Syed Haider Ali

Nationality: Pakistani
Current Location: Dammam, KSA
Email: engr.haiderali@hotmail.com
Contact #: +966 (53) 8560096

SUMMARY______________________________________________________________________
A highly energetic and accomplished professional network engineer with comprehensive
experience in the field of IT / ICT in regards to Technical Pre/Post-Sales. I have grown valuable
understanding and insights working in the area of Wireless Network Design and Solution
Architecture. Having reflected upon my own experiences and those of my peers has allowed me
to develop a strong work ethic focused on achieving the task at hand.

PROFESSIONAL EXPERIENCE______ __________________________________________________

John Hopkins Aramco HealthCare - JHAH (http://www.jhah.com)
IT Security - NAC (Network Access Control) Consultant Oct 2017 - present
Job Responsibilities:
 Managing and maintaining the network access control of JHAH wireless and wired
infrastructure
 Securely provisioning the new and existing network devices by using Aruba ClearPass
Policy Manager as NAC solution
 Constantly working with wired/wireless team in order to meet new or existing network
access requirements
 Allowing admin access to network device owners to their network devices (i.e. switches,
routers, firewalls, proxies, IPS, Load Balancer, WAF, Windows and Linux Redhat servers
etc.) by maintaining the industrial standard secure parameters which include Aruba
ClearPass (as AAA server) and Fortinet FortiAuthenticator (as MFA – Multi factor
authentication Solution)
 Implementing and handling Fortinet FortiAuthenticator MFA solution by using software
and hardware token base access along with the SMS base tokens
 Managing new projects related to access control from design till implementation stage
 Performing daily operational activities and resolving service incidents tickets in order to
ensure smooth network access and zero downtime
Oxygen-DMCC (www.oxygen-me.com) April 2015 – Sep 2017
Sr. System Engineer (Secure Mobility)
Job Responsibilities:
 Profiling partners in terms of technical capabilities and certification and building
appropriate technical plans
 Technical knowledge sharing, product updates to partners - online and in person
 Partners training, enablement sessions and presentations
 Conducting onsite demos and POCs
 Providing consultancy services for secure wireless LAN planning and deployment
including pre and post deployment site surveys, project/tender documentation i.e. RFP,
HLD, LLD etc., WLAN and LAN solution designing, BOM/BOQ generation, one to one end-
customers meetings and project execution
 Partner/Customer relationship building
  Support partners on demo kits and demo labs
 Proactively dealing with end-customers deployment fulfilment
 Providing professional services to partners/end-customers
 Providing coaching and training to junior staff/internees and work load sharing of other
colleagues
 Updating knowledge base and creating in-house LABs for continuous personal
development

Corvit Networks (Pvt.) Ltd. (www.corvit.com) April 2011-April 2015

Sr. Executive Engineer (Post & Pre Sales)
 Job Responsibilities:
 Conducted WLAN indoor and outdoor site surveys
 Designed wireless solutions and generating heat-maps on Airmagnet Survey tool and
VisualRF planner
 Successfully deployed and troubleshoot multi-vendor (Aruba, Cisco, Huawei etc.) WLAN
solutions
 Worked closely with project managers and clients, providing technical support and
consultancy for networking projects
 Worked as team lead in various projects
 Conducted POCs and professional training sessions

TECHNICAL SKILLS _____________________________________________________

MOBILITY
 HPE Aruba Networks
 Deep understanding of Aruba Secure Mobility Architect with master-local controller
concept, high availability designing and implementation, role-base access, centralized
licensing, integrations with NAC solutions etc.
 Designing, configuration and troubleshooting of Aruba mobility controllers (650,
3200XM, 7000 series and 7200 series).
 Working on Aruba instant, campus and remote indoor access points (90, 110, 130, RAP-
155, 200, 210, 220, 300, 310, 320, 330 series) with pre-sales and post-sales product
comparison with other venders.
 Working on instant controller clustering with multiple clustering environments.
 Conducting site surveys, outdoor WLAN solution designing with Aruba outdoor wireless
APs (175, 270, 360 series).
 Working of Aruba outdoor mesh APs (MSR and MST APs).
 Excellent understanding of Aruba NMS (AirWave) with its key features’ deployment
experience.
 Designing WLAN for RF challenging environments, detailed low-level designs including
active equipment and passive equipment (antenna selection, cabling, mounting kits etc.).
 Thorough knowledge of Aruba specific features (ARM, ClientMatch, AppRF etc.).
 Pre and post-sales Expertise in Aruba controller licensing (AP, PEFNG, RFProtect etc.) and
Aruba NAC solution - CPPM licensing (Base, OnBoard, OnGuard, Guest).
 Extensive experience of using Aruba VisualRF Planner tool for pre-deployment site
surveys and heat-mapping.
 Excellent understanding of L-2 or L-3 roaming.
 Excellent working experience in Aruba cloud base solution – Aruba Central by using Aruba
Instant APs.
  Excellent working experience to use HPE configurator tool – IRIS to generate WLAN or
LAN BOQs.

