Tyne And Wear, England, United Kingdom
Cloud Infrastructure and Security Consultant
Azure consultancy - design and implementation
Requirement: Design and build an Azure production environment capable of receiving official government workloads with the potential goal of migrating on-premise systems to Azure: • IPsec Site to Site VPN connection made using Palo Alto firewalls using a prime profile. • Secured £5000 from Microsoft to aid with the initial Azure running costs. • Environment built based on the Azure Enterprise Scaffold information published by Microsoft, routing all Internet traffic via the Azure firewalls as part of a hub and spoke configuration. • Detailed designs completed and presented to the security team for acceptance and work towards accreditation of the environment including Key Vaults, Security Center, Defender AV, Network Security Groups, Traffic Analytics, Log Analytics, Azure RBAC setup including conditional access and privileged identity manager. • Infrastructure as Code (IaC) approach followed using Visual Studio Code and JSON (ARM) templates and PowerShell. Requirement: Create a secure virtual desktop environment to communicate encrypted documents with the EU application toolset outside of the main network: • Decommissioned the previous on-premise EU application toolset environment and moved the mail domain to the production Office 365 tenant for reuse. • Deployed the latest windows 10 image in spoke VNet in Azure with the EU toolset installed • Image managed via Intune policies and with user accounts residing in new Azure AD custom domain. • Image locked down based on NCSC windows 10 1803 MDM guidance • Environment documented and handed over to support.
Migrate a complex application from a 3rd party data center into Azure via Azure Import / Export Present the Azure shared services design to the clients domain architecture governance board and risk team to move through the customer go live phases.
Lead Architect on a multi million pound project replacing the organisation's windows 8.1 desktops with new windows 10 desktops running on a new organisations network, without impacting the business applications running in Azure. This included designing and implementing a secure cloud solution to allow business applications to always be available from the new desktop by connecting the networks. Exit the legacy desktop data centers and local WAN and LAN providers by end of March 2018 and decommission all onsite hardware.
Implement and document the Computacenter Synergy VMware configuration on a secure Government network including installing VMware SRM vSphere replication and array based replication for DR functionality. (Very high profile transformation project). Review and comment on any client change requests from an architecture point of view. Provide technical design assurance for in-flight projects. Complete Impact Assessments with architectural design recommendations. Governance owner for the hosting environment.