Post Job Free
Sign in

Senior Systems Engineer and Solution Architect

Location:
United States
Salary:
130000+
Posted:
December 18, 2009

Contact this candidate

Resume:

PROFILE

An IT professional with an extensive **+ years of experience in engineering, administration and support of information systems. Expertise in analysis, design, planning, piloting, implementation, optimization, troubleshooting and documentation of network systems. Solid management skills, ability to lead and follow through to ensure success. Diagnoses complex problems and systems and consistently delivers effective simple solutions.

EXPERIENCE

SENIOR TECHNICAL CONSULTANT, LUCID SOLUTIONS GROUP; ALBANY, NY — 2004-PRESENT

As a consultant for Lucid Solutions Group (formerly SystemsEng) I meet with customers to gather the business and technical requirements for the project, perform an assessment, present it to the client and set realistic expectations. From the assessment I would create a detailed scope of work, including hardware and software requirements, any additional resources required for the project and develop a list of milestones with estimated timeframes. At the completion of the project we would provide long-term support.

New York State Office of Cyber Security and Critical Infrastructure Coordination (3/2005 – Present)

• BroughtintodetermineissueswithActiveDirectoryconfiguration;includingDNS,DHCP,andGroupPolicy. Implemented a full redesigned of the domain OU structures to efficiently target and implement new Group Policy Objects as set forward as requirements from ISO and industry best practice. Created reverse DNS lookup zones and configured conditional forwarders to help direct DNS queries to E-Port caching servers. Configured subnets in Active Directory Sites and Services

• DesignedMultipleVMwareInfrastructureclustersinamultileveltierednetwork.ClustersconsistofDellPowerEdge 2950 servers with Distributed Resource Scheduling, High Availability and Enhanced VMotion Compatibility configured and connected to EMC Clarion CX 3-40 fibre channel SAN. Internal Cluster was installed with ESX and custom configured with SNMP traps and SYSLOG to forward to centralized logging and alerting server (LogRhythm), installed Dell OpenManage to monitor hardware health, configure logs to compress and limit maximum size and configured a GRUB password. External cluster was installed with ESXi to reduce risk of possible compromise. Implemented VMware Consolidated Backup (VCB) to backup VMs over the fibre and then to tape.

• Maintainnetworkinfrastructure,includingCiscoswitches,NetscreenFirewallsandCiscoASA5510andCiscoASA 5540 security devices. Created an Internet Only network that can be extended anywhere internally, allowing for guests to have external access to the Internet with limiting risk to the internal network. Created a multi tier DMZ network to allow for publishing of services to the Internet. Implemented remote VPN access, allowing users to use their Active Directory user credentials to authenticate using Microsoft’s Internet Authentication Server using the RADIUS protocol. Implemented Cisco Works LAN Management Server that monitors and maintains Cisco switched in the network.

• ImplementedpatchmanagementprocessthatusedbothWindowsSystemUpdateServer(WSUS)andMicrosoft Systems Management Server 2003 and began setting up software distribution within the domain. Deployed Systems Management Server to inventory hardware/software, deploy software with automatically, target specific patches on pre- defined schedules and remotely troubleshoot user issues. Designed and deployed Microsoft Operations Manager 2005 to monitor systems, alert IT staff of any issues and archive security event logs.

• ConfiguredandmaintainedISAServerswithWebsense. • TrainedlocalstaffonActiveDirectory,GroupPolicies,VMwareInfrastructure,SystemsManagementServer2003,

Microsoft Operation Manager 2005 administration, network configuration, and VMware maintenance and administration.

South Colonie Central School District (10/2006 – Present)

• MaintainCiscoASA5510andcoordinatewithlocalBOCEStoallowincomingtrafficforwebsite,IPSecVPNandSSL VPN. Reconfigured network to fix some issues with VTP and spanning-tree, configured Cisco Catalyst 6509 to be VTP Server and spanning-tree root.

• ReconfiguredActiveDirectorytoeliminateissueswithGroupPolicyandDNS.CorrectlysetupActiveDirectorySites and Services to properly reflect all sites and subnets. Implemented the use of Distributed File Service and folder redirection to lower administrative overhead with moving data shares between servers and replacing desktops.

• Upgraded the e-mail environment to Microsoft Exchange 2003 with GFI Mail Essentials to filter spam. Implemented a front-end Outlook Web Access server in the DMZ to allow for remote access to email.

• Design,implementationandsupportofVMwareInfrastructureenvironmentovermultipleserverswithsharediSCSI storage on two Dell EMC AX150 SANs to virtualize existing servers and then reduce the number of overall virtual and physical servers within their domain overall; increasing uptime using Distributed Resource Scheduling and High Availability. Created scheduled batch job to snapshot VMs and ship them to secondary SAN as part of a disaster recovery plan that was funded in part by a grant from New York State Archives.

