System administrator for Linux and Windows environments. Automation of complex IT processes with Ansible and Puppet, management of server infrastructures such as virtualizations, web servers, firewalls, proxies, etc. Full-stack web developer with HTML, S/CSS, JavaScript, TypeScript, PHP and Python, MariaDB and PostgreSQL; including API solutions.
Here you will find a selection of my previous professional projects. Each project represents my skills and commitment in various areas of administration and software development.
03.2025 – 10.2025
@rtus (Artus) is a case processing system (VBS) for documenting police operations and criminal events. The system enables the systematic entry, management and analysis of collected data. @rtus is developed by Dataport, an IT service provider for public administration.
The Landesbetrieb Daten und Information (LDI) is responsible for the introduction and operation for Rhineland-Palatinate and Saarland. In this context, I was brought in as an external specialist to support the project.
My area of responsibility included the system administration of the Linux server environment, based on RHEL and Debian, as well as the automation of deployment and maintenance processes using Ansible. A particular focus was on the further development of the existing Ansible collection: I optimized performance, developed new plugins in Python and implemented additional roles. Existing components were refactored to ensure better idempotency.
The technical implementation involved the administration and automation of the @rtus backend servers on a JBoss/Wildfly basis. In parallel, I introduced team members to Ansible and Git to enable them to independently further develop the infrastructure.
Associated with ncsolution GmbH
2024
After CentOS 7 reached its end-of-life (EOL) on June 30, 2024, and several VMs were still running it, an alternative was needed. CentOS 8 was no longer an option, as it had already been discontinued on December 31, 2021, thus also reaching its EOL. CentOS Stream would have been an option but follows an entirely different concept than its predecessors. Due to its rolling release nature, it is not suitable for a production environment as it is less stable and predictable. So the only remaining options were migration to RHEL, SUSE, Oracle or the free alternatives Rocky Linux and AlmaLinux. Due to its free usability, better tooling, better documentation and available free mirror servers, I chose AlmaLinux.
First, the CentOS 7 was provided with the CentOS repos from AlmaLinux, updates were performed, and the system was elevated to AlmaLinux 8 using Leapp. At this point, the installed programs could be updated and then the system could be further elevated to AlmaLinux 9. Finally, the installed programs were updated again and various errors were fixed, resulting in a secure and functional system once more. Unfortunately, this had to be done manually on all systems, as they were configured differently and each had its own issues.
The migration to AlmaLinux secured a stable foundation for the coming years. Updates and especially security updates are possible again and all installed programs are back to a current state. Finally, the servers were included in the Ansible update job and are now kept up to date regularly.
Associated with CSD Holding GmbH (Strehlow)
2024
With a steadily growing number of servers, monthly server maintenance became increasingly time-consuming. To automate maintenance tasks and reduce the overall time, a joint decision was made to introduce Ansible for the Linux servers in the heterogeneous Windows-Linux infrastructure.
I implemented an Ansible server on a Debian basis with Semaphore UI as the user interface. Integration with the existing GitLab server enabled structured development of the Ansible collections with a separate development branch and temporary feature branches. Semaphore UI sourced the collections exclusively from the stable main branch.
To reduce the monthly maintenance effort and simultaneously keep the Linux servers up to date, I developed a collection with two central roles: daily updates and weekly demand-driven reboots. The system intelligently restarted servers only when actually needed. Maintenance was thereby reduced to a simple review of the job history on the Ansible server instead of manual individual updates.
The development department recognized the potential and requested support in optimizing the memory consumption of their IIS applications. I then developed another collection with specialized roles for coordinated app pool recycling. The solution took dependencies into account and implemented intelligent wait times between restarts. The nightly execution of this automation resulted in significantly improved performance and stability during working hours.
The Ansible system significantly reduced maintenance effort, increased system stability and freed up capacity for other important tasks.
