Mihai Tanasescu

Technical Lead / Consultant / Architect

About

Solutions-driven technical leader with 10+ years of success designing and transforming network and IT infrastructures to drive productivity, efficiency, and customer satisfaction.
Well-qualified with extensive background and advanced technical skills spanning a full range of network/systems/server engineering, administration, and security.

Successful in partnering with clients, stakeholders, management, and teams to evaluate and transform needs into state-of-the-art technical and data management solutions with a compelling ROI.

Organised, take-charge professional with exceptional follow-through abilities, able to plan and oversee projects from conception to successful conclusions.

Cross-functional leadership and technical skills: talent for inspiring superior team performance whilst coordinating initiatives in deadline-driven environments.

Technical background

Cloud

AWS, Azure, GCP, OCI, Alibaba

Vendors

Cisco, Juniper (PS role experience), Huawei MA5600, F5 /AVI (reverse engineering clustering and API mechanisms), VMware, REDHAT

Operating systems

Linux, FreeBSD, NetBSD, OpenBSD

Firewalls

Cisco ASA, Juniper SRX, Palo Alto, Checkpoint, Fortinet, iptables, ipfw, pf, fwbuilder, Phion

Certifications

AWS Network Specialty, Azure Network Engineer, CCIE R&S #43060, RHCE (RHEL7 + Openstack), OSCE (Offensive Security), CCNP-SP, JNCIS-ER, VMWARE VCP, Solaris, ITILv3

Programming/scripting languages

Bash, Python (adding functionality to existing scripts on request, unpacking / un-compiling .pyc for reverse engineering), C (periodic work mostly reverse engineering code)

Software

Terraform, Ansible, Openstack, Openshift, Kubernetes, Contrail/SDN/NFV, DPDK, SR-IOV, 
Linux software ranging from Web Servers (Apache, Nginx) to Databases (Mysql/PostgreSQL, Oracle), FTP (Pure-FTPd, ProFTPD, VSFTPD), Quagga/Zebra/OpenBGPd/Bird/exaBGP, Email servers (Postfix, Qmail, Sendmail, Exim), QOS ( ALTQ, HTB), DNS (Bind), Monitoring (Cacti, Zabbix, Nagios/Icinga), SIP (Asterisk), Configuration archiving (Rancid/Chora), Virtualization (RHV, VMWare, KVM), Linux hardening/security (Grlinux/ Pax, Selinux, Tripwire)

Networking/data centre

MPLS/VPLS/EVPN technologies, Telemetry, TR-069, IPTV/multicast, Solaris zones, Linux jails, Linux containers/namespaces isolation, OpenvSwitch (tunnelling, debugging), Redhat Openstack Director/TripleO, SAN & NAS (started in the past with ZFS from Sun, played with EMC Isilon and with VNX as LUNs for Vsphere VMs), Openstack, Openshift

VPNs

OpenVPN, IPSEC, IPIP, GRE, DMVPN (with GRE + IPSEC)

Security

Offensive Security OSCE certified

Courses

PMI, Oracle DB Admin, GCP Fundamentals (Cloudera)

Professional experience

Aviatrix
(Sep 2021 – Present)

Secure Multicloud Networking platform with high availability, performance and built-in automation in mind.
Interconnecting workloads across a broad spectrum of environments: CSPs, OnPrem, Partners, SaaS, SDWAN through a unified and consistent architecture.
Minimizing the learning curve required for each Cloud deployment by providing a single approach valid everywhere you need it.
Bringing back visibility, application awareness E2E and enabling troubleshooting with focus on maximizing uptime (minimizing downtime) and thus providing your critical workloads with the performance and stability they need.

Principal Solutions Architect

With Aviatrix I shift daily through multiple roles, given also that the company is a start-up. This allows me to ...

Aviatrix
(Sep 2021 – Present)

Secure Multicloud Networking platform with high availability, performance and built-in automation in mind.
Interconnecting workloads across a broad spectrum of environments: CSPs, OnPrem, Partners, SaaS, SDWAN through a unified and consistent architecture.
Minimizing the learning curve required for each Cloud deployment by providing a single approach valid everywhere you need it.
Bringing back visibility, application awareness E2E and enabling troubleshooting with focus on maximizing uptime (minimizing downtime) and thus providing your critical workloads with the performance and stability they need.

