WLAN Management: How A Hospital Tackles The Complexity
Lee H. Badman
October 23, 2013
Big wireless networks come with unique challenges. When patient safety is on the line, meeting security and reliability challenges is particularly critical. I recently caught up with Houston Methodist Hospital’s head honcho for wireless to talk about how his team keeps a large Wi-Fi network healthy.
I met with Houston Methodist WLAN Architect George Stefanick at Wireless Field Day in August, where we were both delegates. It’s not every day that I run across someone whose network is as large as my own -- thousands of APs and thousands more client devices -- so Stefanick’s story intrigued me.
Houston Methodist is a system made up of six hospitals, with an emphasis on doing things wirelessly. From guest access to patient care workflow, the facilities’ WLAN resources are deemed critical resources.
The hospital has an estimated 3,000 medical devices, such as infusion pumps and glucose monitors, that pass data over the WLAN, along with several thousand wireless admin PCs and laptops and a couple of thousand Vocera VoIP badges and Cisco wireless VoIP phones. Stefanick requires each and every device utilize 802.1x authentication and meet enterprise security requirements on Houston Methodist’s large Cisco WLAN, or they don’t get accepted for use.
This is pretty impressive given that many medical and ancillary device makers are not all that savvy about wireless security on business-class networks. Stefanick’s team vets each new device type that gets purchased for hospital use, and if it doesn’t make the grade, it’s rejected until the manufacturer can get it up to snuff.
And this will make WLAN admin types envious: Even non-medical devices like lowly wireless PCs that might be purchased for use by hospital staff go through a screening process. These are profiled for behavior on the WLAN and for how they interact with an RF environment that is chock full of important WLAN-connected medical equipment. Each device type and model is base lined as a WLAN client, updated or rejected as appropriate, and its RF characteristics stored for later reference should trouble hit. In a world where BYOD is king, this sort of pre-use control is remarkable.
[Enterprises rolling out 801.11ac face channel complications in meeting rules for protecting mission-critical systems. Get the details in "Dynamic Frequency Selection Part 3: The Channel Dilemma."]
For Wi-Fi support, Stefanick has a toolbox filled with widely used utilities from AirMagnet, MetaGeek, WIreshark, and WIldPackets. Each has its role, but his team's favorite tools are from WildPackets. The hospital uses laptop versions of WildPackets' OmniPeek software for both the pre-deployment analysis of new client devices and for normal packet-level troubleshooting. The IT team also is evaluating a centralized WildPackets strategy to leverage the efficiency of putting access points into sniffer mode and feeding them directly to a central WildPackets server (I do this on my own network).
Given the wide range of devices that Stefanick sees, it’s not uncommon for his team to ask WildPackets to quickly cook up custom analysis modules. Keeping order where there might otherwise be RF chaos gets even trickier given that Houston Methodist is also doing trials with 802.11ac infrastructure, but WildPackets is well suited to the task since it's been in the 11ac game for several months now.
I give Houston Methodist a lot of credit for the quality of its WLAN operation, and for investing in it as a critical resource. Many hospitals, for a number of reasons, are either stuck in a far-outdated WLAN frame of mind or have yet to even jump into wireless for daily operations. Getting it right isn’t easy, but Houston Methodist’s investment in WLAN staff and resources shows that it can be done.