ANDREW HALES
Wilmington,NC
Summary
To build a long-term career in a great company with opportunities for career growth. Provide expertise in API driven architectures for cloud or on-premises infrastructures. Working with Companies that love leading edge Technologies.
Overview
12
12
years of professional experience
Work History
Solutions Architect (Cyber Security)
GE Aerospace
07.2023 - Current
- Work with GE Aerospace Personnel to Build out AWS and Azure Landing zones for Migration and separation from GE Corporate Environments to create their own Environments for Commercial and Government AZs
- This included North/South, East/West Traffic Flows for on Premise, and cloud access
- Run meetings to gather requirements for each environment
- (Commercial, Gov Cloud) Build Terraform Templates for Building Fargate and ECS Application Resource footprints
- Isolate North/South and East/West for centralized inspection zones using AWS and Azure Native Firewalls and Services Build Traffic collection Gateway Load Balancers for forwarding Application VPC traffic to a Central Corelight collection point
- Migrate distributions of Kubernetes including EKS, AKS, BareMetal from On Premises to Cloud
- Build Separate Ous for Multi Payer Solution for each Application Group Configure IAM and IRSA Policies for service and resource management
- Integrate On Premise F5 GTM and LTM with AWS and Azure DNS and Cloudflare CND
- Deploy ALB/NLB for Edge and Kubernetes cluster APIs
- Nginx is used for Cluster Load balancing
- Protect Private On-Premise traffic requests with Equinix Handoff Firewall (Palo Alto) to cloud landing zones via Direct Connect (AWS) and ExpressRoute (Azure) Direct integrations
- Build North-South and East-West flows for Ingress and Egress inspection using AWS Native Firewalls, ALB, GWLB (For inspection Endpoints)
- These architectural designs were mirrored as close as possible in AWS and Azure
- Azure did not incorporate a traffic mirroring feature for generating PCAPs for security reviews through Splunk.
Principal Solutions Architect
Rafay Systems
05.2022 - 08.2023
- Work directly with customers to integrate Rafay SaaS and/or Air Gapped platform into their environments
- This includes repositories
- Registries Public and Private
- Building custom GitOps (Flux, Argo) Bitbucket, GitHub Actions and Terraform and or Pulumi as IaC Multiple Provider Integrations including cloud and nested modules
- Native options were used also CloudFormation and ARM mostly
- Workflows for full lifecycle of infrastructure and application management
- Provide guidance to customers for architectural designs for current and future states
- This included multiple cloud providers (AWS, Azure, GCP, Oracle and others) Run discovery meetings to understand potential customer challenges and current practices for Kubernetes and cloud infrastructures
- Integrate Full CI/CD Pipelines based on Customer Requirements
- Jenkins, Bitbucket, GitHub Actions, GitLab, CircleCI, Ansible, Terraform, CloudFormation, ARM
- Languages Used – Golang, YAML, BASH, PowerShell Review Day Zero Readiness for deploying to a Multi-Tenant Fully Distributed Architecture
- Deployed and/or migrated all distributions of Kubernetes including EKS, AKS, GKE, Open Source, Tanzu, RKE, OpenShift, BareMetal from On Premises to Cloud
- Deploy Cloud Infrastructure Using Calico CNI and VXLAN in clusters
- Integrate IAM and IRSA Policies for service and resource management
- 5G Edge integration On Premise and cloud hosted Cluster including redundancy management
- AWS, AZURE and GCP cloud implementations with On Prem and other 3rd Party Integrations
- Build Custom Blueprinted Solutions for Customer to Standardize their Cluster deployments for any Distribution for Customers
- Demo SaaS Platform to Future Prospects and Clients around discovery session information
- Calico CNI and Cilium Network Policies were first class integrations with Rafay outside of Cloud Provided or Managed CNI for overlay and namespace isolation
- Automated DNS using Route 53 External with F5 GTM, Infoblox and Cloudflare CDN
- These integrations included 3rd Party providers where required
- Architect Blue/Green and/or Canary for AZ Isolation and Upgrades of clusters
- Provide Guidance to Clients with Hybrid solutions On Premise Edge and redundancy and migration to cloud efforts
- Vault Integration for Secrets Consumption and Management
- Provide Professional Services for On Boarding and Customer Success Teams
- Attend Trade Shows (AWS Summit, Kubecon, Reinvent) for Promotion and Visibility
- Most integrations were with AWS and Azure with combined On Premise components (Database, Authentication, etc).
