
I started my career in July 2011 and have over a decade of experience in the network and security domain. I’ve worked with major companies, including Rackspace. My experience includes managing enterprise-scale networks, handling data centers supporting over 12,000 associates, and working with Cisco, Juniper, HP, Palo Alto, Checkpoint, FortiGate, Azure, AWS, and private clouds.
Network Security Engineer |||
Rackspace TechnologyNetwork & Security Lead
Tata Consultancy ServicesSenior Network & Security Engineer
Tata Consultancy ServicesNetwork Administrator
Tata Consultancy ServicesAWS (Amazon Web Services)
Azure

Azure Security

MS Office

MS Visio

Python

Cisco Prime

VMware

GTM

FMC

SIEM

Citrix

WinSCP

TeamViewer

Zoom

Teams

Crowdstrike

Office 365

Zimbra
Myself, Goran. I have started my career back in July 2011. And since then, I've been working in the network and security domain. I have worked in two major companies: one in services and the other in Rackspace. Right now, I'm based in the UK and looking to relocate back to India. So I have applied for this opportunity. I do have hands-on experience in various domains at the enterprise level, with a network scale of enterprise. I have handled data centers capable of 12,000 associates, divided into 50 plus projects. I have hands-on experience with Cisco, Juniper, HP, Palo Alto, Checkpoint, FortiGate, Azure, AWS, and some private clouds where we host our clients' applications, which are exposed to the Internet. We have created a DMZ zone. I have hands-on experience with NetScaler and load balances as well. I'm CCNSCCNPPCNSCCSA, CCSA, JNCIA, and ITIL v3 certified. I do have CCIE routing and switching in progress, but I'm not certified yet.
To ensure the VPN solution is fully resilient between us here and on-premise environment, I will make sure that there are two links available, and two service providers are available. So if any of the VPN goes down, we can switch it to the different service provider with two routers and two firewalls, and the firewalls would be in place. Apart from that, auto-failover should be enabled between the two firewalls. Sometimes it happens that auto-failover may not work when using two service providers, so we need to make sure auto-failover works all the time. Like, if you're using two service providers, auto-failover may not work sometimes. So, we need to make sure auto-failover works all the time. Apart from that, if there is an express route available, like Azure to AWS, it should be there. If it's not there, we can use it as a secondary path apart from the VPN. And the bandwidth should be aligned and dedicated. Like, I'm not sure if it's given properly, but I assume the bandwidth should be sufficient to meet your requirements and based on your headcount and the applications you're using. That's how you can ensure the VPN solution is fully resilient.
Software defined network, which is quite handy for VoIP traffic. You can create a different VLAN for the VoIP over IP network. And, you can give them high priority in your SDNs. So, whenever you have that, it's on a voice WAN side, and SDN will work at the LAN side only. Okay. Yeah. So you can define a different VLAN or VoIP. And on the LAN side, you can allow that higher priority traffic, which you can define in Cisco DNAT, then there are options available for web traffic. You can give a higher priority to any web traffic, whether it's from Teams or any phone lines. So it will tag that traffic and particularly with the QoS and it will give you the highest priority when there's congestion. So that traffic will flow seamlessly when you have high traffic on the website.
We would use network implementations. So, here you can, when you are using a cloud-based VPN, you always need to make sure that you have defined all the security controls, like any access authentications, then you can deploy with an ISE solution and multifactor authentications while connecting VPN, or else you can go for certificate-based authentications when you are deploying any kind of VPN. So, that's how you can maintain the standards of CCI security standards, like access authentications, user authentications, and authorizations, and what kind of authorizations you are going to give the users. So, there are three methods. With AAA, you can put AAA solutions. You can identify like next solutions, and you can go for multifactor authentications.
Discuss your approach to automating network deployment in AWS and Azure environments considering event segregation. When you're going for VLAN segregation, you want to assign the VLAN automatically based on user authentications. For instance, if a user is connecting their virtual machines from Azure, then it should assign the VLAN automatically based on the user's authentication. To elaborate, if a user is logged into the Azure cloud and accessing their machine, then whenever they log in, it will assign the VLAN IP address from the assigned pool. This is how you can automate the process. To provide a clear answer, can you specify whether you want to implement VLAN segregation on servers or user machines in the AWS and Azure environments? When users log in or access Azure machines or virtual machines deployed on AWS and Azure environments, we can provide the IP pool from the defined VLAN based on authorizations. We can create rules on our automation to achieve this. Additionally, we can automate this through firewall rules, where if a user is accessing a particular server, they will have access to specific ports and servers. To answer your question clearly, can you please rephrase the question in a more specific sense?
