cisco extended care 1.0 solution design guide · cisco extended care 1.0 solution design guide...
TRANSCRIPT
Cisco Extended Care 1.0 Solution Design Guide
November 25, 2013
Cisco Systems, Inc. www.cisco.com
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.
Text Part Number: OL-30842-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
Cisco Extended Care 1.0 Solution Design Guide © 2013 Cisco Systems, Inc. All rights reserved.
OL-30842-01
C O N T E N T S
C H A P T E R 1 Overview 1-1
Objectives and Audience 1-1
An Overview of Cisco Extended Care 1-1
Not Intended for Use In Emergency or for Patient Monitoring 1-2
Key Features in Cisco Extended Care 1-2
Patient Portal 1-2
Provider Portal 1-3
Video Conferencing 1-3
Historic Wellness Readings Graphs 1-3
Access to Questionnaires 1-3
Appointment Calendar 1-3
HL7 Compatibility 1-3
Quick Connect 1-3
Educational Videos 1-3
Secure Messaging 1-3
Instant Messaging 1-3
OpenEMR Compatilbility 1-4
Collaboration APIs 1-4
Customizable Branding 1-4
Cisco Extended Care Architecture 1-4
Data Center Components 1-6
Data Center Software Requirements 1-6
Data Center Hardware Requirements 1-6
Video Conferencing Data Center Components 1-7
Servers 1-7
Multi-point Control Units 1-7
Video Endpoints 1-8
Infrastructure Requirements 1-9
Key Considerations 1-10
C H A P T E R 2 Designing the Framework 2-1
Data Center Deployment Models 2-1
Enterprise Deployment Options 2-1
Enterprise 2-1
1Cisco Extended Care 1.0 Solution Design Guide
Contents
Enterprise with High Availability 2-1
Enterprise with Multiple Instances 2-2
Achieving Higher Availability 2-2
Network Deployment Options 2-3
Overlay Network 2-3
Converged Network 2-3
Communication with Resources Outside the Cisco Extended Care Network 2-4
Accessing Resources Outside the Enterprise Network 2-4
C H A P T E R 3 Video Endpoint Considerations 3-1
Supported Video Endpoints 3-1
Servers 3-2
Server Groups 3-2
Multi-Point Control Units 3-2
C H A P T E R 4 Cisco Extended Care Bandwidth Requirements and Quality of Service Recommendations 4-1
Bandwidth Requirements for Endpoints Using Cisco Extended Care 4-1
Video Endpoint Bandwidth 4-2
Cisco TelePresence System EX60/EX90/Edge 95 and Cisco TelePresence C20/C40 Bandwidth Requirements 4-2
Cisco Extended Care / Jabber Video Bandwidth Requirements 4-2
Bandwidth Requirements for a Cisco Extended Care Application Server 4-3
Quality of Service 4-3
QoS Best Design Practices for Cisco Extended Care 4-4
Best Practices for Converged Networks 4-5
Marking Cisco Extended Care Traffic 4-5
C H A P T E R 5 Cisco Extended Care Security 5-1
Overview 5-1
Patient Information Precautions 5-1
Patient Privacy 5-1
Authentication / Access Control 5-2
Authentication Options 5-2
External LDAP-Authentication 5-2
External Third-Party Application Authentication 5-2
Dedicated Cisco Extended Care Authentication 5-3
Mixed Authentication 5-3
Cisco Extended Care Security Policy 5-3
2Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Contents
Security Policy Controls for Cisco Extended Care-Authenticated User Names 5-3
Security Policy Controls for All Cisco Extended Care User Names 5-4
Other Authentication Security Features 5-4
Transmission Security 5-4
Network Security 5-5
Using Firewalls in Converged Networks 5-5
Cisco Extended Care and Cisco TelePresence TCP and UDP ports 5-5
Ports and Protocols Required for Third-Party Applications 5-6
C H A P T E R 6 Cisco Services for Cisco Extended Care 6-1
Introduction 6-1
Installations and Configurations 6-1
Additional Services 6-2
Cisco Extended Care Workshop 6-2
Cisco Extended Care Custom Application Support (CAS) 6-2
Cisco SMARTnet 6-2
For More Information 6-4
A P P E N D I X A Software Compatibility A-1
Browser Compatibility A-1
GL O S S A R Y
3Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Contents
4Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
OL-30842-01
C H A P T E R 1
OverviewRevised: November 25, 2013, OL-30842-01
Objectives and AudienceThe Cisco Extended Care Solution Design Guide provides an overview of the options and best practices for designing Cisco Extended Care, including:
• selecting a deployment model
• choosing the features you want to include in your installation
• configuring the video conferencing portion of the application
• determining bandwidth requirements and implementing quality of service
• determining security requirements and defining your security policy
• selecting Cisco service options
The target audience is Cisco Extended Care planners and designers. The objective of this document is to enable these planners and designers to make informed decisions about all aspects of the design.