Associated with CSD Holding GmbH (Strehlow)
2024
As the first project after my employment at Strehlow, I took over the modernization of the Windows deployment server, which was in a critical state. The initial situation was problematic: the server was distributing an outdated Windows 10 version without a separate update task, causing updates to run uncontrolled during deployment and for ages afterward. The main software SaniVision was installed manually file by file due to its complexity, which was time-consuming and error-prone. Additional software was available and up to date on the share but was not integrated into WDS. With certain hardware models, the network cards were not recognized after PXE boot, requiring USB-C adapters as a workaround. Touchpads and other hardware also did not function in Windows PE.
First, I repaired the existing share by integrating a current Windows 10 version and correcting the existing software installations and scripts. In parallel, I developed the first version of a PowerShell script for automated installation of the complex SaniVision software.
A completely new share with a proper structure was created and Windows 11 was integrated. All necessary Windows PE drivers were implemented, making standard network ports and touchpads available in the Windows Deployment Wizard. The task sequences were optimized and an update task was activated. The SaniVision script was revised, new installation scripts for additional software were added and the graphical display was improved for better error detection. The first share was retained as a fallback system.
Based on the insights gained, a third, highly optimized share was created. The scripts received dependency detection and improved error handling. An intelligent update mechanism was implemented: new versions only needed to be copied to the corresponding directory, and the script automatically detected the highest version and installed it. Hardware detection scripts enabled driver tasks to install only device-specific necessary drivers. This reduced the number of task sequences to a single standard sequence instead of several device-specific variants. The first share was permanently deleted upon completion of this phase.
The result was a fully automated, unattended installation with minimal error rate. Deployment time was significantly shortened, maintenance simplified and the reliability of the entire system markedly increased.
The overhaul of the WDS server had another positive effect. Installations and scripts that had been outsourced to PDQ Deploy & Inventory as a workaround and had to be manually triggered after each Windows installation could be reintegrated into the WDS server. This restored the clear separation of duties between both systems. The WDS server from then on handled all general installations, while PDQ focused exclusively on updates and special installations as well as scripts.
Associated with CSD Holding GmbH (Strehlow)
2023
SCHUBERTH GmbH commissioned us to develop a deployment system for quick and uniform installation of their thin clients. The requirements included a Linux-based solution with automatic login and immediate launch of the preconfigured VMware Horizon Client.
After initial delays, I took the lead in development. The solution was based on Debian with Preseed automation. I developed a script that automatically assembled all required components into a bootable ISO image. The process included configuring a Preseed file for the Debian settings as well as integrating various mechanisms for the Horizon Client installation, autostart functions and login scripts. The script modified a standard Debian ISO by creating the required directory structures, integrating all necessary files, customizing the GRUB menu and generating a new ISO image from it. With this image, any number of bootable USB drives with identical installation results could be created.
The installation process ran fully automated: after booting from the USB drive, the unattended installation could be started via the GRUB menu. The Debian installer worked through all steps autonomously, with the late commands handling the Horizon Client installation as well as the implementation of all required scripts and system adjustments.
In production, the system started automatically, a monitoring script checked and corrected system settings when needed. A restricted user was automatically logged in, after which the Horizon Client launched in full-screen mode. A monitoring script continuously watched the client execution and initiated a system shutdown immediately upon termination.
The solution significantly simplified administration; defective systems could be reinstalled within minutes, eliminating elaborate troubleshooting. End users benefited from the seamless integration, as they could work directly with their familiar VMware Horizon environment without needing Linux knowledge. The thin client installation was performed independently by the SCHUBERTH administrators, while we remained available for adjustments and extensions.
Associated with LOOMA GmbH
2019 – 2023
The management of LOOMA GmbH decided on a strategic realignment, moving away from the traditional IT service company model with hourly billing, maintenance contracts and reactive support, toward an MSP model with fixed prices for hardware and managed services including proactive support and automated processes.
