Oulom Souvannavong
I design and harden your critical platforms — from bare metal to Kubernetes clusters, from sovereign cloud to AI agents in production.
ouloms@gmail.com
+33 6 18 67 96 00
oulom-souvannavong.fr
freelance — IDF & remote
Expertise synthesis
Critical production
Public sector, finance, media, energy: Linux/Unix, DRP/SRM, 3PAR SAN, Cyberwatch / ANSSI compliance.
Cloud & orchestration
VMware to Proxmox, OpenStack NUBO, Kubernetes & Helm (Onyxia), Docker / Apptainer, Salt or Ansible at scale.
DevOps integration
Ansible (Tower), Terraform, Jenkins, GitLab CI, GitLab/SVN→releases; Dollar Universe, Bercy/BnF/INPI delivery chains.
Operational HPC & AI
Slurm, InfiniBand, Apptainer (Naarea); n8n agents, Claude API, Ollama/Mistral in production; FastAPI / RAG on the project side.
Tech stack & levels
Linux Red Hat/CentOS, Debian/Ubuntu, SUSE in production (level 3); Active Directory / LDAP / SSSD integration (Radio France, Naarea); PXE boot / Preseed, LTSP for thin clients (UCAD); BIND DNS, iptables firewall; kernel compilation and trimming (recycled fleet). Unix AIX, Solaris, HP-UX (INPI, Sungard GP3 migrations). Windows and Samba in mixed contexts (small businesses, museum).
Centreon, Grafana, Prometheus; Nagios → Centreon → Prometheus journey (INPI, Naarea). Graylog, Elastic Stack for logs and correlation. JMX metrics (Tomcat/Java). Tech-functional operations dashboards.
HP 3PAR SAN, iSCSI, Fibre Channel, NFS; Ceph, S3 / MinIO object storage; MySQL Galera + ProxySQL. VMware Site Recovery Manager DRP / BCP, cross-DC replication and datacenter migrations (INPI). Backups: Bacula, BackupPC, NetBackup, Veeam.
VMware vSphere, oVirt, KVM, Proxmox, Hyper-V; OpenStack (NUBO, ministry). Kubernetes & Helm (Onyxia / Nubonyxia, "Onyxia-flavored" charts, catalog CI). Docker; Apptainer for container-style workloads; first clusters via Rancher / RancherOS (INPI).
MySQL / MariaDB, PostgreSQL, Oracle (operations), MongoDB, MaxDB. Tomcat / Java stacks, Apache NiFi, CMDBuild (RADAR DGFIP). PHP, Node, Heurist (SHS at BnF) integrations. Ext JS (business UI).
Ansible (Tower), Terraform (OpenStack VMs), Puppet, SaltStack; Git, Jenkins, GitLab CI, Bercy/BnF/INPI release chains; Rundeck → Ansible Tower (Radio France). Dollar Universe (scheduling). Bamboo / SVN (Sungard era).
Bash/shell, Python, JavaScript/React, Go, Ext JS; Django, PHP, VBA/AutoIt. Recent projects: FastAPI, RAG, Whisper. In production: n8n agents, Claude API, local Ollama / Mistral inference (small business), operations scripts and Selenium (prod checks).
Slurm, InfiniBand, Apptainer (MPI, scientific workloads), Lenovo platforms; protected network zones, dedicated LDAP (Naarea). Linux master images hardened to ANSSI guides, MCS. Cyberwatch (INPI rollout, Radio France advice).
Production AI & augmented tooling
Daily user of AI-augmented IDEs and builder of production agents (n8n orchestration, Claude API, local Ollama/Mistral inference to preserve data sovereignty).
Notable architectures & deliveries
Selection of notable deliveries and technologies, by assignment. The most comprehensive: INPI (9 years), Naarea (nuclear HPC), Bercy/DGFIP (Onyxia, RADAR).
Sovereign State data lab platform
Onyxia is the open source data lab portal developed by Insee, now used across the French government to give data scientists a self-service Kubernetes environment. Contributing to it means working on a building block of the State's digital sovereignty.
