Senior DevOps Engineer · John DeereBettendorf, IA

Building cloud platforms that don't page you at 3 AM.

Hi, I'm Shanmukhanath Dereddy — a Senior DevOps & Cloud Infrastructure Engineer with 6+ years architecting multi-cloud platforms on AWS and Azure. I run the infra that keeps 80+ John Deere dealerships shipping every day.

shanmukh@cloud — zsh
~/work
~/workwhoami
shanmukhanath_dereddy · senior_devops_engineer
~/workcat mission.txt
I help teams
by codifying infra, automating delivery, and putting guardrails between humans and prod.
~/workkubectl get stack --output=summary
AWS · Azure
K8s · vCluster
Terraform · IaC
GHA · ADO · Helm
View featured work./get-in-touch.sh
01 / about

I make infrastructure boring on purpose.

Boring infra is reliable infra. My job is to push the exciting parts into the pipelines, not the runtime.

I'm a Senior DevOps & Cloud Infrastructure Engineer based in Bettendorf, IA. For the last few years I've been the person behind the AWS Landing Zone, Citrix delivery layer, and Azure Arc fleet powering 80+ John Deere dealerships across North America.

Before that I spent two years as a Cloud Software Engineer modernizing John Deere's database estate — migrating 300+ SQL Server instances to Azure Arc-enabled SQL MI with zero data loss and 99.99% uptime — and shipped a multi-agent LLM platform with LangChain + FastAPI that cut manual database ops by 70%.

I lean toward platform work that compounds: reusable Terraform modules, Lambda-driven cost guards, GitOps with FluxCD, and CI/CD that gates on policy as much as tests. My credentials sit behind that work — AWS SAA, Azure Administrator (AZ-104), and HashiCorp Terraform Associate.

Codified, not clicked.

Every VPC, IAM policy, alert, and patch window lives in Terraform or ARM. Drift is a bug, not a state.

Network is the platform.

Hub-and-spoke Transit Gateways, MPLS bridges, PrivateLink — wired with intent before workloads land.

Secure by baseline.

GuardDuty, CloudTrail, SCPs, and CrowdStrike enforced at account birth — not bolted on after audit.

Observable by default.

CloudWatch + Prometheus + ServiceNow loop. If it can page someone, it can also auto-resolve.

impact.scoreboard
80+
Dealer environments managed
AWS Landing Zone
797
EC2 servers onboarded to Azure Arc
single bulk pipeline
300+
SQL DBs migrated to Azure Arc MI
zero data loss
99.9%
Production uptime
across multi-cloud workloads
70%
Manual ops time reduced
via PowerShell + LLM agents
6+
Years of cloud experience
AWS · Azure · hybrid
02 / featured work

Six platforms. Real production weight behind each one.

A snapshot of the systems I've designed, shipped, and operated. Metrics are pulled directly from rollouts I led.

P-01·Enterprise multi-account architecture with Citrix on top

AWS Landing Zone for 80+ Dealerships

End-to-end automation of dealer environment provisioning — isolated per-dealer AWS accounts, hub-and-spoke Transit Gateways, Direct Connect, and a Shared Services VPC hosting Active Directory + Citrix CVAD. Step Functions + Lambda orchestrate account creation, OU placement, security baseline (GuardDuty, CloudTrail, CrowdStrike SSM), and SNS activation so every account is compliant from minute one.

AWS OrganizationsStep FunctionsLambdaTransit GatewayTerraformCitrix CVADOkta SSO
Dealer environments80+
AWS regions8
Compliance on day 1100%
case-study
P-02·Four-stage graceful shutdown · cost-aware automation

Lambda-driven EC2 Instance Manager

Designed an event-driven Lambda fleet that schedules EC2 lifecycle across all dealer environments based on real session data from CWAgent Terminal Services metrics. The shutdown is a four-stage choreography: Citrix maintenance mode → in-app user notification → session logoff → EC2 stop. Saves substantial off-hours compute spend without a single user-impacting incident.

AWS LambdaEventBridgeCloudWatch AgentCitrixPowerShellTerraform
Off-hours cost reduction↓ 40%
Shutdown stages4
User-impact incidents0
case-study
P-03·LangChain + FastAPI agents for the database team

Multi-Agent LLM Ops Platform

Shipped a self-service platform that lets DBAs trigger complex SQL Server operations through natural language. A multi-agent system (LangChain + FastAPI + Streamlit) routes intents to specialized agents for provisioning, patching, and remediation. Front-end is a Next.js / TypeScript app with Okta SSO and secure API routing.

PythonLangChainFastAPIStreamlitNext.jsOkta SSOTypeScript
Manual ops time↓ 70%
Issue resolution rate↑ 45%
Agent specializations3+
case-study
// additional case studies
P-04

SQL Server → Azure Arc Modernization

300+ databases, zero data loss

300+
Databases migrated
99.99%
Uptime achieved
↑ 70%
DB ops speed-up
P-05

vCluster Platform on Azure Arc

Lightweight tenant K8s with Velero DR

↓ 40%
Infra cost reduction
99.9%
Availability target
200+
Apps supported
P-06

Azure DevOps → GitHub Actions Migration

Unifying CI/CD across all dealer pipelines

50+
Pipelines migrated
↑ 30%
Pipeline reliability
↓ 40%
Maintenance effort
03 / experience

Operator and architect — across four cloud-heavy roles.

From systems engineering at TCS to senior cloud platform work at John Deere.

