF macros and procedures.
. Led technical team in selection process for Mainframe development
tool, short listed CSP/CICS and Gener/OL and decided to implement
CSP/CICS.
. Designed and executed migration of COBOL source code from OWL source
library to ICCF, extensively creating ICCF macros and procedures to
automating tasks.
. Excellent track record as IBM Mainframe Systems Programmer,
administering 3270 SNA networks, VSE/SP, VSAM, DL/I, CSP, CICS, VTAM,
CA-DYNAM, CA-JARS, Easytrieve/+.
. Perfectly executed Mainframe OS migrations.
. Administered DL/I as DBA.
. Designed Application systems with DL/I DB in previous jobs.
. Ace programmer in COBOL, Assembler, CSP, DLI/COBOL, CICS/COBOL in
previous jobs.
. As Business Analyst, designed DL/I DB-based systems for Personnel and
Payroll at United Bank Limited.
Education and Professional Development
B.SC., Karachi University, Pakistan
. CISCO CALL MANAGER, CISCO IP telephony
. Cisco ASA firewalls
. CISCO Wireless
. CISCO ATM
. Supporting CISCO network
. CISCO Advanced QOS
. Project Management at IBM
. VTAM Administration at IBM Sudbury, England
. DL/I DB Administration, DL/I GIS,
. Mainframe Systems Programming
. TCP/IP, Windows NT Administration etc.
Contact this candidate