Posted on

My Portfolio

Experiences:

Sep 2023 – Now :

Fullstack Developer at Capture Hidden Gemz Inc.   https://cluez.ca

  • Develop backend APIs using Python, deploy Lambda functions, API gateways with Cognito
  • Design Database structure, create triggers, functions and indexing, optimize SQL queries
  • Work with ReactJs frontend, using AWS S3 hosting, AWS Route53/ACM/CloudFront services
  • Setup and maintain PROD/STAGING/TEST environments with AWS Cognito/RDS/VPC/EC2
  • Secure network system infrastructure with VPN/VPC/PROXY/WAF/SecGroup
  • Develop AR/VR user experience with Google map API, Geospatial, A-Frame, AR.js , Geospatial Creator for Unity
  • Create AWS APIGateway web socket service for real-time messaging and system event notifications

Feb 2022 – Now :

Volunteer as SYSTEM ADMINISTRATOR, DEFEND (12981114 Canada Foundation) https://helpusdefend.com/

  • Setup Kubernetes cluster: with 3 master nodes and workers nodes.(on Citrix XenServer6/ESXi, AWS EC2, Google Compute Engine and Canarie DAIR cloud)
  •  Config Google Load Balancing service and AWS Route53 – Geolocation for multiple Kubernetes clusters.
  •  Install mySQL multi-primary group replication cluster with 9 instances
  • Setup AWS S3 buckets and Lamda function for encrypting user’s data into S3 Glacier deep archive
  • Create GitLab CI/CD pipeline to automate testing, deployment process to Kubernetes cluster, and backup database/rollback procedure.
  • Work with Unity, AI, Backend, and Database teams, supporting end-users.

January 2016-Nov2021:

SENIOR SOFTWARE ENGINEER, VNG Corporation, Ho Chi Minh City, Vietnam https://www.vngcloud.vn

Setup VNG Cloud with:
Juniper Contrail/Tungsten Fabric, 3 control nodes and 50 compute nodes
Openstack hypervisor.
Juniper MX480 as an internet gateway
Juniper EX4500 switches as TOR rings
Juniper QFX5100 as fiber switches for storage network
NETCONF protocol to create  Backend automation
Network protocols : BGP, MPLS over GRE, MPLS over UDP, VXLAN/EVPN
Cloud report and monitoring with Cacti/Nagios/Kibana-ElasticSearch.
Create VPN service with auto-provisioning for site-to-site and remote-access ( using Linux GRE tunnel, StrongSWan, softEther, Fortigate, vSRX)
Create vFirewall service for VPC (based on Linux iptables and Juniper vSRX/SkyATP)

May 2013-December 2015:

SENIOR SYSTEM ENGINEER, Vinadata Co. Ltd, Ho Chi Minh City, Vietnam

  • Develop and operate the VNG ACL Tool (Network Access Control), ensuring VNG user’s access requests/approvals align with ISO policies.
  • Automate network devices : Cisco 4507, 6509, 7609, Cisco ASA, Juniper MX480, MX960, EX4200, SRX5800, creating VLAN/gateway, adding/removing ACL, consolidating ACL entries on network devices vs database.
  • Developing and operating the Vinadata DCIM Tool (Data center infrastructure management), which maintains Data center’s facilities, servers, network connections and core system information.
  • Managing VMware ESXi 6 servers, configuring vCenter, EVC/SAN cluster HA/Load balancing rules.
  • Setting up Juniper MC-LAG (Multichassis Link Aggregation) on 2 EX9208 boxes and Juniper SRX5800 virtual chassis ( replace 2 old Cisco 6509 and FWSM firewall switch modules )

January 2011-April 2013:

SENIOR NETWORK ENGINEER, CSC Vietnam, Ho Chi Minh City, Vietnam
https://dxc.com/vn/en/

  • Manage head office and two branches with total of 1000+ network ports: support daily user’s network issues, maintain LAN access control and Dynamic VLAN assignment database.
  • Manage Asterisk IP PBX server, MS Active Directory, Linux RHEL5, SVN server
  • Network devices : Cisco 2950, Catalyst 3750 stackable, checkpoint firewall
  • Network protocol : SNMP, DNS, RADIUS, LACP, RIP, OSPF, BGP

March 2001-December 2008:

LEAD SUPPORT ENGINEER, CADENA IT-Services, Ho Chi Minh City,  Vietnam

  • Lead a team of 20+ support engineers to offer IT services for +100 customers: Consult IT systems, network security, hardware, and software to customer needs.