Principal Solutions Architect

With Aviatrix I shift daily through multiple roles, given also that the company is a start-up.
This allows me to constantly learn and develop on both Customer interactions as well on the Design and Technical/Hands-on side.

In the function of Principal Solutions Architect I am helping Enterprise customers in designing resilient architectures, tackling technical challenges, providing connectivity to their remote users, securing their workloads and gaining full visibility into what is happening in their Cloud environments no matter where they are.

It is here that I am building a consistent MultiCloud Architecture with proper segmentation, security, visibility and operational capabilities across multiple CSPs such as:
AWS, Azure, GCP, OCI and Alibaba.

Recent projects that I’ve been working on include a customer with over 1000 VNETs and 200 VPCs (Azure, AWS, GCP) and their journey toward:
- migrating Workloads toward the new Multi-Cloud environment in a seamless way
- ensuring needed SLA for SAP4/Hana Cloud ERP platform
- streamlining connectivity during migration between Onpremise and the Cloud world for data sync and redundancy
- securing workloads (NSG, NSG flow logs, NGFW insertion) and Aviatrix Syslog integration with Splunk
- DNS Inbound and Outbound endpoints
- Azure Functions for automating event based self - healing actions

Occasionally I help the Aviatrix Support Team to isolate issues and investigate their root cause based on my deep dive Linux skills and former technical background.
As a follow-up I connect with Engineering, I relay what needs to be changed and why, the use case, the driver behind it as well as notify the customer of the evolution and keep him always informed of the progress being made.
This is something that I enjoy quite a lot owing to my previous roles and as well to my way of being: always wanting to help out, jumping right in when the situation calls for it and finding a solution.

The customer comes first and I make sure he/she is always kept informed and that I act as the trusted partner to rely on.
If a project comes by which involves multiple vendors, then I am the one to gladly offer my expertise, to figure out the puzzle and to reach the solution that best satisfies the given requirements.

On several occasions I act as an ACE Course Instructor for our European market as well as hold periodic Roadmap Update sessions, try to figure out future requirements and feed them back to our Product Team.

With Aviatrix I am proud to be able to put the full pallet of skills I gained from the past to good use and to always be able to jump in and help out whenever someone needs me.
This way of approaching things has also earned me the internal award of MVP (most valued partner) and I hope to continue to develop  this way wherever life takes me. 

Among the technologies that I use: Terraform, VGW/VPG, Lambda, TGW, Azure Functions, Guard Duty, EKS, VNG, Azure Route Server (ARS), AKS, GCP Global VPC, Shared VPC, GKE, Alibaba CEN, OCI DRG as well as Linux components related to system profiling (flame graphs - Brendan Gregg), troubleshooting CPU load / IRQ distribution, eBPF (bpftrace & friends) and reverse engineering Python and Golang code.

Cisco Systems
(2019 – 2021)

World's largest manufacturer of networking equipment designed to handle remote access networks, security services, storage networks, routing and switching.

Technical Solutions Architect – Sales - Enterprise Multicloud

Consulting Systems Engineer with focus on Datacenter technologies, educating customers into how our solutions work and integrate into their environment. ...

Cisco Systems
(2019 – 2021)

World's largest manufacturer of networking equipment designed to handle remote access networks, security services, storage networks, routing and switching.

Technical Solutions Architect – Sales - Enterprise Multicloud

Consulting Systems Engineer with focus on Datacenter technologies, educating customers into how our solutions work and integrate into their environment.

Also, building up PoCs as a follow-up based on following technologies:

  • Cisco Container Platform (Kubernetes on-premises, AWS integration, CSR1000v IPSEC router as connectivity solution between on-prem and public cloud)
  • Cisco ACI + AWS / Azure Integration PoC (E2E security, multi-tier app deployment, monitoring)
  • Openstack 10 / 11 + ACI CNI for IPTV MediaCloud at Swisscom PoC
  • Kubernetes + ACI CNI PoC
  • Cisco ACI + CNI integration into Openshift11 for a bank running on HP Synergy
    For providing permanent storage to the containers together with HP I integrated 3PAR via Dory FlexVolume driver.
  • Documented all the steps for all vendors involved and delivered to the end-customer a comprehensive guide that goes end to end through the architecture, possibilities, troubleshooting, deep-dive into OpenvSwitch and how to trace a flow through all the components
    Formats used: markdown, HTML, PDF, Confluence wiki XML export via WebDav
  • Openshift troubleshooting, solving undeletable objects errors, step by step guide per specific case
    https://into.synaptics.ro/2019/openshift-troubleshooting-and-operations/
  • Reverse engineer Cisco Telemetry solution and troubleshooting it (NIR): ElasticSearch, Kafka, Zookeeper, Flask asp, API middleware built on Spring.io + Java

