System administrator for Linux and Windows environments. Automation of complex IT processes with Ansible and Puppet, management of server infrastructures such as virtualization, web servers, firewalls, proxies, etc. Full-stack web developer with HTML, S/CSS, JavaScript, TypeScript, PHP and Python, MariaDB and PostgreSQL; including API solutions.
Here you will find a selection of my previous professional projects. Each project represents my skills and commitment in various areas of administration and software development.
03/2025 – 10/2025
@rtus (Artus) is a case processing system (VBS) for documenting police incidents and criminal events. The system enables the systematic entry, management and analysis of collected data. @rtus is developed by Dataport, an IT service provider for public administration.
The Landesbetrieb Daten und Information (LDI) is responsible for the introduction and operation for Rhineland-Palatinate and Saarland. In this context, I was brought in as an external specialist to support the project.
My area of responsibility included the system administration of the Linux server environment, which is based on RHEL and Debian, as well as the automation of provisioning and maintenance processes using Ansible. A particular focus was on the further development of the existing Ansible Collection: I optimized performance, developed new plugins in Python and implemented additional roles. Existing components were refactored to ensure better idempotency.
The technical realization included the administration and automation of the @rtus backend servers based on JBoss/Wildfly. In parallel, I introduced team members to Ansible and Git to enable them to independently develop the infrastructure further.
Associated with ncsolution GmbH
2024
After CentOS 7 reached its end-of-life (EOL) on June 30, 2024, and several VMs were still running it, an alternative was needed. CentOS 8 was no longer an option since it had already been discontinued on December 31, 2021, thus also reaching its EOL. CentOS Stream would have been an option but is an entirely different concept from its predecessors. Not suitable for a production environment due to the rolling release, as it is less stable and predictable. So the only remaining options were a migration to RHEL, SUSE, Oracle or the free alternatives Rocky Linux and AlmaLinux. Due to the free usability, better tooling, better documentation and available free mirror servers, I chose AlmaLinux.
First, CentOS 7 was equipped with the CentOS repos from AlmaLinux, updates were performed and the system was elevated to AlmaLinux 8 using Leapp. Here the installed programs could be updated and then the system was further elevated to AlmaLinux 9. Finally, the installed programs were updated again and various errors were fixed, so that a secure and functional system was available again. Unfortunately, this had to be done manually on all systems, as they were configured differently and each had its own issues.
The migration to AlmaLinux secured a stable foundation for the coming years. Updates and especially security updates are possible again and all installed programs are back to a current state. Finally, the servers were added to the Ansible update job and are now kept up to date regularly.
Associated with CSD Holding GmbH (Strehlow)
2024
With a steadily growing number of servers, monthly server maintenance became increasingly time-consuming. To automate maintenance tasks and reduce overall time, the collective decision was made to introduce Ansible for the Linux servers in the heterogeneous Windows-Linux infrastructure.
I implemented an Ansible server on a Debian base with Semaphore UI as the user interface. Integration with the existing GitLab server enabled structured development of the Ansible Collections with a separate development branch and temporary feature branches. Semaphore UI sourced the Collections exclusively from the stable main branch.
To reduce the monthly maintenance effort and simultaneously update the Linux servers, I developed a Collection with two central roles: daily updates and weekly demand-driven restarts. The system intelligently restarted servers only when actually needed. Maintenance was thereby reduced to a simple review of the job history in the Ansible server instead of manual individual updates.
The development department recognized the potential and asked for support in optimizing the memory consumption of their IIS applications. I then developed another Collection with specialized roles for coordinated app pool recycling. The solution took dependencies into account and implemented intelligent wait times between restarts. The nightly execution of this automation ensured significantly improved performance and stability during working hours.
The Ansible system significantly reduced maintenance effort, increased system stability and freed up capacity for other important tasks.
