Praveer Bakshi
CCIE # 8720
Name:
Praveer Bakshi
Age:
31
Sex:
Male
Nationality:
Indian Citizen, Singapore Permanent Resident
Country of Residence:
Singapore
Hand phone:
65 91468804
Email Address

Education Profile
Educational Qualification
Year
Discipline / University
Bachelor of Engineering
1996
Electronics / Sardar Patel
Professional Profile
Professional Certification/membership
Year
Institution / Corporation
Cisco VPN/Security Sales Specialist
2004
Cisco Systems
Nortel Networks Contivity Design Specialist
2004
Nortel Networks
Cisco Certified Security Professional
2003
Cisco Systems
Project Management Fundamentals
2003
IBM
Architecture Thinking
2003
IBM
Infosec Security Certification
2002
Cisco Systems
Cisco Qualified Specialist – Security –1
2002
Cisco Systems
Cisco Certified Internet work Expert (Routing and Switching)
2002
Cisco Systems
Managing Cisco Network Security
2001
Cisco Systems
Cisco Certified Design Associate
2001
Cisco Systems
Cisco Certified Design Professional
2001
Cisco Systems
Cisco Certified Network Professional
2001
Cisco Systems
Cisco Certified Network Associate
2001
Cisco Systems
Microsoft Certified Systems Engineer
1998
Microsoft Corporation
Certified Novell Engineer
1997
Novell Inc.
Professional Awards
Year
Award
Institution
Description
2004
Appreciation Letter
IBM Singapore Pte Ltd
Appreciation Letter for significant contribution to third quarter 2004 Revenue for wining the Bank Of India Network Deal
2004
ESS ASEAN Star Award (Data)
Nortel Networks
In Appreciation of the exceptional effort to support Nortel Networks and excellent Systems Engineering support to customers.
Employment History
Year
Employer
Appointment
Responsibility
2000 – Present
IBM Singapore Pte Limited
Advisory IT Specialist
Engage in PreSales activity and perform the role of Solution Architect. Provide Network Consultancy, Presentations of Network Solutions, Estimate Service mandays through work breakdown structure, formulate Scope of Work and design networks to suite the requirements of the Customer. Provide Second Level Support for troubleshooting.
1999 –2000
Cybertech Systems and Software Limited
Networking Engineer – Cisco
Design, implement and troubleshoot Enterprise Networks. Provide network Consultancy and second line Support for Engineers executing projects on Cisco Equipments.
1996 –1999
Essar Steel Limited, India
Networking Engineer
Design, implement, maintain and troubleshoot the Campus Wide Network. Perform equipment inspection and vendor evaluation
Career Profile
I began my career with IBM Singapore Pte Ltd as “ IT Specialist ”. In this job role, I executed the duty of Implementation Manager, which involved configuration, installation, maintenance and troubleshooting of enterprise networks with strict emphasis to Project timeline. This job role enabled me to further gain expertise on various LAN / WAN Network Equipments and helped refine my troubleshooting skills. This role encouraged me to function independently to solve technical problems in large complex networks. My utter most priority was given to customer satisfaction during the project execution. I have successfully implemented complex networks for educational institutes, commercial banks, Internet data Centres and small medium business market segment. Some of the Networks that I have implemented are:
Institute of Technical Education
American Express Bank
Failsafe Corp Inc.
In the job role of “ Advisory IT Specialist ”, my scope of work has diversified to that of a Solution Architect. My experience as an Implementation Manager has helped me to understand and provide technical solutions to suite the need of Customers belonging to various market segments. I provide Network Consultancy and Network Design for Customers belonging to various Market Segments like GSMB, Finance, Public, Communication, Industrial and Distribution. My job also involves responding to Government Tenders and formulating innovative Technical Solutions, which significantly contribute to the overall winning strategy.
I specialize in “Network Security ” and have validated my technical skills through Industry leading Certifications like CCSP (Cisco Certified Security Professional) and NNCDS (Nortel Networks Contivity Design Specialist). Some of the Customers that I have engaged as a Solution Architect are:
Nanyang Academy of Fine Arts
Capitaland
Cisco Security
Hitachi
HDB Corp.
