WhatsApp
Home/Case Studies

Real Projects

Production-grade engineering.
Documented results.

Every project here is a real system built from scratch — version-controlled, reproducible, and documented. Not demos. Not sandboxes.

Start a Project View Services
01 — LINUX MIGRATION

Windows Server → Linux Enterprise Migration

Full migration of a 50-user organisation from Windows Server 2019 to Ubuntu 22.04 LTS — including Active Directory, email, file shares, and all business applications.

✓ Zero Downtime · Production Live
Duration
3 weeks
Users Migrated
50+
Downtime
Zero
Cost Saved
~60%

The Challenge

The client was running expensive Windows Server licenses across 3 servers for file sharing, Active Directory, and print services. Licensing costs were unsustainable and the IT team had no in-house Linux expertise.

The Solution

  • Deployed Samba4 as Active Directory Domain Controller on Ubuntu 22.04
  • Migrated all user accounts, groups, and group policies
  • Configured DNS, Kerberos authentication, and Windows client domain join
  • Migrated file shares with identical permissions using rsync
  • Full Ansible automation for repeatable configuration

Technology Stack

Ubuntu 22.04 LTSSamba4 ADAnsible KerberosLDAPDNSrsync

Results

60%
Cost reduction
0
Downtime hours
50+
Users migrated
3
Servers replaced
02 — AWS INFRASTRUCTURE

AWS Multi-Tier Infrastructure with Terraform IaC

Complete AWS cloud architecture provisioned entirely with Terraform — HA, multi-AZ, least-privilege IAM, auto-scaling, and full observability built in from day one.

✓ Production Live · 99.9% Uptime
Duration
4 weeks
Uptime SLA
99.9%
Resources
23 AWS resources
Deploy Time
< 5 minutes

The Challenge

The client had manually configured AWS resources with no IaC, no consistent tagging, over-permissive IAM roles, and no disaster recovery plan. Infrastructure was undocumented and impossible to reproduce.

The Solution

  • VPC with public/private subnets across 2 Availability Zones
  • EC2 Auto Scaling Group behind Application Load Balancer
  • RDS PostgreSQL Multi-AZ with automated backups
  • S3 remote Terraform backend with DynamoDB state locking
  • CloudWatch alarms, SNS notifications, and Cost Explorer budgets

Technology Stack

TerraformAWS VPCEC2 ASG ALBRDS Multi-AZS3 IAMCloudWatch

Results

99.9%
Uptime SLA
35%
Cost reduction
<5m
Full redeploy
100%
IaC coverage
03 — CI/CD AUTOMATION

End-to-End CI/CD Pipeline — GitHub Actions

Multi-stage automated deployment pipeline that eliminated manual deployments entirely — from code commit to production in under 8 minutes with automatic rollback.

✓ Fully Automated · Zero Manual Steps
Duration
2 weeks
Deploy Time
8 minutes
Before
2–3 hours manual
Environments
Dev/Staging/Prod

The Challenge

The development team was manually deploying via SSH — a 2–3 hour process prone to human error. Failed deployments required manual rollback. No staging environment existed. Production was always a risk.

The Solution

  • GitHub Actions workflow: build → test → Docker image → push to AWS ECR
  • Staging auto-deploy on PR merge, production requires approval gate
  • Automatic rollback to previous image on health check failure
  • GitHub Environments with secrets scoped per environment
  • Slack notifications for deploy status and alerts

Technology Stack

GitHub ActionsDockerAWS ECR EC2EnvironmentsSecretsSlack

Results

10×
Faster deploys
0
Manual steps
100%
Test coverage gate
<60s
Auto rollback
04 — MONITORING PLATFORM

Full Observability Stack — Prometheus + Grafana + Loki

Complete observability platform for a multi-server Linux environment — metrics, logs, dashboards, and alert routing all deployed from Ansible in under 30 minutes.

✓ Live Alerts · 24/7 Monitoring
Duration
1 week
MTTR Reduction
80%
Dashboards
12 custom
Alert Rules
34 configured

The Challenge

The client had no visibility into their infrastructure. Outages were discovered by users, not by the engineering team. Logs were spread across multiple servers with no central aggregation or search capability.

The Solution

  • Prometheus with Node Exporter on all Linux servers
  • cAdvisor for per-container Docker metrics
  • Grafana with 12 custom dashboards (infra, docker, app)
  • AlertManager routing to Slack and email with severity tiers
  • Loki + Promtail for centralised log aggregation and search

Technology Stack

PrometheusGrafanaAlertManager Node ExportercAdvisorLokiPromtail

Results

80%
MTTR reduction
34
Alert rules
12
Dashboards
24/7
Visibility
05 — SECURITY HARDENING

Linux Server Hardening — CIS Benchmark Automation

Systematic CIS-aligned hardening of 8 production Linux servers using Ansible — automated, repeatable, and producing compliance reports for audit.

✓ CIS Compliant · Attack Surface −90%
Duration
1 week
Servers Hardened
8
Attack Surface
−90%
Compliance
CIS Level 2

The Challenge

Default Ubuntu installations with root SSH enabled, no firewall rules, unnecessary services running, and no intrusion detection. Multiple servers — inconsistent configuration. One compromised server away from full breach.

The Solution

  • SSH hardening — key-only auth, non-default port, AllowUsers restriction
  • UFW firewall with explicit deny-all, allow-specific rules
  • fail2ban with custom jail rules for SSH and web services
  • Removal of 23 unnecessary packages and disabled services
  • Auditd and syslog centralization for compliance reporting

Technology Stack

AnsibleUFWfail2ban OpenSSHAuditdCIS BenchmarkLynis

Results

−90%
Attack surface
8
Servers hardened
100%
Automated
CIS L2
Compliance level
06 — SELF-HEALING SYSTEM

Self-Healing Docker Infrastructure

Multi-container Docker system with automated failure detection, health checks, and recovery — 9 services running continuously with zero manual intervention.

✓ 99.8% Uptime · Zero Intervention
Duration
2 weeks
Uptime
99.8%
Containers
9 services
Manual ops
Zero

The Challenge

Client ran 9 Docker containers with no health checks, no restart policies, and containers frequently crashing silently — requiring manual intervention to restart. Engineers were paged at night regularly.

The Solution

  • Docker health checks on every container with appropriate thresholds
  • Restart policies (unless-stopped) with exponential backoff
  • Watchdog bash script monitoring container health every 60 seconds
  • Alerting integration: Prometheus cAdvisor → AlertManager → Slack
  • Pinned image versions, log rotation, and resource limits per service

Technology Stack

DockerComposeBash HealthcheckscAdvisorPrometheusSlack

Results

99.8%
Uptime
0
Night pages
<30s
Auto recovery
9
Services monitored

Next Project

Want results like these?

Every engagement starts with a free discovery call. No obligation — just a clear picture of what needs to be fixed and what it will take.

Book Free Consultation Explore Services