Network Engineer Cisco and Microsoft Azure Architect
Resume:
Syed Ali Imam Naqvi (Ali Naqvi)
Microsoft Azure Architect Design (AZ-304)
Designing and Implementing Microsoft Azure Networking Solutions (AZ-700)
Palo Alto Certified Network Engineer (PCNSE)
***.******@*****.*** 714-***-****
Summary
IT professional with over 12 years of experience in analysis, design, operation, engineering, administration, migration, on-site support, escalation support, and troubleshooting of large networks in on-premises and AWS and Azure cloud environment.
Experience in design & implementation of security in Infrastructure of enterprise networks comprising of 10000 + users, hundreds of networking devices (more than 1000), spanning multiple cities in national and global environment – extensive use of Cisco and Palo Alto (using Panorama and CLI) Technologies
Experience in Azure and AWS Cloud Infrastructure and Services and in Networking and Security Design and implementation
Implementation and troubleshooting of routing, ACLs and Security Groups in AWS environmrnt with more than 100 subnets
Setup VPC peering and Internet gateways
Assisted application teams in migration from on-premises data center to Azure and AWS
Extensive work for a real estate title company on setting NSGs in Azure cloud environment and on Palo Alto Panorama and Cisco ASAs
Worked for a city government in Northern California to migrate data center from on-promises to a co-lo
Worked for a city government in Northern California to setup WAN with ASE lines and replace OpteMan circuits with ASE lines
Using Visio and MS Office, documented overall City network infrastructure and made drawings for remote offices; completed drawings for equipment and hardware in new data center
Configured new routers for replacing old ones in the process of MPLS circuit upgrades (from AT&T PNT to AVPN, AT&T Dedicated Ethernet) at a Federal Credit Union; setup SD-WAN using VeloCloud Edge 2000
Experience in design and in capacity planning of multiple entry points, MPLS, B2B/Site-to-Site VPN, and external firewalls, into a campus network
Configuration, implementation and troubleshooting on Palo Alto PA-3060 firewalls in active/standby mode and connecting through Cisco Nexus 93180 switches
Configuration and troubleshooting of F5 load balancers along with Cisco ASAs
Experience in connectivity of multiple large and small campuses through 3rd party (AT&T and Verizon) MPLS for enterprise networks
Implemented security on wired and wireless networks using 802.1x on Cisco switches using Windows NPS with Active Directory and just with workgroup and supervised client configuration on Windows notebooks and desktops
Extremely strong background in IPv4 subnetting, including VLSM
VLANs, STP, VTP Trunks, and QoS on Catalyst (IOS), Cisco 4507E switches (IOS-XE) and FEX on Nexus 5K/2K (NX-OS) switches
Migration experience of circuits and networks from one phase to the other
Cisco ASA 5510 and 5585-X Series Firewalls, VPNs (Site-to-Site, Remote user), RADIUS, LDAP, and TACACS+
Experience in design and implementation of logical firewalls using contexts on ASA firewalls
Implemented EIGRP, OSPF, and BGP configurations on Cisco routers, including ASR 920, 1002, 1004 (IOS-XE), ISR 4321, 4331 and 443104
Configured ISR 4321 for routing DID and tollfree traffic from Session Border Controller to AT&T
Wireless networks including WLCs and Access Points, both zero-touch (light weight) and autonomous
Strong experience in Change Control using ServiceNOW, ITSM (Remedy), Serena Business Manager, and HPSM
Strong experience in Data Center setup comprising of rack arrangement, cable organizers, and stacking equipment
Excellent skill-set in cabling and connectivity in multi-story buildings, including IDFs and MDFs and multi-mode and single-mode fiber optic cable layout
Experience in Ethernet and fiber optic technologies and accessories like SFPs and media converters
Experience in use of network design and monitoring software such as BlueCat IP Address Management, SolarWinds, Cisco NetFlow, SharePoint and Visio (for documentation) and familiarity with InfoBlox
Excellent verbal and written communication Skills in English
Used Remedy to initiate incidents (tickets) and implement change requests for making configuration changes in Cisco devices as per company policies.
