Posted on

My Portfolio

Experiences:

Sep 2023 – Now :

Fullstack Developer at Capture Hidden Gemz Inc.   https://cluez.ca

  • Develop backend APIs using Python, deploy Lambda functions, API gateways with Cognito
  • Design Database structure, create triggers, functions and indexing, optimize SQL queries
  • Work with ReactJs frontend, using AWS S3 hosting, AWS Route53/ACM/CloudFront services
  • Setup and maintain PROD/STAGING/TEST environments with AWS Cognito/RDS/VPC/EC2
  • Secure network system infrastructure with VPN/VPC/PROXY/WAF/SecGroup
  • Develop AR/VR user experience with Google map API, Geospatial, A-Frame, AR.js , Geospatial Creator for Unity
  • Create AWS APIGateway web socket service for real-time messaging and system event notifications

Feb 2022 – Now :

Volunteer as SYSTEM ADMINISTRATOR, DEFEND (12981114 Canada Foundation) https://helpusdefend.com/

  • Setup Kubernetes cluster: with 3 master nodes and workers nodes.(on Citrix XenServer6/ESXi, AWS EC2, Google Compute Engine and Canarie DAIR cloud)
  •  Config Google Load Balancing service and AWS Route53 – Geolocation for multiple Kubernetes clusters.
  •  Install mySQL multi-primary group replication cluster with 9 instances
  • Setup AWS S3 buckets and Lamda function for encrypting user’s data into S3 Glacier deep archive
  • Create GitLab CI/CD pipeline to automate testing, deployment process to Kubernetes cluster, and backup database/rollback procedure.
  • Work with Unity, AI, Backend, and Database teams, supporting end-users.

January 2016-Nov2021:

SENIOR SOFTWARE ENGINEER, VNG Corporation, Ho Chi Minh City, Vietnam https://www.vngcloud.vn

Setup VNG Cloud with:
Juniper Contrail/Tungsten Fabric, 3 control nodes and 50 compute nodes
Openstack hypervisor.
Juniper MX480 as an internet gateway
Juniper EX4500 switches as TOR rings
Juniper QFX5100 as fiber switches for storage network
NETCONF protocol to create  Backend automation
Network protocols : BGP, MPLS over GRE, MPLS over UDP, VXLAN/EVPN
Cloud report and monitoring with Cacti/Nagios/Kibana-ElasticSearch.
Create VPN service with auto-provisioning for site-to-site and remote-access ( using Linux GRE tunnel, StrongSWan, softEther, Fortigate, vSRX)
Create vFirewall service for VPC (based on Linux iptables and Juniper vSRX/SkyATP)

May 2013-December 2015:

SENIOR SYSTEM ENGINEER, Vinadata Co. Ltd, Ho Chi Minh City, Vietnam

  • Develop and operate the VNG ACL Tool (Network Access Control), ensuring VNG user’s access requests/approvals align with ISO policies.
  • Automate network devices : Cisco 4507, 6509, 7609, Cisco ASA, Juniper MX480, MX960, EX4200, SRX5800, creating VLAN/gateway, adding/removing ACL, consolidating ACL entries on network devices vs database.
  • Developing and operating the Vinadata DCIM Tool (Data center infrastructure management), which maintains Data center’s facilities, servers, network connections and core system information.
  • Managing VMware ESXi 6 servers, configuring vCenter, EVC/SAN cluster HA/Load balancing rules.
  • Setting up Juniper MC-LAG (Multichassis Link Aggregation) on 2 EX9208 boxes and Juniper SRX5800 virtual chassis ( replace 2 old Cisco 6509 and FWSM firewall switch modules )

January 2011-April 2013:

SENIOR NETWORK ENGINEER, CSC Vietnam, Ho Chi Minh City, Vietnam
https://dxc.com/vn/en/

  • Manage head office and two branches with total of 1000+ network ports: support daily user’s network issues, maintain LAN access control and Dynamic VLAN assignment database.
  • Manage Asterisk IP PBX server, MS Active Directory, Linux RHEL5, SVN server
  • Network devices : Cisco 2950, Catalyst 3750 stackable, checkpoint firewall
  • Network protocol : SNMP, DNS, RADIUS, LACP, RIP, OSPF, BGP

March 2001-December 2008:

LEAD SUPPORT ENGINEER, CADENA IT-Services, Ho Chi Minh City,  Vietnam

  • Lead a team of 20+ support engineers to offer IT services for +100 customers: Consult IT systems, network security, hardware, and software to customer needs.