 Cisco Wireless LAN and BYOD

 Configured Cisco Catalyst 45xx/3750/35xx/29xx series switches
 Worked on Cisco wireless LAN controllers (WLC 2100, 2500, 4400, 5508 Series, Virtual-
WLC)
 Worked on Cisco Autonomous and Light-Weight Indoor Access Points (1130, 1140, 1230,
1240, 1250, 1260, 1600, 2600, 3500, 3600, 1700, 2700, 3700 series)
 Worked on Cisco 1310 outdoor wireless bridges
 Worked on Cisco 1520, 1530, 1550, 1570 series outdoor access points
 Working knowledge of Cisco BYOD solution platform (ISE - Identity Services Engine and
its licensing)
 Cisco NMS (Wireless Control System – WCS, Cisco Prime infrastructure)
 Excellent understanding of Cisco cloud base solution – Cisco Meraki

 Ruckus
 Excellent understanding of Ruckus standalone, controller base and unleashed access
points.
 Excellent product comparison knowledge of Ruckus access points includes indoors R300,
R500, R510, R600, R610, R700, R710, outdoor T300, T700, T710, T610 etc. hospitality
H500, H510 and P-P/P-Multi-P access points
 Excellent pre and post sales working experience on Ruckus Smartzone 100, ZoneDirectors
3000 series, 1200, vSZ – virtual SmartZone WLAN controllers.
 Worked on Ruckus BYOD and NAC solution – CloudPath
 Working knowledge of Ruckus cloud base solution – Cloud WiFi
 Complete working experience of Ruckus site survey tool – Zoneplanner

 UCOPIA (Guest/Hospitality Management Solution)

 Netscout (AirMagnet Planner, Survey, Analyser and AirCheck)

 Motorola
 Link budgeting for long distance point-to-point wireless links
 Configuration of Motorola PTP 400 and 600 Series Wireless Bridges

SECURITY
 Aruba NAC Solution - ClearPass Policy Manager
 Extensive working experience in Aruba BYOD and NAC solution platform (ClearPass Policy
Manager and its components).
 Successfully pitched, designed and deployed number of projects containing CPPM, digital
certification base access by using different authentication methods (EAP PEAP, EAP TLS
etc.) and authentication sources (AD, SQL etc.) for BYOD (OnBoard), endpoints
(windows, MAC) health checks (OnGuard) and CP Guest for completely customizable
guest access management.
 Controlling endpoints network access (wired and wireless) by enforcing different policies
and profiles on the basis of their RADIUS attributes.
  Controlling network devices (switch, router etc.) login access by integrating AD account
with CPPM and enhancing the security perimeters by using ClearPass as TACACS+ server.
 Integrating multi-vender (Cisco, Juniper etc.) network equipment with CPPM.
 Fortinet FortiAuthenticator – MFA (Multi-Factor Authentication) Solution
 Extensive experience in design and implementation of multi-factor authentication
solution by using fortinet mobile base software tokens and hardware tokens.
 Excellent working experience related to configuring HA, integrating AD with FortiAuth for
using AD as authentication source, integrating and using SMS gateway for SMS base
tokens allocation, importing users as AD groups and provisioning them
hardware/software/SMS base tokens for second factor authentication, integrating a
large number of network devices (i.e. switches, routers, firewalls, proxies, IPS, Load
Balancer, WAF, Windows and Linux Redhat servers etc.) with different OEMs, using
FortiAuth as a Radius server for individual network device as well as for Aruba ClearPass
for second factor authentication (in which Aruba Clearpass acted as a RADIUS server for
NAD and proxy the request to FortiAuth for second factor authentication).
 Aruba Next Generation Policy Enforcement Firewall
 Configured PEFNG for WLAN users to assign different roles to end-devices on the basis
of their access rights. It was achieved by implementing standard, extended ACLs and Alias
URL filtering against these roles.
 EMM Solutions (Mobile Iron and AirWatch)
 Did pre-sales, POCs and solution pitching of enterprise mobile management solutions
(EMM) like Mobile Iron and Airwatch.
 TrustWave – NAC Solution
 Working knowledge of agent less and MAC base NAC – Network Access Control solution

