Upgrading The Network In Healthcare: Two Approaches

A look at how two healthcare companies are tackling today's networking challenges.

Marcia Savage

May 18, 2016

7 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Like other enterprise networks, healthcare networks are under more pressures than ever. IP traffic is surging, users expect anywhere, anytime access from a variety of mobile devices, and the Internet of Things looms. In healthcare organizations, these pressures are compounded by strict data security requirements, legacy network equipment, and tight IT budgets.

Healthcare networks must support modern technologies such as electronic healthcare records, remote monitoring, and provide top-notch wireless access for doctors, visiting medical staff, patients and patient family members.

Dan Conde, enterprise networking analyst at Enterprise Strategy Group, says healthcare networks deal with many of the same requirements as networks in other industries, but some unique pressures include HIPAA compliance and telemedicine initiatives. Telemedicine can involve remote sites that use video cameras and microphones in rural areas that have bad connections, or remote care from buses or vans, he said. And handling large files such as imaging files can add to the pressure on a healthcare network if an organization hasn't upgraded its campus networking devices, Conde says. 

Let's look at how two organizations are tackling the challenge of modern networking in healthcare.

WLAN upgrade

For Consulate Health Care, the sixth largest provider of senior healthcare services in the US, upgrading its wireless network was key to meeting its business goals. Based in Florida, the organization has more than 200 care centers in 21 states, including assisted living, rehabilitation, and skilled nursing facilities in 21 states.

"Over several years and some acquisitions, we had multiple technologies supporting our care centers. Those technologies weren't supportive of an enterprise-wide deployment of applications like electronic health records and telemedicine initiatives," says Kurt Rodriguez, VP of telecom and infrastructure at Consulate.

Consulate Health Care conducted product evaluations to replace its existing WLAN, which used Cisco and Aerohive equipment, and ultimately chose Aruba Networks, a Hewlett-Packard Enterprise company.

"Some key factors for us were ease of manageability, a centralized model, and the ability to have a detailed look at what's going on in a building, identify problems, and make changes to meet the demands for each building," Rodriguez said, noting that the makeup of each care center is different.

Consulate opted for Aruba's controller-less WLAN model versus a controller-based model to enable its small, centralized IT team of three engineers to deploy secure wireless infrastructure across all its locations. The initial deployment of 2,700 Aruba Instant access points has grown over the past two years to a little more than 4,300. On a daily basis, the WLAN I used by 2,500 company-issued devices, 1,600 third-party authorized devices, and 3,100 guest devices.

The controller-less APs allow Consulate's IT team to manage each location without taxing the company's WAN. The APs also provide business continuity; if the one serving as a virtual controller fails at a location, another AP at the site would take over the controller role so that Consulate's engineers don't lose the ability to manage the location.

Consulate also uses Aruba mobility controllers in its data center and Remote Access Points (RAPs) at employee home offices to support its telecommuting workforce. The combination provides a seamless VPN tunnel for remote employees, Rodriguez says.

He says Aruba ClearPass supports Consulate's BYOD policy by enabling secure guest network access. The software authenticates mobile devices of patients, residents, and their visitors, and ensures that network-connected devices comply with corporate security policies. Guests with BYOD devices as well as internal users with corporate-owned devices can self-enroll for Internet access so that the small IT staff isn't burdened with managing constant requests for network access. The flexibility that provides Consulate is key, says CIO Mark Crandall.

"It's becoming more and more important for that interoperability across the continuum of care," he says. "We need to be able to share data very readily upstream and downstream [with] acute care providers and doctors who come into our facilities and may not be employees."

healthcare IT

healthcare IT.jpg

Ultimately, the WLAN upgrade enables the secure and reliable network the doctors need in order to provide the best possible patient care, Crandall says.

Since the new WLAN tools were new for Consulate, there was a bit of a learning curve for the engineers, but they picked them up quickly, Rodriguez says. The engineers manage not only the wireless APs, but routers, switches, and the data center. Consequently, having enterprise-grade tools that would enable the small team to manage the wireless infrastructure was essential. "That keeps our operating costs down and [increases] efficiency," he says.

Consulate also uses Aruba's AirWave Network Management System to centrally update and troubleshoot the network. The software provides granular visibility into problems such as a rogue AP brought into a care center.

Going virtual

For Baystate Health, a network upgrade was the foundation of an entire data center makeover. The healthcare provider, which serves 800,000 people throughout western New England, has multiple facilities, including a teaching hospital, children's hospital, health insurance company, hospice care, and trauma center.

With two data centers and a lot of legacy gear, Baystate was faced with ever-increasing maintenance and licensing costs and complexity that was expensive to manage, says Mike Feld, interim CTO. "IT budgets aren't increasing, but our requirements are," he says.

Initially, the organization wanted to build a big new data center with dual cooling and power to replace one of the old data centers. But after tapping VertitechIT for help two years ago, Baystate opted for a software-defined architecture that enabled it to design what will ultimately be three physical data centers converged into a single logical active-active-active data center using VMware ESX, NSX, and Virtual SAN on Cisco UCS. The organization is retaining one of its old data centers, but in a significantly downsized design, and adding two smaller facilities. Instead of a $6 million to $8 million dollar project, Baystate expects to spend less than $2 million on its infrastructure redesign, says Patrick Streck, director of IT services.

VMware's NSX network virtualization platform is the core element that makes Baystate's hyperconverged design possible, Feld says. "The main value to us is that solid networking underpinning that everything else gets stuck on top of," he says.

At a high level, NSX allowed Baystate to deploy a single layer 3 network across three data centers over dark fiber and treat them as one logical data center, says Dave Miller, chief architect at Baystate.

With Baystate's compliance and security requirements, the microsegmentation capability of NSX offers a big opportunity to move away from traditional perimeter-based security, Miller says. "We view that as a way to protect our infrastructure at a more application-centric level," he says, explaining how security policies move with a VM rather than requiring updates to firewall rules.

Feld says NSX requires that engineers learn new concepts that are very different from traditional networking. VMware Education Services and VeritechIT helped trained the Baystate staff to get them up to speed.

The active-active-active data center design that NSX essentially replaces the concept of disaster recovery with high availability, Feld says. All three data centers have workloads running on them all the time; there is no failover zone. Performance will be unaffected in the event one data center fails.

"The traditional limits of networking with subnets and VLANs and how you span them between locations is eliminated with NSX," Feld said.

Outside of the NSX virtualized infrastructure, Baystate plans to use Cisco's ACI platform to manage its Cisco routers and switches that handle Internet links, MPLS, and WAN elements.

Baystate's infrastructure redesign also includes 10,000 virtual desktops to provide doctors and other employees with access from any device and from anywhere. The VDI infrastructure, using VMware Horizon, will boost security and help with compliance requirements, Streck says. "Our security office loves it from the perspective that all we're presenting on screens are pixels instead of actual data transfers," he says.

Moreover, VDI will allow Baystate to consolidate endpoints and cut capital costs, he adds. "You don't need a PC for everyone."

About the Author

Marcia Savage

Executive Editor, Network Computing

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights