Alexey Vekshin: IT Infrastructure Engineer

About Me

I am a Unix, DB and Network Engineer and Software Developer with over 25 years of experience in the fast-paced field of IT, always seeking to expand my knowledge and skills. I have a diverse IT background and have held various roles, including ERP software developer, Unix and VMWare administrator, SRE, network designer, data centre architect, DevOps engineer, Oracle DBA, and IT Infrastructure Team Leader for a medium-sized (7000+ employees) retail company. I'm a Certified Kubernetes Administrator and AWS Certified DevOps Engineer.

My main areas of technical expertise are

Unix and SRE: supervised a fleet of 100s servers and VMs, including ERP systems and DBs with 1000s of users, achieving an SLA of 99.99%
IaC and Automation: authored 10s of Ansible roles to automate infrastructure deployment and maintenance, used Terraform for cloud automation
DevOps and CI/CD: deployed multiple repos and CI/CD pipelines for 10s of in-house projects, migrated many of them to git to achieve fast and reproducible deployments
Data Centre: designed several mid-size DCs, from racks and servers, Fibre Channel SAN and TOR switches to UPS and environment monitoring and backup strategy, saving 75% costs by migrating to a common VMWare platform
Enterprise services: implemented services like mail, AD, file sharing and collaboration for 1000s of users, cutting licensing costs 5x by using OSS
LAN operation: administered multi-site enterprise networks with 1000s of ports, redundant inter-site L3 VPNs with BGP routing, firewalls and security appliances
Software engineering: developed several medium-sized in-house and OSS projects in Python, Ruby, and Go
AWS and Cloud: migrated several services from on-prem to the cloud to save on infrastructure and maintenance costs, implemented CI pipelines for AWS infra and hosted this CV there, achieved AWS DevOps certification
Monitoring and SRE: used several generations of monitoring tools from Nagios to Prometheus to observe SLI or 100s of hosts and devices, designed 10s of Grafana dashboards, authored and extended in-house monitoring tools and exporters for performance and security monitoring
Containers and Kubernetes: helped to migrate in-house apps to container-based workflows, managed development Kubernetes clusters in cloud and on-prem, achieved CKE certification
Databases: served as DBA for several enterprise Oracle DBs: managing performance, ETL tasks, DB hot-cloning, security, schema migration, backups and patching

Currently, I'm shifting my interest from classical enterprise infrastructure (VMWare) to modern cloud and Kubernetes stack. I have intensively studied AWS and Kubernetes and achieved professional level certifications in both, and I am now actively experimenting with modern automation (AgroCD, CrossPlane), orchestration (Kubernetes and Helm), architecture (Go microservices and AWS Lambda), and monitoring (OpenTelemetry, ClickHouse). I'm always eager to learn new technologies and languages, and to try things I've never done before.

My skills

Unix administration: 20+ years of experience managing various Unix systems (Linux, FreeBSD and OpenBSD, MacOS, HP-UX, Tru64, Solaris) and services, packaging software (mostly RPM), creating system services (systemd, init.d, init), building system images for mass deployment (packer, OVF), scripting (bash, python), integration with enterprise storage (HPE, Dell) and virtualization (VMWare)

IaC and automation: Using Ansible to manage a distributed fleet of 300+ Linux VMs and VMware hosts, 200+ network devices, services like DNS and DHCP, corporate Active Directory and e-mail servers, and everything else; using Terraform and CloudFormation with cloud providers; declarative infrastructure management with Crossplane; automating common tasks like ETL pipelines with Shell and Python

Cloud: Knowledge of AWS development infrastructure and related services (EC2, VPC, ECS, EKS, Code* tools, CloudFront, S3, CloudWatch, Lambda, EventBridge, SNS, SQS and so on); implementing CI/CD with various cloud providers like Yandex.Cloud, DigitalOcean, fly.io etc

Containers: Manging Kubernetes on-prem and in the cloud; Building containers with Docker, Podman, Kaniko, buildpacks; Deployment to AWS container services like ECS and Lambda

VCS and CI/CD: Implementing on-premises and cloud-based shared repositories with GitLab and GitHub; creation of CI/CD pipelines with GitHub Actions and GitLab workflows (and plain git hooks); Supporting GitOps workflows with GitLab, Kubernetes and ArgoCD

Monitoring: Collecting metrics with Prometheus, building dashboards with Grafana, using OpenTelemetry and Jaeger for APM, maintaining checks for legacy tools like Nagios, Netdata, and rrdtool, some experience with AWS X-Ray and OTel integration; implementing alerting and notifications with AlertManager, Karma, PagerDuty and OpsGenie

Programming: Proficiency in Go, Ruby, Python, shell; familiarity with many more languages and environments like Delphi, Matlab, C, Java, CSharp, JavaScript, Oracle PL/SQL etc; experience with modern enterprise stack infrastructure like Kafka and Redis; familiarity with OOP methodologies like TDD and SOLID, building microservices following agile practices like DB migrations, ORM usage, code linting, using gRPC and REST APIs and so on

Networking: Configuring and automating the management of Cisco, Juniper, HPE, Fortinet, and Mikrotik hardware, implementing secure internet access and VPN connectivity with Cisco ASA, providing enterprise WLAN connectivity with Aruba and Cisco controller-based APs, familiarity with BGP-based L2L VPNs for enterprise connectivity; NetFlow and SNMP network monitoring

Databases: Serving as Oracle DBA for medium-scale (around 1TB) databases: from installation (fully automated with Ansible playbooks) and DB creation and tuning to complex ETL and partial hot-cloning tasks; some familiarity with other DBs like PostgreSQL (on-prem and AWS RDS modes), ClickHouse, SQLite, DynamoDB etc

Data Centre: Design and implementation of data centre networking (Cisco Nexus), storage and SAN (HPE Primera, Brocade SilkWorm), servers (HPE, Dell), environment (APC UPSes, NetBotz monitoring); Hosting and maintaining VMWare virtualization systems (VCenter, ESXi, HA with VMotion, SAN integration)

Enterprise services: Maintaining ActiveDirectory and file-sharing services with Samba (with automated host and user provisioning), enterprise mail and collaboration with Communigate and FortiMail, secure internet access with Squid proxy, management and automation of a whole range of LAN services like DNS, DHCP, NTP, Syslog, LDAP, NTP