 

Certifications

  • JNCIP-SEC Juniper Networks Certified Professional in Security Track (Nov-2017)
  • AWS Certified Solutions Architect – Associate (Mar-2023)
  • MCSE Microsoft Certified Professional Systems Engineer (2000)
  • IBM CLS Certified Lotus Specialist in Notes R4 System Administration I (2000)
  • Brainbench – PreVisor Certificates: LAN – WAN Communications Specialist, Unix Administration in General (2000 – 2002)
  • Certification on completion of AMP ACT I Installing Premises Cabling systems training.









Posted on

DCIM – Data center infrastructure management

I made this DCIM tool to manage our VINADATA, one of the biggest datacenter in Vietnam.

– Facilities management: from the electric generator, ATS, STS, UPS, PMM to cooling systems like CRAC, Chiller, Colling tower. Visualize system with real-time information retrieved from devices thank to BACnet protocol.
– Networks management: Peering links to other ISPs, Core network devices, aggregation, and access switches. Traffic utilization, access ports, VLANs, IPv4 resource,…
– Servers management: Location, utilization, power consumptions, network uplinks, model, serial,…

Posted on

Nagios

Nagios offers monitoring and alerting services for servers, switches, applications, and services. It alerts users when things go wrong and alert them a second time when the problem has been resolved.

Posted on

[OTP] One-time password . Multi-factor authentication

Nowadays, not even simple passwords like 123456 are easy to break. With modern technologies and the power of computer hardware, breaking strong passwords including special characters and symbols is only a matter of time. More specifically, with “Dictionary” attacks, simple passwords can be break just in a second. For stronger passwords, just weeks or few months at most is enough thanks to “Brute-Force” attacks. Many companies require users to change their passwords every few months. ISO 27001, for example, also requires applying this policy. This is quite annoying for our users to remember all their new complex passwords, so some just write down their passwords, hide them under the desk or simply stick them on monitors which then become a big risk instead of a security enhancement.

In contrast to static passwords, One-time passwords, which are changed twice every minute, are not vulnerable even with replay attacks. That means a potential intruder who manages to record an OTP that was already used to log into a service or to conduct a transaction will not be able to abuse it, since it will no longer be valid.

Now instead of remembering a complex password, our users can simply install a software token on their phone or receive an SMS OTP upon request, compile it with their secret static PIN, the password security break has been solved on those systems which applied Multi-factor authentication.

Unfortunates, not all the system have build-in multi-factor authentication function, but as many of them ready to intergraded with RADIUS or LDAP, we choose RADIUS as our solution below:

1/ User -> PIN + software token -> server -> radius -> OTP module
2/ User -> PIN -> server -> radius -> OTP module -> sms token -> user -> PIN + sms token -> server -> radius -> OTP module

We did successfully intergrade our application and devices listed below with OTP, they are working well in the production environment for years without any complaint from our clients
– Linux sshd servers: with pam_radius module
– Cisco network devices 28xx, 3750, 4507, 6509, 7609: with radius and TACAS+
– Cisco ACS
– Juniper network devices : EX4200, EX4300,EX9200, QFX5100, MX80, MX480, MX960, SRX3600, SRX5600, SRX5800
– Apache web servers 2.2 and 2.4: required LinOTP_auth module installed on the server
– SoftEther VPN server: using external radius authentication.
– Our software development team they also happy to use radius client library instead of storing a static password database.

If your company have not got OTP/Multi-factor authentication yet and you interested in this solution, please contact and I will be pleased to help

Posted on

Cacti

Cacti is a web-based network monitoring and graphing tool which allows a user to poll services at predetermined intervals and graph the resulting data