Southwark Council

Programme Manager

April 2023 – Current

Infrastructure Migration to Cloud

Complete migration of all infrastructure to cloud

2 year programme

Programme value £4 million

Lambeth Council
Senior Project Manager
September 2021 – Current

Migration from MPLS to SD-WAN

The reason for the migration from MPLS to SD-WAN was the end of the current contract and the retender of network services. The procurement route was Crown Commercial Services RM3808 to find a new provider. Virgin Media Business, who was the incumbent, was also the only bidder for the new contract and won the tender. The contract was signed on 4th April 2022 and the project team started with the planning of the migration from MPLS to SD-WAN. The new contract after the contract award started with a pilot and later bigger locations and finally the core sites. The Council had over 120 MPLS circuits and not all circuits were required going forward. This cleanup exercise saved the Council over £100k a year.

  1. Due dilligence; mapping the locations with site contacts circuits reference numbers and comms cabinet layout in terms of power and room for the new router
  2. Design phase and configuration
  3. Procurement of hardware
  4. Pilot phase
  5. Migration phase

The total migration duration was 1 year.

Azure Migration

The migration of applications to Azure requires knowledge of what is currently installed on the servers and if the application can be migrated to Azure. I started this by doing an application landscape exercise.

  1. What applications are in use today
  2. Prioritising them into categories of importance, core and non-core
  3. Looking at the application need in terms of in memory, CPU and load balancing
  4. Are there legacy applications that need to be replaced
  5. Do applications other servers to communicate to
  6. Who are the vendors and is Azure supported
  7. What contracts have we got with suppliers
  8. Create a Migration Business Case with cost breakdown and migration path.
  9. Provide hybrid options for soe application stacks

The Azure migration did not progress past the Business Case stage and the application landscape exercise.

How it was done

For details on how to do a MPLS to SD-WAN migrations, please the published paper. For details on the Azure migration see published paper.

One Source
Programme Manager/ Senior Project Manager
September 2019 – September 2021

Programme Manager/Senior Project Manager working in Havering and in Newham

Network workstream

The infrastructure components such as network and servers had reached or even exceeded end of life status. The network hardware could not be re-procured as it required a complete redesign of the the network. Newham and Havering Council under the managed service of OneSource had their networks merged without an holistic view on how to create a single network. The intention was to create a zero-trust network that would be secure and give the same level of security working from home as working in the office. It would be based on Cisco hardware with Palo Alto firewalls.

Applications workstream

Most applications were running on servers that were hosted in the on premise datacentre. The intention was to find suitable candidates for migration to SaaS and migrate the majority into Microsoft Azure cloud.

Backup workstream

The servers were backed up using older software and it was known that backups were failing and no restore was possible. A new backup was urgently required but with SaaS and Microsoft Azure the footprint in the on premise datacentres would reduce requiring a smaller backup array.

AOVPN

The VPN solution was Direct Access and with the rollout of new laptops it was a senior management decision to replace Direct Access with Always on VPN.

Windows 2008 Server and TLS1.0x

The applications were a mixture of old and new applications with some of the older applications managed by the departments oppose to OneSource. The issue with this was that there was no driver to upgrade to later versions so applications became stale. With Windows 2008 r2 going out of support and Microsoft increasing (doubling every year) the extended support cost it was obvious that the applications needed to be upgraded and moved to the latest version of Windows server. The same was true for applications requiring TLS1.0 or 1.1 and later 1.2.

Projects delivery

There were 4 project within the infrastructure programme that needed to be completed urgently.

  1. Network Refresh; phase one was to migrate the Microsoft Thread Management Gateway firewalls to Cisco ASA firewalls. It required cleaning up the firewall rules (scoping and design) and cutting over the pair one after another with firebreak of 1 weekend in between. phase two was to design a new network, procure and implement.
  2. AOVPN; replacing direct access on laptops with Always on VPN.
  3. Windows 2008/ TLS 1.0; Identifying an upgrade for each application to SaaS, Azure or on premise to the latest version of Windows server. Upgrading applications to work with a supported version of TLS.
  4. Scoping a backup solution and taking into account the direction of travel being cloud first.

