[ Tehran, IR // 2026 ]
--:--:--
SYSTEM STATUS: OPERATIONAL // INFRASTRUCTURE OPTIMIZED

AMIRSEPEHR TIMAJCHI

IT UNIT MANAGER & INFRASTRUCTURE ENGINEER

Building infrastructures that remain reliable, scalable, secure, and easy to manage over time — from bare-metal routing to self-hosted enterprise clouds.

View Case Studies Establish Connection
0+YEARS IN INFRA
0+NODES ORCHESTRATED
0.9%UPTIME TARGET
0+CORE DOMAINS
SCROLL
01 / STACK

The Technical Matrix

Six operational domains. Hover any module to expand its deployed toolset — each cell is a live segment of the infrastructure.

N01 ROUTING

Network Engineering
& Routing Architecture

Carrier-grade routing, segmentation and traffic engineering across MikroTik & Cisco fabrics.

  • MikroTik RouterOS v7
  • Cisco Switching
  • OSPF · BGP
  • VLAN · STP/RSTP/MSTP
  • LACP · NAT
  • DHCP · DNS · QoS
  • Traffic Shaping
  • FTTH · Segmentation
  • Enterprise Wireless
  • Network Monitoring
V02 VIRT

Virtualization & Datacenter

Bare-metal hypervisors, HA clustering and software-defined storage.

  • Proxmox VE (KVM/LXC)
  • VMware ESXi · vCenter
  • ESXi Clusters
  • HA · Corosync
  • QDevice Arbitration
  • Shared Storage
  • Backup Strategy
S03 SYSOPS

Systems & Self-Hosted

Linux enterprise administration and resilient core network services.

  • Ubuntu · Debian · Kali
  • Private/Public DNS
  • Advanced DHCP
  • Nextcloud AIO
  • Nginx Reverse Proxy
  • AD / LDAP Sync
  • Docker · Self-Hosted
  • Hardening · Shell Scripting
D06 STORAGE

Storage & Data Protection

Resilient, high-performance storage architectures for virtualization and enterprise workloads.

  • SAN · NAS · RAID
  • QNAP · Synology
  • SSD / NVMe
  • Shared Storage
  • Backup & Recovery
  • Data Protection
X04 SECURE

Enterprise Security & VPN

Encrypted transport, hardened boundaries and strict access control across sites.

  • WireGuard · IPSec
  • SoftEther · PPTP · L2TP
  • Site-to-Site VPN
  • Firewall Hardening
  • Strict ACLs
  • Network Segmentation
P05 VOICE

Telecommunications & VoIP

End-to-end SIP infrastructure design and intelligent call routing for distributed branches.

  • Issabel PBX
  • Asterisk
  • Grandstream Gateways
  • SIP Trunking
  • Complex Call Routing
02 / WORK

Architectural Case Studies

Four deployments deconstructed — challenge, execution, and the schematic that holds it together.

CASE 01 VIRTUALIZATION MIGRATION

ESXi → Proxmox VE
Production Migration

// CHALLENGE

Transition a heavy, legacy production environment off VMware ESXi onto Proxmox VE — with zero data loss and no critical downtime.

// EXECUTION

Engineered and automated the full migration path: optimized disk imports, adapted storage layouts to local pools, and re-architected virtual networks onto native Linux bridges.

  • Proxmox VE
  • VMware ESXi
  • Linux Bridges
  • Disk Import
SCHEMATIC · MIGRATION PATH ESXi HOST LEGACY · VMFS MIGRATION qm importdisk PROXMOX VE KVM · LVM-THIN vmbr0 LINUX BRIDGE
CASE 02 HIGH AVAILABILITY

2-Node HA Cluster
with QDevice Arbitration

// CHALLENGE

Build a reliable 2-node Proxmox HA cluster while eliminating the dangerous "split-brain" scenario — without buying a third physical node.

// EXECUTION

Stood up a corosync-qnetd container inside an enterprise QNAP NAS (TS-1232PXU-RP), using it as a strategic QDevice — a decisive third vote that stabilizes quorum perfectly.

  • Corosync
  • QDevice / qnetd
  • QNAP NAS
  • Quorum
SCHEMATIC · QUORUM TOPOLOGY NODE A VOTE · 1 NODE B VOTE · 1 QNAP · QDEVICE qnetd · VOTE · 1 QUORUM = 2 / 3 ✓
CASE 03 CLOUD & IDENTITY

Self-Hosted Cloud
+ Enterprise Identity Sync

// CHALLENGE

Deploy a secure, self-hosted corporate file system — globally accessible, yet fully controlled internally.

// EXECUTION

Deployed Nextcloud AIO behind an Nginx reverse proxy with automated SSL lifecycles, then integrated the access layer into Active Directory / LDAP for instant user synchronization and automated access control.

  • Nextcloud AIO
  • Nginx Proxy
  • Auto SSL
  • AD / LDAP
SCHEMATIC · ACCESS LAYER CLIENT HTTPS NGINX SSL · PROXY NEXTCLOUD AIO FILES · SHARES AD / LDAP IDENTITY SYNC
CASE 04 TRAFFIC ENGINEERING

Intelligent Traffic Splitting
& QoS Engine

// CHALLENGE

Manage constrained bandwidth across corporate branches, isolate domestic traffic, and protect VoIP priority packets from congestion.

// EXECUTION

Designed complex routing tables and multi-gateway routing policies on MikroTik RouterOS v7, paired with strict QoS / traffic-shaping tiers so mission-critical applications stay immune to congestion.

  • RouterOS v7
  • Policy Routing
  • QoS Tiers
  • VoIP Priority
SCHEMATIC · ROUTING POLICY MIKROTIK MANGLE · MARK VoIP · TIER 1 PRIORITY · LOW LAT DOMESTIC GW ISOLATED PATH INTL GW SHAPED · TIER 3
03 / DOCTRINE

Professional Doctrine

Amirsepehr Timajchi is an IT Infrastructure Engineer specializing in enterprise networking, virtualization, Linux systems, storage solutions, VPN technologies, VoIP and datacenter infrastructure — working across MikroTik, Cisco, VMware ESXi, Proxmox VE, SAN/NAS systems and open-source platforms to build reliable, scalable, secure and efficient environments.

Technology should simplify complexity. The goal is not just to build systems that work, but to create infrastructures that remain reliable, scalable, secure, and easy to manage over time. — A. TIMAJCHI
P.01

Practical & solution-oriented

Every decision serves an operational outcome. No complexity for its own sake — only what makes the system more dependable.

P.02

Open-source first

A strong preference for transparent, self-hostable, vendor-independent architectures you can fully own and audit.

P.03

Efficient · scalable · maintainable

Designs that hold under growth and stay legible to the next engineer — hyper-optimized, but never fragile.

P.04

Deep focus & methodical

Introverted, detail-driven execution. Bare-metal discipline, documented topology, and predictable behavior under load.

04 / CONTACT

Command-Line Contact

amirsepehr@infra: ~/contact SECURE SHELL
→ LINKEDIN /in/amirsepehr-timajchi/ → GITHUB /amirsepehr-timajchi → EMAIL it@amirsepehr.ir