Infrastructure, Cloud & Security Projects

Objective: Migrate authoritative DNS from GoDaddy to Cloudflare to centralize DNS management, improve security posture, and simplify ongoing maintenance.

Preparation

• Captured screenshots/exports of all existing DNS records for rollback reference.
• Documented A, CNAME, MX, TXT (SPF/DKIM/DMARC), and vendor verification records.
• Identified records requiring DNS-only (mail, SaaS validation, third-party SSL/origin requirements such as Webflow).
• Reduced TTL values ahead of cutover to minimize propagation delays.

Migration Execution

• Imported records using Cloudflare DNS scan/copy and manually validated accuracy.
• Confirmed all records copied correctly except NS records (replaced by Cloudflare nameservers).
• Applied proxying selectively for public web services while keeping sensitive services DNS-only.
• Updated nameservers at registrar and confirmed authoritative DNS cutover.

Issues & Mitigation

• SSL conflicts when origin hosting manages certificates (resolved via DNS-only + correct SSL mode where needed).
• Incorrect proxy settings causing validation failures (fixed by switching impacted records to DNS-only).
• Propagation timing differences across regions during cutover (reduced by TTL planning and staged validation).

Post-Migration Validation

• Validated all websites/subdomains and confirmed mail flow remained stable.
• Enabled Cloudflare Universal SSL (where appropriate) and confirmed HTTPS behavior.
• Verified DMARC/SPF/DKIM alignment and rechecked TXT-based verifications.

Technologies: Cloudflare, GoDaddy, DNS, SSL/TLS, DMARC/SPF/DKIM, Proxy vs DNS-only

Objective: Enable cross-platform Free/Busy availability between Microsoft 365 and Google Workspace tenants to improve scheduling and cross-organization collaboration.

Preparation

• Verified domain ownership and external sharing policies in both tenants.
• Validated Exchange Online org relationship settings and availability configuration.
• Prepared required Google Workspace service account/delegated access settings (where applicable).

Implementation

• Configured interoperability settings between Microsoft 365 and Google Workspace.
• Implemented required authentication requirements and API permissions/scopes.
• Mapped domains correctly to ensure Free/Busy queries routed to the correct tenant.

Issues & Mitigation

• Free/Busy failures caused by policy restrictions or incorrect sharing scope.
• Permission scope mismatches for API access.
• Propagation delays after configuration changes (validated with staged testing).

Post-Implementation Testing

• Used test accounts in both environments to validate Free/Busy lookups.
• Confirmed external visibility restrictions behaved as intended.
• Validated client experience across web/mobile clients where applicable.

Technologies: Microsoft 365, Exchange Online, Google Workspace, Calendar Interop, OAuth/API Permissions

Objective: Migrate SSO and identity provisioning from Okta to Microsoft Entra ID to centralize authentication, streamline access management, and align identity with Microsoft 365 infrastructure.

Planning & Preparation

• Captured and documented complete Okta configuration (apps, groups, provisioning rules, license mappings).
• Created pilot plan and tested with dedicated test accounts to validate authentication and provisioning behavior.
• Scheduled implementation during off-hours to minimize production impact.
• Created internal admin/end-user tutorials and documented rollback approach.

Implementation

• Recreated enterprise applications in Entra ID using gallery apps and custom SAML configurations.
• Configured SAML trust, exchanged IdP metadata, and validated signing certificates.
• Created security groups and assigned apps + license bundles using group-based access.
• Configured provisioning and attribute mappings where supported.

Challenges & Mitigation

• Troubleshot SAML errors related to metadata mismatch, endpoints, and certificate configuration.
• Resolved provisioning failures caused by permission scopes and attribute mapping issues.
• Identified limitations with password transfer functionality and planned communications accordingly.
• Remediated access issues (e.g., 404s/permissions) through app configuration and role review.

Post-Migration Validation

• Verified login access across all migrated apps with Entra ID as primary IdP.
• Confirmed user accounts were correctly federated and pointing to the new IdP.
• Validated group-based access and license assignments; reviewed sign-in/provisioning logs for stabilization.

Technologies: Okta, Microsoft Entra ID (Azure AD), SAML 2.0, RBAC, Microsoft 365, Provisioning

Objective: Migrate organizational email from Intermedia to Microsoft 365 to consolidate collaboration tools, improve security controls, and centralize administration.

Planning & Preparation

• Documented mailboxes, groups, licenses, rules, forwarding, signatures, and delegated access.
• Backed up mailboxes using a disaster recovery solution prior to migration.
• Scheduled migration during off-hours and planned staged cutover to reduce risk.
• Selected BitTitan MigrationWiz and validated source/destination readiness.

Migration Execution

• Configured MigrationWiz projects and enabled “Do Not Duplicate Emails” to prevent mailbox inflation.
• Performed staged migrations and recreated rules/forwarding/permissions in Microsoft 365.
• Updated DNS records (MX, SPF, Autodiscover) to route mail flow to Microsoft 365.