Associated with CSD Holding GmbH (Strehlow)
2024
As my first project after being hired at Strehlow, I took over the modernization of the Windows deployment server, which was in a critical state. The initial situation was problematic: The server was distributing an outdated Windows 10 version without a separate update task, causing updates to run uncontrolled during deployment and then endlessly afterwards. The main software SaniVision was being installed manually file by file due to its complexity, which was time-consuming and error-prone. Additional software was available updated on the share but was not integrated into WDS. With certain hardware models, network cards were not recognized after PXE boot, requiring USB-C adapters as a workaround. Touchpads and other hardware also did not work in Windows PE.
First, I repaired the existing share by integrating a current Windows 10 version and correcting the existing software installations and scripts. In parallel, I developed the first version of a PowerShell script for automated installation of the complex SaniVision software.
A completely new share with proper structure was created and Windows 11 was integrated. All necessary Windows PE drivers were implemented, making standard network ports and touchpads available in the Windows Deployment Wizard. Task sequences were optimized and an update task was activated. The SaniVision script was revised, new installation scripts for additional software were added and the graphical display was improved for better error detection. The first share was retained as a fallback system.
Based on the insights gained, a third, highly optimized share was created. The scripts received dependency detection and improved error handling. An intelligent update mechanism was implemented: New versions only needed to be copied into the corresponding directory, the script automatically detected the highest version and installed it. Hardware detection scripts enabled driver tasks to install only device-specific necessary drivers. This reduced the number of task sequences to a single standard sequence instead of multiple device-specific variants. The first share was permanently deleted upon completion of this phase.
The result was a fully automated, unattended installation with minimal error rate. Deployment time was significantly shortened, maintenance was simplified and the reliability of the entire system was markedly increased.
The overhaul of the WDS server had another positive effect. Installations and scripts that had been outsourced to PDQ Deploy & Inventory as workarounds and had to be manually triggered there after each Windows installation could be reintegrated into the WDS server. This restored the clear separation of responsibilities between both systems. The WDS server henceforth handled all general installations, while PDQ focused exclusively on updates and special installations as well as scripts.
Associated with CSD Holding GmbH (Strehlow)
2023
SCHUBERTH GmbH commissioned us to develop a deployment system for fast and uniform installation of their thin clients. The requirements included a Linux-based solution with automatic login and immediate launch of the pre-configured VMware Horizon Client.
After initial delays, I took the lead on development. The solution was based on Debian with preseed automations. I developed a script that automatically assembled all required components into a bootable ISO image. The process included configuring a preseed file for the Debian settings as well as integrating various mechanisms for the Horizon Client installation, autostart functions and login scripts. The script modified a standard Debian ISO by creating the required directory structures, integrating all necessary files, adjusting the GRUB menu and generating a new ISO image from it. With this image, any number of bootable USB sticks with identical installation results could be created.
The installation process was fully automated: After booting from the USB stick, the unattended installation could be started via the GRUB menu. The Debian installer worked through all steps independently, with the late commands handling the installation of the Horizon Client as well as the implementation of all required scripts and system adjustments.
In productive operation, the system started automatically, a monitoring script checked and corrected system settings as needed. A restricted user was automatically logged in, whereupon the Horizon Client started in full-screen mode. A monitoring script continuously watched the client execution and immediately initiated shutdown when terminated.
The solution significantly simplified administration, defective systems could be reinstalled within minutes, elaborate troubleshooting became unnecessary. End users benefited from the seamless integration, as they could work directly with their familiar VMware Horizon environment without needing Linux expertise. The installation of the thin clients was carried out independently by the SCHUBERTH administrators, while we remained available for adjustments and extensions.
Associated with LOOMA GmbH
2019 – 2023
The management of LOOMA GmbH decided on a strategic reorientation, away from the traditional IT service company with hourly billing, maintenance contracts and reactive support, towards an MSP model with fixed prices for hardware and managed services including proactive support and automated processes.