Implemented and tested QoS for VoIP in remote branches and offices
Technical Certifications & Skills
Microsoft Azure Architect Design AZ-304
Designing and Implementing Microsoft Azure Networking Solutions (AZ-700) AZ-700
Palo Alto Engineer PCNSE
Cisco Certified Network Professional – Routing/Switching/TShoot CCNP – R/S/T
Cisco Certified Data Professional CCDP
Technical Skills Detail
Cisco Technologies: Cisco IOS, IOS-XE, IOS-XR (ASR 9000 series), Routers (ISR 44xx, ISR 4321, ASR 920, 3900, 2900, 1900, 800), ASR 1002 and 1004, Cisco Catalyst switches (6500-E, 4500, 3700, 3600), Cisco Nexus (2248, 5010, 7010, 93108, 93180, and 9504), CDP, Cisco ASA 5500-x Series, DMVPN, Cisco ISE, Cisco Aironet AP, and NetFlow
Palo Alto Enterprise Firewalls Operation and configuration of Enterprise Palo Alto firewalls using Panorama and CLI (ssh), adding and modifying security policies, IPSEC site-to-site VPNs, and reconfiguration of VLANs for segmentation of L2 networks
Network Technologies: EIGRP, BGP, MPLS, QoS, OSPF, Multi-Area OSPF, NBMA, HSRP, GLBP, VRRP, PPP, Network Address Translation (NAT), Port Address Translation (PAT), OSPF Virtual links, RIP, RIPv2, Static Routing, and Stub Routing, VLANs, VLAN Trunking,, VTP, STP, SVI, CEF, SDN and SD-WAN, EtherChannel, BPDU, Portfast, PoE, SNMP, SNMPv3, SMTP, CDP and LLDP, F5 load balancers, and Wireshark
Security Technologies: RADIUS, ACL, AAA, IPS/IDS, TACACS+, LDAP, SSH, VPN, DMVPN, Cisco ISE, IPSec, Port Security, MAC Address Filtering, IPS/IDS
Wireless Technologies: IEEE 802.1x & 802.11 a/b/g/n/ac, WLAN, WLC and LWAPP, WAP, AP, SSID, LWAPP, CSMA/CA, Aironet, Wireless Surveys (using AirMagnet)
Networking Tools: SolarWinds for NPM, NCM, and IPAM, NetBrain for dynamic mapping of network L3 and L2 topologies, Firemon, extensive use of InfoBlox for IP assignments and IP reservations in InfoBlox DHCP, and Bluecoat IPAM
Connectivity & Hardware: Blade Servers, DNS Servers, DHCP Servers, Web Servers, RAID systems.
ITIL Technologies ServiceNOW for incidents, task breakdown, and Change Control, ITSM (Remedy), HPSM, Serena Business Manager (TeamTracker)
Summary of Professional Experience
NetData Solutions, Inc. Senior Network Engineer 2009 – Present
Education
Degree in Engineering University of Texas at Arlington
Professional Experience Detail
NetData Solutions, Inc. Senior Network Engineer 2009 – Present
Recently, I have been working upon following projects and technologies:
Currently. working on implementation of projects and operations of multi-site network using Cisco routers, switches, and Palo Alto Enterprise firewalls for a major health organization. This work includes:
Creating and maintaining zones, address objects, and security policies on Palo Alto firewalls using Panorama and CLI (4000+ users and 1000+ servers)
Segmentation of large subnets with public IPs into smaller, more efficient private IP-based VLANs and subnets
Moved existing VLANs from direct network to “behind the firewall”
URL Filtering, moderate application filtering, traffic monitoring, and troubleshooting on Palo Alto firewalls
Site-to-site VPNs between campus and remote clinics and smaller hospitals using PA firewalls
Extensive use of InfoBlox as DHCP, DNS, and IPAM tool
Assigning medical devices, Audio visual devices, and special-purpose machines to proper VLANs, and subnetting of VLANs on Cisco switches and PA firewalls
Extensive use of ServiceNOW and Footprint to address issues, documenting solutions, change requests and control, and customer service
Worked on design and implementation of projects using Cisco routers, switches, and Cisco ASA firewalls for a major US pharmaceutical company. This work includes:
Provided solutions for MPLS, Site-to-site VPNs, and standard Internet-based access requirements
Worked upon design & implementation of security in Cisco ASA-based Infrastructure of enterprise networks comprising of 6000 + users, hundreds of servers (more than 1000
Migration of subnets/DMZs from non-Cisco firewalls to Cisco 5585-X by exporting the rules and formatting them for 5585-X and re-configuration of the routes
Configured Cisco and Extreme switches for access and distribution layers of a campus network spanning
Modified and enhanced existing DMVPN infrastructure from 2 routers to 4 routers
Implemented highly secure Cisco ASA-based design for PCI (credit card) and personal health-related (PHI and PII) data
Designed and implemented connectivity between corporate offices and other clients and vendors using dedicated MPLS and/or VPNs
Performed troubleshooting at tier 3 level for connectivity issues
Scripted (advance level) and implemented firewall changes for permitting traffic using object groups, access lists, NAT, and routing
Extensive troubleshooting using Cisco ASA “Packet-Tracer”, logging, and packet capture
Used SolarWinds, Firemon, NetBrain, Serena Business Manager, and HPSM to implement Change Control
Worked on a pilot project to study feasibility and to analyze AWS implementation in hybrid environment
Worked on Design, Implementation, and Operational aspects of a global network of a pharmaceutical company based in USA.
