Your SlideShare is downloading. ×
  • Like
Projects and Achievements at GosNIIAS - Victor Berenshteyn
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Projects and Achievements at GosNIIAS - Victor Berenshteyn

  • 490 views
Published

Projects and Achievements at GosNIIAS - Victor Berenshteyn

Projects and Achievements at GosNIIAS - Victor Berenshteyn

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
490
On SlideShare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
2
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Victor Berenshteyn Systems / Network Engineer MCSE: Security 2003 Kaspersky Specialist http://nz.linkedin.com/in/vberenshteyn
  • 2. Overview
    • The presentation highlights accomplished projects and results achieved in the role of Systems / Network Engineer and IT Team leader at GosNIIAS, Avionics Department.
    • Company profile
      • 150 employees
      • Software development and testing for Aviation Industry
      • Contractor of Rockwell Collins, USA; Smiths Industries, USA; Thales, UK.
  • 3. Server rooms – 1/3
    • Situation
      • outdated comms room without proper physical infrastructure, power and air-conditioning
      • no racks, equipment on tables
      • per-server low-capacity UPS-es
      • cabling mess
      • company’s plans for
        • multi-floor extension
        • double hiring
        • update and increase the number of servers
    • Task
      • design and implement a project of a central server room and per-floor comms rooms
  • 4. Server rooms – 2/3
    • Action
      • selected a vendor for physical infrastructure solutions, APC
      • learnt technologies, product lines, equipment features : vendor’s seminars, online study
      • communicated with vendor’s consultants: defined solutions, created specifications, negotiated costs
      • designed, presented and discussed with the company’s management 3 possible solutions with different ratio of cost, reliability and scalability
      • communicated with and supervised the builders, electricians and air-conditioning engineers
      • managed procurement of the equipment
      • designed and planned installation, goal: minimise downtime
      • trained IT team
      • performed installation
  • 5. Server rooms – 3/3
    • Result - well-organised, completely redundant, fully monitored and remotely managed secure server rooms with total space decrease by 25%
      • server racks, IP KVM, colour-coded SCS
      • 2 independent power lines terminating at two 5kVA UPS-es to provide redundant power supply; RPS for 1-PSU units
      • air conditioning with redundancy
      • environment monitoring and pro-active alerting (power, temperature, humidity)
      • managed shutdown in the case of emergency, no data loss
      • documentation and change management
  • 6. Virtualisation – 1/2
    • Situation
      • increased demand for new services
      • requirements for
        • service isolation
        • service availability
      • no budget
    • Task
      • implement server virtualisation without additional expenses
  • 7. Virtualisation – 2/2
    • Action (time: 2007)
      • selected free solution, Microsoft Virtual Server 2005 R2
      • extensively learnt (online, vendor’s conferences)
      • created an essential documentation
      • designed and implemented with security emphasis
    • Result
      • 40% of servers are virtual
      • server availability
      • service continuity
      • effective use of hardware, rack space, and AC power
    • Follow-up
      • piloted Hyper-V 2.0 implementation and migration
  • 8. Volume licensing
    • Continuous action
      • learning volume licensing from various vendors
      • planning
      • procurement
      • license management
      • usage monitoring
      • SAM (Software Asset Management)
    • Result
      • decreased expenses for software (approx. 20%)
      • flexible license distribution
      • controlled software installations
  • 9. Unified desktop environment – 1/2
    • Situation
      • high PC rotation rate
      • constantly increasing number of employees
      • repeatedly deploying a limited set of software
      • requests to re-install a PC after testing a new software or new development release
    • Task
      • create an efficient, fast and simple procedure to deploy or restore a PC
  • 10. Unified desktop environment – 2/2
    • Action
      • standardised desktop software configurations
      • created a procedure to rollout unified desktop environment
      • created associated documentation and conducted training for IT staff
    • Result
      • deployment or complete restore of a fully customized PC takes 15-25 minutes
  • 11. Enterprise Security – 1/2
    • Task
      • implement network anti-malware solution with centralised management and pro-active alerting
    • Action
      • designed and deployed corporate anti-malware solution – Kaspersky Enterprise Space Security
      • maintained and supported the solution
      • trained IT staff, delegated activities and supervised
    • Result
      • with 150 workstations, only 4 local incidents within 8 years
  • 12. Enterprise Security – 2/2
    • Task
      • implement a continuous security monitoring
    • Action
      • learnt threat detection tools, selected MaxPatrol by Positive Technologies
      • created and documented a procedure of periodic security scanning
      • implemented security monitoring from both outside and all segments inside of the network
    • Result
      • no single penetration within years
      • no single service compromised
  • 13. Network re-design – 1/3
    • Situation
      • unmanaged, undocumented reactive growth of the network
      • running-out of physical capacity
      • bandwidth bottlenecks
      • lack of security
    • Task
      • re-design the network in terms of scalability, manageability, performance and security, using existing equipment and purchasing new as necessary
  • 14. Network re-design – 2/3
    • Action
      • network re-design
      • smooth implementation, no downtime
      • introducing VLANs
      • configuring link aggregation