 

Certifications

  • JNCIP-SEC Juniper Networks Certified Professional in Security Track (Nov-2017)
  • AWS Certified Solutions Architect – Associate (Mar-2023)
  • MCSE Microsoft Certified Professional Systems Engineer (2000)
  • IBM CLS Certified Lotus Specialist in Notes R4 System Administration I (2000)
  • Brainbench – PreVisor Certificates: LAN – WAN Communications Specialist, Unix Administration in General (2000 – 2002)
  • Certification on completion of AMP ACT I Installing Premises Cabling systems training.









Posted on

EVE Lab – vSRX – OSPF – AWS/EC2 – Cacti/Nagios

The Lab has been designed in EVE-ng environment as below

  • Headquarter with a Juniper SRX1 firewall, running OSPF area 0 with 2 neighbors in Campus and branch offices.
  • Users in Office zones can access Server/DMZ zones and public internet with SNAT ( source network address translation) IP 69.30.197.124
  • Monitor server in DMZ zone can be accessed from the internet with DNAT on port http/ssh (69.30.197.124 -> 192.168.102.10 port 22/80)
  • WordPress server in Campus only allows access from office users and MySQL port DNAT to public IP 69.30.197.124:3306; only AWS-EC2 VM is allowed to replicate the WordPress database.
  • The WordPress backup server has been created on AWS. In case of disaster, the apache web service will be turned on for user access, and all the server DB will be replicated in real-time with the primary DB in Campus. Media files will be rsync’ed every 5 minutes.
  • All network devices and servers is monitored by Cacti/Nagios

There are some thresholds in the chart above:
– OSPF neighbor status = 8 (FULL)
– Routing Engine RE0 load will send critical alerts when going over 20
– Any interfaces downed will decrease OSPF routes; an alert will be sent if the routes table has fewer than 15 routes.

– Mysql replication on AWS backup server will send an alert when DB transfers less than 2 bytes per second or when EC2 VM CPU idle is lower than 30%

 

Normally office users access the internal WordPress server (IP 192.168.131.10)

The AWS-EC2 server instance works as a DR backup for the internal  WordPress server. In case of disaster, we can start the apache web server so that users can access it from the internet

Destination NAT configuration on Juniper SRX1 ( Headquarter)

Security Policies from-zones to-zones

OSPF status on Juniper SRX3 ( Campus site)

Nagios configuration for OSPF neighbor status

 

Posted on

Cloud with Juniper Contrail and OpenStack

We build the CLOUD with Juniper Contrail (SDN Software Defined Network) and OpenStack Hypervisor.
It’s a long long step from co-location services our data center offers to clients.
The project is a key factor ensuring VNG being one of four Cloud Service Providers approved by the Vietnamese government last year.

To ensure the quality of services, we have built a network monitoring system


And mirror packets pass through our core network, so we can detect abnormal traffic from/to a specific host. Based on this, we will have further action like inform our customer or block suspect host

Posted on

DCIM – Data center infrastructure management

I made this DCIM tool to manage our VINADATA, one of the biggest datacenter in Vietnam.

– Facilities management: from the electric generator, ATS, STS, UPS, PMM to cooling systems like CRAC, Chiller, Colling tower. Visualize system with real-time information retrieved from devices thank to BACnet protocol.
– Networks management: Peering links to other ISPs, Core network devices, aggregation, and access switches. Traffic utilization, access ports, VLANs, IPv4 resource,…
– Servers management: Location, utilization, power consumptions, network uplinks, model, serial,…

Posted on

Nagios

Nagios offers monitoring and alerting services for servers, switches, applications, and services. It alerts users when things go wrong and alert them a second time when the problem has been resolved.