So, it's also a broad area like CISP compliant network security. In terms of network security, you need to give us details like what kind of network devices you're using, whether it's a switch, firewalls, routers. Do you have high availability in that or not? Are you using a next-generation solution for that or not? And what kind of CISP compliance security network framework we need to provide the next solutions. We need to provide defined VLAN creations on that. We need to create firewalls, rule-based configurations, what are the firewall ratings, vulnerability assessments, PT assessments of those devices. So, those details we need to check and based on that we can go ahead and look into how we can approach to provide or deploy network security controls without service disruptions. Or, you can go ahead and have a totally different IP schema, whatever you're using. Based on that, you can create a totally different IP schema, creating a different VLAN with the next solutions provided on that, creating firewall rules on that, creating bindings for traffic, creating next-generation solutions, and based on that, you can create a whole new network which is completely different than what you're using, and the IP schema would be completely different. And after creating that, after having the vulnerability assessment, PT assessment of your devices, and then you can move users from their current VLAN to the different VLAN one by one.
Config current configurations. I'm not sure about that. There is an issue with the script or the command line you're using. Because if it's Cisco, then the command should be show hostname. So maybe it's a command line or the script itself. I don't have much idea about that script, but I can say that there is no command. I can see, like, show hostname if it is Cisco routers.
Check network response time. It should be 200. It says 150 here. Corrected transcript: Check network response time. It should be 200. It says 150 here.
It's a multi-cloud strategy to ensure a seamless global QoS system. Yeah. It would be difficult to configure QoS when you're using multiple clouds because VLAN tagging and traffic tagging processes differently when you're using Azure, AWS, or GCP. So, here, we can come up with a totally different solution where you can use network segmentations and either proxy. You're not going to use it. So, you can use your firewall to perform QoS when you're doing any kind of traffic or multi-cloud strategy because the firewalls can be a key feature. And I suggest we're not going to use any kind of proxy in between when you're configuring any QoS or that traffic should be bypassed from the proxy completely, then we'll route that traffic towards the firewall. And in the firewall, we're going to perform that QoS for this kind of traffic because firewalls are the key that connects the different clouds in between, whether you're using AWS or GCP. Because whenever you're going to interconnect, like, two clouds, you're going to use the firewall. So, I would perform QoS configurations on the firewall, and I prefer that traffic be bypassed from all the proxies, whether it's Teams or whether you're using Avaya or Cisco UC, CUCM. So, I'll bypass that all traffic and prioritize it towards the firewalls and configure QoS on my firewall.
I don't have an idea, but I will try to read those questions or brief of my knowledge about that.
In what way would I apply DevOps practices to you? So, you can follow the ITL process. Apart from that, network monitoring is rigorously done using tools and technologies available in the market, or you can go for Terraform and Zabbix. So, monitor your network rigorously. And if, any network device is down, then automation is the key point. When you're monitoring the network, there should be an automated process which should be integrated with your monitoring or ticketing tools. So, if any network device is down or something like that, it should trigger an alert. Apart from that, it should create a P1 or P2 prioritized ticket. So, it should be monitoring automation combined together. Apart from that, you can use ITL versions 4 or 3 based on your organization. And you can have a look at incident management, change management, and problem tickets. And you can improve those. So, you will have a demo practice combined, and you can have an agile methodology like a Kanban board, monitoring each performance, whether it's the devices or your employees.