The planning phase focused on developing the various service packages and selecting suitable tools for monitoring and management. Critical questions were worked out: How can existing customer problems be solved proactively? What added value is created for customers? Legal aspects such as liability questions in case of damage or customer insolvency were considered, as was the challenge of convincing existing customers of the new model and integrating their existing infrastructure. Another important question developed during the planning phase: What if the infrastructure of an existing or new customer cannot be integrated into the MSP model? Who then has to take over support for these components?
Implementation was carried out step by step with three core services: Managed Workplace, Managed Security and Managed Server. For consistent and customer-specific Windows installations, a WDS server was used that could provision multiple devices simultaneously via network (PXE). As a monitoring solution, initially Paessler PRTG was used, but finally Zabbix was implemented. As an RMM solution, after using ManageEngine and SolarWinds, Datto RMM was ultimately deployed. A custom ticketing system was developed with n8n/Zapier and Bubble that could execute automated processes via APIs and webhooks and was later extended with AI support. This enabled the mapping of the MSP packages, as well as specialized services like telematics infrastructure (TI) for medical practices. The security architecture was based on Sophos products with central management via Sophos Central, while network components from Ubiquiti were centrally managed via the Ubiquiti Cloud. The existing Office installations and Exchange servers of customers were migrated to Microsoft 365.
As already suspected during the planning phase, customer reactions were mixed. While some existing customers rejected the new model and switched providers, both other existing and new customers were successfully won over to the MSP model. Based on initial experiences, the services were continuously optimized. The careful preparation immediately enabled proactive problem resolution and early detection of disruptions. Automations such as centrally managed Windows updates significantly reduced workload and guaranteed customers stable, secure systems.
Associated with LOOMA GmbH
2020
EQO Energiekonzepte GmbH had experienced multiple thefts at their solar park construction sites and commissioned us to develop a mobile surveillance system. The requirements were clearly defined: The system should be inconspicuous, yet quick and easy to install on-site. Since construction power was available at all sites, a standard 230-volt installation could be realized.
After creating a detailed component plan and coordinating with the customer, the technical implementation followed. The system was based on an LTE router for the internet connection and Ubiquiti components for surveillance: a PoE switch, a Cloud Key for management and cloud upload, and various Ubiquiti cameras. All components were mounted on a perforated plate in a lockable distribution cabinet and secured with cable ties.
The configuration enabled automatic recordings upon motion detection with direct upload to the Ubiquiti Cloud. When triggered, the responsible personnel received email notifications with embedded image excerpts from the recordings. After a thorough introduction, the EQO employee independently handled the setup and teardown of the system at changing locations.
Despite occasional false alarms caused by wildlife, wind or snow, the system fulfilled its purpose: Unauthorized entries and thefts were documented, thereby partially prevented or at least recorded so that license plates or persons were identifiable. Security at the construction sites was sustainably improved.
We remained available to the company for questions, changes and support even after the implementation.
Associated with LOOMA GmbH
2019
The Stadtwerke Wernigerode planned the introduction of a digital signage system for two areas of use: internally for employee information in the facilities and as an advertising system in the customer centers. The choice fell on Xibo as the central platform.
My task in this project was the complete server setup. As the technical foundation, I chose Debian with Apache HTTP Server and MySQL. On top of that I set up the Xibo CMS and performed the required system configurations.
The installation and connection of the Xibo Players was carried out by the Stadtwerke administrators independently, which ensured seamless integration into the existing IT landscape.
After project completion, I remained available as 3rd-level support and took over training the employees in using the new system. This continuous support ensured that the Stadtwerke could optimally use the digital signage system and independently create campaigns.
Associated with LOOMA GmbH
2004 – 2014
After 2000, numerous federal agencies and institutions relocated to Berlin. The capital resolution of 1991 had set in motion a lengthy relocation process that in some cases extended into the late 2010s. Since the tasks and procedures in these projects were largely similar, I summarize them here.
We were involved in several of these relocations in various phases. The project scopes varied: For some agencies we handled the preparation of the IT infrastructure in Berlin, for others the dismantling of technology in Bonn. In many cases we accompanied the complete relocation process from dismantling to reinstallation.
