M Fahad

M Fahad Khan Sherani

System and Network Manager

 

About Myself

Serving IT industry since 1998 worked on extensive applications, tools and devices that includes vast technology paradigm

I have extensive experience in installation, implementation, integration, security, and administration across local and remote environments, serving a diverse clientele from major industry sectors. Over the past 25+ years, I have worked with nearly all Microsoft operating systems for both servers and end-users. In addition, my expertise includes Red Hat Linux, Fedora Linux, Mandrake Linux, and Sun Solaris.
I have hands-on experience with a wide range of platforms and services, including Windows 7/8/10/11, Windows Server 2012/2016/2019/2022/2025, Windows Active Directory, Azure AD DS, IIS, LTSP, VPN solutions, MS Proxy, Microsoft Exchange Server (location-based) and Exchange Online (O365), Squid Proxy Server, MS ISA Server 2004/2006, Microsoft Forefront TMG 2010/2016, MS Project Server, MS SharePoint Server, Streaming Media Server, Lync Server, Skype for Business Server (location-based), MS Live Meeting Server, O365 Teams Server, centralized antivirus platforms, Print Servers, Sendmail, Sendgrid, Postmark, Mailgun, Smtp2go, HP ALM, VMware (ESXi, vCenter), Hyper-V, and centralized storage/NAS systems.

Applications and Tools

I have extensive hands-on experience with a broad range of enterprise applications and tools, including SQL Server, IBM DB2, MySQL, and Oracle 8i/9i. My skill set also encompasses version control and development platforms such as Microsoft Visual SourceSafe, Team Foundation Server, and Microsoft DevOps Server (both Cloud and On-Premises).
In addition, I have worked with Apache Tomcat, WebSphere Application Server, Microsoft IIS, SharePoint Server, and HP ALM. My background includes expertise in a wide array of security and protection tools such as McAfee Firewall, ZoneAlarm, Norton Security, Sygate, and Norton Ghost, as well as system imaging and cloning solutions like PowerQuest and HDClone.
I am also proficient in remote access and support technologies, including Microsoft Remote Desktop Services, VNC, NetOp, AnyDesk, and RustDesk (both server and client implementations), along with extensive experience in using various data recovery tools.

Routers and Devices

I have worked with a broad spectrum of network devices widely adopted over the past decade and a half. My experience spans ISDN and DSL technologies, radio modems, and load-balancing routers. I have also configured and managed numerous VoIP and SIP gateway devices, including Gaoke SIP Gatekeeper MG-6000, MG-6002, MG-6008, Quintum Tenor A400/A800, the Cisco SPA series (SPA-100, SPA-2100, SPA-112, SPA-122, SPA-500, SPA-504), and the Linksys PAP2.
In addition, I have extensive hands-on expertise with enterprise networking hardware such as Cisco SF300, Cisco SF350, Cisco Business CBS220/CBS350, TP-Link, D-Link, SonicWALL SOHO, Netgate SG-1100 and SG-5100, Linksys routers, MikroTik routers, and pfSense routers. My proficiency also includes working with proxy and firewall platforms such as IPFire, NethServer, and OPNsense.

 

Academics Qualification

Following are my academics qualification, certification, courses and awards.

  • Azure Solutions & O365 Admin Certification Course.
  • Azure Security (Az-500, AZ-300, AZ-103) Certification Course.
  • Azure Architecture Certification Course.
  • Amazon Web Services (AWS) Certification Course.
  • Master of Computer Science – M.S (CS).
  • Bachelor of Computer Science – B.S (CS).

Experience

Serving IT industry since 1998 worked on extensive projects that includes vast technology paradigm

    Network Manager / Sr. Director IT / VP

    eDev Technologies | May 2002 – Present


    Provide strategic and operational leadership for the organization’s complete IT ecosystem, aligning technology initiatives with business objectives while ensuring secure, scalable, and high-availability systems.

    Executive Leadership & Strategy

  • Define and execute IT strategy, roadmap, and governance aligned with organizational goals and growth plans.
  • Act as senior technology advisor to executive management, providing guidance on digital transformation, risk management, and technology investments.
  • Lead enterprise architecture planning covering network, systems, security, applications, and cloud/on-prem infrastructure.
  • Establish and enforce IT policies, standards, and best practices across infrastructure, security, and operations.
  • Drive business continuity and disaster recovery (BC/DR) strategies, ensuring operational resilience.
  • Oversee vendor management, contract negotiations, SLAs, and service delivery performance.
  • Prepare and manage IT budgets, forecasting, cost optimization, and CAPEX/OPEX planning.
  • Evaluate emerging technologies and recommend strategic upgrades and modernization initiatives.


    • IT Operations & Infrastructure Management

  • Direct end-to-end network management, systems administration, and hardware lifecycle management.
  • Architect, deploy, and maintain secure enterprise networks (LAN, WLAN, WAN) with high availability and performance.
  • Manage multi-ISP environments, implementing load balancing, failover, and bandwidth optimization.
  • Oversee installation, configuration, and maintenance of servers, storage, firewalls, and virtualization platforms.
  • Lead cloud and on-premises infrastructure operations, ensuring reliability, scalability, and security.
  • Establish proactive monitoring, logging, and reporting frameworks to maintain system health.


    • Security, Risk & Compliance

  • Own the organization’s information security posture, protecting systems from internal and external threats.
  • Design and enforce network, system, and data security controls, including firewalls, IDS/IPS, antivirus, and access policies.
  • Lead risk assessments, vulnerability management, and incident response activities.
  • Ensure compliance with security best practices and regulatory requirements.


    • Systems, Messaging & Collaboration Platforms

  • Oversee Windows Server environments, including: Active Directory, Group Policy, DNS, and Domain Services.
  • Lead deployment and management of email and collaboration platforms, including: Microsoft Exchange Server, Sendmail / SMTP systems, Skype for Business / Messenger Server.
  • Govern web servers and application services (IIS, Tomcat and other platforms) with controlled access and security hardening.


    • Networking, Firewalls & Remote Access

  • Design, deploy, and manage firewalls and proxy solutions including pfSense, NethServer, and Microsoft Forefront TMG.
  • Implement and manage VPN solutions (site-to-site and remote access) across multiple WAN links.
  • Control internet usage policies including web filtering, protocol access, bandwidth prioritization, and reporting.
  • Configure and troubleshoot VoIP gateways and communication infrastructure.


    • Hosting, DNS & Data Management

  • Oversee web hosting and email hosting platforms, including domain and DNS management: A, TXT, CNAME, MX records.
  • Ensure regular backups, data integrity, and recovery readiness for critical systems.
  • Define and enforce data protection and retention policies.


    • Team Leadership & Service Delivery

  • Lead, mentor, and develop IT, network, and support teams.
  • Define roles, responsibilities, and performance metrics for technical staff.
  • Establish IT service management processes to ensure high service availability and user satisfaction.
  • Oversee user support operations, resolving complex technical issues and minimizing downtime.


    • Network Engineer

    Orbit Broadband Internet | May 2000 – April 2002


    Played a key role in designing, implementing, and supporting ISP-level network and Linux-based infrastructure services.
    Key Responsibilities:

  • Designed, planned, and implemented Linux system administration, network services, and software platforms.
  • Gathered and documented user, hardware, and network requirements, including: Capacity planning (disk, swap, users).
  • Router configurations.
  • Future scalability and risk analysis.
  • Network diagrams, asset documentation, and backup procedures.
  • Installed and configured network and application services including DNS, DHCP, FTP, Sendmail, WINS on Linux and Windows platforms.
  • Implemented and optimized Squid proxy caching and advanced Linux routing.
  • Configured and managed Cisco routers, VoIP, and ISDN routers.
  • Installed, configured, and maintained Informix database systems.
  • Implemented Network Load Balancing, VPN (LAN/WAN), and comprehensive system security controls.
  • Managed user and group policies, system tuning, and backup strategies on Linux.
  • Configured network interfaces, resolved routing issues, and implemented firewall rules.
  • Developed Perl programs and shell scripts to automate system and network tasks.
  • Configured and maintained Sendmail (.cf, .mc files, m4 macros).
  • Implemented and managed Samba servers, file servers, and print servers.
  • Ensured network protection against viruses and security threats.


    • Support Engineer (R&D Department)

    ANTS | September 1998 – March 2000


    Provided systems support and security-focused research for UNIX and Linux environments.
    Key Responsibilities:

  • Reviewed and documented Linux and Solaris system builds from a security and compliance perspective.
  • Conducted interviews with application owners and production support teams to identify security risks.
  • Developed security review matrices for Solaris server installations and Linux servers/workstations.
  • Installed and configured Samba servers, network workgroups, and domain environments.
  • Implemented firewalls, optimized Squid proxy, and monitored network traffic.
  • Installed and maintained HP-UX Unix, Knoppix Linux, and related platforms.
  • Developed Bash shell scripts and managed secure services including OpenSSH, SCP, RCP, NIS, and NFS.
  • Maintained UNIX system security and implemented X Window tunneling.
  • Implemented LTSP (Linux Terminal Server Project) using BPROM and floppy disk boot environments.

Professional Projects 2018 to Present

    Servers & Systems Administration
  • Wide range of platforms and Servers/Services, including Windows NT 4.0/5.0, Windows 7/8/10/11, Windows Server 2003/2012/2016/2019/2022/2025 installation, configuration, upgradation and lifecycle management.
  • Microsoft IIS, SharePoint Server, HP ALM, Apache Tomcat, WebSphere Application Server.
  • Database platforms: SQL Server, IBM DB2, MySQL, Oracle 8i/9i.
  • Version control and DevOps systems: MS Visual SourceSafe, Team Foundation Server, Microsoft DevOps Server (Cloud/On-Premises).
  • Mail infrastructure: Sendmail, Mailer Daemon, SendGrid, Postmark, Mailgun, SMTP2GO, Exchange Server 4.0/5.0/2000/2003/2007/2010/2013/2016/2019, Exchange O365


    • Active Directory, Domain Services & GPO Management

    AD Design & Administration

  • Design and plan OU structures, GPO hierarchies, inheritance, filtering (security/WMI), and enforcement.
  • Manage multi-site domain replication, domain controllers, FSMO roles, trust relationships.
  • Perform AD migrations and upgrades, including user/computer/service transitions.

    • Group Policy Management

  • Create, configure, link, backup, version, and maintain GPOs.
  • Troubleshoot GPO application using GPResult, RSOP, GPMC modeling, gpupdate, and event logs.
  • Test all new/updated GPOs in pilot OUs before production.
  • Maintain full GPO documentation, change management, and periodic cleanup.
  • Monitor and ensure healthy GPO replication across all sites/domains.

    • Security, Hardening & Compliance via GPO

  • Enforce password, lockout, and fine-grained password policies.
  • Block removable storage (USB, CD/DVD, external devices) using device installation & storage access policies.
  • Restrict and secure RDP access (NLA enforcement, allow only authorized groups, disable for non-admins).
  • Block/allow websites using browser-specific URL filtering (IE/Edge, Chrome/Firefox via ADMX).
  • Block browser extensions using ExtensionInstallBlocklist / InstallForcelist.
  • Implement Restricted Groups, AppLocker/SRP, local admin removal, Microsoft Security Baselines, CIS hardening.

    • User & Workstation Management

  • Software deployment (.msi), WSUS/Windows Update for Business patching.
  • Folder redirection, roaming profiles, drive mappings, printer deployment, scripts, ILT-based preferences.
  • Collaboration with security, application, and infrastructure teams; provide admin training.
  • Stay updated with new Windows releases, AD/GPO changes, and best practices.


    • Microsoft Azure/Cloud Infrastructure
  • Manage and administer Azure environments including provisioning, configuration, policy governance, performance, and security.
  • Design and implement highly available, multi-region Azure solutions.
  • Migrate on-premises infrastructure/services to the cloud.
  • Manage identity and access, security controls, and cloud-based compliance.
  • Implement policy-driven data protection strategies to prevent data loss.
  • Support cloud adoption and modernization of applications.
  • Ensure capacity, reliability, and performance for all Azure infrastructure components.