DOUGLAS P. SMITH

Troy, New York 12180

H 518-***-**** C 518-***-**** *******.*.*****@*****.***

www.linkedin.com/in/douglaspsmith

• NewYorkStateArchivesawardedthemanothergranttoimplementanElectronicDocumentManagementSystem (EDMS). With the guidelines set forth by the state we selected Microsoft Office Sharepoint Server 2007. This allows them to store data about the financials and the students which is indexed and secured to allow key personnel to instantly search for information in which they are entitled. Workflows are enabled to prevent data from “accidentally” being disabled.

New York State Office for Technology (10/2005 – 12/2007)

• AdministratedseveralActiveDirectoryforestswithtrustsmaintainedbetweenthemwith60,000+userobjects,over25 domain controllers in a multi-site firewalled environment containing trust relationships with each other and external agencies.

• Designedaproofofconceptlabforimplementingnon-MicrosoftLinuxclientstoauthenticatewithActiveDirectoryusing Kerberos, LDAP, LDAPS and RADIUS. Wrote a whitepaper outlining the procedure with specific configurations on how to get each method to work properly and presenting the pros and cons of each.

• Developedmigrationplansanddocumentationtorelocateuseraccountsandworkstationsbetweenthedomainsand forests.

• ReviewallchangecontrolrequestsinvolvingallActiveDirectoryandinfrastructureserverstominimizeanyriskto service uptime.

• MaintainandupdateVMwareESX2.5.3andVMwareVirtualInfrastructure3runningdevelopmentlabandStaging environment that mimics production Active Directory forests, including patching and backups.

• ImplementeddomaincontrollersonMicrosoftVirtualServerandVMwareServertoshowlowercostofownershipwith the hardware and to identify any issues before implementing in the production environment.

• DesignedanddeployedauthenticationsystemfornewVPNsolutionusingCiscoSecureACS4.0toauthenticateusers against the Active Directory.

• Developedextensivedocumentationonroll-outandroll-backplans,schemaupdatesdeploymentsandrisk assessments.

• WorkedonSharePointprojecttotestusingSharePointServer2007inamulti-forestenvironmentwithseveral authentication providers, including Active Directory and the SunOne LDAP.

• Analysisofidentitymanagement,federationservices,directorysynchronizationandmonitoringsoftwarepackages.

New York State Office of Homeland Security (7/2007 – 3/2009)

IwasbroughtintodeterminerandomissuesthatwerehappeningwithintheirnetworkthatwaseffectingDHCPontheir network. A packet sniff using wireshark showed that DHCP clients were not registering their IP addresses to the DHCP server, due to the requests being hijacked by CA DSM server. ConvertedtheirAlbanyofficefromaflat-networktomultiplenetworksusingVLANsontheirNortel1710ContivityVPN Router. Implemented remote access through Contivity to use IPSec VPN. ConfiguredActiveDirectorySitesandServicestoallowformoreefficientlogonauthentications.

Office of Alcohol and Substance Abuse Services (9/2006)

• •

ProvidedsecurityauditofwebapplicationrunningMicrosoftInternetInformationServer6.0withColdFusionand Microsoft SQL Server 2000. IdentifiedseveralvulnerabilitiesusingtoolssuchasNessusandnmap. Documentedresultswithrecommendedsolutionsandindustrybestpractices.

Office of Parks and Recreation and Historical Preservation (3/2004 – 8/2005)

• Managedinfrastructureupgradeprojectwhichincludedreplacingallexistingservers,desktops,switches,and upgrading custom applications to work with SQL 2000 with integrated authentication and MDAC 2.7.

• UpgradedalldomaincontrollerstoWindowsServer2003withActiveDirectory,spanning14mainregionswithmore than 3600 users throughout the state. Along with upgrading their DNS and DHCP.

• Performed a side-by-side upgrade of 15 servers to Exchange Server 2003. This was all done with little to no down-time for the end-user. GroupShield was used to scan all mail for viruses and controlled by ePolicy Orchestrator.

• ReplacedISA2000withISA2003,chainingtheregionserverstotheenterprisearrayinAlbanybeforegoingtothe Internet. Surfing policies were implemented on the Albany array using Websense and downloaded content was scanned for viruses using GFI Download Security.

• Replaced former SQL 7.0 server with SQL 2000 server, and upgrading the custom databases. •

Deployed a new installation of Systems Management Server 2003 to deploy security and officeupdates, along with asset information and software deployments.

• InstructedITStaffonmoreefficientusesoftheirVPNconcentrator,theirAS5350fordial-upconnections,and configuring portfast on their switches.

• ImplementednewIIS6.0webserversandmigratedanumberofASPpagesandwebapplicationsincludingOutlook Web Access (OWA), ArcGIS, and a number of java servlets. Some of the vbscripts, java scripts, and ASP pages needed to be modified to work with the newer security model within IIS 6.0.

