Kevin Fries

Organizer of the Denver/Boulder Linux Users Meetup Group

Two provisional patents are applied for listing me as technical engineer

Senior team member responsible for production level deployments and debugging of infrastructure deployed to AWS and GCE Cloud environments. Rebuild and configuration of Kafka, Confluence, and Vault servers in Kubernetes environment. Debugging and writing of deployment scripts in Hashi Terraform. CI/CD utilizing Jenkins, Argo, and Harness. Connecting all logging to centralized SumoLogic cluster.

When I came onboard, the company was in a transition from on-prem solution that relied on a monolithic core, to one whe microservices deployed in docker containers.  I was tasked with producing a deployment environment at AWS for this new dockerized application.  Built a multi-account solution that comprised account management via AWS Control Tower to produce a proper, secure, and monitorable set of accounts based on deployment stage (accounts for development, qa, uat, and production).  Each environment hosted two different applications, with data shared via EFS share in each account, and routing performed via AWS Transit Gateway.  Transit Gateway also provided a single access point back into the office via a site-to-site tunnel.  AWS Config and Security hub were used to provide compliance with ISO and NIST standards.  Applications were managed as EKS Kubernetes clusters.  Trained staff on all infrastructure, deployment and software configuration.  Used Hashicorp Consul and Vault as well as AWS Parameter Store, and Kubernetes Secrets and ConfigMaps to manage persistent values in applications, as well as automation processes.

Charter Communications is in the process of combining 3 separate organizations: Charter Communications; Brighthouse Networks; and Time Warner Cable.  All three organizations had complex overlapping network segments that needed to be brought together into a single organization.  Much of the development is done at AWS, while many of the services are at AWS and corporate data centers.  My job was to support the "Portals" (this is the customer interaction services to order movies, pay the bills, etc) unification project.  I would build the network connections between the different services, and the development environment, and the legacy development environments.  This required configuration and engineering of Palo Alto Networks routers combined with AWS Standard networking.

I was hired to assist in bringing the existing suite of applications into a Mesos environment.  In order to accomplish this, I worked on improvements to the internal CI/CD processes to fix issues with Puppet deployment scripts.  Also worked to deploy new customer sites to production area.  Finally used Flask to build improvements the the process used to upload customer sites and site management.  It was determined as the work proceeded that allot of the systems would require significant architecture changes to take advantage of Mesos.

Brought back on board to manage the engineering of a brand new router designed to intelligently switch between two cellular networks to allow ATMs in the field to connect to the bank processing systems.  Code was prototyped using Python, with the final code written in a combination of C and C++.  The system was designed to build several extensions to the Embedded Linux OS, and broadcast those changes over D-Bus to a central management routine which would send command to alter the configuration of the device on the fly.  

Designed and implemented a project that consisted of using ExpressJS and Sinatra as a front end to collect data from phones in the field, then stored the data in Elasticsearch and Kibana for monitoring.

Designed and demoed a project to convert the conventional virtual machine infrastructure into a micro-service infrastructure in Kubernetes environment implemented on a set of Dell Blades running CoreOS.  This project was developed to investigate a hybrid network spanning our datacenters and AWS cloud.

Built a testing process and tools to test new hardware (routers and cell phones) manufactured for the company.  Used Cucumber and ADB to build test that would drive the devices and report the results.

Most of my projects required the use of junior engineers which reported to me.  The way this company works, is that teams are built per project, not by department, so I had to manage several groups of people in order to complete these projects.

Design/Build/Service high performance computing (HPC) clusters for corporate, government, and educational users.  As a senior level Linux resource I also had to support junior personnel and sales

In a team of two, provided 24x7 support of a big data storage cluster implemented on MarkLogic and FAST.  The version of FAST was pre-purchase from Microsoft, and was implemented on Linux systems.  This required a fully manual build of a complex multi-server cluster.

For the MarkLogic clusters, built automation tools for internal support.  These tools were used for monitoring, loading, and correcting of invalid data.

Senior engineer in a new product instigation department.  In this role, it was my responsibility to come up with new and novel ideas, then to engineer and build the concept.  This position was not specifically to build products for commercial building, but instead was to showcase bleeding edge ideas that could then be further developed, in part or in whole, into new products.

Examples of projects built (all before commercial version were available in the marketplace) include:

• A computer like device designed for non-computer users.  It was based on sending and receiving emails (named letters) and pictures.  It would maintain an address book and picture album.  The device was designed to work on older Japanese phone systems which had very low throughput, so images were resized, and reduced in color depth to match the device.  Input was done via a d-pad (up, down, left, right) since this was not for computer users
• An encrypted storage drive that would sit on Windows based systems, and used a Linux kernel that ran as a Windows service.  A drive partition would be allocated and managed by the Linux kernel, and sported a cryptfs file-system, that used external RSA keys for encryption.  The drive would expire the keys if the IT department either sent a lock-down code over the cellular network, or the system did not check in within a certain time period.  Since the keys were kept separate from the drive when possible, this prevented the drive from being removed from the device and mounted on another machine to gain access to sensitive data (IT would have the keys, so it would work for them, but not thieves)
• Built an auto-vpn that would keep remote machines connected to the corporate network automatically at all times.  This would split the traffic so that all corp traffic would be sent over the VPN while all other traffic would be sent over the default connection.
• Built a system to track Japanese stock market tickers in real time.  A full time feed would be connected into the servers, and each ticker would have its own queue.  As each device logged in from the field, it would be assigned its own queue.  Each device queue would subscribe to the feed queues which it was configured to watch.  As data arrived, a series of triggers would cause the data to be pushed to the device in real time, and graphs redrawn on the screen.

Full charge CTO/CIO/IT Department reporting to the CEO.  Maintained 24x7 support of local and remote users, that could end up in any timezone.  Insured Internet presence was always available including website, email and FTP (data transfer) servers.  And finally, had to build computing servers that could run large, complex groundwater management software

Hired to bring companies full production system into production, replacing the system built to get company out of round one funding.  New version was built in PL/SQL and Jave/J2EE.  Extended the new system to tie in ADP, HR, and ERP systems.  Upgraded Sun based servers to larger cpus, hard drives, memory, and operating system to manage upward growth of the systems.

Taught advanced networking classes in an Associate of Science program, topics included Servers (WWW, SMTP, FTP, etc), user security, and network management (subnets, ip addressing, etc).

Took over the customer base from C-Quad Systems.

Managed several Y2K projects to update software for the Millennium.

Continuation of projects started at Division of Wildlife

Senior Network Admin for a Internet Service Provider owned by the company.

Worked on several client sites including the Avalanche Notification Center and Lockheed Martin

Built systems to manage reservations.  Also built a system allow hunters to look up their preference points.  Translated hunter regulations from internal word processing documents (WordPerfect) into HTML so they can be published on the Internet.  Built tools for teachers to correlate state teaching standard with DOW published teaching lessons.