Category: Uncategorized

About Me

I’m a engineer seeking truth about health, spiritual enlightenment and tech.

There are too much misinformation out there that is not benificial to many problems.

This site is to log my journey into what I have found out so far.

Profile: Able to provide technically creative solutions to address a variety of situations coupled with “hands-on” IS and networking expertise. Focused on achieving both bottom-line results while formulating and implementing technologies.

Selected Achievements:

• First Online Web E-commerce in Singapore generating S$330,000 in one week. Sales of 2300+ units of the AWE32 sound card in 1997 and shipped to 23 countries. (1997)
• Software monitoring solution that had supported various products that were sold 230 companies in 2 years. (2000)
• Creating Checkpoint FW-1 appliance. (2003)
• Product management of new and unique products.(2008-2009)
• Developing DNSSEC compliant DNS server product (2014)
• Developing next generation Truauth product. Improving performance by 5 fold.

Experience:

2010-Present:

Advance Network Technologies (Antlabs) – Singapore

Product Specialist:

Developing and improving existing Truauth family of products. Currently I have improve performance of Truauth by 5times. Developing customisation for Carrier class customers. Working on moving products to an Openstack environment to provide increase flexibity and scalability.

Customisation for Smartone (HK), Singtel S2a projects.
Senior System Engineer (Team Leader)
Support Division (Project)
My primary role is to manage the principle support engineers for projects which are deployments done for the following Telcos (SingTel, M1, Starhub, Omantel, Etistalat, CAT(Thailand), Nawras, IBS(Indonesia).
Several large deployments are supported like Wireless@SG, and large scale user gateways (20,000 simultaneous logins) for National Stadium, Melbourne Convention center, Dubai mall.

This involves arranging for schedules and support recovery procedures for various projects. It involves also in-house testing of patches for each of the projects before deploying on staging or live servers.

The secondary role is to manage service desk training and escalation procedures. This covers training documentation, Wiki sites for knowledge retention and training videos to demonstrate specific situations for a more common problems.

The different projects have different requirements and some Telcos have multiple projects running at the same time. I don’t have a standard procedure that is applicable to all projects. In general, the roles that I do for the projects are:
a)    Provide troubleshooting and bug fixing for problems both within the system and from other network devices.
b)    Reports analysis when there is need to isolate problem segments.
c)    Capacity planning guides and reports for upgrading purposes.
d)    Managing engineer resources to do operations and to aid them in investigations.
SingTel – This project involves authentication done by all cell phones that needs to do 2G,3G and GPRS connection. Currently they have about 2million subscribers and planning to do upgrading to 3million subscriber systems. Antlabs provides radius servers for authentication of these subscribers. They are currently doing about 1-2k TPS (transactions per second) and upgrading to about 5K TPS by end of the year.

SingTel – The other primary project for SingTel is that we provide radius servers and proxies and SSGs (Service selection gateways) (all these are our own products) for Wireless@Sg and other similar networks (icell, Starhub, M1 etc). As they are the primary access point for most of the free/paid public wireless access, we have about 20 servers catering for about 8 geographical segments. We manage internet bandwidth and authentication.

Singtel Satelite – This is a very unique project, where data analysis based on packet captures and capture breakdowns are used to generate reports for thousands of ships that use Internet. This is provide billing accountability for each ship usages.

Singnet – Their new Wifi offload for their new plans are managed by our TruAuth and Map gateways to communicate with their telephone HLR systems. Wireless@SG also taps on this setup for the 802.1x login profiles.

Starhub – Similar to SingTel, we provide SSG gateways however, they manage their own Radius servers.  My role is:
a)    Provide troubleshooting when problem arises
b)    Provide help in configuration when there are new marketing campaigns where the SSG can redirect to custom pages for advertising efforts. In short they require assistance whenever they have new marketing campaigns and we have to assist whenever they deploy new webpages..

M1 – Fiber Broadband
Although the project is called fiber broadband it is actually cable broadband access. These include systems from Juniper (E320 (broadband server router), MX960 (universal edge router)), F5 (BigIP for load balancing), Radius, DNS, web portals and web proxies.

My roll is primarily
a)    Provide troubleshooting of problems.
b)    Upgrade of systems (OS and others)
c)    Upgrade of functionality (Scripting or changes in configuration).
d)    Increasing bandwidth between systems.

