The INS Group has Architected, surveyed, designed, staged and deployed WiFi WVoIP capable networks in more than 60 hospitals and medical centers in North America. Over the last fifteen years many of these facilities were first deployed with autonomous WiFi and have had multiple projects required switch/route/FW, WAN and physical layer upgrades as well Total WiFi coverage square footage deployed - over 90 million square feet. The networks deployed also met the stringent WiFi requirements of HIPPA, Infectious Disease Control, the Paragon HMS (hospital management system) and EMRs (electronic medical records) that was used at the majority of these hospitals (McLaren Healthcare). The Paragon system as well as the WVoIP phones are opertion critical tools that doctors, nurses, and other medical staff use extensively at these health care facilities. WVoIP calls are life critical, doctors are on their phones very often moving from one location to another. The calls not only need to stay connected while roaming but the voice quality remain high, typically a MOS score of 3.5 or better.
The architectures we develop are designed to meet or exceed our customer’s requirements. The architectures are also based on standard protocols and industry best practices. Often times interoperability/design validation testing is necessary when introducing new products into a clients existing network. A WiFi network design must meet the performance, security, segmentation and most of all the user expectations. Proper VLAN/WLAN segmentation that results in the creation of zones tied to specific business functions is critical for security, efficient traffic flows and addressing schemes. This creates a high level of granularity and ease of integration with FW’s, ADC’s (application delivery controllers – loadbalancers) and the switch/routing functions of a well designed network. Which allows for seamless integration into monitoring systems that can easily shutdown a user, SSID, or entire wireless system if necessary. Product maturity and supportability are no less important and we work with our customers to achieve the proper balance of in house and/or service based support.
The INS Group has been performing Wireless surveys for the past eighteen years. We’ve performed surveys in hospitals, medical centers, cancer centers, administration/office buildings, and remote doctors offices. These surveys were always WVoIP quality or better and some facilities required RFID capable environments as well. Our teams performed active, passive, predictive surveys and often times a mix of these three techniques to come up with the most cost effective solution. Prior to performing a survey it’s important to understand what the client expects from their new or upgraded WiFi network. The devices, applications, number/types of users and how will they be using the network is a key part of our requirements gathering. Some key characteristics of the client device types and how they will be used. Will the devices be in motion, attached to some sort of vehicle (cart, guerney, medical equipment, etc). Which devices have the weakest field strength (power output to AP), these devices will typically be used as the base line when performing an active survey for a new deployment or a passive survey of an existing deployment. This should result in coverage cells that are sized to match the weakest device. It’s also important to test the devices while in motion to verify that signal variability as devices move away from an associated AP will roam successfully before voice quality MOS score falls below 3.5 (or whats deemed acceptable by client) and voice quality is maintained after the roam.
It’s also critical to constrain wireless signals as much as possible from propagating outside the buildings/premises they were designed to operate within. This is an essential physical layer security element that helps guard sensitive information and protect client data networks. RF signals in many situations (offices in cities) will obviously bleed outside the customers premises. In these situations its also important to design around interference from outside sources, whether just passive or a guided threat. This is why encryption and authentication are also important to implement for all wireless networks. So it’s a standard procedure during the survey process to do propagation checks as well as identify outside interference and threats.
Many of the healthcare projects that The INS Group has deployed not only included the WiFi/WLAN but also the LAN, WAN and network application services. There have been more than sixty health care facilities that the INS Group architected, designed and deployed networks. These facilities varied from hospitals, medical administration buildings, cancer centers, research facilities and medical campuses, all with very similar functional requirements. A preferred logical architectural/design for most of these medical environments is to push a high availability OSI layer three architecture out to the access layer. This especially makes sense with today’s modern ASIC based routers or layer 2/3 switches. This is not always practical, which largely depends on the current networks capabilities and whether funding is available to make necessary upgrades. Often times the best strategy is to develop architectures that can move customers toward an optimal financial and technical solution.