SWITCHING
 LAN solution (L2/L3) designing by considering IDFs and MDF, total end points
calculations, power over ether (POE or POE+) requirement, Core, aggregation and edge
switches understanding with modular and non-modular switches.
 Working on switch stacking, configured link aggregation LACP, redundancy through
VRRP, HSRP, assigning VLANs interfaces, configuring tagged and untagged ports.
 Complete understanding of optical modules – SFP, SFP+ selection with single mode or
multi-mode fiber connectors
 Excellent working experience to use HPE IRIS – Configurator tool
 Configured industry’s top venders – Cisco, HPE, Brocade, Huawei etc. – switches.
 Configured 802.1X settings to enable port security, MAC authentication bypass – MAB,
AAA server assignment to integrate switches with NAC solution.
 Configured switches for WLAN controller or access point.
 Understanding of L2 looping and its prevention through 802.1d and 802.1w.
 Understanding of 802.1p – QoS.

EDUCATION_____________________________________________________________________
B.Sc. Engineering 2006 – 2010, CGPA: 3.12/4.0
University of the Punjab, Lahore, Pakistan (www.pu.edu.pk/)

CERTIFICATIONS ______________________________________________________ __

Cisco Systems
  CCNPW – Cisco Certified Network Professional (Wireless)
 CCNAW – Cisco Certified Network Associate (Wireless)
 CCNA – Cisco Certified Network Associate (R&S)

Aruba Networks
 ACPE – Aruba ClearPass Essentials
 ACMP – Aruba Certified Mobility Professional
 ACWQ – WLAN Quickstart Sales Specialist
 Aruba AC Specialist
 Aruba's ClearPass Sales Specialist
 Aruba Certified Sales Specialist
Ruckus Wireless
 Ruckus WiSE Level 1 Certification
 Ruckus Associate SmartZone Administrator (RASZA200) Certification

TRANINGS
 CCIE (Wireless) – Training from CCIE Wireless Instructor
 ClearPass Advanced Scenarios Workshop Dubai – Training from Aruba Networks’ Sr.
Engineers Team
 Aruba ClearPass Essential for ACCP – Boot camp from Exceed, Dubai
 Cisco Identity Services Engine (ISE) – Boot camp from Corvit Systems, Pk.
 Ruckus Associate SmartZone Administrator (RASZA200) – Training from Ruckus, Dubai
 UCOPIA Advance Level Training – Training from Ucopia authorized trainer at Exceed, Dubai
 HCNA (Huawei Certified Network Associate) – WLAN - Training from Corvit Systems, Pk.

MAJOR PROJECTS_ ____________________________________________ ____

 Sharjah Media Corporation, UAE (http://www.sharjahmedia.ae)
 Worked as project lead starting from initial meeting, site survey conduction, information
gathering, BOQ formation till complete project execution.
 SMC has 4 sites with one head-office at Sharjah whereas 3 remote sites in which they
required a comprehensive centralized, redundant and secure WLAN infrastructure.
 After conducting the site survey for all sites, we proposed two Aruba 7200 series
controller - for centralized management - working as active-standby and more than 100
Aruba 320 series wave-2 access points along with Aruba NAC solution – clearpass policy
manager (CPPM) with AAA, OnBoarding, Guest and OnGuard features.
 The two WLAN controllers are located on two different sites (main DC and DR site) which
are inter-connected through MPLS VPN.
 Two CPPM are located at DC and DR site in such a way that each site users will be
authenticated locally.
 For each remote site, APs are configured in remote access points mode so that in case of
disconnectivity with main data center, wireless users will still have connectivity.
 HA – high availability - is being configured on controllers for controller redundancy. Each
controller has dual status in HA so that each controller can work as active controller for
one site APs and standby controller for other site of APs simultaneously.
 Both CPPM were in a single cluster as publisher and subscriber to give redundancy.
 Complete customized web portal is being configured for guest users with SMS gateway
integration and self-registration.
  For BYOD devices, OnBoarding is done by using CPPM as CA.