Principal Solutions Architect
LPL Financial
07.2017 - 05.2022
- Build and Support Hybrid Datacenter Active-Active and an all Distributed and API Environments and Applications Infrastructure
- Ansible, Jekins and Terraform (Remote and Local State), GitOps Flux/ArgoCD, Github and GitLab
- Manage External Client Integrations
- Azure and AWS Cloud Footprints Hosted MS AD and DevOps Environments (TFS, Terraform/ Golang (Some Custom Provider Work), Ansible, Jenkins, HELM, YAML) Artifactory and GitHub
- F5 Solutions GTM, LTM, BigIQ, Virtual Gateway with Autoscaling for Kubernetes Orchestrated APIs
- Includes VMWare API deployed builds of F5 Virtual LTM and GTM instances and Kubernetes
- F5 and NGINX configuration and lifecycle fully automated, Jenkins-Ansible-Also IP and route sync
- GTM Global DNS Using F5 Cloud with Akamai and Cloud Flare CDN and IPv6 AAAA IP for Mobile
- Cisco ACI and AWS Buildout through Equinix Handoffs
- Infoblox API integration for bare metal and Kubernetes dynamic DNS and IP assignments Build fully dynamic VXLAN using Calico and Cisco ACI infrastructure On Prem and Cloud via Equinix handoffs to cloud
- MS and Infoblox DNS Using F5 GTM internally external
- GEO and Global Availability Akamai and Cloudflare CDN and IPv4 to IPv6 conversion to resolve AAAA DNS records
- LPL moved from Akamai to Cloudflare for better cost savings and 3rd party integrations
- DevOps Automation using NGINX to push AS3 Declarative Updates to F5 GTMs for Site Reliability
- Tracking of Projects was through Confluence, JIRA and ServiceNow using direct API integration where possible
- Tibco to Kafka Design and Migrations to Kubernetes and Cloud (AWS) Projects were migrating (On-Premises) Monolith infrastructures (Tier 3 stacks) to cloud (Full Distribution-Multi Tenant) infrastructure
- NGINX Plus and Open-Source NGINX Ingress Controller
- Migrations of the dynamic components were moved to AWS with Azure DevOps integrations
- NGINX Ingress was used for Kubernetes ingress for internal traffic distribution
- F5 LTM provided public facing traffic access DNS and ingress from Edge Routers and Firewalls
- Direct Venifi Integration for Certificate management for F5 SSL Sever and Client assignments.
Solutions Architect
Darden Inc
07.2014 - 07.2017
- Support Datacenter, DR and 2000 Restaurant MPLS Network
- Digital Platform – Online ordering for Olive Garden, Longhorn, Bahama Breeze, Yardhouse, 1700+ Netoptics/IXIA Aggregate devices for Palo Alto traffic inspection
- Ansible Provisioning tools for new restaurants and failed devices
- ZTP (Zero Touch Provisioning) solution to deploy configs to each restaurant via dedicated VLANs on firewalls
- F5 Environments – 5000 2800, 5800, 7800 iseries (LTM-GTM) SRX320 HA with a mix of Metro E and T1 infrastructure
- We also incorporated LTE Cradle Point devices and 10 to 50 Meg business internets for backup solutions
- SRX3400 served as our Tiered Network firewall which access was controlled by F5 APM
- Palo 5060 HA 10gig Dark Fiber for DR and Datagard (Active) for failover
- Full Akamai integrations for origins request security.
Sr Network Engineer
Black Knight Financial-Fidelity National Finance
01.2012 - 10.2014
- Supported FNF’s Datacenter network for .Net Applications Which system consisted of a 3-tier infrastructure utilizing Microsoft technologies throughout
- Frontend Web, Middle-tier App Servers and Backend MS SQL serves
- The environment is a MS Servers 2008 R2 and Server 2012
- Incorporated was F5 LTM and GTM for load balancing and geographic DNS allocation
- Management of all network equipment which included, Juniper Routers, Switches and Firewalls
- Cisco 6509 Core Switches, Cisco 3800 series routers, Cisco 3700 Switches, Cisco 5510 and 5550 ASA firewalls
- F5 Viprion 2400 Load Balancers and 5000 series GTM used in Main DC and DR locations
- Completely customized Solarwinds NPM which included custom maps, Custom scripts for Synthetic Transactions, Post monitoring, etc.
Education
AS - Computer Programming Basic
FTCC
01-1995
Skills
- Visio/Lucid Expert
- Ansible
- Scripting Bash, Python, PERL, tcl, Ruby, Nodejs
- Juniper Space Provisioning
- Ansible with git source provisioning to 4 provisioning servers Also used for in Restaurant auto provisioning Each Restaurant was setup to use auto Provision Port to phone home to Ansible servers
- 40,000 Device MPLS and LTE Wireless backup Networks for Full Mesh Redundancy
- Network Infrastructure
- Juniper environment
- SRX5600 Core Firewalls and all secure zone gateways
- QFX10000 Series Core switches 100 and 40 gig (Spine)
- QFX5100 Spine and leaf architecture 40 gig LAG ports (Layer2)
- SRX1500 Internet firewalls
- MX10 Routers for traffic isolation with Restaurant MPLS and Dual ISP balanced 1gig Internet connections
- SRX320 HA with a mix of Metro E and T1 infrastructure We also incorporated LTE Cradle Point devices and 10 to 50 Meg business internets for backup solutions
- SRX3400 served as our Tiered Network firewall which access was controlled by F5 APM
- Palo 5060 HA
- 10gig Dark Fiber for DR and Datagard (Active) for failover
Timeline
Solutions Architect (Cyber Security)
GE Aerospace
07.2023 - Current
Principal Solutions Architect
Rafay Systems
05.2022 - 08.2023
Principal Solutions Architect
LPL Financial
07.2017 - 05.2022
Solutions Architect
Darden Inc
07.2014 - 07.2017
Sr Network Engineer
Black Knight Financial-Fidelity National Finance
01.2012 - 10.2014
AS - Computer Programming Basic
FTCC