Denis Hierholzer

Accomplishments and Projects


IT Infrastructur Engineer
@Cilag AG

Project: Introduction of Cisco ACI

Replaced previous network core (Cisco SG500 series) with new Cisco ACI spine/leaf infrastructure. Designed and implementated a new security zoning concept based on Cisco ACI, which will gradually replace the previous zoning concept based on multiple traditional Cisco ASA firewalls.

Project: Introduction of Veritas NetBackup

Designed and implemented a new backup and archiving infrastructure based on Veritas NetBackup and a Dell ML3 tape library. Created a new backup and archiving concept using following:

  • RedHat 8.5
  • NetBackup 9.1
  • Network Bonding
  • SAN via iSCSI
  • Tape Multiplexing
  • Tape Encryption
  • VMware Integration
  • Deduplication
  • Storage Lifecycle Policies (SLPs)

Infrastructure Analyst / Systems Engineer
@Schroder & Co Bank AG

Accomplishments and Achivements

  • Configured the automatic failover of our virtual infrastructure to our DR site
  • Migrated the old VBS logon scripts to an AD group policy to simplify changes and to keep compatibility with future operating systems
  • Migrated the DHCP system to Windows Server 2012 R2 and configured failover options

Developed various PowerShell scripts

  • Scripts for logging print jobs and user logins
  • GUI tool to simplify folder permission changes for users
  • Intelligent wake and shutdown script for automatic workstation maintenance tasks during the weekend
  • Script to automate the creation of RSA token users
  • Outlook button to create new SCSM tickets based on emails
  • Bulk PDF conversion with user input simulation
  • Inventory of VMware VMs and SQL servers
  • Customized mutual help desk tool TSTool3 to meet company requirements
  • and a lot more…

Project: Migrated firewall rule set from Bluecoat proxy to PAN firewall

Analyzed complex historically grown firewall rules on Bluecoat ProxySG 600-20, consolidated them in centralized management platform Panorama and reduced number of rules by over 50% in order to simplify the management on Palo Alto Networks 5020 devices. Enhanced the rules with next-generation features like APP-ID for more granular rules (e.g. social networking pages read-only without allow posting).

Project: Planned, designed and developed a modular automation framework with PowerShell

Analyzed the user termination process based on an existing checklist and by interviewing IT employees in charge of it. Carefully selected the existing process steps which could be automated and also added new features like supervisor notifications (before, during and after termination). This module simplifies the user termination process and only a few remaining steps must be done manually. To improve the data quality of our Active Directory I've developed another module which runs the recurring synchronization of HR data with Active Directory with notification of inconsistent values and optional automatic correction. Besides some other modules I have also implemented a module that checks the password expiration of the users and informs them in advance via email.

Project: Implemented and configured a file classification and encryption tool based on AD RMS

Based on a regulation of the Swiss financial market supervisory authority FINMA Schroders was forced to implement a solution to classify and protect important data. Therefore I have set up an IQProtector server, configured the needed rules for classification and protection and deployed the agent to all affected workstations. Now all important data is encrypted and even if it leaves our network it's not usable.

Project: Easily manageable Microsoft AppLocker implementation

Planned, developed, implemented and rolled out a concept for Microsoft AppLocker to prevent unwanted files to be executed. Extended the recommended concept from Microsoft to a more user friendly solution with a GUI to easily manage the AppLocker whitelist. Solution includes a Powershell script that writes all AppLocker events to a SQL database. Based on this database the self-developed GUI tool “AppLocker Mgmt Pro” offers comprehensive features to manage the whitelist and helps with troubleshooting in case of any issues. Automatic whitelist backups are included and a mutual documentation has finalized the project.

AppLocker Concept

AppLocker Concept

Senior Systems Administrator / Systems Engineer
@Dentsu Holdings USA

Accomplishments and Achivements

  • Improved the IT internal collaboration by introducing the project management tool Redmine
  • Administration of the the enterprise wiki Atlassian Confluence and the project management software JIRA
  • Migration and upgrade of Wordpress and SilverStripe website to the latest version on a new webserver
  • Assisted in moving complete IT infrastructure (network, servers, phone system) of a branch site into a new office
  • Developed a comprehensive PowerShell script with an intelligent GUI to simplify Active Directory user creation

Project: Planned, designed and developed a modular Active Directory maintenance framework with PowerShell

The framework offers essential features like reporting, logging, automatic action handling and scheduling. The main purpose of the integrated modules are automatic user termination and all its corresponding actions. It also checks the Active Directory for non-compliant objects, reports them and is able to automatically fix them. The framework consists of multiple files with a code volume of more than 1500 lines, follows common coding standards and is well documented (in-code comments and manual). Its modularity makes it easily extendible to any needed additional features and with its regular checks and automatic user termination it largely improves the overall security of Active Directory.