How it was done

The immediate concern was to eliminate the risk with the firewalls. There were 2 Microsoft Thread Management Gateway (TMG) firewalls pairs that had reached end of extended support and were failing. During the failure the other TMG firewall would take over after a manual reconfiguration but the user experience would be poor. The senior management team instructed the TMG firewalls to be replaced by 4 existing Cisco ASA firewalls that were still supported. The Cisco ASA firewalls were still older technology and not able to provide a zero-trust network but would take the pressure off in the first instance. The network team investigated the rules and we split out functionality that was coming off the TMG and would not go on the ASA. Once the rules were cleaned up the ASA were configured and tested. The first pair was migrated over the weekend with all application teams doing the UAT on the day. Withing 2 weeks both firewall pairs were migrated without any problems or disruption. The network architect worked with the project team to design a resilient and secure network. The design, business case and cost model were created and submitted for approval.

Replacing a VPN on a laptop remotely is a challenge. As the VPN is the only way to connect there will be 2 VPNs installed and the laptop needs to connect to the new one properly before the old one is removed or disabled. This became apparent during the pandemic where staff were working from home and no one was allowed to come into the office. A trip to the engineer would have been the was this would have happened normally but we had to be inventive. We could not use SCCM to deploy the VPN as Direct Access does not support this. We used group policies to push out the client to the laptop and then force the connection to the AOVPN client. Once the laptop showed up on the AOVPN servers as a live connection we would disable the DA client. We had issues with staff never rebooting their laptop. It takes reboots to bring the script down. The second issue was that staff used a ethernet cable via a docking station and not Wi-Fi to connect. This also caused problems getting AOVPN to work. It was hard work but we manage to replace the VPN over time for all staff during the pandemic.

Windows 2008 R2 was out of support and we had a lot of applications that needed to be upgraded. The application either needs Windows 2008 and older versions of SQL and TLS and there is no upgrade possible. At a price, the application can be upgraded and there may be professional service time charged by the vendor. At best the application is working on a later version but just needs to be installed and tested. In this scenario at OneSource it was mixed.

The project started with the creation of a business case where all requirements and options were recorded. After that there was a Proof of Concept preceding the actual choice of what backup solution to procure. We asked ArcServe to provide us with 2 appliances and they were installed and the PoC was signed off and the business case was approved. Senior management did however not give the approval for procurement.

https://www.snowsoftware.com/Applications falling out of the Windows 2008 upgrade and that could be moved into Microsoft Azure were build and migrated. The project did an Azure Cloud Readiness Assessment with Microsoft to determine suitability. We also used Cloudscape eDiscovery and SNOW software.

Recap

  • Interim measure; firewall migration for LB Havering and LB Newham
  • Redesign of the network based on zero trust and application segmentation
  • Procurement, implementation of the network solution
  • Rolling out Always on VPN during the pandemic
  • Remediation of Windows 2008 server and TLS 1.0/ 1.1
  • Scoping and Proof of Concept for a backup solution
  • Application migration to Microsoft Azure

London Borough of Enfield
Programme Manager Infrastructure Transformation Programme
February 2019 – September 2019

The business case for this programme was to reduce revenue spending and to replace unsupported hardware. The core business applications were hosted by a service provider and these services such as SAP and Skype for Business needed to be migrated to the on-site datacentre and to Microsoft Azure. The the LAN hardware was out of support and required a large investment to replace. The WAN design had to be brought in line with the strategic direction of the Council and circuits to be upgraded or terminated. The laptops and desktops were older than 5 years and running on Windows 7 this needed to be replaced with new hardware creating a mobile work force.

  • Windows 10 device roll-out of 5000 end users devices (95% laptops and 5% desktops)
  • Building a on-site datacentre (HP servers, UPS, cooling and network)
  • BYOD implementation with Microsoft Intune
  • Cisco network refresh from design to implementation of all LAN hardware
  • WAN redesign
  • Skype for Business migration from on premise to online and to Teams
  • SAP migration (Virtual to Virtual) from hosted datacentre to onsite and Azure
  • Data centre migration decommissioning
  • Full procurement life-cycle of hardware, professional services and software
  • Programme value 10 million, staff size 30+

London Borough Hammersmith & Fulham
Programme Manager
September 2017 – January 2019

  • Transformation Programme (moving services and data from a shared service between Westminster, Kensington & Chelsea to a separate LBHF service
  • Public Service Network (PSN) compliance project
  • Implementation of Artificial Intelligence AI software for the telephony system
  • Construction project ‘Stephen Wiltshire Centre
  • Average programme value 1.5 million, staff size 20+
  • Responsible for 3rd party management and full procurement process

London Borough of Kensington & Chelsea/ Westminster
Programme Manager
March 2017 – July 2017