Small facilities for example might have a collapsed design where core, distribution and access are on a pair of layer 2/3 switches. This type of physical infrastructure quite easily lends itself to a logical layer 3 solution. Small to medium sized hospitals (up to 400 beds) may have only combined core/distribution and access layers and whereas large hospitals and campuses would follow the same architecture but break out into separate core, distribution and access layers. These larger facilities may also have a data center components that be designed with a separate distribution layer tied to the core. The criticality of these networks demands high availability, fault tolerant architecture/designs with the following guidelines:
1. Core and distribution layers must be highly fault tolerant with redundant electronics and communication links
2. Redundant access layer communication links.
3. Intelligent VLAN segmentation
i. Broadcast isolation/reduction
4. Rapid failure recovery
5. Scalable to meet all medical network needs
iv. Accommodate proprietary medical equipment communications protocols
v. Dynamic load balancing
6. Multicast capable
7. VoIP/WVoIP capable
8. QoS that is properly buffered and queued to accommodate various application requirements.
i. Deterministic low latency real time traffic is isolated
ii. Guarantee of service
9. Apply proper congestion management and avoidance
10. Eliminate spanning tree loops
11. Layer 1-7 Security controls
The INS Group has collaboratively worked with premier service providers of business process outsourcing and information technology solutions for world-class manufacturing, airports, commercial, government, and healthcare clients. We specialize in a full range of flexible process and information technology solutions, including consolidated and distributed data center (DC), hybrid and outsourced cloud solutions.
The INS Group has been an instrumental lead in several large scale data center development and migration projects that included migrating a global FORTUNE 100 healthcare-centric DC from its existing production facility to a new facility. This fulfilled DC consolidation efforts in reducing overhead costs overall, increasing device virtualization and availability, migrating services to a state-of-the art NextGen facility from legacy environments, and retaining robust, reliable, and secure architectures by following industry standards and best practices.
A key requirement of these migration/upgrade projects was that the DC services were maintained 24/7/365 for all clients. The INS Group was responsible for ensuring the proper and efficient operation of existing and new network infrastructures so customers could continue operating at their normal high-level HIPPA, SAS70, and ISO20000 security and availability standards. Post migration, we continue to analyze data collection and performance reports to ensure that both cost and infrastructure optimization objectives are accomplished, and that overall improvement to achieve stringent service level agreements are met.
These diverse healthcare networks are comprised of a mixture of applications and systems interconnected across a multitude of WAN and MAN topologies including ATM IMAs, MPLS, GRE DMVPN, Metro Gigaman, OptEMAN L2 and L3 Ethernet, x10GB WAVE P2P Ethernet, and traditional dedicated, private T1/DS3 legacy circuits.
Primary responsibilities include, but are not limited to the following:
· Design and implement new network infrastructures using industry-wide solutions. This is comprised of extensive discovery of existing legacy equipment and topologies, designing more efficient and cost-effective solutions, building out the infrastructure, interconnecting old and new networks to run in-parallel for a period of time, testing and completing build assurance documents, reviews, and drawings, laying out the migration strategies to attain the anticipated level of minimal to no user impact, and the final cutover.
· Identify services and applications that could be candidates for migration to a cloud provider to handle high volume scenarios and outages/disaster recovery.
· Experienced in all phases of network and communications engineering incorporating the highest industry standards in relation to network topology designs and protocols, the concepts of voice/data/video technologies, and the highest level of security and data integrity.
· Critical lead roles in the technical planning, cost analysis, designing and implementing of network refresh project rollouts and DC migration transformation cutovers.
· Will identify each solution component and describe its logical, physical and operational requirements.