Designed and implemented Layer 2 and Layer 3 LAN architecture for manufacturing plants, warehouses, and offices in different cities of USA and other countries by allocating subnets for Data and secure VLANs
Configured Cisco and Extreme switches for access and distribution layers of a campus network spanning
Configured OSPF on Layer 3 switches
Configured switches for AAA, Spanning Tree, SSH, VLANs and trunks, Data/Voice interfaces, SNMP monitoring of ports, TACACS authentication, stacking of individual switches
Configured Cisco routers for AAA, SSH, SNMP monitoring of ports, NetOptics TAPs, eBGP and iBGP routing, OSPF routing, ACLs to implement QoS with Class- and policy-maps, Route Maps, and TACACS authentication
Configured Cisco routers as customer edge (CE) routers to connect to MPLS circuits
Configured site-to-site VPNs on Cisco routers and ASA firewalls for connecting backup WAN links to main Data Center routers
Configured NetFlow for monitoring router links
Updated Bluecoat IPAM database with site and subnet information
Extensive use of ITSM/Remedy to implement “Change Management” by following a “Change Request” from draft to completion
Worked with Operations team to monitor network performance of routers and switches using SolarWinds, LogRhythm (Syslog database), BPPM (Alarms and notifications)
Extensive use of ServiceNOW, ITSM/Remedy to record, update, concepts of ITIL, and resolve incidents (tickets) as reported by hundreds of users
Documented design and changes using Visio and SharePoint (site prepared by client company)
Extensive communication in setting up incidents with AT&T, Verizon, Cisco, Extreme, and other vendors
Worked on a major project for Data Center migration for a Southern California utility company; this involved migrating functionality of all the network routers, switches, and firewalls of a previously designed network.
Completed the following tasks:
Configured VLANs and vPCs on new Nexus 7010 and 5K switches with Nexus 2248 Fexs connecting Cisco UCS and other servers. Fabric Path implemented.
Setup site-to-site VPNs for business partners of utility company.
Migrated extranets for business partners from old DC to the new DC. This involved verification of circuits from AT&T and Verizon, configuration of extranet router, GoLRs, and core routers, and extensive testing.
De-commissioning of network devices in the old DC by verifying that their functionality is available in new DC.
Used ITSM Remedy to initiate change request process and following the change request plan through implementation and post-implementation phases, including back-out plan.
Worked on a major project for an international service company to upgrade 150+ location network of a Southern California public organization from multi-vendor networking equipment to Cisco-only equipment; completed the following tasks:
Designed network for sites with various security and redundancy requirements, single-homed to multi-homed. These sites have 10 to 1500 users.
Replaced legacy routers with Cisco 2951 and ASR 1002 routers as per new specifications/configuration for local OSPF and BGP routing with MPLS VPN and dark fiber connections to a data center. Routers are configured with 2 to 7 VRFs for path isolation for different departments of public organization.
Coordinated with other team members to order new circuits for connecting to MPLS ring.
Designed network to connect servers and devices to connect to Nexus 2248 (Fabric Extenders) and to Nexus 5K switches in main data center.
Worked (with other team members) in setting up Cisco Nexus 7K switch as new "core" in the main data center by dividing Nexus 7K in 4 VDCs (core, distribution, edge, and voice).
