Projects and Achievements at GosNIIAS - Victor Berenshteyn


Published on

Projects and Achievements at GosNIIAS - Victor Berenshteyn

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Projects and Achievements at GosNIIAS - Victor Berenshteyn

  1. 1. Victor Berenshteyn Systems / Network Engineer MCSE: Security 2003 Kaspersky Specialist
  2. 2. Overview <ul><li>The presentation highlights accomplished projects and results achieved in the role of Systems / Network Engineer and IT Team leader at GosNIIAS, Avionics Department. </li></ul><ul><li>Company profile </li></ul><ul><ul><li>150 employees </li></ul></ul><ul><ul><li>Software development and testing for Aviation Industry </li></ul></ul><ul><ul><li>Contractor of Rockwell Collins, USA; Smiths Industries, USA; Thales, UK. </li></ul></ul>
  3. 3. Server rooms – 1/3 <ul><li>Situation </li></ul><ul><ul><li>outdated comms room without proper physical infrastructure, power and air-conditioning </li></ul></ul><ul><ul><li>no racks, equipment on tables </li></ul></ul><ul><ul><li>per-server low-capacity UPS-es </li></ul></ul><ul><ul><li>cabling mess </li></ul></ul><ul><ul><li>company’s plans for </li></ul></ul><ul><ul><ul><li>multi-floor extension </li></ul></ul></ul><ul><ul><ul><li>double hiring </li></ul></ul></ul><ul><ul><ul><li>update and increase the number of servers </li></ul></ul></ul><ul><li>Task </li></ul><ul><ul><li>design and implement a project of a central server room and per-floor comms rooms </li></ul></ul>
  4. 4. Server rooms – 2/3 <ul><li>Action </li></ul><ul><ul><li>selected a vendor for physical infrastructure solutions, APC </li></ul></ul><ul><ul><li>learnt technologies, product lines, equipment features : vendor’s seminars, online study </li></ul></ul><ul><ul><li>communicated with vendor’s consultants: defined solutions, created specifications, negotiated costs </li></ul></ul><ul><ul><li>designed, presented and discussed with the company’s management 3 possible solutions with different ratio of cost, reliability and scalability </li></ul></ul><ul><ul><li>communicated with and supervised the builders, electricians and air-conditioning engineers </li></ul></ul><ul><ul><li>managed procurement of the equipment </li></ul></ul><ul><ul><li>designed and planned installation, goal: minimise downtime </li></ul></ul><ul><ul><li>trained IT team </li></ul></ul><ul><ul><li>performed installation </li></ul></ul>
  5. 5. Server rooms – 3/3 <ul><li>Result - well-organised, completely redundant, fully monitored and remotely managed secure server rooms with total space decrease by 25% </li></ul><ul><ul><li>server racks, IP KVM, colour-coded SCS </li></ul></ul><ul><ul><li>2 independent power lines terminating at two 5kVA UPS-es to provide redundant power supply; RPS for 1-PSU units </li></ul></ul><ul><ul><li>air conditioning with redundancy </li></ul></ul><ul><ul><li>environment monitoring and pro-active alerting (power, temperature, humidity) </li></ul></ul><ul><ul><li>managed shutdown in the case of emergency, no data loss </li></ul></ul><ul><ul><li>documentation and change management </li></ul></ul>
  6. 6. Virtualisation – 1/2 <ul><li>Situation </li></ul><ul><ul><li>increased demand for new services </li></ul></ul><ul><ul><li>requirements for </li></ul></ul><ul><ul><ul><li>service isolation </li></ul></ul></ul><ul><ul><ul><li>service availability </li></ul></ul></ul><ul><ul><li>no budget </li></ul></ul><ul><li>Task </li></ul><ul><ul><li>implement server virtualisation without additional expenses </li></ul></ul>
  7. 7. Virtualisation – 2/2 <ul><li>Action (time: 2007) </li></ul><ul><ul><li>selected free solution, Microsoft Virtual Server 2005 R2 </li></ul></ul><ul><ul><li>extensively learnt (online, vendor’s conferences) </li></ul></ul><ul><ul><li>created an essential documentation </li></ul></ul><ul><ul><li>designed and implemented with security emphasis </li></ul></ul><ul><li>Result </li></ul><ul><ul><li>40% of servers are virtual </li></ul></ul><ul><ul><li>server availability </li></ul></ul><ul><ul><li>service continuity </li></ul></ul><ul><ul><li>effective use of hardware, rack space, and AC power </li></ul></ul><ul><li>Follow-up </li></ul><ul><ul><li>piloted Hyper-V 2.0 implementation and migration </li></ul></ul>