  • Bi-Borough wide technology review and strategic planning
    Windows 10, 5000 users, Cloud migration and Microsoft 365 (Office 365, Exchange, Skype for Business, SharePoint migration, OneNote and Intune), Strategic alignment of organisational direction and technology roadmap

London Borough of Islington
Senior Project Manager/ Programme manager
October 2014 – December 2016

  • Council wide Windows 7 upgrade on 4000 devices and end to end implementation of XenApp 7.11
  • Office 365 implementation and Exchange mailbox and SharePoint migration
  • Average programme value 1.5 million, staff size 20+

Tate Galleries
Senior Project Manager
July 2013 – August 2014

  • Evaluation and design of a VDI platform using the DELL vWorkpace solution for virtual desktop.
  • Email migration from Exchange 2003 to Exchange 2010
  • Average project value 1 million, staff size 10+

British Telecom
Senior Project Manager
February 2013 – July 2013

  • Upgrade from Citrix 5.0 to XenApp6 and migration of 50 servers and a rollout of Windows 7 and MS Office 2010 to 9000 end users and migration of 5000 applications
  • Average contact value 1.1 million, staff size 30+

Advanced 365
Senior Project Manager
April 2012 – January 2013

  • Implementation of Citrix XenApp6 environment, upgrade to MS Office 2010 and, implementation of a call management system (Zeacom), database migrations and virtualisation of servers
  • Average contact value 1 million, staff size 7 internal and 3 external suppliers

Deloitte
Senior Project Manager
September 2011 – April 2012

  • Implementation of Citrix XenApp6 environment, Upgrade to MS Office 2010 and Exchange 2010, hardware refresh and roll out of Windows 7, Telephony upgrade of the core telephony system and migration from Mitel Nupoint voicemail system to Microsoft’s Exchange 2010 UC product suite
  • Budget responsibility 3.5 million and staff size 35 internal and 20 externals

Serco
Senior Project Manager
June 2011 – September 2011

  • Managing the migration of staff and hardware between buildings of London Borough of Ealing.

Delivered a data infrastructure project for Agilisys Limited
Programme Manager/ Senior Project Manager
September 2010 – March 2011

  • Managed the Workplace Strategy Programme and solution proposal phase for migration from Citrix 4 to XenApp 6, frontend and backend upgrade, roll out of a new software deployment tool, standardising to Windows 7, Implementation of videoconferencing and upgrading to MS Office 2010. Project size was 3,000 users and budget 1.2 million.

Capita UK, Project and Solutions
Senior Project Manager/ Programme Manager
August 2006 – August 2010