Juniper Networks
(2016 – 2019)

Juniper Networks offers high-performance network/cloud/automation/SDN solutions to help service providers and enterprises to create value and accelerate success.

PS (Professional Services) Consultant

Recruited to design, test (proof-of-concept), present, validate solutions for Swisscom in parallel to supporting my Resident Engineer colleague with the ...

Juniper Networks
(2016 – 2019)

Juniper Networks offers high-performance network/cloud/automation/SDN solutions to help service providers and enterprises to create value and accelerate success.

PS (Professional Services) Consultant

Recruited to design, test (proof-of-concept), present, validate solutions for Swisscom in parallel to supporting my Resident Engineer colleague with the ongoing work for the existing deployed Juniper elements. Helped with expanding current projects and gaining new ones.

Main tasks include but are not limited to:

  • Workshops with the customer on various topics/solutions that Juniper has to offer, going from basic info and then down to demoes, specific use cases, showcasing exactly how something works and how it could fit their needs (I am a pragmatic person and my presentations always have more hands-on rather than slides with focus in mind being that people have to feel engaged into what is happening and avoid getting bored)
  • Workshops/PoCs for IPTV Mediacloud included the following:
    • Openstack 10 / Newton deployment with Contrail vRouter as Neutron plugin (it sits as the same level as ML2)
    • Openstack 11 / Ocata deployment with Contrail vRouter as Neutron plugin
    • Openstack 10/11 deployment with Cisco ACI ML2 plugin and Neutron GBP framework
    • Openstack 13 deployment with Contrail vRouter
    • Openstack 13 standalone deployment with provider networks based on VLAN (then transported by ACI fabric as VXLAN between the Nodes; Openstack Router concept in this case not used and all functionality relied upon the network fabric)
    • AVI Load Balancer – reverse engineering of how clustering works over SSH tunnels, troubleshooting python scripts meant to provision VIPs into Contrail and BGPaaS
      https://into.synaptics.ro/2019/avi-load-balancer-scaling-vip-with-contrail/
    • 1 week training (1 day theory, 4 days practice – Design, Implementation, APIs/automation) on Contrail together with another colleague from PS:
    • Demo Ansible module (albeit primitive) for showcasing that if desired this can also be written and if not, then customer can use Ansible REST API module already natively present in Contrail
      https://into.synaptics.ro/2018/newbie-contrail-vn-ansible-module/
    • Revealing how Contrail works deep-dive, how to trace the API calls done by the GUI (log level for the daemon, trying then in Postman, Chrome Inspect and how to read the more programming oriented and cryptic documentation of the vnc api
      http://www.opencontrail.org/documentation/api/r3.2/contrail_openapi.html#virtual-network-label
    • Explaining how Contrail vRouter implements security based on extended route-target values placed on /32 prefixes of VMs and API/automation: https://into.synaptics.ro/2018/contrail-security-with-vnc-api/
  • Lab testing and implementation of concepts for various departments inside Swisscom (BNG, Backbone Core Network – WARP/RAMP/RAMP+ = B2B networks/VPLS/L3VPN/VPWS, Security) regarding routing, subscriber management and automation possibilities (Service Now platform, Security Director for managing the Juniper SRX Firewalls, scripting – off-box, python on-box, Conntrail – SDN Orchestrator, Openstack, docker, lately a bit Kubernetes)
  • Deep Dive debugging of issues in the Live Net (offloading our JTAC and doing tasks such as: looking inside the JunOS C source code for potential issues, internal diagnostics using commands provided by developers, coming up with workarounds to bring back functionality)
  • Meeting with key people inside Swisscom to discuss technical solutions and assist our Sales personnel in understanding the exact customer needs and presenting an appropriate solution later on
  • -Daily work includes Network Design/Testing/Validation, Automation, Systems Engineering 
(FreeBSD/Linux), DevOps, debugging failure causes or functional behavior (also in the source code of JunOS 
when needed, reverse Engineering), OS hardening, working with virtualisation and container solutions 
(Vagrant/KVM/VMWare, Jenkins, Robot Framework, Ansible, Docker/Kubernetes and recently OpenStack)