  1. Senior DevOps Engineercurrent

    John Deere Information Systems · via Quadyster
    Aug 2025 — Present
    East Moline, IL
    • Architected and own the AWS Landing Zone for 80+ dealer environments — per-dealer accounts, hub-and-spoke Transit Gateways, Direct Connect, and a Shared Services VPC for AD, Citrix, and Okta SSO.
    • Administer the full Citrix CVAD stack — Gateway, StoreFront, Delivery Controllers, VDAs — hosting EQUIP, Service Delivery, and Director workloads across all dealerships.
    • Onboarded 797 EC2 servers into Azure Arc and stood up Azure Update Manager Maintenance Configurations, replacing manual patching across the entire fleet.
    • Engineered a Lambda-based Instance Manager with a four-stage graceful shutdown driven by CWAgent session metrics — measurably reducing off-hours compute spend.

  2. Cloud Software Engineer

    John Deere · via Acro Service Corp
    May 2023 — Jul 2025
    Moline, IL
    • Automated end-to-end AWS Landing Zone provisioning with Step Functions + Lambda — from account creation through GuardDuty, CloudTrail, and CrowdStrike SSM baseline enforcement.
    • Migrated 300+ production SQL Server databases to Azure Arc-enabled SQL Managed Instances with zero data loss and 99.99% uptime via Always-On Availability Groups.
    • Built a multi-agent LLM ops platform (Python · LangChain · FastAPI · Streamlit) for distributed database teams, cutting manual ops time by 70%.
    • Stood up Azure Arc-integrated Kubernetes with vCluster + Velero DR, reducing infra cost by 40% while sustaining 99.9% availability.

  3. Azure Cloud Engineer

    GEICO · via Codeforce360
    Dec 2022 — Apr 2023
    Atlanta, GA
    • Supported migration of 30+ underwriting, sales, and claims applications from on-prem to Azure using ARM, Terraform, and PowerShell.
    • Built and maintained Azure DevOps CI/CD pipelines deploying to App Services, VMs, and AKS; led TFVC → Azure DevOps lift-and-shift.
    • Configured hybrid connectivity via load balancers and secure routes; monitored health with Application Insights, Log Analytics, Dynatrace, Splunk, and KQL.

  4. DevOps Engineer

    Tata Consultancy Services
    Apr 2019 — Aug 2021
    Hyderabad, India
    • Provisioned multi-cloud infrastructure across AWS (EC2, S3, RDS, EKS, Lambda) and Azure (VMs, App Services, AKS) using Terraform and ARM templates.
    • Built CI/CD pipelines with Jenkins and Azure DevOps, integrated with ServiceNow for single-click multi-server deploys — cutting manual deployment effort by 80%.
    • Operated Docker + Kubernetes workloads with Helm packaging; administered CA Layer7 API Gateway TLS lifecycle and IAM/NSG security baselines.
04 / stack

The toolbelt — categorized like kubectl output.

Production experience across the whole platform stack — pick a row, ask me about it.

$ kubectl get stack -A
cloud/Cloud Platforms
  • AWS · EC2 · S3 · RDS · Lambda
  • VPC · TGW · Route53 · IAM
  • CloudFormation · CloudWatch · SNS
  • Azure · VMs · VMSS · Blob · App Services
  • Azure Arc · Azure Monitor · AUM
  • Front Door · WAF · App Insights
iac/Infrastructure as Code
  • Terraform (modules · remote state)
  • ARM Templates
  • AWS CloudFormation
  • Helm · Kustomize
  • Ansible · PowerShell DSC
  • Terragrunt
k8s/Containers & Orchestration
  • Kubernetes · EKS · AKS
  • vCluster · Cluster API
  • Docker · Containerd
  • Cilium · NGINX Ingress · MetalLB
  • Karpenter · HPA · Velero
  • FluxCD · GitOps
cicd/CI/CD & Delivery
  • GitHub Actions
  • Azure DevOps Pipelines
  • Jenkins · Octopus Deploy
  • Reusable Workflows · OIDC
  • Power Automate Desktop
  • Blue/Green · Canary · Rolling
obs/Observability & ITSM
  • Prometheus · Grafana
  • CloudWatch · Azure Monitor
  • Splunk · Dynatrace · KQL
  • DataDog · OpenSearch
  • ServiceNow ITSM
  • Log Analytics
sec/Security & Identity
  • Okta SSO · Active Directory
  • Federated Auth Services (FAS)
  • Microsoft Certificate Authority
  • AWS GuardDuty · CloudTrail · WAF
  • HashiCorp Vault
  • IAM · SCPs · NACLs · NSGs
lang/Languages & Scripting
  • Python · Bash · PowerShell
  • TypeScript · JavaScript
  • Java · C
  • SQL · KQL
  • FastAPI · LangChain · Streamlit
  • Next.js · Node.js · React
data/Data & Storage
  • SQL Server · MySQL · DynamoDB
  • Always-On Availability Groups
  • Azure Arc-enabled SQL MI
  • Amazon FSx for NetApp ONTAP
  • S3 · Blob Storage · EBS
  • Nutanix CSI
TerraformAWSAzureKubernetesGitHub ActionsCitrix CVADOkta SSOPrometheusGrafanaLambdaEKSHelmFluxCDVeleroPowerShellFastAPILangChainNext.jsServiceNowAzure ArcTerraformAWSAzureKubernetesGitHub ActionsCitrix CVADOkta SSOPrometheusGrafanaLambdaEKSHelmFluxCDVeleroPowerShellFastAPILangChainNext.jsServiceNowAzure Arc
05 / contact

Got a platform that needs adult supervision?

Whether it's a Landing Zone you're scaling, a Kubernetes migration, or pipelines you want to standardize — let's talk.

Send me an emailLinkedIn
available for senior / staff platform roles· typical reply within 24h
// direct lines