  8. 8. Volume licensing <ul><li>Continuous action </li></ul><ul><ul><li>learning volume licensing from various vendors </li></ul></ul><ul><ul><li>planning </li></ul></ul><ul><ul><li>procurement </li></ul></ul><ul><ul><li>license management </li></ul></ul><ul><ul><li>usage monitoring </li></ul></ul><ul><ul><li>SAM (Software Asset Management) </li></ul></ul><ul><li>Result </li></ul><ul><ul><li>decreased expenses for software (approx. 20%) </li></ul></ul><ul><ul><li>flexible license distribution </li></ul></ul><ul><ul><li>controlled software installations </li></ul></ul>
  9. 9. Unified desktop environment – 1/2 <ul><li>Situation </li></ul><ul><ul><li>high PC rotation rate </li></ul></ul><ul><ul><li>constantly increasing number of employees </li></ul></ul><ul><ul><li>repeatedly deploying a limited set of software </li></ul></ul><ul><ul><li>requests to re-install a PC after testing a new software or new development release </li></ul></ul><ul><li>Task </li></ul><ul><ul><li>create an efficient, fast and simple procedure to deploy or restore a PC </li></ul></ul>
  10. 10. Unified desktop environment – 2/2 <ul><li>Action </li></ul><ul><ul><li>standardised desktop software configurations </li></ul></ul><ul><ul><li>created a procedure to rollout unified desktop environment </li></ul></ul><ul><ul><li>created associated documentation and conducted training for IT staff </li></ul></ul><ul><li>Result </li></ul><ul><ul><li>deployment or complete restore of a fully customized PC takes 15-25 minutes </li></ul></ul>
  11. 11. Enterprise Security – 1/2 <ul><li>Task </li></ul><ul><ul><li>implement network anti-malware solution with centralised management and pro-active alerting </li></ul></ul><ul><li>Action </li></ul><ul><ul><li>designed and deployed corporate anti-malware solution – Kaspersky Enterprise Space Security </li></ul></ul><ul><ul><li>maintained and supported the solution </li></ul></ul><ul><ul><li>trained IT staff, delegated activities and supervised </li></ul></ul><ul><li>Result </li></ul><ul><ul><li>with 150 workstations, only 4 local incidents within 8 years </li></ul></ul>
  12. 12. Enterprise Security – 2/2 <ul><li>Task </li></ul><ul><ul><li>implement a continuous security monitoring </li></ul></ul><ul><li>Action </li></ul><ul><ul><li>learnt threat detection tools, selected MaxPatrol by Positive Technologies </li></ul></ul><ul><ul><li>created and documented a procedure of periodic security scanning </li></ul></ul><ul><ul><li>implemented security monitoring from both outside and all segments inside of the network </li></ul></ul><ul><li>Result </li></ul><ul><ul><li>no single penetration within years </li></ul></ul><ul><ul><li>no single service compromised </li></ul></ul>
  13. 13. Network re-design – 1/3 <ul><li>Situation </li></ul><ul><ul><li>unmanaged, undocumented reactive growth of the network </li></ul></ul><ul><ul><li>running-out of physical capacity </li></ul></ul><ul><ul><li>bandwidth bottlenecks </li></ul></ul><ul><ul><li>lack of security </li></ul></ul><ul><li>Task </li></ul><ul><ul><li>re-design the network in terms of scalability, manageability, performance and security, using existing equipment and purchasing new as necessary </li></ul></ul>
  14. 14. Network re-design – 2/3 <ul><li>Action </li></ul><ul><ul><li>network re-design </li></ul></ul><ul><ul><li>smooth implementation, no downtime </li></ul></ul><ul><ul><li>introducing VLANs </li></ul></ul><ul><ul><li>configuring link aggregation </li></ul></ul><ul><ul><li>raising security level and implementing RBAC </li></ul></ul><ul><ul><li>introducing 1Gb-to-workplace with the new equipment (Dell), while preserving old 100 Mb equipment (3Com, Cisco) for lower-demands users </li></ul></ul><ul><ul><li>configuring monitoring and alerting (SNMP, email, Dell OpenManage) </li></ul></ul><ul><ul><li>establishing network documentation and change control </li></ul></ul><ul><ul><li>training IT staff </li></ul></ul>