• CorrectedandupdatedtheirGroupPolicyObjects,removingseveralredundantentries,placingtheminoptimalorder, thereby reducing the start-up and logon times. Applied a number of security polices for Windows Server 2003 and

Page 2 Douglas P. Smith

Windows XP with SP2 to reduce the amount of administrative overhead for data coordinators and to guarantee the

security settings are applied. • WroteanumberofvbscriptsusingADSItopopulateinformationintoActiveDirectory. • ImplementedandadministratedVMwareGSXServer,VMwareWorkstation,MicrosoftVirtualServerandVirtualPC.

Created templates of Windows XP, Windows 2000 Server and Pro, and Windows Server 2003 using Sysprep for quick

virtual deployment. • InstalledandconfigureVeritasBackupExecwithRemoteAgents,OpenFilesAgent,IntelligentDisasterRecovery,and

Library Options. • ConfiguredandreplacedallaccesslayerswitcheswithDellGigabitswitches.WorkedwithlocalstafftosetupLAN-to-

LAN tunnel between OPRHP and Reserve America from Nortel Contivity to Cisco PIX. Created policies on the Netscreen to allow traffic through firewall.

SENIOR NETWORK ENGINEER/PROJECT LEAD, ELLIS HOSPITAL; SCHENECTADY, NY — 2000-2004

• Employedtofixexistingenvironmentandtomodernizeforthefuture.Thisincludeddocumentingabusinesscaseto secure funding, outline project plans, examine, and specify hardware and software products, negotiate with vendors, and delegate tasks to members of the project team.

• Planned and migrated organization's NT 4.0 domains to Active Directory with Windows 2000. Moved them to Active Directory on Windows 2003 two years later. Migrated the former Dynacare Labs NT 4.0 domain to the Active Directory forest on Windows Server 2003. Dynamic DNS, DHCP and Distributed File System (DFS) were implemented to lower administrative overhead. Designed and implemented a thorough Group Policy strategy securing and configuring workstations and servers in the domain.

• Puttogetherhardwareandsoftwarerequirementsandbudgetsforprojectsalongwithongoinglong-termmaintenance costs.

• Plannedandmanagedthedeploymentandmigrationofthee-mailsystemtoExchange2000fromNetscapeMail server. Upgraded mail system to Exchange Server 2003 on an active/passive cluster using HP Proliant DL380 servers and MSA 1000 storage array (SAN) connected via redundant fibre channel connections to virtualize several old systems using VMware GSX Server and Microsoft Virtual Server.

• OverhauledantivirussystemwithMcAfeeSuitecontrolledbyePolicyOrchestrator.GroupShieldwasimplementedto scan mail internally. Webshield e500 appliance was used to scan all incoming web traffic and SMTP traffic for viruses and spam.

• Managed,maintained,andupgradedseveralSQLservers,versions6.5,7.0and2000. • ReengineeredthedisasterrecoverystrategiesbyupgradingtoVeritasBackupExecwithacentralizedbackuplibrary

using a HP MSL 6000, along with updating all policies and procedures for doing backups and restores. • ReducedbandwidthusageandInternetabusebyimplementinganInternetSecurityandAcceleratorserverarrayfor

caching frequent web traffic and publishing web servers. Content scanning was implemented, to scan employee web

traffic to monitor for Internet abuse, using Web Inspector . • InstalledanddeployedMicrosoftSystemsManagementServer2.0(SMS),usedforassetmanagement,remote

troubleshooting, and software distribution. Later upgraded to 2003 version and was also included in patch management

along with Microsoft's Software Update Server (SUS). • Determinedaneedtoreplaceantiquatedwebserversusedtohostanumberofsitesforthehospital,community

organizations, and medical groups. Specified HP BL30p blade servers running Internet Information Server 6.0 with Cold

Fusion 6 to migrate to. • Wrotedetailedsystemsdocumentation,includinghardwareinformation,maintenanceprocedures,anddisaster

recovery outlines. Revised existing IT policies and procedures to conform to updated systems. • ManagedandupgradedCisconetworkconsistingofCatalyst6509coreswitch,Catalyst3550&2950accessswitches,

3800, 3600, 2600, 2500, 1700 routers, AS5350, 3015 VPN concentrators, and PIX firewalls. Maintained routing network using EIGRP. Responsible for the setting up LAN- to-LAN tunnels with the Cisco 3015 VPN Concentrator. Catalyst 6509 core/distribution switch, with 28 VLANs segregating traffic for security purposes with Access Control Lists (ACL).

• MaintainednumerousWANconnectionsforremotehealthclinics,partneredhospitals,financialoffice,schoolofnursing, and specific vendors/service providers. WAN connections consisted of point-to-point T1, Frame-Relay, ISDN, and point- to-point 1.2 gigabit laser connection with 100 megabit RF backup connection. Implemented PIX firewalls between hospital and service providers to maintain security of patient data.