· Develop migration cutover workbook (Detail Design and Migration Plan) for each type of migration, defining migration and cutover tasks
· Execute the migration using the Migration Plan
INS Group solution architects and SME’s facilitated technical designs and guidance, thereby representing infrastructure, applications and databases groups. After network, compute, storage, hypervisor, and data center relevant to the scope are identified, the design discussions helped to arrive at and document a consensus approach for migration and cutover activities for each application group. INS GROUP will consider stakeholder interests and design constraints (maintenance/outage windows, schedule requirements, etc.).
The INS Group design team uses collected information for servers, databases, file systems and block storage and recommend plausible migration methods. The team identify advantages and disadvantages of the methods, document assumptions, and build consensus for the chosen migration method. The team will also identify network, compute, and storage remediation activities necessary to be compatible with the chosen migration method.
· Determine if operating systems transformations will be necessary.
· Determine how many migration/transformation waves will be required to complete the cutover.
· Determine if there are any Raw Device Mapping (RDM) LUNs presented to the VMs.
· Determine if there are any VM Clusters.
INS GROUP will develop Visio diagrams, process flow descriptions and tables to illustrate how the solution concepts for each migration approach will fit the specific requirements of each application, across each data center and across each stakeholder group
Following is an overview of IT services and components that have been involved in typical new DC/hybrid cloud build or migration:
1. Managed enterprise systems, services and hosted solutions: include Paragon, EPIC, Cerner Millenium, Mckesson clinical and financial systems, Oracle, Kronos, Lawson, and Peoplesoft.
2. Migration mechanisms/methods that were used for a successful transition included but not limited to:
· Network Transports – Cisco OTV to extend L2 bridge-domains to retain the same L2 VLANs and ultimately the same L3 networks, Locator/ID Separation Protocol (LISP) for /32 route injection within existing EIGRP AS processes, VXLAN/VTEP to extend L2 bridge-domains, and BGP Anycast via 10GB WAVE P2P medium
· Storage replication: EMC RecoverPoint, Cisco Wide Area Virtualization Engines WAN Acceleration, Veeam, Temp Swing Gear/Mule Drive
· Hypervisor components: VMWare ESX vMotion, Storage vMotion
· Network Infrastructure Source DC: Cisco 6509-VSS Core, ASR1002-X/ISR-4431-X, Cisco ACE/ACSE, F5 LoadBalancer, ASA5545, NX5K Distro with FEX, Cisco UCS 6248-UP Fabric Interconnect, UCS-B200-M5, WAAS/WAVE
· Network Infrastructure Destination DC:Cisco NX7K Core VDC’s, ASR1002-X/ISR-4431-X, F5 LTM, Citrix Netscaler, F5 LoadBalancer SDX/VPX, Firepower 2140, ASA5585-X, NX9K Distro with FEX, Cisco UCS 6248-UP Fabric Interconnect, UCS-B200-M1/M2/B230, WAAS/WAVE
· Compute: VMWare ESX 6.5 Hypervisor on Cisco UCS B200-M5
· Storage: Cisco MDS 9513 Director, EMC VNX5500, Netapp
· Minimum of 10 Gbps bandwidth is required between the source and target DCs to perform the migration using a swing storage seeding method.
· Temporary swing storage will be provided if required.
· Perform remediation of VMs.
· Setup LAN connections with appropriate bandwidth from the source and target infrastructures for server to server transition/migration traffic during the migration WAVEs.
3. Hybrid Cloud - AWS Cloud mechanisms/methods used to migrate services and applications to the AWS Cloud.
· AWS Direct Connect to connect the on premises DC to the AWS cloud through an AWS VPN to an AWS VPC (virtual private cloud)
· AWS DMS (database migration service) to migrate data to AWS cloud storage
· AWS Storage Gateway to be used to manage hybrid cloud on premise workloads for backup and restore and disaster recovery
· AWS IAM can be used to grant employees and applications federated access to the AWS Management Console and AWS service APIs, using existing identity systems such as Microsoft Active Directory.
· Depending on the volume and nature of services and applications being migrated to the hybrid cloud, many other AWS services may be required.