    • Microsoft 365, Exchange Online, Azure / Entra ID & Microsoft Defender for Office 365
  • Administer and govern Microsoft 365 tenant environments, including user lifecycle management, licensing, role-based access control, and hybrid identity integration using Azure AD Connect (Entra Connect).
  • Manage Exchange Online, SharePoint Online, OneDrive, and Microsoft Teams, delivering secure, reliable, and compliant enterprise services.
  • Configure and maintain mail flow, connectors, transport rules, routing policies, and manage mailboxes, shared mailboxes, distribution groups, and M365 groups.
  • Implement and enforce email security and compliance controls, including spam filtering, anti-malware, anti-phishing, SPF, DKIM, DMARC, retention policies, litigation hold, archiving, and data loss prevention (DLP).
  • Administer Azure Active Directory (Entra ID), including users, groups, roles, RBAC, Conditional Access, and multi-factor authentication (MFA), applying Zero Trust security principles across identity, access, and messaging platforms.
  • Deploy, configure, and maintain Azure resources, including virtual machines, storage accounts, virtual networks, and network security groups (NSGs).
  • Monitor and analyze audit logs, sign-in activity, service health, and security alerts across Microsoft 365 and Azure to ensure performance, availability, and SLA adherence.
  • Deploy and administer Microsoft Defender for Office 365, including: Safe Attachments and Safe Links policies, Anti-phishing and impersonation protection, Threat investigation and real-time response, Alerting, reporting, and security dashboards.
  • Troubleshoot and resolve complex identity, authentication, messaging, and security issues, ensuring alignment with organizational governance, security standards, and compliance requirements.


    • Virtualization & Storage
  • Deploy, manage, and optimize virtualization platforms (VMware ESXi and vCenter, Microsoft Hyper-V).
  • Configure virtual networking, snapshots, templates, resource allocation, and clustering.
  • Manage centralized storage/NAS systems including provisioning, SMB/NFS shares, permissions, and performance monitoring.


    • Networking
  • Hands-on experience with ISDN, DSL, radio modems, load-balancing routers.
  • Network design: VLANs, routing, switching, OSPF, static routes, QoS, DHCP/DNS.
  • Site-to-site and remote VPN configuration.
  • Remote connectivity via VNC, NetOp, Anydesk, RustDesk, SSH and RDP server and client implementations.

    • Enterprise Networking Hardware

  • Cisco SF300, SF350 Series.
  • Cisco Business CBS220/CBS350.
  • Cisco Catalyst 3550-12T.
  • TP-Link, D-Link, Linksys Series.
  • MikroTik Routers.
  • Pfsense Routers.

    • MikroTik RouterOS/RouterBOARD Devices

  • Installation, design and configure interfaces, VLANs, bridges, VRF, tunnels (EoIP, GRE, VXLAN).
  • Implement and maintain dynamic routing (OSPF, BGP full/partial tables, RIP, MPLS).
  • Build and optimize firewall (filter, mangle, RAW), NAT, and address-lists (IPv4/IPv6).
  • Deploy and manage reliable WAN failover/load-balancing (recursive routing, Netwatch, policy-based routing, ECMP, distance/check-gateway).
  • Deploy and secure VPNs (IPsec IKEv2, WireGuard, L2TP/IPsec, SSTP, OpenVPN).
  • Configure QoS/traffic shaping (Queue Tree, Simple Queues, Cake, PCQ).
  • Manage wireless (CAPsMAN, WPA3) and hotspot/captive portal with User Manager.
  • Harden device (disable unused services, SSH keys, input chain lockdown, regular updates).
  • Monitor performance, graphing, SNMP, Netwatch, scripting alerts.
  • Automate encrypted backups, exports, scheduler tasks, and failover scripts.
  • Troubleshoot with packet capture, torch, profiler, and logs.
  • Ensure HA (VRRP, failover scripting, bonding, BGP recursive routing).
  • Document network, rules, peers, WAN failover logic, and changes.
  • Stay updated with RouterOS stable releases and security fixes.

