Extreme Fabric Connect: a Cure for an Ailing Hospital Network Environment
When you’re saving lives, there’s little time for anything else. But when your networks require as much time as your patients and impact your daily operations, it’s time to improve the condition of your infrastructure. In such a case, Extreme Fabric Connect is just what the doctor ordered!
Responsible for transferring vital communications, data, and medical records, IT networks at hospitals, clinics, care centers, and other similar facilities can be easily compared to a blood circulatory system in a human body. In other words, it’s best to take great care of it – even more so now, with the rapid technological transformation that we’re seeing in the healthcare industry! Still, many healthcare organizations are using older network infrastructure – some haven’t seen an upgrade since the turn of the century. Moreover, there are some larger macro trends around privacy and the rapid digitization of healthcare records that are driving the need for a move toward fabric networking. So let’s try to diagnose some of the major pain points of ‘traditional’ networks:
- So much manual configuration. Traditional networks are largely configured switch by switch, through a command-line interface (CLI). In today’s hospital environment, where new devices and applications are moved, added, or changed frequently, manual configuration is time-consuming. It also introduces the risk of a much-fared network outage or security breach resulting from a human error.
- Slow network recovery. Traditional networks require administrators to understand and configure many interdependent protocols. These include Spanning Tree Protocol (STP), Open Shortest Path First (OSPF), Protocol Independent Multicast (PIM), and Border Gateway Protocol (BGP). All this complexity can slow network recovery because each layer is reliant on the layer below it to re-establish connectivity.
- Vulnerability to breaches. With medical IoT devices and the flow of medical documentation, the security of hospital networks means everything. In legacy networks, separating different traffics has traditionally required multiple VLANs with access controls and firewalls. However, if you are sharing a routing table, your IP network is flat and if someone breaches your network, they might make their way to patient health records or even worse, life-critical devices like insulin pumps.
- Costs. On top of the critical need for an always-available, highly secure network to support dense network environments while protecting patient information, hospitals face the additional challenge that every healthcare system nationwide is dealing with – the extreme pressure to reduce costs.
“The combination of healthcare and IT raises so many problems that I can hardly imagine a more challenging environment. Especially with the trend towards even more wireless networks and the ever-growing need for capacity.” – Franz Steinhauser, ICT advisor, Elisabeth-TweeSteden Hospital (the Netherlands)
All the simplicity and none of the headaches
When the networking teams are swamped in day-to-day manual operations and network complexity – in the form of having to manually provision each device – it’s obvious that they’re looking for efficiencies wherever they can be found. “We needed a secure, agile, and resilient network infrastructure to cope with increased demand from thousands of personal and medical devices so our visitors and staff can continue to experience reliable connectivity”, says Rob Bergfeld, Managed ICT Services at Cordaan, one of the largest healthcare providers in the Netherlands. One of the key advantages of the fabric networks is that they support Layer 2 and Layer 3 services for end devices, embrace server virtualization, and provide automation for complete plug-and-play provisioning. With the help of Extreme Fabric Connect, healthcare organizations can dramatically simplify the edge of the network and automate the attachment of users and devices. This is critical since hospital environments often include literally thousands of clients at any given time! With a fabric-based network, hospital staff are able to oversee their own devices and connect them to the network without the networking team even getting involved – they don’t need to worry about what port they’re plugged into or making sure it has the right security.
“Thanks to Extreme’s technology, our visitors can stay better connected while our team confidently carries out the critical work of caring for and assisting our patients.” – Rob Bergfeld, Managed ICT Services, Cordaan (the Netherlands)
[embedded content]
Don’t worry about availability
At the end of the day, the most important criterion by means of which a clinic or a hospital evaluates its network is its availability. When a critical application doesn’t work, this has a direct impact. In fact, a failing network can literally make the difference between life or death. Since adding and removing network services in a fabric network only needs to be done at the edge, and is typically done from a centralized management system, mistakes are far less likely and the network is much more stable. Extreme Fabric Connect also provides the opportunity to simplify your network by reducing the number of protocols in use. With a simpler network, recovery times are faster. Also, more interconnectivity means the loss of a link or even a network device will not impact your applications. “Using Extreme Fabric Connect, migrations are now much easier and cause little to no downtime. Moving core switches can be done without downtime”, says Dennis Groen, Senior Project Manager at ETZ, one of the largest hospitals in North Brabant in the Netherlands. “Expanding new ports and switches to Satellite Equipment Rooms is much easier and doesn’t require configuring all the uplinks. The network does that all by itself is much faster and more reliable with these tasks”. But what about multi-site networks with mobile endpoints, you might wonder…
Extending Extreme Fabric Connect to the campus wiring closet with the Fabric Edge solution
The digitization of healthcare means more IP-connected medical devices are required in more places to input information. However, it’s far too expensive to place a medical device everywhere it may be needed. To solve that problem, hospitals are rolling out digitization programs where medical devices can be moved from location to location where a physician, nurse, or technician needs it. Alas, the amount of configuration required on network devices can be staggering, especially given the large number of edge switches. So how can you reduce the number of configuration requirements at the edge? That’s where Extreme’s Fabric Edge comes into play.