Singapore Chinese Girls School
SMRT
Ministry of Finance Vietnam
Major Projects / Experiences
2001 – Present Network Consulting, Implementation and Second Level Support
Exel
IP Telephony with Mobility for 1000 Users
Exel is a world leader in Supply Chain Management. They were relocating their office to a new a building. I was working very closely with Exel to identify their Network requirements and was required to propose Network Design that would be able to meet their short and longterm business goals. Exel wanted to implement a fully redundant Gigabit Ethernet Network for their critical business operations. They wanted to adopt technology that would provide substantial cost savings in the long run. I educated the customer on the benefits of IP Telephony, which could meet their Network and business requirements. The redundant Gigabit Ethernet Network would now support data and voice thereby eliminating the need for an additional PABX. The cost for cabling infrastructure was greatly reduced since same cables would cater for voice and data traffic. Moreover, deployment of IP Telephony provided a faster ROI than PABX, which also required recurring high maintenance cost. Exel could now leverage on a single IT team for daily operations to maintain a converged voice and data network.
The most important requirement of the Customer was met with Mobility Solution. The sales team of Exel does not need to have fixed office desks since they are mobile but when they are in office, mobility solution enabled to transfer their telephone extension to their respective desks by simple login procedure. This saved valuable office space for the customer resulting in substantial cost savings.
The Core/ Distribution Switch for the Gigabit Ethernet Network consists of dual Cisco Catalyst 4507R Switch. Each of Cisco Catalyst 4507R was configured with dual Supervisory Engine IV for high availability. The edge switch consists of Cisco Catalyst 355024PWR –SMI in line Power Switch. Dual Cisco 3725 routers with dual E1 ports each were installed and configured as Voice Gateway. Dual Call Manager 3.3 were installed and configured along with Unity 4.0 for unified Messaging. Cisco IP phones 7940 and 7960 were deployed as a part of Ip Telephony infrastructure.
Cisco Secure ACS 3.1 was installed and configured as AAA (Authentication, Authorization and Accounting) server for users accessing the Network Equipments. It also formed an integral part for authentication and encryption of wireless users through the implementation of Cisco LEAP (Lightweight Extensible Authentication Protocol).
RSA ACE Server authenticated remote access VPN Users. The remote users accessed the Corporate Network Resources through IpSec tunnels that terminated on dual Cisco 3005 VPN concentrators. They were configured for high availability through VRRP (Virtual Router redundancy Protocol). Dual Cisco PIX 515E Firewall was installed and configured to enforce the Security Policies of Exel. It was strategically placed to mitigate intrusion attempts through Internet. Cisco 2611XM router provided the connectivity to Internet. Cisco 1200 Access Points were installed and configured in the DMZ of Cisco 515E Firewall. Cisco works LMS (LAN Management Solution) was installed and configured for Network Management.
I was the Solution Architect for some other IP Telephony Projects like:
IP Telephony for ITE Regional Campus
This project involved the implementation of IP Telephony for 2000 users. IP Telephony infrastructure consists of dual Cisco 4.0 Call Managers on IBM x345 Server, Unity 4.0 for Voice Mail, Cisco 7912 and Cisco 7920 IP Phones, dual Cisco 3725 Voice Gateway and Cisco ITEM (IP Telephony Environment Monitor), which is a suite of applications that continuously evaluates and reports the operational health of converged IP network. Since this project was an open tender, it was extremely important that the final pricing be very attractive. The proposed technical solution adopted the following strategy:
IBM Servers were proposed instead of Cisco MCS Server for Call Manager
IBM Server was proposed for Unity
Ciscoworks ITEM will add on Feature to Ciscoworks LMS was proposed since the Customer already had Ciscoworks LMS.
