IT Infrastructure

Stable IT begins at the infrastructure level—that is, with networking, storage, security, and authentication. I plan, implement, and operate complete network and system landscapes, from physical setup to secure client and access separation. In doing so, I combine classic network technology with modern software-defined approaches and consistent automation.

Organizational chart with color-coded blocks – symbolizing heterogeneous IT infrastructure.

Network Architecture & Segmentation

Network planner dragon Comeli with hard hat and tools – symbolizing structured network architecture and segmentation.

I design and operate networks with clear security and performance specifications.

The goal is a comprehensible, maintainable structure with a defined separation between internal, external, and management zones.

  • VLAN design, trunking, LACP bonding, multipath
  • DMZ concepts, routing, NAT, VPN access
  • IPv4/IPv6 address planning and monitoring
  • Integration of physical and virtual network components
Learn more

Firewall & VPN infrastructure

Firefighter dragon Comeli in front of a firewall wall – symbolizing network security.

For network protection and site networking, I rely on transparent, open-source solutions.

  • OPNsense as a central firewall, IDS/IPS, and VPN platform
  • WireGuard for encrypted site-to-site and remote connections
  • Rules, geo-blocking, automated soft blocks
  • Integration into logging and alerting systems
Learn more

Storage & High Availability

System architect dragon Comeli with gears – symbolizing storage systems and high-availability infrastructure.

Storage infrastructure is a key factor for performance and reliability.

I implement scalable, replicated storage systems and optimize access paths for VMs and containers.

  • Ceph clusters for distributed block and object storage
  • LVM, iSCSI, multipath, fiber channel
  • Snapshot strategies, replication, quotas
  • Integration into KVM hosts and Kubernetes volumes
Learn more

Authentication & Access Control

Guard dragon Comeli with stop sign – symbolizing authentication and access control.

Uniform authentication is essential for security and transparency.

I implement central authentication and authorization mechanisms using open-source standards.

  • LDAP and Kerberos-based user management
  • Active Directory, SSSD, PAM, Winbind
  • Connection of web services via mod_authnz_ldap / mod_auth_kerb
  • Synchronization between Linux and Windows domains
Learn more

Security Architecture & System Hardening

Knight dragon Comeli with shield and spear – symbol of security architecture and system hardening.

Security is not an add-on, but an integral part of every system design.

I combine preventive measures with continuous monitoring.

  • SELinux, AppArmor, OpenSCAP audits
  • TLS certificate management, SSH hardening
  • Malware and spam filters (ClamAV, Rspamd)
  • Security monitoring and alerting
Learn more

Monitoring & Operational Stability

Dr. Comeli with server – symbol of monitoring and stable IT operations.

Infrastructure transparency is crucial for availability and fault tolerance.

I implement measurement, logging, and alerting systems ranging from hardware sensors to applications.

  • Prometheus, Grafana, Node Exporter, SNMP
  • Journalctl, Loki, log correlation
  • Alertmanager integration and escalation paths
  • Performance analysis and capacity planning
Learn more