Senior Cloud Engineer based in Wellington, New Zealand_

LinkedIn / GitHub

This section accounts for some of my high value (reducing cost & operational complexity) projects where i made an impact .

Organisation - Irvines Group | Sourthen Africa
Existing Environment - Irvines Group has operations in SouthAfrica , Botswana ,Zambia ,Mozambique and Zimbabwe running various business applications (HR management software ,ERP automatica running on either HyperV or Physical servers. Various sites are running either a Sophos or a Mikrotik firewall).
Requirements. Planned Changes - Develop a cloud adoption framework and migration roadmap. Consolidate (using azure migrate) existing applications while maintaining a hybrid environment using IPSec VPNs to facilitate a gradual migration using azure migrate to Azure.
Period - Mar - Jul 2020
Challenges Experienced

• We initially scoped the applications to be hosted on Azure SQL but we were faced with compatibility issues due to legacy code and we settled for Azure SQL managed instance and SQL server (on a VM) which caters for an on-prem lift and shift.
• Hybrid connectivity between Azure and irvines offices (with a mix of Mikrotiks and Sophos firewalls) - had overlapping subnets which needed to be changed. Additionally because of teleworking , Irvines already had remote SSL VPNs configured for their users to connect to on-premise applications.Instead of configuring native azure P2S tunnels we extended traffic originating from the remote SSL vpn subnet into azure to reduce networking complexity .
• Access requirements required that we centralise some applications didnt support AD authentication.
  

References - Dave Michie | Email

Organisation - Cassava | Zimbabwe
Existing Environment - With existing operations spanning econet and ecocash Zimbabwe , the data science department was formed to establish a unified analytics pla tform using on-premises servers and 3rd party software.
Requirements. Planned Changes To develop and implement a data strategy pipeline and provision a cloud based data analytic platform based on Azure databricks , Qliksense , Azure Data factory and Azure synapse
Period - Jan - Mar 2020
Challenges Experienced

• Resources on azure had to connect to datasources located on-premise through IPSec VPNs. Some of the datasource endpoints keep going down. Resolved to implement a data strategy where there are SLA agreements and boundaries of accountability for monitoring purposes.
  

References - Lancelot Nyachoto | Email

Organisation - Zimbabwe Electricity Industry Pension Fund | Zimbabwe
Existing Environment - Running business applications (SAP , Payroll app and Pension management software) on physical servers
Requirements. Planned Changes - Develop and Implement a business continuity and disaster recover plan (BCDR) using Azure Site recovery.
Period - Mar - Jul 2020
Challenges Experienced

• Problem wasnt well defined, Azure Site recovery supports Physical servers but some of the pre-requisites required for a successfull replication (Operating system disk count and Operating system disk size) were overlooked only to be discovered when the project had started.We were forced to virtualize all the servers into HyperV and provided a temporary buffer server to aid the migration.
• Migration of the apps to the HyperV environment was manual and included engaging each vendor to verify if the application was compatible , which pushed the project timelines even further.
  

References - Simba Chavunduka Email

Organisation - Econet Wireless | Zimbabwe
Existing Environment - Comprised of an environment running A cisco ASA at the edge , Intrusion Detection System, TMG , a proxy server, Ironport, Active Directory servers (4) and exchange 2013 servers (2 CAS and 6 Mailbox ) .The highly available setup comprised of 2385 mailboxes utilising a total of 10TB.
Requirements. Planned Changes - Migrate all mailboxes to O365 gradually using the hybrid move
Period - Mar - Jul 2020
Challenges Experienced

• The datacenter network protecting the mail and AD servers was so complex , the existing team (which wasnt available when it was setup) , did not understand all the network components involved. The network setup prevented the hybrid wizard to complete successfully. Microsoft documentation assumes that there are no 3rd party components such as cisco spam filter in a successful hybrid scenario with exchange online - for email routing reasons.
• Changes to the components of the network - allow exchange to communicate directly with exchange online required security experts (which we did not have) and a series of long standing change requests. Tried to add O365 URLs and IPs on the firewall but there was a proxy and an IDS to also cater to. We ended up proposing doing a clean migration after being advised by microsoft that the data was too much and would require breaking it down into chunks to move it.
  

References - Adrin Muchatibaya | Email, Tafadzwa Dzapasi Email

Organisation - Steward Bank | Zimbabwe
Existing Environment On-premise environment comprised of 2 AD servers , 2 clustered 2016 exchange servers running all roles (CAS and Mailbox) ,Cisco iron port for spam filtering
Requirements. Planned Changes Migrate some users to exchange online and leave some users on-premise
Period - Mar - Jul 2020
Challenges Experienced

• The exchange on-premise environment was unstable and kept corrupting the mailbox databases which affected the migration significantly.
• After stabalising it , the assumption the customer had was that if the on-premise exchange servers are unreachable , it doesnt affect delivery.(email routing (mx) was still pointing to their on-premise servers)
  

References -Wellington Tsamasuo Email

Organisation - Zimre Holdings | Zimbabwe
Existing Environment - On-premise environment comprised of VMware servers running business applications. Some of the applications were intergrated to the on-premise AD Sophos firewall for terminating Azure VPNs
Requirements. Planned Changes - Migrate all servers to the cloud and configure hybrid connnectivity using azure S2S and P2S
Period - Mar - Jul 2020
Challenges Experienced

• The scoping did not cater for a robust identity solution , which forced us to migrate the AD to the cloud and keep seperate AD servers (On-premise and Clodu).Still feel like we could have done a better job.
• Client had a lean team of I.T support personnel , which meant any changes required on the environment were sent to the service provider.
  