IP Telephony for Caterpillar
This project involved the implementation of IP Telephony for 2000 users. Caterpillar has two buildings namely 7th Tractor Road and 14th Tractor Road .The first phase of the project involved the deployment of IP Telephony in 7th Tractor Road followed by 14th Tractor Road in second phase. Both the locations are linked by 8 Mbps Fast Ethernet Link. IP Telephony infrastructure consists of dual Cisco 4507R with Supervisory IV engine as Core/ Distribution Switch, Cisco 3560 in line power switch as Edge Switch, dual Cisco 3725 Routers with dual E1 cards as Voice Gateway, dual Call Manager 4.0 on IBM server, Cisco 7912 IP Phone, Cisco 7940 IP Phone, Cisco 7960 IP Phone, Cisco 7920 IP Phone, Cisco 7936 conference station, VG224, ATA 186 and Nexlabs Application Server for Smart Pin Authentication for IDD Calls.
The new Gigabit Ethernet backbone was commissioned parallel to the existing Network consisting of Cisco 4006 as the Core/ Distribution Switch and Cisco 3500XL Edge Switch. After successful testing of IP Telephony, users were migrated to new Gigabit Ethernet Network.
In the second phase, 14 Tractor Road is being commissioned for IP Telephony. The IP Telephony Network infrastructure consists of Cisco 4510R with Supervisory V engine as Core/ Distribution Switch, Cisco 3560 in line power switch as Edge Switch, Cisco 7912 IP Phone, Cisco 7940 IP Phone, Cisco 7960 IP Phone, Cisco 7920 IP Phone, Cisco 7936 conference station, VG224 and ATA 186
OCBC Bank
Wireless and Remote Access VPN
OCBC Bank has branches spanning fourteen (14) countries and territories. They wanted to implement “Secure” Wireless Solution in sixty three (63) branches across Singapore in order to make their sales team more productive.
I was involved is series of Proof of Concept whose objective was to identify the type of Wireless Encryption that need to be deployed along with the configuration parameters to harden the Cisco 1100 wireless Access Point without affecting the performance. Wireless Encryption could be done with VPN (Virtual Private Network), LEAP (Lightweight Extensible Authentication Protocol) or LEAP with VPN. Nortel Contivity 1050 was proposed as the VPN Appliance since it has a stateful firewall feature which can function as a second tier firewall for remote locations. Cisco LEAP was chosen for Wireless Encryption as it provided better performance, comprehensive Layer 2 Encryption with dynamic key management, easy to implement and was cost effective. Two Cisco Secure ACS Servers were installed and configured for authenticating Wireless users and also provided redundancy. Cisco PIX 506 Firewall was also deployed in all the sixty three (63) branches along with Cisco 1100 Access Points. Ciscoworks VMS (VPN / Security Solution Management Solution) was installed and configured for the centralized management of PIX 506 firewall.
I had to perform a series of proof of concept for the Customer and test out the various implementation scenarios and record the observations. I had to use tools like Aeropeek Wireless Sniffer to demonstrate wireless encryption. I had to work very closely with the OCBC Security team to explain the configuration parameters that would be enabled in the Access Points and Firewall. Eventually, Access Points and Firewall were installed and configured in all the branches and this project became a reference for other banks deploying wireless.
Dual Contivity 1700 VPN appliance were installed and configured for OCBC Bank for remote access VPN Users. They were deployed between the two existing Netscreen Firewall. Stateful Firewall in Contivity 1700 provided OCBC Bank with additional firewall capability to enforce security policy of the bank on the VPN user traffic. Existing Linkproof link load balancers were configured to load balance VPN connections across the two Contivity 1700. Moreover, they were also configured for high availability. This is a very unique deployment of VPN Appliance performed by me to meet stringent Customer requirements and required indepth knowledge of the product and IpSec Technology.
Land Transport Authority
ATM to Gigabit Ethernet Migration & LAN/ WAN Consolidation
The Land Transport Authority (LTA) is a statutory board under the Ministry of Transport that spearheads land transport developments in Singapore.