Voice chatbot & Legal Code
Two-day AI hackathon: team using Whisper, LightRAG and FastAPI for a voice assistant on texts from git.tricoteuses.fr; prepared datasets and APIs linking ASR, RAG and synthesis. SPESYS GPU Kubernetes infra; meetings with DINUM, Bercy HUB / Onyxia (Nubonyxia). Thanks to Stéphane Baisse, Thomas Williot and Gérald Moreno (SPESYS).
Catalog of compliant Helm charts
Adapting Helm charts so they can be launched from the Onyxia portal while meeting Bercy compliance requirements: a rare exercise blending Kubernetes packaging, security and the UX of an application catalog.
IaC on the NUBO private cloud
Maintaining and hardening Ansible and Terraform code to provision VMs on OpenStack (NUBO, the ministry's internal cloud) — end-to-end IaC chain in a sovereign environment.
DGFIP inventory framework — RADAR
Stabilization and upgrade of RADAR, the framework that aggregates inventories across the entire DGFIP information system. CMDBuild + Apache NiFi on Tomcat/PostgreSQL: very few engineers in France have worked on this stack in critical production.
HPC for nuclear simulation (SMR)
Slurm cluster on 10 Lenovo nodes interconnected via InfiniBand — the reference stack for supercomputers (Top500). Deploying that to simulate small modular reactors means working on the software chain of a strategic sector.
MPI-compatible HPC containers
Migration from Docker to Apptainer for HPC workloads: Apptainer is the container standard for scientific computing (MPI, GPU, multi-user without privileges). A skill rare outside national computing centres.
Linux master image hardened to State framework
Designed a Linux master image aligned with the ANSSI guides (French national cybersecurity agency). A reference required for any sensitive IS, and relevant in the nuclear sector.
Multi-node orchestration in a protected zone
Configured the entire platform with Salt — an alternative to Ansible, less common but formidable at scale, in a protected network zone with dedicated LDAP, SMTP and authentication.
Three engineers had failed before me
Diagnosis and resolution of the SSSD deadlock (Linux/AD integration) that was blocking the arrival of new Linux servers in the public broadcaster's business IS — after three predecessors had failed. A pure expertise case.
Durable Linux base in an AD domain
Built the Linux master (Debian/Ubuntu) installable via Preseed/PXE, joined to the AD domain, hardened to ANSSI — designed for long-term MCO and MCS (security maintenance), not just to pass acceptance.
Advisory for the Linux installation
Direct reuse of INPI experience (where I had launched the Cyberwatch project) to advise Radio France: vulnerability management and compliance on the public broadcaster's Linux fleet.
Frameworks, methods & practices
ANSSI framework
Guidelines and best practices from France's national cybersecurity agency — applied to Linux master images at Naarea & Radio France (MCS).
MCO — Operational maintenance
Operations methodology: run, monitoring, backups, capacity planning, rollback plans.
MCS — Security maintenance
Vulnerability tracking (Cyberwatch), compliance, hardening, ongoing patch management.
DRP / BCP — VMware Site Recovery
Complete BCP rollout at INPI: production board, failover order, cross-DC replication.
Incident methodology
Structured Sungard approach: reproduction, measurements, log analysis, hypotheses, client communication.
IaC & CI/CD
Ansible/Terraform for provisioning, Jenkins/GitLab CI for delivery, Helm for Kubernetes.
Exposure & organizations
French Ministry of Finance — Bercy HUB & DGFIP · Radio France · Bibliothèque nationale de France · INPI · Naarea · Sungard / Neoxam · Enedis · Fayat IT · UCAD — Arts décoratifs
Sectors: public (French Ministry of Finance, BnF, INPI), broadcasting (Radio France), energy (Naarea — small modular reactors, Enedis), finance (Sungard / Neoxam — Crédit Agricole/CACEIS, Société Générale, Natixis, Covéa, Allianz, CM-CIC, Caisse des dépôts, State Street), culture (UCAD).