Skip to main content
Enterprise IT Integration

Unified Collaboration & Management Platform

Capstone project delivering a secure, fully integrated IT service platform with centralized authentication, unified portal access, and essential enterprise services for a multi-site organization.

Active Directory Docker pfSense Zabbix Zimbra Zammad PKI MDM
Team of 5
Capstone Project
Completed

Project Objective

Design and implement a secure, fully integrated IT service platform for a fictional software development company (Company XYZ) with offices in Los Angeles and Singapore. The solution centralizes authentication, provides unified access via a corporate portal, and delivers essential enterprise services including collaboration, helpdesk, monitoring, and endpoint management.

Value Proposition

Demonstrates ability to architect and integrate complex systems to solve real business problems, transitioning from technician to IT architect capabilities.

Architecture Overview

Capstone Platform Architecture Diagram

Platform Architecture

Core Identity

Two Windows Server 2019 Domain Controllers (cg5dc1, cg5dc2) forming the capsg5.local forest with redundant authentication services.

Security Perimeter

pfSense firewall with Snort IDS/IPS for intrusion detection and prevention, plus site-to-site VPN capability for multi-office connectivity.

Unified Access Layer

Docker-based Nginx Proxy Manager and Homer dashboard serving as the corporate portal (portal.capsg5.local) with one-click access to all services.

Enterprise PKI

Internal Root Certificate Authority using AD Certificate Services for trusted SSL certificates across all internal services.

Integrated Service Stack

Zimbra Collaboration Suite

Email, Calendar, Files

Full collaboration platform deployed on Ubuntu with LDAP authentication and auto-provisioning for seamless user onboarding.

  • SMTP/IMAP email services
  • Shared calendaring
  • Briefcase file sharing
  • AD/LDAP SSO integration

Zabbix Monitoring

Infrastructure Monitoring

Enterprise monitoring with MySQL backend, AD authentication, and real-time alerting via Telegram for proactive issue resolution.

  • Server & network monitoring
  • Custom alert thresholds
  • Telegram notifications
  • AD/LDAP authentication

Zammad Helpdesk

IT Service Management

Professional ticketing system with Elasticsearch for fast search, integrated with AD/LDAP for automatic user synchronization.

  • Ticket management
  • Email integration
  • Knowledge base
  • LDAP user sync

Headwind MDM

Mobile Device Management

Android enterprise device management with LDAP authentication and policy enforcement for corporate mobile devices.

  • Device enrollment
  • Policy enforcement
  • App management
  • LDAP authentication

Key Achievements

Core Infrastructure & Authentication

  • Provisioned redundant AD environment with structured OU hierarchy
  • Configured pfSense with firewall rules, Snort IDS/IPS, and LDAP authentication
  • Established standardized naming convention and IP schema across all services

Enterprise Service Deployment & Integration

  • Zimbra: Deployed on Ubuntu with LDAP auth and auto-provisioning
  • Zammad: Installed with Elasticsearch, integrated AD/LDAP for user sync
  • Zabbix: Configured with MySQL, AD authentication, Telegram alerting
  • Headwind MDM: Deployed enterprise trial with LDAP auth and policy enforcement

Unified Portal & Secure Access

  • Deployed containerized gateway (NPM + Homer) with restart policies
  • Built internal PKI with AD CS and SAN certificates for all services
  • Configured SSL termination with trusted CA-signed certificates
  • Created branded Homer dashboard (Company XYZ IT Portal) with service grouping

Cross-Service Integration

  • Achieved true SSO across six different technology stacks using LDAP binds to AD
  • Implemented defense-in-depth: perimeter security, endpoint management, monitoring, centralized identity
  • Ensured all internal web communication secured with HTTPS using enterprise PKI

Project Gallery

Homer Dashboard Homer Portal
Zabbix Dashboard Zabbix Monitoring
Zimbra Email Interface Zimbra Email
Zammad Admin Dashboard Zammad Helpdesk
NPM Proxy Hosts NPM Proxy Hosts
Headwind MDM Headwind MDM
CSR Configuration PKI Certificate

Technical Highlights

Enterprise SSO

Achieved Single Sign-On across six different technology stacks (Windows, Linux, Docker) using LDAP binds to Active Directory.

Internal PKI

Built enterprise Certificate Authority using AD CS to eliminate browser certificate trust warnings across all internal services.

Containerized Gateway

Docker-based service gateway with Nginx Proxy Manager for resilience, easy management, and rapid service deployment.

Technologies Used

Virtualization & OS

VMware vSphere Windows Server 2019 Ubuntu Linux Rocky Linux pfSense

Core Infrastructure

Active Directory DNS DHCP Group Policy

Security

pfSense Firewall Snort IDS/IPS Site-to-Site VPN AD Certificate Services

Enterprise Services

Zimbra Suite Zammad Helpdesk Zabbix Server Headwind MDM

DevOps & Delivery

Docker Docker Compose Nginx Proxy Manager Homer Dashboard

Project Deliverables

My Contribution

As a key contributor in a team of 5, I was responsible for the design and integration of the monitoring system (Zabbix with Telegram alerting) and the Docker-based unified gateway (Nginx Proxy Manager + Homer dashboard). This included configuring LDAP authentication, setting up SSL termination with enterprise PKI certificates, and ensuring service resilience through proper container orchestration.

Explore More Projects

VMware vSphere Infrastructure All Projects