|
|
|
|
|
|
| Recently the Nortel Networks Business Communications Manager group
embarked on a project to build their first product in their next
generation converted voice data switch line (BCM
50). This project included changing operating system platform
from Windows NT to Linux, merging the voice and applications
processors to a single PowerPC processor, and completely replacing the
management technology used. The new management technology chosen
was the standards based Web-Based Enterprise Management (WEBM).
As part of the BCM team I was involved with a number of pieces of the
new management system. Early in the design phase I was responsible
for gathering the requirements and designing the early object models for
the authentication and authorization security subsystem. This
included modeling things such as user accounts, the group and privilege
system, credential complexity enforcement, auditing, and security policy
such as lockout, etc.
Later in the project I was involved in writing various providers that
implement the CIM
object models for individual system components. These providers are an
interface between the actual system components and the
OpenWBEM management
server though which client requests are made.
Late in the project I was given the responsibility of refactoring the
providers responsible for Backup and Restore and Software updates of the
BCM 50. This included working with the component specialist to
propose a redesigned customer GUI, creating a new CIM object model
capable of delivering the data necessary for the new UI, and
reimplementing the associated providers. Even though these efforts
where under taken late the project we where still able to complete the
redesign and deliver a much better user experience in the shipping
product than was originally built . |
|
|
|
The Nortel Networks Business Communications Manager (BCM) product line
is a small to medium side business solution for converged voice and
data.
With increased awareness of security vulnerabilities in the industry,
the BCM group started a project to improve overall security of its
product with its version 3.5 and 3.6 software releases. Initially
this effort consisted of a two man team which included myself as the
technical person. Our main goal was to analyze the current product
and to propose or implement solutions to identified problems. For
platform related issues we would work to resolve the problems ourselves
and for subcomponent we would work with the various application groups
to find solutions.Securing the product was a multifaceted project.
It included making sure the operating system was hardened as much as
possible. ACLs on the file system where tightened to increase
defense in the face of a system breach. Many system wide security
related settings where reviewed and tightened. A process of when
and how new Service Packs and Hotfixes would be applied to the load
build process was defined and implemented.
All methods of accessing the box across a network were examined and
ways to allow secure administrative access where introduced. This
included adding SSL support to the Apache server to encrypt web traffic
and the introduction of SSH as a secure way of accessing the boxes text
based UIs.
Several security related configuration options where added to the
management interface. This included things like certificate
management, key generation, password complexity, etc. I wrote an
Windows NT Password Filter DLL to implement the new password complexity
options. Additionally I wrote an Apache module to authenticate
request against the OS password system. This module eliminated the need
for the redundant and less secure second copy of userids and passwords
that previously existed in the system.
Much time was also spent analyzing other non platform subsystems and
working as a consultant with the groups responsible for those systems to
improve security issues in the overall product.
For the next generation of product, the BCM 50, that was being built
on Linux, I was involved in defining the initial security requirements
and in particular for modeling the authentication system. |
|
|
|
|
The Nortel Networks Business Communications Manager (BCM) product line
is a small to medium side business solution for converged voice and
data.
After joining the BCM Platform Services group I quickly identified
the need for a more efficient way of getting new load build images onto
developers and testers machines. At that time they where using
burned CDs and hardware based harddrive cloning as the methods of
delivery which were inefficient and slow.
Upon recognizing that there was a better way I devised a simple
prototype system and sold the idea to management. The system
consisted of a simple client/server architecture where machines
connected to a central repository of load build images and then
preformed hard disk cloning across the network. A simple
authentication system tied into the windows domain system controlled
authorization to the various test, development, and production level
images.
Developers and testers quickly embraced the new imaging system as it
greatly reduced their turn around time after a new software load was
released. It also have them convient access to a library of
previous software builds for troubleshooting.
Over time many features where added to the network installer system.
This included generating logs for metrics purposes, multi-site support
other groups access to the system, multiple hard drive support, creation
and restoration of personal images, changing of the windows SIDs, etc.
Initially the BCM client was delivered via CD but as time when on the
client its self was added to internal loads to remove the need to
install an CD-ROM drive in the target hardware . Later USB
flash-key support was added to further simply the process.
The system was so successful internally that eventually I was asked
to develop a productized version to be sold to field technicians.
The commercial version was developed with features such as the ability
to control cloning for licensing purposes and was marketed as the BCM
Imaging Tool (BIT) |
|
|
|
|
The mServics team was tasked with creating wireless IT solutions
for Nortel global workforce. Its focus was to provide wireless
applications that would provide value to mobile employees.
I worked as a developer in the team and built the first prototype of
Nortel's mobile portal. The prototype was built using C++ and the
WAP protocol. Later versions of the portal where built using MobileQ's
XML Edge product to abstract application logic from the individual
devices markup languages.
I was involved in designing and implementing Nortel's wireless IT
architecture. This necessitated making several changes to various
components of Nortel's security access system to allow internet based
wireless devices to gain access to intranet based systems.
Various technologies used where:
XML, WML (WAP), HDML ( Openwave ), MobileQ XML Edge, RIM Blackberry SDK, NorPhone for Wireless, NorPhone for RIM Blackberry |
|
|
|
NorPASS is an enterprise password synchronization and authentication
system. It was built to improve corporate security by enforcing
strict password rules, to making life easier for users by
providing a single password, and to reduce password related helpline
call volumes.