                   - CI/CD + Jenkins + bash script + Ansible = ZTP + Config deployment

                   - CI/CD + Jenkins + bash script + Robotframework = Validating network state after each change

Quickline
(2012 – 2016)

Regional telecommunications provider; provides cable and fiber internet connectivity, analog, digital, IPTV services, B2B services, VOIP solutions.

Senior Network/Systems Engineer

Recruited to manage, develop and expand the network infrastructure of Finecom Telecommunications, design business projects for our customers, administer the ...

Quickline
(2012 – 2016)

Regional telecommunications provider; provides cable and fiber internet connectivity, analog, digital, IPTV services, B2B services, VOIP solutions.

Senior Network/Systems Engineer

Recruited to manage, develop and expand the network infrastructure of Finecom Telecommunications, design business projects for our customers, administer the TV & Voip solutions, provide coaching to 2nd level (Operations) department.

Main tasks involve: Leading the design and implementation of a new IPTV project (datacentre technologies, networking, security, load balancing, virtualization – Cisco UCS / VMWare), B2B projects (VPNs, MPLS VPN configuration – CE, PE), System Engineering (Linux installation and configuration of various services, Windows), Security (Juniper Netscreen, Cisco ASA), DTV / IPTV (operating current IPTV platform, spearheading our new IPTV Project in concern with the technical elements), Voip (SBC, Softswitch), FTTH (Ericsson BLM 1500, Huawei MA 5600), Docsis troubleshooting (Cisco UBR 10k CMTS), training our 2nd Level Operations Team.

Key Successes:

  • Led implementation of new IPTV project which included: Cisco UCS 5108, Cisco UCS 6200, Nexus 5672UP, VMWare, Cisco CSR1000V, ASAv, EMC Storage ISILON and VNX, Envivio IPTV Encoders, Verimatrix, Broadpeak content caching (BkS100, BkS300) for Live and OTT traffic, Agama monitoring, F5 Virtual Load Balancer, Windows 2012 R2 Active Directory, Oracle Database Dataguard cluster.

Swisscom Group: WINGO / ACCELERIS / AIRBITES
(2011 – 2012)

Major telecommunications provider; provides fixed line and mobile telephony, Internet, digital television, IT services and networking solutions.

Senior Network Engineer / Wingo, Fribourg, Switzerland (2011-2012)

Recruited to customise and expand network infrastructure of Swisscom-owned start-up providing Internet, voice, and IPTV services. Simultaneously perform systems administration, ...

Swisscom Group: WINGO / ACCELERIS / AIRBITES
(2011 – 2012)

Major telecommunications provider; provides fixed line and mobile telephony, Internet, digital television, IT services and networking solutions.

Senior Network Engineer / Wingo, Fribourg, Switzerland (2011-2012)

Recruited to customise and expand network infrastructure of Swisscom-owned start-up providing Internet, voice, and IPTV services.

Simultaneously perform systems administration, VoIP troubleshooting, and IPTV development, maximising functionality and security.  Provide high level administration and support of Linux server environment encompassing DNS (Bind), DHCP (standalone, failover), Firewalls (Shorewall, FWBuilder), VPNs (OpenVPN), Cacti, Smokeping, Nagios, and Puppet. Mentored and evaluated team members.

Key Successes:

  • Spearheaded large-scale project to expand data centre to accommodate business growth into IPTV market; completed project on time and with zero service/business disruption.
  • Led successful architecture and implementation of Wingo network including dual-homing, BGP, VRRP enabled routers, NAT444 and lawful intercept.
  • Customised and enhanced of CPE Firmware for ADSL/FXS-enabled gateways, significantly improving functionality and customer satisfaction.
  • Debugged and tested FXS / telephone interface in user equipment, troubleshooting and resolving critical performance issues such interference from poor grounding or incompatible telephone brands/filters.
  • Configured and deployed ZTE ZXA10-C300M DSLAMs and Vyatta-based routers.
  • Conducted in-depth analysis and testing, and built business case for integrating TR-069 into setup for CPEs and STBs.
  • Developed new CPE firmware and utilities for debugging, significantly accelerating troubleshooting and resolution of VoIP/Internet issues.