The scope of tasks often also included the installation and setup of complete workstations. For these extensive rollouts, we initially used the Remote Installation Services (RIS), later switching to the more modern Windows Deployment Services (WDS). These automated deployment solutions, including PowerShell scripts, enabled us to efficiently and uniformly set up hundreds of workstations.
Associated with Das Systemhaus Datentechnik Berlin GmbH
2005
Originally, the goal was simply to create a way for customers to independently calculate transport prices for bulky goods. This function was later integrated into a protected customer area with login functionality and continuously expanded. Gradually, additional features were added, including registration for pickup orders and AVIS information.
The initial bulky goods calculator developed into a comprehensive transport price calculator. In addition to standard and bulky goods, additional services such as same-day and next-day deliveries as well as transport insurance could now be calculated.
Already with the first version, General Express was a step ahead of the system partner GO! Express & Logistics. The final expansion stage represented a system that was unique throughout Germany.
I implemented the portal backend with PHP and MySQL, for the frontend XHTML, CSS and JavaScript were used. The technical realization was carried out on a PHP-capable web server with MySQL database at Strato.
The portal was very popular with customers from Berlin and was later even used nationwide by GO! customers. With minor adjustments and extensions, it remained successfully in operation until the business closure of General Express (2010).
Associated with Michel Abele (sole proprietorship as side business, Berlin)
2004
This extraordinary project was about relocating the Media Communication Servers (MeCom) of the Deutscher Depeschendienst (ddp, then still ProSieben) from the ProSieben data center in Unterfoehring to the Level 3 data center in Berlin without major downtime. The particular challenge was that the servers could only be transported during the editorial-free time and any transport damage had to be repaired immediately.
The time window was extremely tight: The removal of the servers could only begin after the last reporter had signed off, normally between midnight and one in the morning. In Berlin, the systems had to be fully operational again by six o'clock for the start of editorial work at the latest, but absolutely no later than eight o'clock for the start of the main editorial shift.
With a distance of approximately 580 kilometers between Unterfoehring and Berlin, mostly on the Autobahn, a normal drive would take five to six hours. That would have blown the time window. The solution was simple and effective: With the boss's Audi RS6 Avant, the driving time could be reduced to four to four and a half hours, allowing the critical time requirements to be met.
The project was divided into two phases. In the first phase, the complete infrastructure was prepared in the Berlin Level 3 data center. Network components and cabling were set up so that the ProSieben system administrators could adjust their network configurations during transport time. The second phase included the drive to Unterfoehring, the removal of the three MeCom servers, the drive to Berlin and the installation there.
In execution, the last reporter signed off around 0:30. After the swift removal of the servers, the "drive" started at one o'clock in the morning. After arriving in Berlin, the servers were rack-mounted, put into operation and two defective hard drives were replaced. At six o'clock sharp in the morning, the editorial team was able to start their work on schedule.
Associated with Das Systemhaus Datentechnik Berlin GmbH
2003
After support tickets in paper form were frequently lost or forgotten and the processing status was difficult to track, the team decided to develop its own digital ticketing system.
In the planning phase, a simple requirements specification was created, where all employees could contribute their requirements and ideas. The technical implementation was done with PHP, XHTML and CSS, while a MySQL database handled data storage in the backend. A Debian system with Apache HTTP Server on dedicated hardware served as the foundation. Together with a colleague, I took over the setup and programming of the system. After completion, the other colleagues were introduced to the new system.
Over time, the solution was continuously expanded with additional features. An important module was the integrated inventory management system. This centrally managed the number ranges assigned by customers and ensured that no duplicate assignments could occur. Previously, there had been repeated duplications of inventory numbers or omissions of entire ranges.
What started as a solution for a problem developed into a comprehensive tool that went far beyond the original ticket management. The support department was able to significantly increase its efficiency, as tickets became transparent and centrally traceable. The system ran stably until the liquidation of the company, with my colleague and me taking over the ongoing maintenance.
Associated with Das Systemhaus Datentechnik Berlin GmbH