Creating a Secure, Segmented and Always Available Network for a Large Healthcare Institution
As healthcare organizations face ever changing compliance guidelines, strict policies and control of extremely sensitive personal data, it is imperative to have a strong network that is flexible, reliable, and secure.
When the organization initially approached Vandis about role base access and establishing a network with “the same look and feel” at 39 of their new locations, it meant that a complete overhaul would be necessary. In addition, the Affordable Healthcare Act was passed and new HIPAA regulations were put in place, healthcare organizations scrambled to comply with the new rules as quickly as possible. With a project this large and complex, Aruba Networks recommended to the organization that Vandis was the only company that could handle it.
While a major portion of the project was to comply with new regulations, the organization also wanted to ensure that their network was segmented, secure, and always available with zero dead zones. In addition, all of the offices had to be outfitted with iPads for digital patient forms as well as laptops in all of the medical rooms for patient records. To do this, Vandis had to find several technologies that would work well to form one singular solution. After several meetings, Vandis engineers architected a plan that would allow the organization to meet their goals as well as providing room for further upgrades as necessary. Once a plan was put into place, the healthcare provider ran several POCs until they made a final decision to move forward with the project as constructed.
The project needed to split into two parts: WAN/WLAN and security/fail-over. With the first part, Vandis and the healthcare provider determined that Aruba Networks would be premier fit as Aruba ClearPass would allow the organization to accomplish several of their needs in one tight solution. The organization purchased approximately 350 Aruba S3500 switches and about 1100 Aruba .11ac Access Points to get started with the implementation. The first step was to outfit their larger locations with wireless controllers and campus APs and the smaller offices with their own virtual cluster of Aruba Instants (controller-less APs). This established 802.11ac speeds at all of their locations with voice grade coverage to provide zero dead zone and allow doctors to be outfitted with VOIP phones that were never out of range. Aruba AirWave was then put into place to manage the centralized configuration of all of the switches. Once the framework was established, Aruba ClearPass was setup to handle role based access and their guest network. With compliance and critical patient data at risk, the organization wanted to ensure that only those with clearance to access those records were allowed to do so.
Once the networks were setup, Vandis then worked with the organization to establish a fail-over plan in case a singular site went down. Each office was outfitted with two wireless providers, one for the internal office network and the other for the guest network. At the perimeter 35 Palo Alto 3020s were put in place to protect all incoming and outgoing traffic. In addition to blocking and rule management, the Palo Alto devices were used as a security failover. If one of the sites had an issue, the web traffic would be immediately be switched over to another location through secure large scale VPN to ensure safety of all the communications and continuity. This ensured that even if 1/3 of their data centers failed, usage would only be down for a maximum of 90 seconds at each satellite location. With critical applications, patient data and strict compliance policies running across the network, ensuring that the proper infrastructure was put into place was the organizations primary goal.
With the help of Vandis, the healthcare provider was able to unify their network among all of their locations. As the implementation was extremely complex, from start to finish the project took about a year. Vandis was able to take out the old gear and replace it with a solution that would be quicker, more reliable and offer much greater ability to upgrade for years to come.