The solution reduces the number of network protocols by replacing the multi-chassis link aggregation protocol, the VLAN signaling protocol as well as the stacking protocol with a single fabric protocol that is also used in the core of the network (IS-IS). The result is an end-to-end fabric that provides a single operational model from Datacenter to Core to Campus-Edge, with the option to expand it even to the Branch. Extending fabric from the core and aggregation (MDF) layer of the network to the access (IDF) switching layer simplifies all operational aspects of a network solution, from initial deployment, to network expansions, and most importantly, daily operations. “Thanks to Extreme Fabric Connect, we can manage the network with a small team. It allows us, among other things, to very easily stretch the VLAN from one site to another or to manage the routing – ‘point-to-point’ – on the network itself. In the previous network configuration, we always had to rely on an external partner for that type of intervention”, says Paul Tassin from the ICT Infrastructure team at Groupe Jolimont, the biggest health group in the Walloon Region of Belgium.
Auto-sense ports
For infrastructure links such as uplinks as well as intra-IDF links, further reduction of edge configuration is achieved, by employing Zero-touch fabric, which automatically establishes fabric connectivity among devices within an IDF, as well as towards the MDF, since there is no need to configure stacking or uplinks to the aggregation layer anymore. This edge automation is enabled by a new port functionality where a port state can change based on sensing what is connected to it. This functionality is called port auto-sense. Zero-touch-fabric leverages the auto-sense port functionality to detect whether a fabric switch is connected to another fabric-capable switch. If detected, the fabric is automatically expanded to the connected device, signaling and negotiating all relevant fabric configuration parameters across the fabric link, enabling a plug and play deployment model.
Plug and Play Enabled by Auto-Sense Ports
In addition to fabric link detection, auto-sense port functionality is also used to dynamically detect fabric-attach (FA) capable devices such as EXOS and ERS switches, Access Points, or third-party FA capable devices enabling automated service signaling directly from the FA device. Auto-sense ports can also detect whether they are connected to IP Phones or hosts with or without 802.1X login procedures. This elaborate auto-sense port state-machine reduces the need for edge switch configurations dramatically, thus simplifying IDF deployments significantly. An additional important element of this zero-touch deployment solution is the automated onboarding service creation. The fabric automatically creates an isolated connection for each onboarding device towards the network management segment where devices can reach the DHCP, Radius, and network management servers. This onboarding service ensures secure reachability to the management tools for all connected network devices as well as end devices. End devices remain in an isolated guest segment until they are assigned to a specific user segment.
Network segmentation
Hospital rooms today are seeing a true influx of IoT. While a healthcare network must be capable of connecting all medical devices, it must also be very selective in doing so. Authorized devices should be expeditiously on-boarded, while unauthorized ones must be prevented from gaining access to the network or moved to a guest network. In other words, already supporting thousands of devices on their network, hospital networks need a reliable way to isolate medical devices to prevent potential security risks. Luckily, Fabric networking makes it quite easy! Extreme Fabric Connect provides a secure solution without compromising simplicity through policy-based, end-to-end hyper-segmentation. While traditional network segmentation approaches are complex with multiple levels of protocols, route policies, and access control lists, Extreme’s approach based on policy and fabric delivers a simpler, more automated alternative.
[embedded content]
Having a network that can easily be segmented at scale allows you to improve your overall security posture by dramatically reducing the attack surface and preventing lateral movement to more sensitive areas of the network. However, a stealth network prevents malicious actors from discovering the network topology in the first place! Through fabric security features like hyper-segmentation and stealth, compliance with the European Union’s General Data Protection Regulation (GDPR) can be facilitated. Secure network segments can be created quickly and easily, end-to-end, without requiring any additional overlay protocols. The network can be designed to fit the needs of different departments in a traditional multitenant environment, like a clinic or patient records department, and separate different types of devices and users, such as smartphones or IoT devices are worn by patients.
[embedded content]
Extreme Fabric Connect: a cure for an ailing hospital network environment
Healthcare organizations are under constant pressure to enhance patient care and safety, increase operational efficiency, and reduce the cost of care delivery. The need to be more efficient relates to everything they do at the hospital – including IT and the network. Extreme Fabric Connect is an inherently secure solution that allows hospitals to phase out multiple complex legacy technologies gradually and enables all services through a single, next-generation technology.