    • pfSense Router/RouterOS Devices

  • Install, upgrade, patch, and maintain pfSense, including High Availability (HA) clusters with CARP.
  • Design and configure interfaces, VLANs, multi-WAN (failover/load balance), routing, implementing bandwidth management, and secure VPN connectivity(IPsec, OpenVPN, WireGuard).
  • Build and maintain firewall rules, floating rules, aliases, schedules, GeoIP blocking, and IDS/IPS (Suricata/Snort).
  • Configure NAT (port forwarding, 1:1, outbound), QoS, traffic shaping, and bandwidth limiters.
  • Deploy and manage proxy/content filtering: Squid, SSL inspection, pfBlockerNG (DNS/IP/ad blocking).
  • Monitor system health, bandwidth, connection states, logs; configure alerts and remote syslog.
  • Secure pfSense: GUI/SSH lockdown, 2FA, brute-force protection, and secure package management.
  • Perform automated encrypted backups, validate restores, maintain full documentation and network diagrams.
  • Troubleshoot NAT, VPN, routing, performance issues using packet capture and diagnostics.
  • Generate audit/compliance reports ensuring adherence to security policies.
  • Collaborate with network/security teams and provide Tier-3 support.
  • Stay current with pfSense/Netgate releases, new packages, and industry best practices.


    • VoIP & SIP Gateways
  • Configuration and management of SIP/VoIP systems, including:
  • Gaoke SIP Gatekeeper MG-6000, MG-6002, MG-6008.
  • Quintum Tenor A400/A800.
  • Cisco SPA series (SPA-100, SPA-2100, SPA-112, SPA-122, SPA-500, SPA-504).
  • Linksys PAP2, PAP2T, SPA2102.
  • Expertise in dial plans, SIP routing, NAT traversal, codecs, QoS, and VoIP optimization.


    • Firewalls, Security & Proxy Platforms
  • Netgate SG-1100, SG-5100.
  • pfSense, OPNsense, IPFire, NethServer.
  • Configuring firewall rules, NAT, VLAN segmentation, VPN tunnels, IDS/IPS.
  • Endpoint and network security: SonicWALL SOHO, McAfee, ZoneAlarm, Norton, Sygate, Sophos, Microsoft Defender for Endpoint.


    • Backup, Recovery & Remote Management
  • Disaster recovery planning and system imaging.
  • Centralized backup strategy, offsite/onsite rotation, and recovery testing.
  • Remote management with VNC, NetOp, RDP, SSH-based tools.
  • Data recovery tools and advanced recovery methodologies.
  • Backup and imaging tools: Norton Ghost, PowerQuest, HDClone, Clonezilla, AOMEI Backupper.


    • Team Foundation Server(TFS) / Azure DevOps Server Management
  • Install, configure, upgrade, and maintain Team Foundation Server (TFS 2010, 2013, 2015, 2018) and Azure DevOps Server (on-premises).
  • Manage TFS application tiers, data tiers, reporting tiers, and build servers.
  • Configure TFS in domain environments including service accounts, permissions, and group policies.
  • Perform regular backups, restores, disaster recovery testing, and environment health checks.
  • Administer TFS integrations with SQL Server, SharePoint Server, Reporting Services, and build/Release pipelines.

    • Users, Permissions & Security

  • Manage users, security groups, permissions, and access levels across collections and projects.
  • Implement and enforce permission models (reader, contributor, project admin, build admin).
  • Configure branch policies, gated check-ins, security scopes, and audit compliance.

    • Version Control & Branching

  • Manage TFVC or Git repositories within TFS.
  • Design and maintain branching/merging strategies (mainline, release, feature branches).
  • Monitor code check-ins, resolve conflicts, and support developers with version control issues.
  • Enforce code quality gates, check-in policies, and secure branching workflows.

    • Build, Release & Automation

  • Install, configure, and maintain TFS Build Agents / Build Controllers.
  • Configure build definitions for CI/CD pipelines (TFVC, Git).
  • Troubleshoot build failures, optimize build performance, and maintain build templates.
  • Integrate TFS with automation tools (MSBuild, PowerShell, Visual Studio, test automation platforms).