LTA Enterprise Network comprised of two separate Networks, which were isolated. One of the network consisted IBM Network Equipments, which formed the ATM Backbone. This Network also comprised of dual Cisco 7513 Routers, which had serial WAN Link and BRI Isdn backup links to remote location Routers located at ERP gantries. The other network comprised of legacy Cisco 5509 Core/ Distribution Switch that formed the Fast Ethernet Backbone along with Cisco 1900 Edge Switch. Cyberguard 1500 Firewall in HA Configuration enforced LTA Security Policy on the traffic between application server and users.
Each of the Networks had WAN routers that provided remote connectivity to various locations within Singapore.
LTA Network suffered from frequent Network Equipment breakdowns, loss of IP Connectivity, non optimized Network performance and WAN Connectivity. As a result, this was having a major impact on day to day operations.
I prepared a detailed Network design document with extensive network diagrams (Physical & Logical) depicting the ATM Migration to Gigabit Ethernet in various stages. Each Migration stage highlighted network downtime (if possible), along with a comprehensive contingency plan. This document also contained extensive diagrams and description for Network consolidation that would result in substantial cost savings, optimized Network response and negligible downtime due to the provision of adequate redundancy.
I also provided a separate document listing the Security features / equipments that would be implemented to mitigate the various possible intrusions/attacks.
LTA Network infrastructure consists of Cisco Catalyst 4506 Core / Distribution Switch with Supervisory II+ Engine, Cisco Catalyst 2950 Edge Switch, Cisco Secure ACS Appliance, Cisco 3745 VPN Bundle Router, Cisco 3725 VPN Bundle Router, Cisco 1760 VPN Bundle Router, Cisco 297024 Port Gigabit Ethernet Switch, Cisco IDS 4235 and Cisco works VMS 2.2 for IDS Management.
Presently, the migration of users from existing ATM Network to the new Gigabit Ethernet Network is being performed.
Bank Of India
RFP for LAN / WAN and Implementation
Bank Of India is rolling out Region Wide Banking application, which spans across various cities in Europe, North America and Asia namely Singapore, London, Paris, Birmingham, Leicester, Manchester, Jersey, Wembley, East Ham, New York, San Francisco, Tokyo, Osaka, hongkong, Kowloon and Mumbai Hence, an underlying Network infrastructure was required to be built to support the application and also cater for future adhoc growth of services like Voice, video etc.
This engagement was very challenging to me since the customer was totally non – technically inclined but was very well versed with their business requirement, which made my task a bit easy.
Two ISP (Internet Service Provider) were already engaging the Customer and had provided proposals for MPLS VPN WAN infrastructure.
At this juncture, I was told to evaluate the MPLS VPN WAN infrastructure proposals from the ISP ‘s. During my discussion with Customer, I got to know that Customer was totally confused with the “Technical Jargon” fed by the ISP and was unable to decide if the proposal would meet the short term and long term business objective of the bank.
I adopted a phased approach in which technology was explained in layman terms, which was easily understood and appreciated by the Customer. It was concluded that MPLS VPN technology did not meet the security expectations and longterm scalability requirements of the bank. On the contrary International Leased Lines (ILC) were ideal choice for the global WAN Infrastructure.
I came up with ILC (International Leased Line) RFP (Request For Proposal) guidelines for the bank which addressed the ISP selection process and criteria, WAN Circuit evaluation and selection criteria, Operational Requirements, Contract Issues, detailed scope of service, performance standards, Security and Confidentiality requirements, disaster recovery center requirements etc. The bank again issued another RFP to the two ISP. This time the bank exactly knew their technical requirements and was able to negotiate effectively for their demands.
The RFP also contained a detailed LAN and WAN Physical and Logical Network Design, which were finalized after extensive discussions with the bank to ensure that they were in accordance with the short and long term objectives. A detailed bill of materials also formed a part of the RFP, which clearly defined the network equipments required for each remote location. This bill of Materials was finalized with the bank after detailed explanation of every network equipment with regards to cost and redundancy.
After the Network implementation was awarded to IBM, I came up with a detailed Network Design document which contained IP Address Assignment scheme, naming conventions for the Network Equipments, LAN / WAN Network design with detailed physical and logical Network Diagrams, details of the configuration parameters like number of vlan, vlan port assignment etc and failover testing scenarios.