Post-Migration Validation

• Validated inbound/outbound email and mailbox data integrity.
• Confirmed shared mailbox access, group membership, and forwarding behavior.
• Monitored message trace/delivery reports and provided user support during transition.

Technologies: Intermedia, Microsoft 365, Exchange Online, BitTitan MigrationWiz, DNS (MX/SPF/Autodiscover)

Objective: Migrate on-prem VMware workloads to Microsoft Azure to modernize infrastructure, improve scalability, and strengthen disaster recovery readiness.

Planning & Preparation

• Audited VMware VM inventory, dependencies, OS versions, and workload requirements.
• Outlined Azure services: Virtual Machines, database services, Azure Backup, VNet, NSGs, monitoring, secure admin access.
• Used Azure Pricing Calculator to estimate costs and right-size workloads.
• Reviewed licensing requirements including Windows Server licensing and CAL considerations.

Migration Strategy & Execution

• Evaluated migration methods (PowerShell-based recreation vs snapshot/backup restore workflows).
• Provisioned Azure VMs aligned with workload requirements and segmented networking design.
• Implemented NSGs to restrict RDP access and enforce least-privilege network controls.
• Migrated SQL workloads and validated application/database connectivity.
• Configured Azure Backup policies for workload protection.

Post-Migration Validation

• Validated RDP connectivity and secure remote administration.
• Confirmed SQL database accessibility and application functionality.
• Verified RBAC assignments were correctly scoped and tested backups/recovery workflows.

Technologies: VMware ESXi/vSphere, Microsoft Azure, Azure VMs, VNet, NSG, Azure Backup, RBAC, PowerShell

Objective: Modernize file storage by migrating on-prem file shares to SharePoint Online to improve collaboration, remote access, and governance.

Preparation

• Validated SharePoint information architecture (sites, document libraries, and folder strategy).
• Cleaned up legacy data (duplicates, stale folders) and confirmed retention requirements.
• Installed the SharePoint Migration Tool (SPMT) on a workstation/server with access to the file shares.
• Identified permission model approach (SharePoint groups vs direct permissions) and mapped access requirements.
• Reviewed SharePoint limits and constraints (path length, invalid characters, blocked file types).

Migration Execution

• Authenticated to Microsoft 365 using a migration/admin account.
• Selected source file shares/drives and targeted SharePoint destination libraries.
• Copied and pasted the SharePoint destination URL for each library and validated scope.
• Mapped users/groups and validated how permissions would be applied in the destination.
• Executed pilot migrations first, then scaled to staged migrations before final cutover.

Issues & Mitigation

• Permissions do not always “pass through” 1:1 (resolved by standardizing SharePoint groups and inheritance strategy).
• Filename/path constraints and unsupported file types (resolved via pre-scan and remediation of invalid items).
• Large library performance considerations (mitigated with staged migrations and library structure planning).

Post-Migration Validation

• Validated user access and confirmed key folders/files were accessible by the correct roles.
• Confirmed sync experience and collaboration (versioning, co-authoring) where applicable.
• Documented new access model and provided user guidance for SharePoint/OneDrive usage.

Technologies: SharePoint Online, SPMT, Microsoft 365, Permissions/Groups, Information Architecture

Objective: Establish a reliable hybrid identity foundation and standardize device management for Windows and macOS endpoints using Entra ID integration and MDM policies.

Preparation

• Reviewed and organized Active Directory OU structure, groups, and naming conventions.
• Removed/disabled stale accounts and validated duplicate/conflicting identities.
• Planned sync scope (OU filtering) and identity attributes required for the environment.
• Confirmed device enrollment strategy for Windows/macOS (corporate vs BYOD, enrollment restrictions, compliance baselines).

Integration

• Installed Azure AD Connect on a designated server and authenticated with appropriate administrative roles.
• Configured sign-in method and selected OUs to synchronize (scope control and least privilege).
• Validated synchronization health and ensured expected users/groups appeared in Entra ID.
• Aligned endpoint enrollment policies and baseline configuration profiles for Windows and macOS.

Common Issues & Mitigation

• Sync issues caused by attribute conflicts or duplicate accounts (resolved via cleanup and attribute alignment).
• Over-syncing due to broad OU selection (resolved by tighter OU filtering and staged rollout).
• Enrollment failures due to device restrictions or compliance requirements (resolved by aligning policies with OS requirements).

Post-Integration Validation

• Verified Azure AD Connect Health status and sync schedules.
• Confirmed sign-in behavior for synced identities and tested conditional access/compliance where applicable.
• Validated device enrollment results and reporting for Windows/macOS endpoints.

Technologies: Active Directory, Microsoft Entra ID (Azure AD), Azure AD Connect, Intune MDM, Windows, macOS