Worked on establishing Internet access for all locations through Cisco ASA 5585-X firewalls, setting up ACLs and NAT rules.
Following is a list of services provided and responsibilities personally handled:
Network Security:
Designed, configured and installed new Cisco ASA 5515. Configured all the security protocols by implementing strict enforced access via ACLs, NAT, Class Maps, Policy Maps, VPN access to business resources.
Configured security policies and related objects, URL filtering, site-to-site VPNs, application IDs, and LAN segmentation, traffic monitoring, and troubleshooting on Palo Alto Enterprise firewalls for a city government and a major health organization
Installed, configured Cisco ASA 5510 Firewalls in DMZ and Disaster recovery
Configured Class Maps, Policy Maps and Service Policy for Layer 7, 3 and 4 URL filtering
Configured Port based security, implemented 802.1x port-based authentication.
Configured and Implemented RADIUS for VPN, AAA and controls for all devices
Switches and Routers:
Designed, configured and implemented Cisco 6509-E switches Access Layers Cisco 3750-x and 3850 switches with VoIP, port channel and port-security.
Configured and implemented routing protocols such as EIGRP, OSPF, RIP and BGP on Cisco 1700, 2600, 2800, 2900, ISR 44xx, ISR4321, and 10 Gi ASR 920 series routers.
Configured and designed VLAN networks and enforced strict ACL filtering between VLANs for Production and Development Networks.
Installed and configured Cisco Stack Switches 3750 and 3850.
Configured High Availability with HSRP, GLBP and VRRP.
Network Operations:
Worked with ISPs to install MPLS, T1
Created and maintained up to date network documentation.
Proactively anticipated networking needs for planning and budgeting
Reviewed network and/or security service/maintenance arrangements
General
Experienced and Certified in Microsoft Azure Architecture, design, and networking environment
Knowledge and understanding of AWS Cloud Infrastructure and Services
Basic scripting in Python
Documentation and Additional Details
Using Visio and MS Office, documented overall City network infrastructure and made drawings for remote offices; completed drawings for equipment and hardware in new data center
Used NetBrain for dynamic network discovery and documentation and created Visio drawing from discovery of routes and devices
Designed, installed, and configured ALL Cisco and non-Cisco (HP, SonicWALL) equipment on a multi-branch medium size LAN/WAN setup to facilitate access to Internet services and meet security requirements - Core technologies handled included: Cisco Routers (2500, 2600, 2800, 3800 Series) and Cisco Switches (Catalyst 2900, 2950, 3500, 3560, 3750, 3850, 4507), ASA 5510 Firewalls, HP 4208vl Switch, Cisco Wireless 2500 and 5500 series LAN Controllers, Cisco Aironet AP
Daily responsibilities include: escalation support activities; administration and maintenance activities; analysis, design, and project management activities; and communication/coordination activities.
Escalation support activities include onsite and remote services, diagnostics and troubleshooting, hardware break fix, software resolution, and 2nd/3rd level training and support.
Technical administration and maintenance activities include, but are not limited to, any and all scheduled and as needed installation, configuration, support, and troubleshooting of LAN/WAN technologies and devices.
Communication and coordination activities include, but not limited to, hiring and managing several contractors during major implementation projects, documentation, and scheduling as needed reports with clients.
Good practical and conceptual understanding and Cisco ACI, SD-WAN (Cisco Viptela) and VeloCloud, Palo Alto firewalls, Cisco ISE, IOS-XR, Cisco Prime Infrastructure, F5 load balancers, and basic scripting in Python
Projects & Accomplishments - Highlights
Designed and implemented IT infrastructure for medium-size businesses by engineering new network(s) and updating pre-existing infrastructure consisting of routers, switches, and firewalls as per clients’ requirements; dictated by their expansion from single to multi-location and by need of users for remote access to in-house corporate data and servers
Escalation support, administration, upgrade, implementation, and troubleshoot multiple server technologies and network devices and also performed a system migration of Active Directory, Exchange Server, Routers, Switches, firewall, and Hyper-V.
Large project of implementing large IT infrastructure for environmental company utilizing routers & switches, firewall, and various servers. Project entailed implementation of all new equipment, setup headquarters and branch offices and configuring site-to-site VPN, and SSL VPNs for remote and local users across worldwide.
Contact this candidate