This by far is the most complicated setup. The E320 is a product that Juniper has relatively few experienced support personnel which makes asking for support rather slow. This E320 provides client bandwidth access management. When a new cable user is detected, various policies can be applied until the user logs in via the web portal. At which time, a new policy is applied to the user to set bandwidth and any other customization for that plan. The traffic from the user is then either pass through directly or redirected to the http proxies.

Secondary roles involve support of our hospitality products (Inngate) which are captive gateways. Here my role is to help the help desk do the support. When they get a problem they cannot solve, me and my team of engineers will troubleshoot and if necessary bring up the problem to the product development people for help.

I do management of staff resources for the purposes of achieving 24-hour online service. Scheduling of training and off site visits.

There are some special projects which I have been doing.
a)    Overall upgrading of knowledge of the helpdesk. This is an indepth training of various protocols like DNS, DHCP, SMTP, HTTP, arp and networking protocols to the Help Desk. This training is specific to helping them troubleshoot via using the Inngate products.
b)    Provide a knowledge diagnostic framework to ensure that the help desk will ask the correct questions and provide correct answers in a fast and consistent manner. This is done via a Wiki project which has a diagnostic tree of questions and verification techniques the help them arrive at the correct answers.
c)    Create a new framework for data collection of project and product system statistics. Currently, any statistics collected are either condensed in a week/month/year basis which means it losses granularity. This project is to provide
a)    Longer term storage of statistics data in theory any granularity that the customer wants for an indefinite time frame.
b)    Data mining for the purpose of capacity planning. For example, breakdown of handphone types that connect. Breakdown of plans popularity or anything that they could want.
d)    A webbased automated system to submit requests which will execute specific procedures on remote Inngates. These kind of procedures include
a.    Healthcheck
b.    Specific software recovery procedures for rare issues.
c.    Hot fixes before official patches are release.
The good thing is that it also captures various statistical information about remote Inngate systems that allow us to plan for severity prediction of vulnerable systems or how prevalent certain configurations are, usage patterns.

Omantel, Etisalat,CAT – They both have the Singtel Wifi setup where phones can seamlessly switch to Wifi with their EAPSIM profile on their phones.

DNSSEC  Server – I have single handed created a product for the company to support DNSSEC complainant server/recursor. This system has an internal loadbalancer that can be configured to support multiple instances of the internal services to handle high loads. This was designed to support 140K regular DNS requests/second.

2004-2010:

Han Technology – Singapore
Senior Development Consultant
Actually my titles depend on whom I will meet. My boss suggested that I use the above when the customer would want more customized products or to build a new solution. Or the other one below when we most likely selling existing products that don’t require much customization, just deployment and education. This is because compared to the rest of the tech employees; I have more in depth programming background.

Directing product development and testing of various products. In general, my roles in these products are one of these three functions. To manage the development of it, or to provide testing environment and lastly to provide support to end users.
•    Exboot – Unique backup solution, that allows the backup to be directly booted from an external enclosure. This provides a failsafe in the event that an internal harddisk fails, it provides immediate access to programs and data without having to do a restoration first. This software is developed to work in Windows OS environment. This has become popular among larger companies like FedEx and is being bought in quantities by the various ministries for use by Ministers and the upper level personnel on their travels.
•    RestoreLive – Another unique product that backs up a system to its own drive. It does not make sense on the surface. However, any backup and restoration takes time. A simple update failure (update of Microsoft or antivirus) could potentially wrack the system. Restorelive can be managed centrally to receive backup commands from a central console before any update is done. A single reboot is all it takes to restore a system to any backup. Literally recovery in a minute. This software is developed to work in Windows OS.
•    Pincode encrypted enclosure – Encrypted enclosures come in all forms. Some with tokens. Some with finger print. However, there are cases, where the token is left in the enclosure or a finger is cut off to do authentication. Pincode is a simple number sequence to unlock encrypted data from a hard disk. Simple and easy to use.
•    Provide support for extensive scheduler called 24×7 Automation Suite(www.softtreetech.com). This scheduler provided not only more control and management of jobs but it also provides scripting languages that could query and control how the jobs performed. I managed and sold this product to DBS Vickers who have since deployed it site wide to monitor and proactively fix problems via scripts.
•    Creating a appliance which integrated F-Secure’s Linux Gatekeeper product into an in-line scanning appliance that filters virus for HTTP, POP,SMTP and FTP protocols. (Using Linux, kernel patches, scripts in perl, bash). This system was created with a minimum of RPMs required to run the solution. A installation CD was created to facilitate installation into appliances. This was done largely with perl and bash scripting. Since this product is an in-line scanner, the emphasis for development is two fold. One is the hardening of the OS and the other is to optimize network throughput. In the first case, the work is similar to the earlier Celestix work where I made sure only relevant software is running and each is locked down to prevent intrusion. The second, is to ensure the OS is optimized in terms of packet handling and memory and caching of virus signatures to speed up scanning of anything passing through the system.
•    Setting up a open source Sugar CRM system for the company to track sales and customers.

