Nexbee

Work

A selection of infrastructure, security, and systems engagements — the kind of work Nexbee is built to take on — architectural decisions, hands-on implementation, and long-term ownership.

Security & Access

Zero Trust Access & Identity Management

Replaced a legacy VPN with Cloudflare Zero Trust, routing all remote access through identity-aware tunnels authenticated via Azure AD SSO. Eliminated broad network access in favor of per-application, least-privilege control.

  • Decommissioned legacy VPN and removed the attack surface it represented
  • Browser-based access to internal tools with MFA and conditional access enforced
  • Reduced support overhead from VPN client configuration and failures

Cloudflare Zero Trust · Azure AD · NGINX · Docker

Centralized Identity & Device Management

Deployed Active Directory across approximately 100 endpoints at three sites plus remote staff — replacing local accounts and manual processes with governed identity, group policy enforcement, and auditable lifecycle management.

  • Unified visibility and control over users and devices across all locations
  • Streamlined onboarding and offboarding with defined provisioning workflows
  • Established foundation for Azure AD and SSO expansion

Windows Server AD DS · Group Policy · Entra ID · Zero Trust

Infrastructure & Reliability

High-Availability Virtualization Platform

Architected a five-node Proxmox cluster with integrated Ceph storage. Logical network segmentation, bonded interfaces, and HA policies provide fault-tolerant VM hosting without manual intervention during hardware failures.

  • Node failures handled automatically without service disruption
  • Centralized VM and storage management with 3x replication across nodes
  • Shared storage pools accelerated new service deployment

Proxmox VE 8 · Ceph · Corosync · LACP · 10GbE

Automated Infrastructure Provisioning

Built a modular Terraform and Ansible pipeline for VM provisioning and configuration on Proxmox. Reusable modules, cloud-init templates, and idempotent playbooks replaced manual setup with repeatable, source-controlled deployments.

  • VM deployment time reduced from hours to minutes
  • Configuration drift eliminated across dev, staging, and production
  • Infrastructure changes tracked, reviewed, and reproducible

Terraform · Ansible · Proxmox · Cloud-init · Debian

Centralized Configuration Backup Architecture

Deployed TrueNAS with ZFS RAIDZ2 as a fault-tolerant backup target for configuration data across the full infrastructure — network devices, servers, and services. Automated rsync pull jobs run on schedule with full logging.

  • All critical configuration data centralized in one fault-tolerant location
  • Reduced recovery time with fast, documented restoration procedures
  • Verifiable backup history with timestamped sync logs

TrueNAS SCALE · ZFS RAIDZ2 · NFS · rsync · systemd

Operations & Visibility

Building a First Internal IT Function

Designed and stood up an organization's first formal IT department. Assessed infrastructure gaps, deployed a ticketing system, wrote SOPs for core operations, and developed internal staff into dedicated IT roles.

  • Reactive, fragmented operations formalized into documented, scalable processes
  • Onboarding, offboarding, asset tracking, and incident handling standardized
  • Internal knowledge base reduced support burden and improved consistency

GLPI · Microsoft 365 · XWiki · Azure AD · Endpoint Security

Operational Data Visibility Platform

Aggregated CRM, telephony, and production data into a centralized Grafana dashboarding system. Replaced manual spreadsheet reporting with real-time, automated visibility into operations across departments.

  • Real-time KPI visibility across executive, operations, and support teams
  • Manual reporting replaced with automated, real-time metric generation
  • SLA alerting and trend analytics enabled proactive decision-making

Grafana · MySQL · REST APIs · FreePBX · CRM

Call Center Phone System

Replaced a failing legacy PBX with a production FreePBX deployment customized for the organization's call flows. Custom IVR, queue logic, redundant SIP trunks, and DID-based tracking gave operations and marketing a reliable foundation.

  • Reliable call routing and queue performance replacing frequent system failures
  • Marketing campaign attribution through dedicated DID tracking
  • Mobile softphone integration for agent mobility and continuity

FreePBX · Clearly Anywhere · SIP Trunking · Asterisk

If this looks like the kind of problem your organization is dealing with, start a conversation.