• MaintainedfirewallrulesetinGauntlet6firewalltoallowinternetaccesstoseveralwebservers,mailservers,andVPN concentrators located in the DMZ.

• Usedmonitoringtoolstomonitornetworkandserversystemsandalertappropriatepersonnelofissues.Thesesystems included Insight Manager, Openview, Openmanage, Ciscoworks, Jetadmin, and Argent Guardian.

• AdministratedandupgradedsmallCitrixMetaframe1.8farm,usedtosupportremotehospitalsiteandremotefinancial group.

• OthersystemsanddevicesIimplementedand/ormanagedareKronosWorkForceCentral,RSASecurID,Powerscribe Voice recognition transcription system, Microsoft SNA Server 4.0, Microsoft Host Integration Server, Gauntlet Firewall (Solaris Platform), Zixit VPM (e-mail encryption), and Openlink (Siemens's medical EDI).

• SupervisedtheEllisHospitalandAmsterdamMemorialnetworksandsystemsalongwithremoteclinicalandfinancial billing sites, composing of more than 3,000 employees. This included daily administrating a Windows Active Directory domain and Novell 4.1 NDS tree.

Page 3 Douglas P. Smith

CONSULTANT, COMSYS-ITS; ALBANY, NY — 1997-2000

Fleet Boston (4/1999 – 3/2000)

• ContractedagainfortheBankofBostonMergerwiththesamegrouptoplanandoverseetheconversionof1000+ branches to the Fleet systems and upgraded token ring networks to Ethernet using Cisco Catalyst switches and new IBM Servers.

New York State Department of Labor (1/1999 – 4/1999)

• ContractedtoAtlanticNetworkServicestoimplementmultipleresourcedomainsconsistingofacombined74domain controller servers across the state as part of the LEXX II project.

New York State Thruway Authority (11/1998 – 1/1999)

• Createddesktopimagefornewstatewidedesktopdeployment.Oversawdeploymentandmigrationofend-userdata.

Office of Parks and Recreation and Historical Preservation (3/1998 – 11/1998)

• ConvertedagencyfromantiquatedPrimesystemusingserialconnectorwithdumbterminalstoafullyroutedIPnetwork using Microsoft Windows NT 4.0 Network.

Fleet Bank (10/1997 – 3/1998)

• ContractedtotheBankSoftwareEngineeringGroup(BSEG)forY2Kconversionof1800+branchesfromaproprietary System V Unix to Microsoft Windows NT 4.0 Server, running SNA 4.0.

• WroteVBAscriptsbetweenMicrosoftExcelandHummingbirdExceedthatquerytheendpointserversforhardware information and reporting if the hardware needed to be upgraded. Wrote scripts to verify that IP connectivity, SNA parameter and that software versions on the server were correct.

EDUCATION & CERTIFICATIONS

Computer Information Systems, Hudson Valley Community College; Troy, NY – 1991 - 1993 Uncle Sam Toastmasters Club #1138; Troy, NY – 2009

VMware Certified Professional (VCP) - 26613 2008 Microsoft Certified Systems Engineer (MCSE) Windows 2003 - 924-***-**** Microsoft Certified Systems Engineer (MCSE) Windows 2000 - 924-***-**** Microsoft Certified Systems Engineer (MCSE) Windows NT - 924-***-**** Microsoft Certified Database Administrator (MCDBA) SQL 2000 - 924-***-**** Cisco Certified Network Professional (CCNP) - CSCO10043083 2002 Cisco Certified Design Professional (CCDP) - CSCO10043083 2002 Cisco Certified Design Associate (CCDA) - CSCO10043083 2002 Cisco Certified Network Associate (CCNA) - CSCO10043083 1999

SKILLS

Hardware

Dell PowerEdge Servers, HP Proliant Servers, IBM xSeries, Equalogic iSCSI SAN, EMC Clarion SAN

Operating Systems

Microsoft Windows Server (2000, 2003, 2008), Microsoft Windows XP, Microsoft Vista, Microsoft Windows 7, Ubuntu Workstation, OpenSuse, Mac OS X, VMware ESX

Software

Microsoft Active Directory, Microsoft Exchange, Microsoft ISA, Microsoft SharePoint, CiscoWorks LAN Management Solution, HP Openview Network Node Manager, Ipswitch Whats Up Gold

Network

Cisco CatOS, Cisco IOS, Cisco Catalyst Switches, Cisco Routers, CiscoWorks, Cisco ASA and PIX firewalls, Cisco 3000 Concentrators

Scripting Languages

Powershell, VBscript, WSH, ADSI, COM+, CDO

Page 4 Douglas P. Smith



Contact this candidate