      • raising security level and implementing RBAC
      • introducing 1Gb-to-workplace with the new equipment (Dell), while preserving old 100 Mb equipment (3Com, Cisco) for lower-demands users
      • configuring monitoring and alerting (SNMP, email, Dell OpenManage)
      • establishing network documentation and change control
      • training IT staff
  • 15. Network re-design – 3/3
    • Result
      • predictive readiness for network growth in size and complexity
      • keeping the growth controlled and smooth
      • change management
      • VLANs
        • increased security and performance for management segment of the network
        • simple physical port reassignment at the access level
      • link aggregation provided the network with performance, redundancy and stability
      • keeping awareness of the network state
      • delegation monitoring and basic control activities to IT staff
  • 16. Cisco ASA 5520 – 1/2
    • Situation
      • outdated all-in-one network edge solution for firewall, proxy- and email- server
    • Task
      • implement dedicated firewall solution with IPS and VPN capabilities
      • move proxy- and email- services into DMZ
  • 17. Cisco ASA 5520 – 2/2
    • Action
      • selected Cisco ASA, extensively learnt the solution
      • re-designed network edge
      • extensively tested, piloted, launched, conducted post-production testing
    • Result
      • strengthened network security
      • flexible network design
  • 18. Microsoft SQL Server 2005 – 1/2
    • Situation
      • multiple database engines with default configuration spread across the network
      • after project completion, production databases remained on developers’ PCs
      • no backup
    • Task
      • implement secure deployment of centralised database server
  • 19. Microsoft SQL Server 2005 – 2/2
    • Action
      • configured hardware for optimum performance
      • deployed MS SQL Server 2005 with security emphasis
      • migrated production databases to the new server
      • established backup procedure
    • Result
      • dedicated server with highly secured environment
      • fast and reliable data access
      • separated test and production environments;
      • precise and controlled permissions for data access
      • supported business continuity with current backups
  • 20. Microsoft infrastructure upgrade
    • Situation
      • Windows NT domain connected with VAX mainframe
      • Windows 2000 forest
    • Action
      • upgraded the infrastructure to Windows Server 2003 level and configure forest trusts
      • preserved mainframe connection
      • included complete testing in a virtual environment
  • 21. Hardware monitoring
    • Action
      • deployed Dell OpenManage and HP SIM
    • Result
      • keeping business continuity by pro-active health monitoring and awareness of the entire network’s state and every single system in it
  • 22. Backup
    • Action
      • designed and implemented backup solutions (Acronis True Image)
    • Result
      • quick and flexible backup
      • ease, precise and minutes-long restores
      • safety of configuration changes
    • Follow-up
      • developed dedicated backup plans for Active Directory and SQL Server services
  • 23. Remote access
    • Situation
      • requirements for network access from home
      • involving partner companies in joint work
    • Task
      • implement remote access solution
    • Action
      • deployed RAS on Windows Server 2003
      • VPN: PPTP, MSCHAPv2, very strong passwords with short life term
      • IP port filtering
      • VPN users buffer subnetwork
    • Result
      • simple yet secure VPN for remote access
  • 24. Code/change management
    • Deployed with advanced security:
    • Microsoft Visual SourceSafe
    • Subversion (SVN, incl. Apache)
    • Telelogic (IBM Rational) software
      • Synergy
      • Change
      • DOORS
  • 25. Microsoft SharePoint Services
    • Situation
      • SVN usage for storing not only code but also documentation
      • projects' and other documentation spread across multiple shares on the network
      • requirements for convenient collaboration system
    • Action
      • learnt Microsoft SharePoint Services technology
      • presented the technology to the management
      • deployed Microsoft SharePoint Services and sample portals for documentation management and Help Desk ticketing
    • Result
      • Efficient web-portal environment at no cost
  • 26. File and Print Servers
    • Action
      • deployed File and Print Servers with WinSrv2003 R2-extended management features
    • Result
      • effective, flexibly-quoted use of disk space
      • pro-active monitoring
      • decrease of administrative overhead
  • 27. Inventory
    • Situation
      • scattered and incomplete inventory information on both hardware and software
    • Action
      • deployed hardware and software inventory system (Total Network Inventory by SoftInventive)
    • Result
      • structured comprehensive up-to-date inventory
  • 28. Summary – 1/2
    • Accomplished projects developed company’s network into a well-established up-to-date, efficient, flexible, stable and secure IT infrastructure
    • The value created for the company was defined by
      • saved budgets for the equipment by using existing one with virtualisation technologies
      • decreasing expenses for software by SAM
      • saved space for server rooms
      • fast deployment and recovery
      • efficient threat management
      • analysing and improving IT processes within the organisation by introducing new technologies
      • keeping business continuity
      • training IT staff
  • 29. Summary – 2/2
    • The achievements were backed up by
      • sound Systems and Network knowledge
      • concentrating on business value and service delivery
      • strong ability to plan and implement IT-projects within scope, budget and schedule
      • great communication skills at all levels
      • strong multitasking, time-management and organisational skills
      • dedication for learning with passion for IT