Ericsson Global Support Center (GSC), Bucharest, Romania
(2010-2011)

Largest GSC in Romania, supporting global telecom operators such as Vodafone-NL, Mobistar Belgium, Base Belgium, Yoigo Spain, etc; 1000 employees.

Team Leader, Back Office IP

Provided decisive leadership and direction for 19 team members across 4 different projects. Resolved escalated issues involving Cisco (ASR, 7600, ...

Ericsson Global Support Center (GSC), Bucharest, Romania
(2010-2011)

Largest GSC in Romania, supporting global telecom operators such as Vodafone-NL, Mobistar Belgium, Base Belgium, Yoigo Spain, etc; 1000 employees.

Team Leader, Back Office IP

Provided decisive leadership and direction for 19 team members across 4 different projects. Resolved escalated issues involving Cisco (ASR, 7600, ASA), F5, Bluecoat, FortiNet, Juniper, and Redback network equipment, Linux and Solaris operating systems, SGSN and GGSN telecom technologies. Organised internal, governance, and change management meetings to ensure compliance with ITIL standards.

Key Successes:

  • Conducted root cause incident investigations and performance/trend analyses of managed networks to accelerate problem resolution whilst increasing uptime, reliability, and security.
  • Mentored staff and colleagues, employing conflict resolution strategies to maximise team productivity.
  • Identified and cost-effectively met employee training needs within established budget parameters.

Swisscom Group: WINGO / ACCELERIS / AIRBITES
(2008-2010)

Major telecommunications provider; provides fixed line and mobile telephony, Internet, digital television, IT services and networking solutions.

Technical Consultant & Team Leader, Acceleris / Airbites (2007 – 2010)

Stepped into role of company’s 1st employee, charged with hiring staff and launching technical operations for Romanian branch of Swisscom ...

Swisscom Group: WINGO / ACCELERIS / AIRBITES
(2008-2010)

Major telecommunications provider; provides fixed line and mobile telephony, Internet, digital television, IT services and networking solutions.

Technical Consultant & Team Leader, Acceleris / Airbites (2007 – 2010)

Stepped into role of company’s 1st employee, charged with hiring staff and launching technical operations for Romanian branch of Swisscom partner, Acceleris. Provided IT consultation and technical support for systems/network operations and security under Linux, Solaris, and Windows environments. Migrated and continued Swisscom investment project previously started with Airbites, including design, configuration, and maintenance of local data centre including firewalls and VPNs. Planned and coordinated all Airbites Data Centre projects, aggressively meeting project milestones whilst managing budget, resources, and time constraints. Recruited, trained, and coordinated 4 team members. Provided pre-sales support and delivered technical presentations at industry events.

Key Successes:

  • Credited with successfully building new data centre from ground up despite limited prior experience with the primary operating system, Sun Solaris.
  • Orchestrated seamless relocation of data centre equipment, hardware and software 2 times; achieved implementation deliverables with minimal service or business disruption.
  • Key contributor to architecture of entire international/metropolitan/access network from the ground up in less than 1 month. Coordinated all technical teams, vendor negotiations, and implementation of lawful intercept.
  • Delivered highly scalable bandwidth limiting solutions with traffic differentiation (local/metropolitan vs extern/international) by using HTB machines, VRFs, and route leaking.
  • Completed both low and high-level configuration of Cisco equipment (Cisco 2950, 2960, Cisco 3845, Cisco 3750 / Cisco 3560, Cisco 7200, Cisco 7600): BGP, OSPF, QOS, MPLS, EoMPLS, MPLS VPNs, PVSTP, MST.
  • Designed and configured Inter-Office DMVPN project, linking multiple locations across Europe with local Datacenter in Bucharest, Romania.
  • Deployed Sun servers X86 and SPARC with Solaris OS, ZFS and zones and IPF filtering (Sun T1000, T2000, X4100, X4150, X2100, T5120).
  • Configured and maintained state-of-the-art storage and backup solutions including Tape Library SL-500, SAN Switches (Brocade), Storage arrays (Storate Tek 6140/6130), NAS (5320 appliance) and Sun StorEdge Enterprise Backup.
  • Virtualised machines for 3rd party clients utilizing Xen, VirtualBox and VMWare.
  • Installed, configured, and managted Windows 2003/2008 AD, Web servers (Apache, Apache Tomcat), Proxy (Squid, web filtering), DNS (Bind), Firewalls (PFSense, Phion Netfence), FTP server (Pure-FTPD, ProFTPD), and Mail server (Postfix).