 Dubai Chamber of Commerce ClearPass, UAE (www.dubaichamber.com)

 Worked as project lead starting from initial meeting, information gathering, BOQ
formation till complete project execution.
 Installed Clearpass on hyper-V.
 Configured basic setup on CP for network connectivity with DCCI existing infrastructure.
 Successfully configured and tested dot1x service for wireless users so that AD users could
securely connect through their AD credentials to “Dot1x” SSID.
 SSL certificate is installed on CP to avoid HTTPS errors in case of web portal logins.
 Successfully configured and tested “Guests” SSID for guest access with SMS gateway
integration and provisioning. Configured fully customized web portal as per DCCI
requirement.
 Successfully configured and tested “Contractors” SSID for contractors’ access with
sponsored based provisioning and with fully customized web portal as per DCCI
requirement. Emails exchange server is integrated with CP for sponsors’ approval by
sending emails to AD users.
 Successfully configured and tested “Events” SSID for expos and large events with single
access code for multiple simultaneous sessions. Operator login is configured for account
creation for the visitors.
 Successfully configured CP and Juniper switch and tested dot1x service for wired users
with end points profiling and MAB (MAC authentication bypass) for ip-phones. Also
dynamic fall back vlan feature for un-authenticated wired users is configured and tested.
 Successfully configured and tested Juniper switch CLI login by using AD credentials via CP
RADIUS enforcement service.
 Backup were taken for Aruba mobility controllers flash and CP configuration.

 Suhail – Bhawan Group CWH - Misfah Warehouse, Muscat, Oman

(http://www.suhailbahwangroup.com)
 I worked as deployment engineer in this project.
 Client wanted to deploy WLAN infrastructure for its 6 warehouses to connect HHT
devices to WLAN.
 Each HHT device scan goods’ barcodes and send data to the main server by using Aruba
274 outdoor access points with 30 degrees patch antennas managed by Aruba 7200
series controller.
 All access points configured through WLAN controller with WPA2-PSK along with AES
encryption.
 My job is to make sure that there should be minimum interference among access points
and without any coverage hole.
 To get optimum RF-coverage and SNIR values, I tweaked RF profile on Aruba controller
in such a way that each access point’s maximum Tx and minimum Tx power would not
create unwanted noise.
 Finally, I did a post deployment site survey by using AirMagnet Survey tool to ensure that
the HHT devices would not face any disconnectivity or undesired data rates.

 Ooredoo Doha Aruba Airwave Deployment, Doha, Qatar

 I worked as deployment engineer in this project.
 Client wanted to deploy Aruba NMS solution to monitor their Aruba WLAN infrastructure
and Cisco WLAN solution as well.
  I configured SNMPv3 on Aruba controller, Cisco WLAN controller and on Airwave so that
Airwave would get SNMP traps in order to monitor APs and WLAN clients.
 Configured different groups for Cisco controller and APs as well as the Aruba controller
and APs so that manageability and software up-gradation would possible with ease.
 Also configured visualRF on Aruba Airwave so that real time WLAN clients monitoring
and location tracking with plus minus 3 meter accuracy can be possible. It also gave the
live heatmaps in order to get RSSI values of each WLAN clients.

 JHAH Multifactor Authentication Project, KSA

 This project consist of design and implementation of second factor authentication for
John Hopkins Aramco HealthCare’s Network infrastructure devices which include
switches, routers, firewalls, proxies, IPS, Load Balancer, WAF, Windows and Linux Redhat
servers etc.
 I worked as implementation engineer in this project.
 Most of the network devices had been integrated with Aruba Clearpass which acted as
AAA server for giving admin access base on AD credentials.
 New services were configured on Aruba Clearpass in order to proxy the authentication
request to FortiAuth for second factor authentication.
 Second factor authentication was achieved by using software/hardware/SMS base
tokens.
 The Following major tasks have been done on FortiAuth in order to implement this
project successfully:
 Configured HA, integrated AD with FortiAuth for using AD as authentication source,
integrated and used SMS gateway for SMS base tokens allocation, importing users as
AD groups and provisioning them hardware/software/SMS base tokens for second
factor authentication, using FortiAuth as a Radius server for individual network
device as well as for Aruba ClearPass for second factor authentication (in which
Aruba Clearpass acted as a RADIUS server for NAD and proxy the request to FortiAuth
for second factor authentication).

 HEC Smart University Project, Pakistan (www.hec.gov.pk)

 This project facilitate with Wi-Fi services to currently 98 universities of Pakistan with
around 10,000 APs requirement
 My role as onsite pre-sales resource, generating BoM (working with principal) as per RFP,
providing technical write-up, working on network design, attending onsite technical
meetings, and giving clarifications on solution related queries
 The proposed solution consisted of Aruba decentralized model in which master
controllers placed at three different sites of HEC data centres and acted as configuration
pusher towards local controllers placed in each university
 1+1 master controller redundancy is provided to ensure the non-stop services for
wireless infrastructure
 Local controllers are proposed in N+1 redundancy architecture where backup local
controllers are placed in each regional HEC data centre
 Aruba centralized licensing feature gave a dedicated licensing pool, in this way all the
mobility controller licenses will be available for all access points
 Guest and NAC features were given by Aruba BYOD platform (CPPM)
 Major Platforms Proposed:
 Aruba 7240 mobility controllers as master
  Aruba 7210 mobility controllers provide N+1 redundancy for regional campus
controller
 Aruba 7205 mobility controller as campus controller
 Aruba IAP-215 as indoor access points
 Aruba IAP-275 as outdoor access points
 Aruba AirWave as NMS
 Aruba CPPM for guest and NAC services

