Key Projects of 2025
In Progress: Secure Web Projects Infrastructure with Layered Proxy Architecture in AWS, DMZ, and Internal Network
I am currently developing and maintaining a secure, segmented infrastructure for web projects hosted across AWS, a DMZ, and the faculty’s internal network.
Active web servers in AWS undergo regular reconfiguration and security audits to ensure adherence to best practices. As part of the architecture evolution, several web applications have been migrated to the DMZ to enhance security through network segmentation and controlled access.
Dedicated reverse proxy servers are deployed in AWS, the DMZ, and the internal network, with all traffic routed through these secure and monitored gateways. This multi-layered proxy architecture ensures strict traffic inspection, isolation, and access control between external users and backend services.
Key project components include:
- Hosting and managing web projects in AWS with continuous configuration updates and security hardening
- Deployment and administration of proxy servers in AWS, DMZ, and internal networks to regulate traffic flow
- Secure and optimized network setup: routing, proxy integration, firewall rules
- Implementation of modern web security standards: TLS, HSTS, CSP, and strict HTTP headers
- Network segmentation for high isolation, fault tolerance, and maintainability
The project is carried out iteratively with ongoing testing and optimization, aiming to build a robust, scalable, and secure platform for mission-critical web services.
AOS v2.7–2.8: Automated Account Reactivation and Template-Based Messaging
Developed and implemented key automation features within the CS Faculty’s Account Operation System (AOS) to simplify account management and enhance communication with users.
- v2.7: Automated reactivation of disabled accounts upon login via the Technion STAFF domain, including smart OU mapping and error handling with notifications and audit logging.
- v2.8: Developed a dynamic, database-driven message templating system for password reset and account notifications, supporting multiple account types and automated triggers.
Impact: Reduced manual administrative tasks, improved security compliance, and enhanced communication consistency and traceability.
Signature Generator v3.0: Centralized Email Signature Automation for CS Faculty
The Signature Generator is a centralized system designed to automate and standardize email signature creation across the CS Faculty. It ensures consistent branding, reduces manual effort, and supports multilingual output in both English and Hebrew.
Key Features
- Active Directory Authentication: Secure login with CSF credentials and role-based access
- Live Preview: Real-time display of signatures, including font sizes, paddings, and language direction
- Automatic Generation: Users can instantly generate signatures from synced data (e.g., name, role, phone)
- Dual Database Support: Compatible with both MS SQL Server and MySQL
- Website Integration: Pulls and syncs user data from the faculty website (AWS-hosted)
- Admin Tools: Signature preview and export (PNG, JPG, HTML, BAT); Super admin controls for editing, customization, and reset; Customizable formatting options and prefix definitions.
Purpose and Impact
The system streamlines email signature management, enforces consistent visual identity, simplifies deployment across platforms (including Outlook), and ensures compliance with institutional branding for both internal and external communication.
CS GPU Cluster v3.3: Automated Access Management for High-Performance Computing
This web-based system streamlines access requests to CS GPU clusters (e.g., Newton and Lambda) by automating authentication, user filtering, and submission logic based on faculty affiliation and user role.
Key Features
- Technion Account Authentication: Secure login with domain and faculty-specific account validation
- Dynamic Request Logic: Intelligent filtering based on OU structure (e.g., GRAD, STAFF, UNDERGRAD) across multiple Technion faculties
- Manual and Self-Service Modes: Supports both admin-initiated and user-initiated requests
- Frontend Improvements (v3.3): Refactored input validation and UI/UX fixes based on user feedback (e.g., password character validation bug fix)
- Multi-Faculty Support: Configurable access rules for 18 Technion faculties and the Computing and Information Services (CIS) division, with precise mentor/student separation per cluster and request type
Purpose and Impact
This system significantly reduces administrative overhead and ensures accurate access control to high-demand GPU resources, serving both CS faculty and external departments.