    • Project Collections, Processes & Governance

  • Create and manage project collections, projects, and process templates (Agile, Scrum, CMMI).
  • Customize work item types, workflows, fields, categories, and global lists.
  • Maintain iteration paths, area paths, sprint schedules, and team configurations.
  • Support compliance audits with TFS logs, permissions review, and collection governance.

    • Reporting & Analytics

  • Configure and troubleshoot SQL Reporting Services (SSRS) and TFS Warehouse reporting.
  • Maintain data warehouse and cube processing for analytics.
  • Create operational dashboards and reports for management using Power BI/SSRS.

    • Migration, Upgrades & Modernization

  • Upgrade TFS versions (e.g., 2010 → 2013 → 2015 → 2018 → Azure DevOps Server).
  • Migrate TFVC projects to Git repositories.
  • Migrate TFS on-prem attachments, configurations, and collections to Azure DevOps Services (cloud).
  • Validate and test all upgrades in staging environments before production rollout.

    • Troubleshooting & Support

  • Resolve issues related to builds, permissions, authentication, TFVC/Git conflicts, and project configuration.
  • Diagnose TFS event logs, job monitoring issues, SQL connectivity, and system health failures.
  • Provide Tier-3 support to developers, QA, and project teams.


    • Server / Hardware / Software

    Server & Hardware Management

  • Install, rack, and configure enterprise servers, including Dell PowerEdge R720, R730, R930, and other hardware systems.
  • Configure RAID controllers (PERC h610/h630), CPU, RAM, storage (SAS/SATA/SSD), NICs, and HBA cards for optimal performance and redundancy.
  • Diagnose, repair, and maintain server components, including RAID controllers, CPUs, RAM, storage devices, power supplies, and system boards.
  • Perform BIOS, firmware, iDRAC, and lifecycle controller updates to ensure stability, security, and compatibility.
  • Configure and maintain RAID arrays (0,1,5,6,10), manage storage expansion, and replace faulty drives to maintain high availability.
  • Monitor server health using Dell OpenManage, iDRAC, and other tools, performing preventive maintenance to minimize downtime.
  • Assist in OS installations, VMware ESXi, Hyper-V, and application workloads, ensuring optimal hardware utilisation and performance.
  • Implement redundant power supplies, hot-swappable storage, and failover mechanisms to ensure uninterrupted operations.
  • Coordinate with vendors for FRU/RMA replacements, hardware upgrades, and warranty services.
  • Maintain hardware inventory, configuration records, and system documentation for audits and operational efficiency.

    • End-User Hardware & Software Support

  • Install, configure, and maintain desktops, laptops, and peripheral devices to ensure optimal performance.
  • Deploy, update, and troubleshoot operating systems (Windows, Linux) and enterprise software applications for end-users.
  • Identify and resolve hardware and software issues, including system crashes, application errors, and connectivity problems.
  • Manage user accounts, access rights, and security permissions in Active Directory or other directory services.
  • Apply security patches, updates, and software upgrades to ensure system compliance.
  • Track hardware lifecycle, manage procurement, and coordinate upgrades or replacements.
  • Ensure software licensing compliance with organizational policies and vendor agreements.
  • Provide end-user training and support on hardware usage, software applications, and IT best practices.
  • Maintain records of hardware/software configurations, support requests, and incident resolutions.
  • Collaborate with IT teams to resolve escalated issues and implement solutions.

    • IT Management & Strategic Oversight

  • Oversee installation, configuration, and maintenance of enterprise hardware and software systems.
  • Lead and manage teams responsible for hardware and software support, deployment, and maintenance.
  • Manage the hardware and software lifecycle, including procurement, upgrades, preventive maintenance, and decommissioning.
  • Ensure optimal system performance through monitoring, troubleshooting, and proactive maintenance strategies.
  • Implement enterprise software rollouts, updates, and patches while ensuring licensing compliance.
  • Establish processes for issue resolution and escalation management to minimize downtime.
  • Liaise with vendors and service providers for support, warranty claims, and procurement.
  • Ensure security and data protection, including antivirus management, patching, access controls, and backups.
  • Maintain comprehensive documentation and reporting of IT assets, configurations, incidents, and policies.
  • Develop and implement IT policies, best practices, and strategic plans for hardware and software management aligned with organizational goals.