References - Fadzanai E Mupandenyama Email

Organisation - Rainbow Tourism Group (RGT) | Zimbabwe
Existing Environment - https://gatewaystream.com/ hosted on AWS utilising cloudflare for traffic routing
Requirements. Planned Changes - Application was hosted outside the country and was now required to be hosted in country for "whitelisting traffic" purposes.
Period - Mar - Jul 2020
Challenges Experienced

• The environment (Azure Stack ) the app was migrated doesnt not have a resource that can support layer 7 loadbalancing capabilities (SSL offloading , Path redirection). We had to improvise the setup by terminating the SSL directly on the servers and utilising only a layer 4 loadbalancer. We could have proposed running a VM and running a custom Nginx or HTTP proxy to offload the certificates but did not want to introduce uneccessary complexity into their already complex architecture.
  

References - Taremeredzwa Chipepera Email

Organisation - Civil Aviation Authority Of Bostwana | Botswana
Existing Environment - HyperV environment , ASA firewall , Physical servers
Requirements. Planned Changes - Configured a disaster recovery (Azure Site Recovery (ASR)) and Azure Backup (MABS) setup to provide a remote BCDR plan as required by audit
Period - Mar - Jul 2020
Challenges Experienced

• Felt like the setup was supposed to be a managed service - monitoring of server replication process , the coonfiguration server for physical servers and the on-premise microsoft backup server required someone with azure expertise. Client kept pushing requests to the vendor.
  

References - ontlametse tsumake | Email

Organisation - Africom | Zimbabwe
Existing On-premise Environment - Enviroment comprised of decentralised bind servers where configurations were supposed to be done manually to all 4 servers for a single record
Requirements. Planned Changes - Integrated 4 decentralised Bind DNS servers with facilemanager [http://www.facilemanager.com/] providing a single management interface for creating customer DNS records
Period - Mar - Jul 2020
Challenges Experienced

• We were running 4 bind servers and introducing facilemanager meant i had to recompile the bind servers replicating the same configuration. The process was too manual as our the existing zones contained errors.
  

References - Abisai Matangira | Email | +263 8644004138

Organisation - Africom | Zimbabwe
Existing On-premise Environment - Environment comprised operational and business support systems running on old commodity hardware (tower and rack servers). for a single record
Requirements. Planned Changes - To consolidate applications and servers. Designed and implemented a 2 node KVM cluster on 2 Sun blades X6270/chassis 6000 each with teamed interfaces connecting to 30 TBs of storage made from commodity hardware
Period - Mar - Jul 2020
Challenges Experienced

• The initial setup lacked redundancy both from a compute and storage perspective
  

References - Abisai Matangira | Email | +263 8644004138

🏳️‍🌈 Automated local .co.zw domain registrations [https://github.com/chamambom/regdns-txt]
🏳️‍🌈 Automated subscriber network provisioning - [https://github.com/chamambom/python_to_text]
🏳️‍🌈 Automated VMware instance deployment using puppet/foreman - [https://github.com/chamambom/mypuppet-lab]
🏳️‍🌈 Standardised O365 and cloud services troubleshooting and deployment using ARM templates, PowerShell, GIT & terraform [https://github.com/chamambom/azure-terraform]

English: Proficient
Shona: Native
Ndebele: Native

MSc In Data Analytics Chinhoyi University Of Technology - Chinhoyi, Zimbabwe (Jan 2018 - Dec 2021)

BSc Honors In Computer Science University Of University - Harare, Zimbabwe (Aug 2006 - Jan 2010)

Redhat Certified Systems Enginer | 140-045-378 | (Feb 2014 - Feb 2017)

Redhat Certified Systems Administrator | 140-045-378 | (Feb 2014 - Feb 2017)

Microsoft certified Azure Administrator |MCID: 16595099 | (Nov 2020 - Nov 2022)

Microsoft certified Data Engineer | MCID: 16595099 | (Sept 2020 - Sept 2022)

Microsoft certified Azure Security Engineer | MCID: 16595099 | (Jul 2021 - Jul 2023)

Microsoft certified Data Analyst | MCID: 16595099 | (Dec 2020 - Dec 2022)

Microsoft certified Solutions Associate : O365 | MCID: 16595099 | (Dec 2018 - Present)

Cisco Certified Network Associate - CCNA| CSCO12129589 | (Mar 2012 - Mar 2015)

I.T.I.L Foundation certificate in IT Service management | 4813045.1240312 | (Aug 2013 - Present)

VMware Certified Associate Cloud | VMW-01279212C-00417295 | (Dec 2013 - Present)

VMware Certified Associate (Datacentre Virtualisation) | VMW-01279212C-00417295| (Nov 2013 - Present)