Project: Planned, designed and implemented a Microsoft SQL Server Failover Cluster

Analyzed several alternatives for a HA solution for MS SQL Server in consideration of following aspects: implementation and maintenance effort, failover capability and necessary investments. Created a requirement plan considering the expected performance needs of the hosted databases. Designed the detailed set up and implemented it thoroughly from scratch. Afterwards created automated maintenance and backup plans, tested the failover and restore procedure and documented the setup and general handling. Planned and performed the migration of stand-alone SQL Server databases to the SQL Server cluster to improve maintenance effort, availability and costs.

Project: Designed, implemented and configured Microsoft System Center Configuration Manager (SCCM) 2012

Created the design for the company-wide SCCM infrastructure with a focus on simplified management. Installed and configured SCCM 2012 from scratch with several distribution points. Rolled out client agents for more than 800 workstations. Created standardized processes for software deployment and wrote detailed manual for support operators about general usage of SCCM.

Project: Planned, designed and implemented a Microsoft WSUS infrastructure

Analyzed the server and workstation infrastructure of about 150 Windows servers and more than 900 Windows workstations on 10 sites world-wide. Planned, designed and implemented the required WSUS infrastructure concerning replication topology, OS languages, computer groups and patch approval handling with a heavy focus on a safe patch deployment (three layered patch approval cycle). Created detailed documentation of the configuration and the regular patch approval steps.

Project: Planned and implemented a mutual anti-virus solution for workstations and servers

Elaborated the most efficient anti-virus (AV) infrastructure for the existing IT environment when it comes to simplified AV management, effortless maintenance, resource usage optimization and minimizing network traffic. Accurately implemented the company wide AV infrastructure based on enterprise AV solutions of McAfee consisting of a central management server, several on-site package repositories and client AV agents. Also set up several server-side AV agents optimized for the company's VMware infrastructure to offload scanning operations from production servers.

Project: Planned, implemented and customized a comprehensive and automated server inventory application

Created a requirements plan based on the available Excel inventory file. Analyzed several alternatives for a mutual infrastructure inventory application. Implemented the core application and the automated inventory scripts. Customized the application to meet the company's requirements. Created several reports to simplify the daily handling. Wrote detailed documentation about the setup, handling and customization of the application.

Project: Designed and implemented a mutual disk encryption solution

Designed the whole process of automatic disk encryption for Windows workstations from a central management point including central encryption key storage and data recovery. Implemented it thoroughly with Microsoft BitLocker, SCCM, TPM and Active Directory. Created detailed documentation about the whole process and the application configuration. Introduced first-level support to the required steps. Benefits to the company are a more secure IT environment and compliance to customer regulations.

IT Officer
@Bomatec AG

Accomplishments and Achivements

  • Planned and performed the migration of the user workstations to Windows 7 64bit with Microsoft System Center Configuration Manager
  • Planned and implemented an enhanced Wi-Fi infrastructure
  • Analyzed and improved various business processes to speed up daily business
  • Created detail orientated IT documentation for preserving important knowledge about the IT infrastructure and related tasks and processes
  • Planned and implemented the process and application to send out email newsletters
  • Planned and performed the network migration to a greater subnet range to enhance the network capacity

Project: Planned, designed and implemented a new and solid backup concept

Analyzed the requirements based on storage needs. Planned and designed the backup strategy considering data life cycle, tape rotation and backup schedule based on the grandfather-father-son method. Implemented the backup concept with Symantec Backup Exec 2012 and HP Tape Autoloader.

System Administrator
@Bucher Hydraulics

Accomplishments and Achivements

  • Developed and implemented the concept for corporate mobile devices
  • Planned and performed various server migrations (upgrade and physical-to-virtual)
  • Implemented an enterprise video conferencing system for interbranch communication
  • Planned and set up a safe antivirus infrastructure based on TrendMicro
  • Planned and set up a solid patch management infrastructure based on WSUS
  • Developed and implemented concepts for improved Active Directory management
  • Planned and performed the Active Directory and system migration of a company that has been taken over
  • Assisted in network migration of a whole site to a greater subnet

Web Developer (Diplomate)
@eschbach IT GmbH

Accomplishments and Achivements

Final thesis for university, topic: “Conception and implementation of a Rich Internet Application based on an existing intranet application”

See Shiftconnector

Volunteer System & Web Administrator
@Gemeindebuecherei Klettgau (Public Library)

Project: Planned, designed and implemented complete IT infrastructure for email, library management application and file storage

Planned hardware and software requirements based on current and future business needs. Ordered needed hard and software. Designed and implemented the central server based on Microsoft Windows Small Business Server 2003 for file storage, Microsoft Exchange as email server and Bibliotheka 2000 as library management application. Added Windows XP workstations for library employees and visitors managed and restricted by Active Directory. Set up internet connection, printers and backup solution.

Project: Designed and implemented public website

Initiated the planning of the public website. Created frontend template and content based on content management system Joomla. Added plugin for simplified event publication.