  15. 15. Network re-design – 3/3 <ul><li>Result </li></ul><ul><ul><li>predictive readiness for network growth in size and complexity </li></ul></ul><ul><ul><li>keeping the growth controlled and smooth </li></ul></ul><ul><ul><li>change management </li></ul></ul><ul><ul><li>VLANs </li></ul></ul><ul><ul><ul><li>increased security and performance for management segment of the network </li></ul></ul></ul><ul><ul><ul><li>simple physical port reassignment at the access level </li></ul></ul></ul><ul><ul><li>link aggregation provided the network with performance, redundancy and stability </li></ul></ul><ul><ul><li>keeping awareness of the network state </li></ul></ul><ul><ul><li>delegation monitoring and basic control activities to IT staff </li></ul></ul>
  16. 16. Cisco ASA 5520 – 1/2 <ul><li>Situation </li></ul><ul><ul><li>outdated all-in-one network edge solution for firewall, proxy- and email- server </li></ul></ul><ul><li>Task </li></ul><ul><ul><li>implement dedicated firewall solution with IPS and VPN capabilities </li></ul></ul><ul><ul><li>move proxy- and email- services into DMZ </li></ul></ul>
  17. 17. Cisco ASA 5520 – 2/2 <ul><li>Action </li></ul><ul><ul><li>selected Cisco ASA, extensively learnt the solution </li></ul></ul><ul><ul><li>re-designed network edge </li></ul></ul><ul><ul><li>extensively tested, piloted, launched, conducted post-production testing </li></ul></ul><ul><li>Result </li></ul><ul><ul><li>strengthened network security </li></ul></ul><ul><ul><li>flexible network design </li></ul></ul>
  18. 18. Microsoft SQL Server 2005 – 1/2 <ul><li>Situation </li></ul><ul><ul><li>multiple database engines with default configuration spread across the network </li></ul></ul><ul><ul><li>after project completion, production databases remained on developers’ PCs </li></ul></ul><ul><ul><li>no backup </li></ul></ul><ul><li>Task </li></ul><ul><ul><li>implement secure deployment of centralised database server </li></ul></ul>
  19. 19. Microsoft SQL Server 2005 – 2/2 <ul><li>Action </li></ul><ul><ul><li>configured hardware for optimum performance </li></ul></ul><ul><ul><li>deployed MS SQL Server 2005 with security emphasis </li></ul></ul><ul><ul><li>migrated production databases to the new server </li></ul></ul><ul><ul><li>established backup procedure </li></ul></ul><ul><li>Result </li></ul><ul><ul><li>dedicated server with highly secured environment </li></ul></ul><ul><ul><li>fast and reliable data access </li></ul></ul><ul><ul><li>separated test and production environments; </li></ul></ul><ul><ul><li>precise and controlled permissions for data access </li></ul></ul><ul><ul><li>supported business continuity with current backups </li></ul></ul>
  20. 20. Microsoft infrastructure upgrade <ul><li>Situation </li></ul><ul><ul><li>Windows NT domain connected with VAX mainframe </li></ul></ul><ul><ul><li>Windows 2000 forest </li></ul></ul><ul><li>Action </li></ul><ul><ul><li>upgraded the infrastructure to Windows Server 2003 level and configure forest trusts </li></ul></ul><ul><ul><li>preserved mainframe connection </li></ul></ul><ul><ul><li>included complete testing in a virtual environment </li></ul></ul>
  21. 21. Hardware monitoring <ul><li>Action </li></ul><ul><ul><li>deployed Dell OpenManage and HP SIM </li></ul></ul><ul><li>Result </li></ul><ul><ul><li>keeping business continuity by pro-active health monitoring and awareness of the entire network’s state and every single system in it </li></ul></ul>
  22. 22. Backup <ul><li>Action </li></ul><ul><ul><li>designed and implemented backup solutions (Acronis True Image) </li></ul></ul><ul><li>Result </li></ul><ul><ul><li>quick and flexible backup </li></ul></ul><ul><ul><li>ease, precise and minutes-long restores </li></ul></ul><ul><ul><li>safety of configuration changes </li></ul></ul><ul><li>Follow-up </li></ul><ul><ul><li>developed dedicated backup plans for Active Directory and SQL Server services </li></ul></ul>