The planning phase focused on developing the various service packages and selecting suitable tools for monitoring and management. Critical questions were worked out: How can existing customer problems be solved proactively? What added value is created for customers? Legal aspects such as liability questions in case of damages or customer insolvency were considered, as well as the challenge of convincing existing customers of the new model and integrating their existing infrastructure. Another important question emerged during the planning phase: What if the infrastructure of an existing or new customer cannot be integrated into the MSP model? Who then has to take over support for these components?
Implementation proceeded step by step with three core services: Managed Workplace, Managed Security and Managed Server. For consistent and customer-specific Windows installations, a WDS server was deployed that could provision multiple devices simultaneously via network (PXE). As a monitoring solution, initially Paessler PRTG was used, but ultimately Zabbix was implemented. As an RMM solution, after using ManageEngine and SolarWinds, Datto RMM was ultimately adopted. A custom ticketing system was developed with n8n/Zapier and Bubble that could execute automated processes via APIs and webhooks and was later enhanced with AI support. This enabled the mapping of the MSP packages as well as specialized services such as telematics infrastructure (TI) for medical practices. The security architecture was based on Sophos products with centralized management via Sophos Central, while network components from Ubiquiti were centrally managed via the Ubiquiti Cloud. The existing Office installations and Exchange servers of customers were migrated to Microsoft 365.
As already anticipated during the planning phase, customer reactions were mixed. While some existing customers rejected the new model and switched providers, other existing as well as new customers were successfully won over to the MSP model. Based on initial experience, the services were continuously optimized. The thorough preparation enabled proactive problem solving and early detection of issues right from the start. Automations such as centrally managed Windows updates significantly reduced workload and guaranteed customers stable, secure systems.
Associated with LOOMA GmbH
2020
EQO Energiekonzepte GmbH had experienced multiple thefts at the construction sites of their solar parks and commissioned us to develop a mobile surveillance system. The requirements were clearly defined: the system should be inconspicuous yet quick and easy to install on-site. Since construction power was available at all sites, a standard 230-volt installation could be realized.
After creating a detailed component plan and coordination with the customer, the technical implementation followed. The system was based on an LTE router for the internet connection and Ubiquiti components for surveillance: a PoE switch, a Cloud Key for management and cloud upload, and various Ubiquiti cameras. All components were mounted on a perforated sheet in a lockable distribution box and secured with cable ties.
The configuration enabled automatic recordings upon motion detection with direct upload to the Ubiquiti Cloud. Upon triggering, the responsible persons received email notifications with embedded image excerpts from the recordings. After a thorough briefing, the EQO employee independently handled the setup and teardown of the system at changing locations.
Despite occasional false alarms from wildlife, wind or snow, the system served its purpose: unauthorized entries and thefts were documented, which were partly prevented or at least recorded such that license plates or persons could be identified. Security at the construction sites was sustainably improved.
We remained available to the company for questions, changes and support even after the implementation.
Associated with LOOMA GmbH
2019
Stadtwerke Wernigerode planned the introduction of a digital signage system for two use cases: internally for employee information across their facilities, and as an advertising system in their customer service centers. The choice fell on Xibo as the central platform.
My task in this project was the complete server setup. As the technical foundation, I chose Debian with Apache HTTP Server and MySQL. On top of that, I set up the Xibo CMS and performed the required system configurations.
The installation and connection of the Xibo players was carried out independently by the Stadtwerke administrators, ensuring seamless integration into the existing IT landscape.
After project completion, I remained available as 3rd-level support and took over the training of employees in using the new system. This ongoing support ensured that Stadtwerke could optimally use the digital signage system and independently create campaigns.
Associated with LOOMA GmbH
2004 – 2014
After 2000, numerous federal agencies and institutions relocated to Berlin. The capital decision of 1991 had set in motion a lengthy relocation process that in some cases extended into the late 2010s. Since the tasks and procedures in these projects were largely similar, I summarize them here.
We were involved in several of these relocations in various phases. The project scopes varied: for some agencies we handled the preparation of the IT infrastructure in Berlin, for others the dismantling of the technology in Bonn. In many cases, we accompanied the entire relocation process from dismantling to reinstallation.