 Fatima Group WLAN and BYOD Project (www.fatima-group.com)

 Fatima Group required WLAN and BYOD solution for its four remote sites
 My role as onsite pre-sales resource, generating BoM as per RFP, providing technical
write-up, working on network design, attending onsite technical meetings, and giving
clarifications on solution related queries
 The purposed solution consisted of Aruba centralized model in which master controllers
(active and backup) placed at main data centre
 All three remote sites are connected with main data centre with MPLS
 All APs proposed to terminate on master controller and configured as per customer
demand
 CPPM was proposed along with its Onboard, Onguard and Guest components for BYOD
implementation
 Major Platforms Proposed:
 Aruba 7240 mobility controllers as master
 Aruba AP-205 as indoor access points
 Aruba AirWave as NMS
 Aruba CPPM with Onboard, Onguard and Guest licenses

 Warid Telecom, Pakistan (www.waridtel.com)

 Company required Pakistan’s 1st ever Aruba BYOD solution for its head office and 5 other
remote sites. Each site connected with main data centre via MPLS
 My role as team lead of design, documentation, deployment and troubleshooting
 Two Aruba 7200 series WLAN controllers acted as master (active and standby using
VRRP) located at main data centre whereas each remote site has two Aruba 3200XM
series mobility controllers acted as local (active and standby using VRRP)
 Centralized licensing feature was configured so that all controllers share their licenses in
centralized pool
 APs registered with their respective sites’ local controllers and all the AP Groups (Policies,
SSIDs, AAA profiling etc.) were pushed by master controller to local controllers
 Aruba CPPM installed on two ESXi servers (with active-standby) acted as RADIUS server
and for BYOD implementation and different services were configured on the basis of
client requirements
 ACLs were applied on master controller to restrict WLAN client roles
 Onboarding, Onguard and Guest features were configured for BYOD. WLAN clients were
given role-base access rather than IP-base
 Guest authenticated through web portal via sponsor based access
 In Onboarding, profiling was configured in which devices were assigned device based
access
 In Onguard, Laptop and PCs’ users were postured based on health checks defined on
ClearPass policy manager
  Aruba NMS (AirWave) was configured for centralized management of deployed WLAN
infrastructure. Live heat maps were generated for each floor at all sites
 Major Platforms:
 Aruba 7200 series mobility controllers
 Aruba 3200XM series mobility controllers
 Aruba AP-135 access points
 Aruba CPPM (ClearPass Policy Manager) 6.3
 Aruba AirWave (NMS)

 LUMS (Lahore University of Management Sciences) (www.lums.edu.pk/)

 Client required Cisco WLAN solution for its campus hostels
 My role as RF-designer and deployment team lead
 It consisted two Cisco WLC 5508, 2600 series APs (139) and Cisco 2960 access switches
 Configured routing and switching infrastructure for WLAN deployment
 Installed licences of APs on WLC and configured its basic configuration
 Configured multiple SSIDs as per client requirement on Cisco WLC
 Authenticated users via Cisco ACS and based on their credentials, assigned them different
IP schema
 Optimize RF signals and WLAN coverage

 University of Central Punjab (UCP), Lahore, Pakistan (http://www.ucp.edu.pk/)

 Client required Cisco Virtual WLAN controller deployment which was very 1st of its kind
in Pakistan
 My role as solution designer and deployment team lead
 Configured routing and switching infrastructure for WLAN deployment
 Installed Cisco vWLC on ESXi server and registered all existing (Cisco AP-1252) and new
APs (Cisco AP-2600e) in the campus
 IOS of existing Cisco APs was upgraded which was the requirement for Cisco vWLC
 Configured all APs in flexconnect mode with local switching
 Configured SSIDs, mapped them on different VLANs, applied WPA2 security level with
MAC based filtering

 Campus wide Huawei WLAN deployment in UET KSK Campus (www.uet.edu.pk/campus)

 Client required Huawei WLAN solution for its University Campus
 My role was RF-designer, deployment and troubleshooting team member
 Deployed S5700 Layer 3 core switch and S1728 layer 2 switch
 Configured Huawei WLC 6605 and APs 6010 for coverage at hostels and university
departments
 Linux server was used as AAA server and WLC is configured accordingly
 Multiple SSIDs were configured for students, faculty members and guest users