NorPASS was implemented as a set of loosely connected Unix servers which
provided the authentication subsystems. For systems
that maintained their own password databases, such as Unix NIS and
Windows Networking domains, NorPASS pushed passwords to those systems
via so called 'syncers.' For systems that could be easily modified
or supported external authentication methods, NorPASS supported real
time authentications via RADIUS and the proprietary NorPASS C API.
For legacy systems, NorPASS supported bulk downloads of encrypted
passwords in Crypt or MD5 hash formats.
I worked as a developer on several aspects of the NorPASS system while
with the group. My first job was acting as the prime to integrate
the global Nortel Windows domains into the NorPASS system. Later I developed version 2.x of real-time authentication API.
This task expanded into rewriting several layers of NorPASS code
including the socket layer and the SSL layers to be more robust and to
provide better error messaging. The NorPASS API was
cross platform and compiled on Solaris, HP-UX, Linux, MPE, and Windows
NT. On of my last tasks was to design a tool that could be used to
securely encrypt and archive users clear text passwords on the NorPASS
servers using PKI.
Various technologies used where: SSL programming via SSLeay/OpenSSL,
BSD Sockets & Winsock, Entrust File Toolkit, Apache /
Stronghold
web servers, NorPASS C API Version 2.x,
Perl, PKI,
Solaris, HP-UX, Linux & Windows |
|
|
|
Joined the Internet Telephony Application Group (ITAG) in late 1997.
Primary responsibility was to design and develop tools for the Voice Button project.
Designated prime for a tool know as VAT (Voice Automated Testing)
This is a propriety interrupter written in C++ that is used to automate testing
of the features of the Voice Button servers. This interrupter runs on PCs
equipped with Dialogic voice hardware to simulate
analog phone users and uses a TCP/IP network client that acts as a NetMeeting proxy to
simulate H.323 VoIP users. Upon joining the group the tool had been started
by a contractor but was very unstable and not feature complete. Stabilization of
the application and reworking much of the internals of the code was completed, as well as
designing a new NetMeeting proxy. Many features were added including new language
constructs to allow for more complete testing of the Voice Button functionality and to
allow for more powerful test scripts.
Heartbeat is an internet client used for actively monitoring Voice Button servers
and alarming on various error conditions. Reworked the user interface
design and evolved the functionality of the tool.
Tools used where:
Microsoft Visual C++,
Visual Source Safe, the
NetMeeting SDK,
and Visual Java
|
|
|
|
Joined the Access group in the Summer of 1995 at which time they had no one
supporting their LAN on a fulltime basis but rather the developers
themselves would attempt to fix their own problems as they arose.
Because Nortel did not have a formal support system for PCs at that time, the
job consisted of the planning, support, and administration of
the various PCs and servers on their LAN.
Workstation clients were a mix of DOS, Windows 3.x,
OS/2 Warp,
Windows95, and
NT Workstation.
The network was a mixture of IPX/SPX, TCP/IP, and NetBEUI protocols
with NetBEUI being used for local file server access and TCP/IP
for Intranet and Internet. The server system was initially Novell NetWare 3.1x and was
migrated to IBM's Warp Server
with the later addition of a Microsoft
NT Server.
Duties included:
- Supporting the 60+ PC workstations and two servers
- Setting up and administering the departmental Intranet web site
- Defining and implementing a server backup strategy
- Migration from Netware to Warp Server
- Selection and purchase of new hardware and software
- Deployment of anti-virus software across all clients
- Installing, repairing, and upgrading hardware and software
- Managing user accounts on various systems
- Deployment of Windows95, Warp Connect, and NT Workstation
- Management of the hardware expense budget
- Being on call for off hours emergencies
- Interviewing and mentoring a student and several contractors
- Consulted on Norstar Access ISO document repository project
I received a Spot award for Customer Service |
|
|
|
Started working in May 1994 as a GSDT Smalltalk software designer after
graduating from University. The application consisted of several browsers and graphical
editors that allowed the GSF designer to visually define a service and then allowed
them to automatically generate skeleton code from the designs.
The development was done in VisualWorks
Smalltalk using OTI's ENVY/Developer for team
source code control. The Smalltalk applications were built with the aid of an application
development environment known as Argos. This
environment provided integrated object modeling support and persistent objects via
a transparent Versant object database.
Primary responsibility was the evolution of a graphical editor know
as the FSM (Finite State Machine) editor. The FSM editor allowed the user to graphically
draw the state machine for their service rather than having to code it by hand. Additional
responsibilities included designing several smaller UI components within the application such as a standard
printing interface for all the editors
Tools used included:
ParcPlace VisualWorks Smalltalk,
OTI ENVY/Developer, Versant Object Database,
Miramar Technology Argos,
Lotus Notes, and Hewlet Packard HP/UX
|
|
|
|
The co-op position's mandate was to build a component tracking
program to automate the tracking of issues and their related actions.
The project encompassed the full cycle of software development from analysis,
functional specification, design, implementation, testing and end user documentation.
The initial request was for a solution in Microsoft
Excel using Macros to manipulate data. After building a prototype and doing some
bench marking it was demonstrated to the customer that using a database would produce
much better results.
The final solution consisted of pulling data from two separate databases, one located on
an IBM S/390 mainframe and the other from a ZIM
database running on a PC based QNX network. Because no
automated way existed to move data from the mainframe to the QNX system a custom C program was
written to automate the transfer of data. The majority of the development work on the
project was spent writing a custom FoxBASE application which provided the component supply
engineers with an easy to use interface for working with the component issues tracking database.
Software and systems used during the project included:
IBM CP/CMS, Rexx, ZIM, QNX, Microsoft Excel, FoxBASE, C, Apple Macintosh.
|
|