The range of tasks frequently also included the installation and setup of complete workstations. For these extensive rollouts, we initially used Remote Installation Services (RIS), later switching to the more modern Windows Deployment Services (WDS). These automated deployment solutions, including PowerShell scripts, enabled us to efficiently set up hundreds of workstations in a standardized manner.
Associated with Das Systemhaus Datentechnik Berlin GmbH
2005
Originally, the goal was merely to create a way for customers to independently calculate transport prices for bulky goods. This function was later integrated into a protected customer area with login functionality and continuously expanded. Gradually, additional features were added, including registration for pickup orders and AVIS information.
The initial bulky goods calculator evolved into a comprehensive transport price calculator. In addition to standard and bulky goods, supplementary services such as same-day and next-day deliveries as well as transport insurance could now also be calculated.
Already with the first version, General Express was one step ahead of its system partner GO! Express & Logistics. The final version even represented a nationally unique system within Germany.
I implemented the portal backend with PHP and MySQL, while the frontend used XHTML, CSS and JavaScript. The technical implementation was done on a PHP-capable web server with a MySQL database at Strato.
The portal was very popular with customers from Berlin and was later even used nationwide by GO! customers. With minor adjustments and extensions, it remained successfully in operation until the cessation of business of General Express (2010).
Associated with Michel Abele (sole proprietorship as side business, Berlin)
2004
This extraordinary project involved relocating the Media Communication Servers (MeCom) of the Deutscher Depeschendienst (ddp, then still ProSieben) from the ProSieben data center in Unterföhring to the Level 3 data center in Berlin, without major downtime. The particular challenge was that the servers could only be transported during the editorial-free time, and any transport damage had to be repaired immediately.
The time window was extremely tight: dismounting the servers could only begin after the last reporter had signed off, typically between midnight and one o'clock in the morning. In Berlin, the systems had to be fully operational by six o'clock for the editorial start, or at the very latest by eight o'clock for the main editorial start.
With a distance of about 580 kilometers between Unterföhring and Berlin, mostly on the autobahn, a normal drive would take five to six hours. That would have blown the time window. The solution was simple and effective: with the boss's Audi RS6 Avant, the travel time could be reduced to four to four and a half hours, thereby meeting the critical time constraints.
The project was divided into two phases. In the first phase, the complete infrastructure in the Berlin Level 3 data center was prepared. Network components and cabling were set up so that the ProSieben system administrators could adjust their network configurations during the transport time. The second phase comprised the drive to Unterföhring, the removal of the three MeCom servers, the drive to Berlin and the installation there.
In execution, the last reporter signed off around 0:30. After the swift removal of the servers, the "drive" started at one o'clock in the morning. After arrival in Berlin, the servers were rack-mounted, brought online and two defective hard drives were replaced. At six o'clock sharp in the morning, the editorial team was able to start their work as planned.
Associated with Das Systemhaus Datentechnik Berlin GmbH
2003
After paper-based support tickets were frequently lost or forgotten and the processing status was difficult to track, the team decided to develop its own digital ticketing system.
During the planning phase, a simple requirements document was created, allowing all employees to contribute their requirements and ideas. The technical implementation was done with PHP, XHTML and CSS, while a MySQL database handled data storage in the backend. A Debian system with Apache HTTP Server on dedicated hardware served as the foundation. Together with a colleague, I handled the setup and programming of the system. After completion, the other colleagues were introduced to the new system.
Over time, the solution was continuously expanded with additional features. An important module was the integrated inventory management system. This centrally managed the number ranges assigned by customers and ensured that no duplicate assignments could occur. Previously, there were repeated duplications of inventory numbers or omissions of entire ranges.
What started as a solution to a problem evolved into a comprehensive tool that went far beyond the original ticket management. The support department was able to significantly increase its efficiency, as tickets became transparent and centrally traceable. The system ran stably until the liquidation of the company, with my colleague and me handling the ongoing maintenance.
Associated with Das Systemhaus Datentechnik Berlin GmbH