Project: Hybrid-University-Infra-Design

Project Summary

Description:
A test project demonstrating the design of a hybrid IT infrastructure for a university, combining cloud services (Microsoft 365 & AWS) with practical security, collaboration, and network planning.

Objective:
To architect a decentralized, secure, and scalable hybrid IT infrastructure that supports both educational and software development workflows across two subdomains of a university.

Outcome:
Delivered a complete infrastructure design blueprint, integrating Microsoft cloud services with AWS, implementing basic security practices, and enabling file sharing, collaboration, and automation within a hybrid cloud environment.

βœ… University Hybrid IT Infrastructure - High Level Architecture Diagaram V1

🧰 Technologies Used

🌐 Network & Connectivity
  • Firewalls: FortiGate 200D (HQ), FortiGate 100D (branches)
  • Switches: Cisco SG500-28P (core), Cisco SG300-52 (edge)
  • Wi-Fi: UniFi 6 Professional
  • Routers/Gateway: GPON H660GM-A, Archer C6
  • Topology: VLAN segmentation (Staff, Student, Guest, Printer), Inter-VLAN Routing, NAT
  • DNS/DHCP: Windows Server 2019 (AD DNS, DHCP Failover)
  • VPN: FortiClient VPN
☁️ Cloud Platform Usage
  • AWS: EC2, S3, RDS (PostgreSQL), Route 53
  • Azure: Azure AD, Microsoft 365, Intune, Azure Backup
  • GCP: Firebase, Google BigQuery (optional)
πŸ–₯️ On-Premises Systems
  • Domain Services: Windows Server 2019 (AD DS, DNS, DHCP)
  • File & Print: Windows Server 2019 with DFS + Quotas
  • Linux Servers: Ubuntu Server 22.04 LTS
  • Hypervisor: Proxmox VE 8.1
  • Storage: TrueNAS CORE (ZFS)
  • Patch Mgmt: WSUS, PDQ Deploy
πŸ›‘οΈ Security & Endpoint Protection
  • Antivirus/EDR: Microsoft Defender for Endpoint
  • Encryption: BitLocker, LUKS
  • Web Protection: FortiGuard DNS filtering
  • DLP & Email Sec: Microsoft Purview, Defender for Office 365
  • SSL/DNS Security: Let’s Encrypt, Cloudflare
πŸ’» Endpoint & Device Management
  • Windows: Microsoft Intune
  • Inventory: GLPI + FusionInventory
  • Remote Support: AnyDesk, RustDesk
  • Mac/Linux: Munki, Ansible, Cockpit
πŸ’Ύ Backup & Disaster Recovery
  • VM Backup: Veeam Community Edition
  • File Backup: Rsync, Rclone (AWS S3)
  • Cloud-native: AWS Backup, Azure Backup
  • DR Site: Proxmox Cold Standby + S3
  • RTO/RPO: RTO: 4h, RPO: 1h
πŸ“ˆ Monitoring, Logging & Alerts
  • Monitoring: Zabbix 6.4 LTS, AWS CloudWatch
  • Dashboards: Grafana + Prometheus
  • Logs: Graylog 5
πŸ—ƒοΈ Internal Core Applications
  • LMS: Moodle 4.3
  • File Collaboration: SharePoint Online, OneDrive
  • Intranet Wiki: BookStack
  • VC & Mail: Zoom Business, Exchange Online
  • Git: Gitea (self-hosted), GitHub EDU
πŸ§ͺ Application Stack for Dev / Students
  • Frontend: React.js, TailwindCSS
  • Backend: Django, Node.js
  • Database: PostgreSQL 15
  • Containers: Docker + Compose
  • CI/CD: GitHub Actions, Jenkins (optional)
πŸ§‘β€πŸ’» Identity & Access
  • Primary Auth: Windows AD (sync to Azure AD)
  • Cloud Auth: Azure AD (SSO)
  • Federation: Google Workspace (optional)
  • 2FA: Microsoft/Google Authenticator
🧰 Automation & Config Mgmt
  • IAC: Terraform 1.6
  • Config Mgmt: Ansible 8.5
  • Scripting: PowerShell 7, Bash
  • Scheduling: Systemd timers, Task Scheduler
🏒 Data Center & Physical Setup
  • Rack & Power: 42U Rack, PDU, UPS (APC 2kVA)
  • Cooling: Temp Sensors, AC
  • Layout: Switch > Router > Firewall > NAS > Server
  • Patch Panels: Color-coded, labeled
  • Access: RFID lock, CCTV
πŸ“š Documentation & ITSM
  • Docs/KB: MkDocs
  • Diagrams: Draw.io
  • Ticketing: GLPI, Freshservice
  • Policies: Markdown repo (GitHub)

Skills Gained:
Infrastructure planning, hybrid cloud design, Microsoft 365 administration, AWS architecture fundamentals, network segmentation, firewall planning, IT documentation, and collaboration system design.

  • project-1: Hybrid-University-Infra-Design – In Progress