Suresh Kumar Sivachalam

Roles and Responsibilities

• Developed comprehensive documentation for future reference and troubleshooting.
• Collaborated with clients, providing tailored IT consultancy services.
• Designed secure networks for client data protection.
• Planned and executed network migrations, enhancing business continuity.
• Conducted thorough network audits to identify potential security risks for Christie's and implemented solutions to mitigate the network risks.
• Managed complex technical projects to ensure timely completion.
• Troubleshot frequent downtime issues to improve network availability.
• Mitigated cyber threats by implementing robust security measures.
• Coordinated with vendors for procurement of necessary equipment; achieved cost-effectiveness.
• Utilised cloud technologies for improved disaster recovery capabilities.
• Installed new hardware components, increasing system reliability.
• Upgraded outdated software, maintaining compliance standards.
• Created custom firewall rules with associated access control lists.
• Configured routers, switches and firewalls to deploy and support LAN, WAN and wireless networks.
• Troubleshot network issues and provided rapid solutions to limit downtime.
• Secured network systems by establishing and enforcing access control policies.
• Set administration, usage and disaster recovery policies to best maintain network performance.
• Implemented Cisco ACI technology to combine cloud computing and data centre management.
• Implemented SDWAN architecture integrating remote offices and HUB locations which effectively reduced the operating cost towards legacy MPLS and P2P links .
• Configuration of Cisco ISE for Cisco AnyConnect profiling, Dot1x Authentication for Wired and Wireless Network and for Guest.
• Upgrading Global Data Centre firewalls from ASA to Firepower Thread Defence (FTD) in Active & Standby mode. Migrating the rules and objects into FTD which ease a centralized management and enhanced security through Intrusion Prevention Policies (IPS)
• Configured Cisco DNA and automated IOS upgrades for the data centres as well as integrated with WLC to obtain a Heatmap for wireless network.
• worked on Cisco Hardware including Cisco Catalyst 9300/9200/3850 switches; Cisco ISR routers, Nexus 9500/9000 platforms. In addition Firepower/ASA firewalls, Cisco Wireless Controllers and F5 and Kemp Load balancers. Other platforms include Cisco DNA , IPAM , SolarWinds and Wireshark.
• Technologies involved STP, VLAN, VxLAN, VPC, Etherchannels, Trunks, QinQ, Dot1x, CAPWAP routing protocols such as EIGRP, OSPF, ISIS, BGP, MP-BGP, MPLS , Cisco Application Centric Infrastructure (ACI), IPSec, Anyconnect SSL, QOS, VRFs, AWS and Azure ; automation , python and others.
• created HLD and LLD Diagrams for the Data Centres and remote offices for documentation and effective troubleshooting.

Project Highlights

DMZ Route Optimization and enhancing Security

Worked on identifying the potential routing issues in DMZ environment and hosted the DMZ behind the firewall through ACI; endpoints are organized into into ESGs and Contracts defined to route the traffic from DMZ into FTD for monitoring and security. Successfully moved Integration and Staging environment.

Datacentre Move in New York.

Since the data centre hosted in a private shared space upon the lease expiration helped with the Team in determining the complete physical and logical topologies and steps necessary to efficiently move the Edge routers, ACI spine and leaf switches along with VMware hosted server farm.

AWS & Azure Cloud to On premises access through FTD

Built Tunnels tunnels from Christie's subscribed Azure and AWS towards on Premises Data centres in US & UK on the edge VPN routers and routed traffic through FTD into the Data centre workloads which hosts SQL and other application servers in ACI.

Cisco AnyConnect with Azure MFA

Consolidated the CORP and Contractors VPN tunnels into two groups at the Azure cloud end ; offboarded MFA authentication to Azure and configured Cisco ISE to handle Authorization and Accounting.

Each tunnel identified with Security groups within the Active Directory and Policies enforced by Cisco ISE. VPN Tunnels are load balanced through F5 LTM.

Posture for VPN, Wired and Wireless Network

Configured Posture policies with the requirements from Infosec and mapped the conditions to check windows Firewall, bit locker and MDE on the workstations.

Wired Dot1x implemented in POC to test the behaviour while deploying into the production environment.

Wireless Dot1x enabled on production for group policy based connections authenticate with ISE which moved away from legacy NPS servers.

Network Refresh in Data Centres and Corporate office.

Part of Network device life cycle changed the Edge routers from ISR4000Series with 8500 series in UK Data center and remote offices are configured with Firepower 1000 Series and 8200L routers for DMVPN and site to site VPN.

Paris AV Network for control room

Deployed 9300 Switches and configured IP Multicasting to allow the feeds from NVX Transmitters and receivers exchanged through Multicast groups for Audio./Video Control room to centralize the routing between different Camera feeds and sound system in different Auction Galleries. Enabled IPTV with multicasting to broadcast streaming within the office for Marketing department.

• Tailored solutions specific to client needs, resulting in improved customer satisfaction rates.
• Improved overall system stability with preventative maintenance measures.
• Designed efficient network structures for enhanced data flow and communication.
• Installed hardware components, ensuring optimal operation of the network infrastructure.
• Configured routers, switches and firewalls to deploy and support LAN, WAN and wireless networks.
• Provided smooth communications by configuring LAN technology, wireless access points and controllers.
• Evaluated bandwidth requirements and implemented required network updates.
• Set up virtual private networks for secure remote connections.
• Collaborated with cross-departmental teams to integrate new software applications into existing network environments seamlessly.
• Implemented cyber security protocols to protect sensitive information.