Wireless Infrastructure

02:21 PM
Lee Badman
Lee Badman
Connect Directly
Repost This

WLAN Management: How A Hospital Tackles The Complexity

I spoke with Houston Methodist Hospital's WLAN architect, who described how his team maintains strict security and performs troubleshooting on the hospital's massive Wi-Fi network.

Big wireless networks come with unique challenges. When patient safety is on the line, meeting security and reliability challenges is particularly critical. I recently caught up with Houston Methodist Hospital’s head honcho for wireless to talk about how his team keeps a large Wi-Fi network healthy.

I met with Houston Methodist WLAN Architect George Stefanick at Wireless Field Day in August, where we were both delegates. It’s not every day that I run across someone whose network is as large as my own -- thousands of APs and thousands more client devices -- so Stefanick’s story intrigued me.

Houston Methodist is a system made up of six hospitals, with an emphasis on doing things wirelessly. From guest access to patient care workflow, the facilities’ WLAN resources are deemed critical resources.

The hospital has an estimated 3,000 medical devices, such as infusion pumps and glucose monitors, that pass data over the WLAN, along with several thousand wireless admin PCs and laptops and a couple of thousand Vocera VoIP badges and Cisco wireless VoIP phones. Stefanick requires each and every device utilize 802.1x authentication and meet enterprise security requirements on Houston Methodist’s large Cisco WLAN, or they don’t get accepted for use.

This is pretty impressive given that many medical and ancillary device makers are not all that savvy about wireless security on business-class networks. Stefanick’s team vets each new device type that gets purchased for hospital use, and if it doesn’t make the grade, it’s rejected until the manufacturer can get it up to snuff.

And this will make WLAN admin types envious: Even non-medical devices like lowly wireless PCs that might be purchased for use by hospital staff go through a screening process. These are profiled for behavior on the WLAN and for how they interact with an RF environment that is chock full of important WLAN-connected medical equipment. Each device type and model is base lined as a WLAN client, updated or rejected as appropriate, and its RF characteristics stored for later reference should trouble hit. In a world where BYOD is king, this sort of pre-use control is remarkable.

[Enterprises rolling out 801.11ac face channel complications in meeting rules for protecting mission-critical systems. Get the details in "Dynamic Frequency Selection Part 3: The Channel Dilemma."]

For Wi-Fi support, Stefanick has a toolbox filled with widely used utilities from AirMagnet, MetaGeek, WIreshark, and WIldPackets. Each has its role, but his team's favorite tools are from WildPackets. The hospital uses laptop versions of WildPackets' OmniPeek software for both the pre-deployment analysis of new client devices and for normal packet-level troubleshooting. The IT team also is evaluating a centralized WildPackets strategy to leverage the efficiency of putting access points into sniffer mode and feeding them directly to a central WildPackets server (I do this on my own network).

Given the wide range of devices that Stefanick sees, it’s not uncommon for his team to ask WildPackets to quickly cook up custom analysis modules. Keeping order where there might otherwise be RF chaos gets even trickier given that Houston Methodist is also doing trials with 802.11ac infrastructure, but WildPackets is well suited to the task since it's been in the 11ac game for several months now.

I give Houston Methodist a lot of credit for the quality of its WLAN operation, and for investing in it as a critical resource. Many hospitals, for a number of reasons, are either stuck in a far-outdated WLAN frame of mind or have yet to even jump into wireless for daily operations. Getting it right isn’t easy, but Houston Methodist’s investment in WLAN staff and resources shows that it can be done.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
10/24/2013 | 1:06:19 AM
re: WLAN Management: How A Hospital Tackles The Complexity
Hopefully George jumps in directly to comment- obviously there isn't total control over short-term guest devices when it comes to driver behavior, etc. But if it is going to be a hospital asset, George's group is the gatekeeper squad.
Drew Conry-Murray
Drew Conry-Murray,
User Rank: Apprentice
10/24/2013 | 12:41:26 AM
re: WLAN Management: How A Hospital Tackles The Complexity
I'm curious how the hospital handles mobile devices from family members, visitors, folks in the waiting room, visiting sales reps, etc. Seems like that would be difficult to control.
User Rank: Apprentice
10/23/2013 | 7:05:44 PM
re: WLAN Management: How A Hospital Tackles The Complexity
I love it that StefanickG«÷s team has the opportunity to vet all devices BEFORE they are allowed on the hospital's wireless network. I wish others would follow this lead.
Marcia Savage
Marcia Savage,
User Rank: Apprentice
10/23/2013 | 7:02:53 PM
re: WLAN Management: How A Hospital Tackles The Complexity
Medical device makers don't have a great track record when it comes to cybersecurity. When the hospital rejects devices because they don't meet the security requirements, did Stefanick indicate if the manufacturers are very responsive?
More Blogs from Commentary
SDN: Waiting For The Trickle-Down Effect
Like server virtualization and 10 Gigabit Ethernet, SDN will eventually become a technology that small and midsized enterprises can use. But it's going to require some new packaging.
IT Certification Exam Success In 4 Steps
There are no shortcuts to obtaining passing scores, but focusing on key fundamentals of proper study and preparation will help you master the art of certification.
VMware's VSAN Benchmarks: Under The Hood
VMware touted flashy numbers in recently published performance benchmarks, but a closer examination of its VSAN testing shows why customers shouldn't expect the same results with their real-world applications.
Building an Information Security Policy Part 4: Addresses and Identifiers
Proper traffic identification through techniques such as IP addressing and VLANs are the foundation of a secure network.
SDN Strategies Part 4: Big Switch, Avaya, IBM,VMware
This series on SDN products concludes with a look at Big Switch's updated SDN strategy, VMware NSX, IBM's hybrid approach, and Avaya's focus on virtual network services.
Hot Topics
White Papers
Register for Network Computing Newsletters
Current Issue
Twitter Feed