  23. 23. Remote access <ul><li>Situation </li></ul><ul><ul><li>requirements for network access from home </li></ul></ul><ul><ul><li>involving partner companies in joint work </li></ul></ul><ul><li>Task </li></ul><ul><ul><li>implement remote access solution </li></ul></ul><ul><li>Action </li></ul><ul><ul><li>deployed RAS on Windows Server 2003 </li></ul></ul><ul><ul><li>VPN: PPTP, MSCHAPv2, very strong passwords with short life term </li></ul></ul><ul><ul><li>IP port filtering </li></ul></ul><ul><ul><li>VPN users buffer subnetwork </li></ul></ul><ul><li>Result </li></ul><ul><ul><li>simple yet secure VPN for remote access </li></ul></ul>
  24. 24. Code/change management <ul><li>Deployed with advanced security: </li></ul><ul><li>Microsoft Visual SourceSafe </li></ul><ul><li>Subversion (SVN, incl. Apache) </li></ul><ul><li>Telelogic (IBM Rational) software </li></ul><ul><ul><li>Synergy </li></ul></ul><ul><ul><li>Change </li></ul></ul><ul><ul><li>DOORS </li></ul></ul>
  25. 25. Microsoft SharePoint Services <ul><li>Situation </li></ul><ul><ul><li>SVN usage for storing not only code but also documentation </li></ul></ul><ul><ul><li>projects' and other documentation spread across multiple shares on the network </li></ul></ul><ul><ul><li>requirements for convenient collaboration system </li></ul></ul><ul><li>Action </li></ul><ul><ul><li>learnt Microsoft SharePoint Services technology </li></ul></ul><ul><ul><li>presented the technology to the management </li></ul></ul><ul><ul><li>deployed Microsoft SharePoint Services and sample portals for documentation management and Help Desk ticketing </li></ul></ul><ul><li>Result </li></ul><ul><ul><li>Efficient web-portal environment at no cost </li></ul></ul>
  26. 26. File and Print Servers <ul><li>Action </li></ul><ul><ul><li>deployed File and Print Servers with WinSrv2003 R2-extended management features </li></ul></ul><ul><li>Result </li></ul><ul><ul><li>effective, flexibly-quoted use of disk space </li></ul></ul><ul><ul><li>pro-active monitoring </li></ul></ul><ul><ul><li>decrease of administrative overhead </li></ul></ul>
  27. 27. Inventory <ul><li>Situation </li></ul><ul><ul><li>scattered and incomplete inventory information on both hardware and software </li></ul></ul><ul><li>Action </li></ul><ul><ul><li>deployed hardware and software inventory system (Total Network Inventory by SoftInventive) </li></ul></ul><ul><li>Result </li></ul><ul><ul><li>structured comprehensive up-to-date inventory </li></ul></ul>
  28. 28. Summary – 1/2 <ul><li>Accomplished projects developed company’s network into a well-established up-to-date, efficient, flexible, stable and secure IT infrastructure </li></ul><ul><li>The value created for the company was defined by </li></ul><ul><ul><li>saved budgets for the equipment by using existing one with virtualisation technologies </li></ul></ul><ul><ul><li>decreasing expenses for software by SAM </li></ul></ul><ul><ul><li>saved space for server rooms </li></ul></ul><ul><ul><li>fast deployment and recovery </li></ul></ul><ul><ul><li>efficient threat management </li></ul></ul><ul><ul><li>analysing and improving IT processes within the organisation by introducing new technologies </li></ul></ul><ul><ul><li>keeping business continuity </li></ul></ul><ul><ul><li>training IT staff </li></ul></ul>
  29. 29. Summary – 2/2 <ul><li>The achievements were backed up by </li></ul><ul><ul><li>sound Systems and Network knowledge </li></ul></ul><ul><ul><li>concentrating on business value and service delivery </li></ul></ul><ul><ul><li>strong ability to plan and implement IT-projects within scope, budget and schedule </li></ul></ul><ul><ul><li>great communication skills at all levels </li></ul></ul><ul><ul><li>strong multitasking, time-management and organisational skills </li></ul></ul><ul><ul><li>dedication for learning with passion for IT </li></ul></ul>