Senior Product Specialist
•    Provide support for F-Secure’s anti-virus products to both end users and corporate customers like DBS(7000+), MHA(3000+), HDB(10,000+), BASF (10,000+ users). Here we provide several levels of support. In some cases, we create documentation for users like DBS on installation, update procedures for their systems. Even how to update an OS image that they install into various systems. In other cases, its more hands off like in BASF case, where they have very competent engineers and only require support for more complex procedures.
•    Provide support for WRQ Reflection (formerly known as F-Secure SSH products). This software is the defecto standard in the Singapore Government, it is used by all the ministries and many of the companies that have direct need to transfer data securely with the ministries. Here we provide different levels of support. In some cases, we provide onsite installation services and direct support in terms of making sure security keys are installed correctly. In other cases we provide just phone support to do the same.  However, we do help in debugging scripts that they use for file transfers.
•    Unique throttling solution to manage anti-virus updates (sometimes up to 2-5Mbyte), through 64kbit connection to about 60-70 branches.
•    Provide support for iScsi (Open-E) and Nas (Windows Storage server and ReadyNas) deployment for customers. Customers include Mindef and other organizations.
•    Manage internal VMWare and Citrix Zen servers for internal operational servers and testing of new products. Generally we use Zen more mainly because we run mostly linux OS and Zen runs a little Linux a bit faster then Vmware.
•    Manage Veritas Volume Manager, file and Cluster for a hosted application for customer. Used primarily to cluster web and mail services for customers who find housing mail servers locally is cost too much for a dedicated lease line for large number of branches scattered across many countries. It was backed by a data store using a pair Open-E NFS with replicated volume nodes.
2001-2004:

Celestix Networks    Singapore, US
Tech Support Manager
•    Setup a tech support department in the US. This won some magazine commendation of efficiency and completeness of support. Here I managed a small group of support engineers in the US for about 2 years.
•    Provide support for both multifunction appliances and specific appliances like Checkpoint firewalls and their associated products like Rainfinity.  Our appliances are custom designed motherboards with multi network ports (usually 4-8 ports) with Raid systems built in. The Rainfinity products that I worked with then is more of network traffic management unlike their current products are more geared towards VM management.
•    Returning to Singapore, I rejoined R&D and helped develop a Linux OS that could switch different sets of libraries and products depending on which was needed. This was needed if the customer wanted to test a new version of the software and needed a failsafe to return to an old configuration. (Custom Linux distribution, with perl, bash, and some C coding). This Linux OS we developed is based on Redhat OS or equivalent Centos OS. These products was designed to support (firewalls and other security products) requires considerable hardening by having only the minimum required software to run the OS and to lock down various components to ensure that it cannot be broken into. Backup and recovery is done on two fronts. We created our own backup recovery scripts to store the backups automatically either to a file share (Ftp or windows file share).   I built a special SNMP library specifically for this appliance so that all the functions could be monitored and managed remotely.
•    These activities require skills in building RPMs for linux and build a software solution for Tech support problem tracking. (Perl, bash, and various scripting)

1999-2001:

Lightspeed Technologies    Singapore
Manager of Software Development
•    Create an infrastructure to facilitate monitoring of unlimited systems. A central reporting system where a variety of systems report status and it allows pushing of updates to report servers. These servers sending reports are the following products created. The products below are generally built using Linux, perl,bash and various software that is inherently available in Linux).  Do note that this was done way before software like Nagios or OpenNMS or Zenoss.
o    We created our own push mechanism for sending updates to all our servers (listed below) to provide new updates or new error detection mechanism.
o    Each time a failure has occurred, after diagnostics we would develop a detection script or program that we will push to all our customers machines so that advance or immediate warnings can be received before or when the problem occurs. For example, we created a multi-point mail loop testing that makes sure that each system can send out and receive emails within a specified time period. If the time period is exceeded it setups an alert for us to detect. This works from both the customer’s machine outwards and from ours inwards to their machines.
o    Other examples are alert/warnings from various logs are monitored continuously on systems. Alerts such as SMART errors, samba login errors or even intruder detection (using Tripwire) are sent immediately so that we can take action.
o    We have added over a hundred customized warning/alert scripts to detect all kinds of unusual activities that needed attention. The goal is to fix the problem either via the script itself or alert us immediately of the problem so that we can fix it remotely.
o    The benefit to the customers were that all systems tasks were managed by us. Adding accounts, special configurations, changing shared directories and so on were only a call or an email away.
•    PicoNet – This was a system consisting of a firewall, VPN and intrusion detection. It’s the first system put into most companies, and it allows detection of potential problems within the network. This was equipped with squid an http proxy. This speeded up web access by caching and in some cases, the customers requested various access controls like, by time, by users, by locations and to block access to certain websites. This was achieved with primarily with squidguard. In some cases, this was implemented as a transparent proxy to hide the functions from the staff.
•    PicoMail – This was a pop3/imap mail system with Mcafee anti-virus scanning. It also provided archiving of emails and email broadcasts for marketing purposes. This system uses sendmail either postfix the smtp engine. There are special customers with unusual requirements. One unusual customer wanted a cell groups within the organization that would get copies of emails sent to anyone within the cell group to be sent to all members of the cell group. Corresponding, any emails sent out from the cell group to be copied to the cell group. This was to facilitate anyone within the group to be able to respond to any query from customers. Some of these were done with aliases, proc procedures, and special m4/cf file milter configurations. The more common ones simply required virtual domains, users, support of multiple domains. SmtpAuth was deemed mandatory for all our customers this reduced the chance of having their mail servers become spam machines.  In most customers however, we prefer postfix as its easier and less resource intensive for to manage. It is easier to specify anti-spam options to reduce the acceptance of spam and to intergrate anti-spam scanners.
•    Picoshare – This was essentially a network file server. However, it had the ability to mirror itself to other similar file systems both local and remote. Provide workgroup scheduling, forums and trouble ticketing functions.
•    PicoFax – This was a centralized fax system that allows routing of fax to emails. This reduces paper wastage and provides reduce change of missed faxes due to paper jams. It provided desktop print to fax services as well.
•    These systems combined were sold as products to about 230 companies in about 2 years. We even had customers like Singapore Tourism Board and National Library
•    I had a team of 7 engineers, 3 for R&D and 4 for technical support for the customers. My role is more for the R&D and deployment management. In many cases, standard deployment procedures are adequate. However, some customers require specialized configurations where in becomes my job to scope it out and either do it myself or manage one or more of my engineers to develop it.
1989-1999:

Confrere Solutions    Singapore
Senior Manager
•    Providing SI services to assemble firewalls, mail servers and various other Internet related servers and products.
•    Created an online maid application to provide reviews of maid profiles and inquiry system for the owners. (linux, php,mysql)
•    Online monitoring and reporting of Church cell group activities. (Linux, php, mysql)
•    Developed a prototype system for Changi General Hospital to track members and provide online updates of upcoming events like talks and seminars. (Windows, ASP)
1993-1998:

Creative Technology Ltd    Singapore
Associate Manger in Interactive Marketing Department
•    First Online Web E-commerce in Singapore generating S$330,000 in one week. Sales of 2300+ units of the AWE32 sound card and shipped to 23 countries.
•    First Online software ecommerce sales. S$160,000 in 3 days of 10,000 software licenses. (IBM commerce server and custom code to manage modem Visa transactions. There were no online gateways available in Singapore then).
•    Social Network web activities for data/statistics collection and dissemination of new updates information for software and device drivers (Windows,Linux, asp,php, perl)
•    Guerrilla marketing activities to create “unaffiliated” review sites that promote Creative products fame and quality.
•    Virtualisation of Tech support centers for unified support between US and Singapore. (Lotus Notes)
•    Online sales support infrastructure to manage from purchase, inventory, packing, and tracking of shipping of products to end-users directly. (Lotus Notes)
•    These activities were done with me leading a team of 3 engineers.
R&D Engineer
•    Design of device drivers for CDRoms, sound cards and graphic cards for DOS, WinNT, OS/2, Autocad and NEC 9800. (Mostly C and assembly programming).
•    Design of software players for Creative products. (Mostly C,C++)