Romsys, Bucharest, Romania
(2006 - 2008)

Provides security & networking solutions, SAP & custom software for large corporations and government entities. Project implementation. Analysed business, system, and security requirements, and customised implementations based upon Linux OS. Analysed and recommended modifications to maximise capacity and ensure a scalable environment while minimising cost. Provided post-implementation training and support. Forged and managed productive client relationships.

Technical Solutions Engineer

Planned and executed all phases of complex projects focused on design and implementation of Cisco-based networking solutions for key clients ...

Romsys, Bucharest, Romania
(2006 - 2008)

Provides security & networking solutions, SAP & custom software for large corporations and government entities. Project implementation. Analysed business, system, and security requirements, and customised implementations based upon Linux OS. Analysed and recommended modifications to maximise capacity and ensure a scalable environment while minimising cost. Provided post-implementation training and support. Forged and managed productive client relationships.

Technical Solutions Engineer

Planned and executed all phases of complex projects focused on design and implementation of Cisco-based networking solutions for key clients such as Dacia – Renault Pitesti, Arcelor Mittal (Sidex), and Mechel. Partnered with stakeholders, managers, and teams to define business requirements and specifications for

Key Successes:

  • Customised and deployed ISDN-based failover system for National Ambulance of Romania; created custom scripts (bash, expect) for optimising and accelerating software upgrades, network changes, and redundancy switchovers.
  • Implemented network-wide QOS in 2 days for Mittal Steel.
  • Provided 1st level support for Call Manager and VoIP solution at Dacia-Renault, a car manufacturer.
  • Praised for customer service mentality and the ability to clarify issues and set user expectations.
  • Built productive relationships with both colleagues and customers, earning reputation as ‘go-to’ resource for high-risk projects and technical issues.

Additional experience

UPC Liberty global
(2006 – 2006)

Technical Solutions Engineer

Media SAT
(2005 – 2006)

Network & System Administrator

Duras
(2003 – 2005)

Co-founded successful start-up; positioned for profitable sale in 2005 after reaching 2000 client margin.

Network & System Administrator

Faculty of Mathematics & Computer Science at University of Bucharest
(2003 – 2004)

Network & System Administrator / Volunteer Position

Education & credentials

Master of Science, Computer Aided Business & Project Management (2007 - 2009)

University of Economical Studies, Faculty of Cybernetics, Statistics & Computer Science, Romania

Bachelor of Arts, Computer Science / Networking & Programming (2002 - 2007)

University of Bucharest, Faculty of Mathematics & Computer Science, Romania

Oracle Courses

Database Administration I & II, Oracle RAC - Real Application Clusters)

Six Sigma Course

Ericsson · Project Management Course, Project Management Institute

Certifications

AWS Solutions Architect Professional
Azure Solutions Architect Expert

CCIE R&S
Redhat Certified Engineer

OSCE (Offensive Security for Pen Testing)

VMWARE VCP 5

Juniper JNCIS-ER / Juniper JNCIA-ER
ITIL v3 Foundation

VCE (Verimatrix Certified Engineer)

Sun Certified Network Administrator, Solaris 10
Sun Certified System Administrator, Solaris 10

Cisco Certified Internetwork Professional (CCIP)
Cisco Certified Network Professional (CCNP)

Redhat Openstack

Azure Network Engineer Associate

Language skills

English (TOEFL/IELTS certified)

German (Fluent)

French (Fluent)

Romanian (Native)

Italian (Basic)

Blog

Come visit my blog to see a few of the things I work on.

Contact me