  • Building Schools for the Future – July 2009 – January 2010. To deliver the ICT Solution to Durham County Council, inspiredspaces intend to implement a centralised and resilient virtual platform to deliver key services over the existing WAN infrastructure. The key drivers for the design have been based around providing a high availability solution to support the schools, whilst minimising the quantity of physical servers and space required for the ICT Solution, both recognising and maintaining the green agenda. inspiredspaces will implement the solution within the Tanfield Data Centre with assistance and working alongside the Managed Service Unit (MSU) who will be taking over the support of the solution on completion of the implementation. The existing facility offers the highest level of resilience and security within a leading edge environment.
  • Group4Security Eviper – 26 February 2009 – 18 May 2009 The eViper application supports the Group 4 Securicor (G4S) Cash Services business by providing track and trace audit functionality on the movement of cash containers. The application allows Cash Services branches (or depots) to plan and schedule cash deliveries and collections onto what is known as a trip. Once a trip has been planned, details of scheduled deliveries and collection of cash containers are downloaded to a hand held terminal (HHT) via a docking station (cradle) at the “home” branch.  This is done at the start of a shift. All containers will be assigned a unique bar code reference number known as a seal number. The crew scan all containers scheduled for delivery, and take the HHT on the road, carrying out deliveries and collections.  All containers are scanned at the point of delivery and collection, and receipts are issued to customers to confirm date and time of collection. Once all deliveries and collections are complete, the crew return to their “home” branch and download all data from the HHT to eViper via cradles, transferring cash containers to the vault. Vault personnel also scan containers to verify what is being transferred from the vehicle to the vault. All transfer of data from eViper to the HHT is achieved using middleware called TaskMaster provided by a third party (TBS). 
  • CWA – The current estimate is that this project will be migrating 655 users on Neoteris, 628 users on Business Port and 265 users on IP Stream. Users will be migrated in small groups of not more than 100 users at a time. This is to ensure that the workload at Infrastructure Services Technical Operations is manageable and that any disruption is containable. Original access will stay in place till the new access on either of the 3 service offerings (Neoteris, IP Stream or Business Port) is proven to work.
  • BBC TV Licence Bristol – The objective of this project was changing the way you can pay for the TV licence. Payments can now be taken over the internet. The project created this internet page and payment processing functionality.
  • Datacentre migrations at Capita Hartshead Pensions
  • Resolution Life Group in Glasgow – Separation of the infrastructure of Resolution Life Group from Abbey. National.
  • Turbine Surface Technologies Limited (TSTL) is a 50% Rolls Royce owned organisation whose primary business operation involves the application of coatings to aerospace components, with approximately 250 employees and 70 IT users. Since the loss of their own IT resource earlier this year, IT support has been provided by Simon Cope from Ross Ceramics on a scheduled weekly site visit basis. User support requirements have therefore been grouped together for resolution during the scheduled onsite visit. Active monitoring and management of systems and currently not undertaken with only scheduled essential maintenance undertaken of current systems. A number of routine maintenance activities will need to be re-established e.g. sever patch management is out of date, no central policy server for anti-virus management especially to user devices.
  • CHKS – Capita Health acquired CHKS in the first quarter of 2009. The company provides data services and consultancy in the health sector.  Capita Health and Capita ITS have recognised that there could be significant benefits in moving the IT elements of the business into Capita ITS. There are three distinct parts to the proposed solution for the provision of IT Services to CHKS. The first being the management of the existing service, the second a move to a new hardware and software platform and the third the transition of the CHKS technical staff into BI team, application Services. Moving the development and support of IT deliverables into ITS will allow CHKS to focus on the consultancy service for which it is renown across the health sector.
  • Hardshead – The driver for Hartshead is to house their applications on new servers as the old servers are reaching end of life and support for both hardware and software becomes an issue in 2011. The Capita Hartshead systems are currently hosted on physical Tru64 servers by Enterprise Services at West Malling and Laindon and will be migrated to the Capita MSI New World at West Malling, where it will run virtual AIX servers. The New World solution will consist of nine AIX Logical Partitions.  There will also be four Windows Virtual servers; one an SFTP server, one Sonic MQ server, one Hartlink exchange server and the other a Web Server (CHHVPWMWEB01, already in existence). Capita Hartshead would like to use the Hot Dr Solution with all the DR servers also being actively used for the development, test and QA systems that relate to the live applications running on the corresponding server in West Malling and will utilise the Raid 5 SAN configuration.
  • Malard Move
  • Refopipe – Business Support has rebranded “Refopipe” to “the Resource Scheduler” and the product will be road tested during a pilot phase. The pilot was first rolled out to the project managers to assess its usability. With the feedback from the pilot users the Resource Scheduler was later enhanced and will be migrated from the current DR server at Railtrack NCCA to a dedicated virtual server in MSI at West Malling.

EDS United Kingdom
Senior Project Manager
August 2004 – August 2006

  • Control of budgets up to £4.3million, reporting to the senior programme manager for EDS; using standard PM2 methodology and tools to control budget, risks, issues and workload; proactive lead in identifying customer requirements and analysis of key deliverables and success factors; delivered training and mentoring to customer’s staff to enable future self-sufficiency.

EDS Netherlands
Project Manager/Bid Manager
September 1998 – August 2004

  • Dow Chemicals – Implementation of workflow management software and Voice Over IP software implementation
  • Outsourcing of the Ericsson IT department to EDS to lead the bid for successfully transform the IT department to a managed service including staff
  • The Greenery in Zoetermeer – managing the network related projects from design through to implementation and installation. A challenging environment of that is relying on a 24/7 network infrastructure consisting of Cisco hardware.
  • Vodaphone in Maastricht – device rollout of new desktops 5000. Full project lifecycle from design to handing over to support

Koninklijke Marine (Royal Navy)
Luitenant ter zee
July 1994 – August 1996

Education

Qualifications

  • APM PRINCE2 Foundation
  • APM PRINCE2 Practitioner in 2015
  • APM Managing Successful Programmes Practitioner in 2010
  • Microsoft Certified Professional 2000 in 1994
  • ITIL Foundation Certificate in IT Service Management in 2002
  • ITIL Expert
  • PMI Agile Certified Practitioner 2011
  • PMI Project Management Professional 2011
  • Languages spoken, English, Dutch and German

Curriculum Vitae in English as PDF

Curriculum Vitae auf Deutsch as PDF