Note All Cisco Extended Care documentation referenced in this manual can be found at: http://www.cisco.com/en/US/partner/products/ps13401/tsd_products_support_series_home.html.
Note Refer to Appendix A, “Browser Compatibility”for a list of browsers and their level of support in Cisco Extended Care.
An Overview of Cisco Extended CareCisco Extended Care is a personal health and wellness collaboration platform, enabling patient engagement and care team interactions at any time and from anywhere.
The application provides:
• Enhanced and efficient care coordination
• Secure messaging
1-1Cisco Extended Care 1.0 Solution Design Guide
Chapter 1 Overview Not Intended for Use In Emergency or for Patient Monitoring
• Appointment calendar and scheduling
• Ability to access questionnaires
• Real time video collaboration
• Anywhere access to care team consults
• Content sharing
• Video platform to drive health and wellness awareness and education
• Open APIs to enable third party applications and environments
Not Intended for Use In Emergency or for Patient MonitoringCisco Extended Care is not intended for use in emergency situations. In the event of an emergency, call 911 or your local emergency response system.
Cisco Extended Care is not for use in situations involving real-time patient monitoring or alarming.
Key Features in Cisco Extended CareCisco Extended Care has the following key features:
• Patient Portal
• Provider Portal
• Video Conferencing
• Historic Wellness Readings Trending
• Access to Questionnaires
• Appointment Calendar
• HL7 Compatibility
• Quick Connect
• Educational Videos
• Secure Messaging
• Instant Messaging
• OpenEMR Compatibility
• Collaboration APIs
• Customizable Branding
Patient Portal
Allows patients to connect with a care provider via video conferencing and get access to educational material, messages, wellness data, appointment calendar, questionnaires, etc.
1-2Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 1 Overview Key Features in Cisco Extended Care
Provider Portal
Allows care providers to view ready appointments, start video conference with patients, access patient details, send messages to patients, view patient wellness data, create and save SOAP notes, etc.
Video Conferencing
Allows patients to connect with a care provider via video conferencing.
Historic Wellness Readings Graphs
Allows patients and providers to graph the patient’s historic wellness readings over time. Historic wellness readings are readings from a wellness device that are either manually entered by the patient or retrieved from external sources, such as a PHR.
Access to Questionnaires
Allows patients to respond to a questionnaire and also access previous responses.
Appointment Calendar
Allows patients to view their appointment calendar and start a scheduled appointment.
HL7 Compatibility
Allows for customizable request and response HL7 templates for a given deployment.
Quick Connect
Allows patients to start an unscheduled appointment.
Educational Videos
Allow patients to access and view educational material (videos from youtube.com) made available by their care team.
Secure Messaging
Allows patients to view messages sent by their care team. Messages can be searched based on date/time and keywords.
Instant Messaging
Allows interaction between patients and care providers within an appointment.
1-3Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 1 Overview Cisco Extended Care Architecture
OpenEMR Compatilbility
Allows a customer to use OpenEMR in the absence of any HL7 compatible EMR.
Collaboration APIs
Provide a set of APIs that customers/partners can use to enable video collaboration in legacy applications.
Customizable Branding
Allows customer/partner to customize their branding logos and images on the patient portal in their offering.
Cisco Extended Care ArchitectureFigure 1-2 illustrates the layered architecture of Cisco Extended Care and Figure 1-2 illustrates an overview of the components in Cisco Extended Care.
Figure 1-1 Cisco Extended Care Layered Architecture and Supported Cisco Video and Infrastructure Equipment
1-4Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 1 Overview Cisco Extended Care Architecture
Figure 1-2 Cisco Extended Care Architecture
Partner Server
The partner server (shown on the upper left side of Figure 1-2) can be any of the systems available with the partner/customer that is connected with Cisco Extended Care, such as:
• A HL7 based EMR – for patient information and appointment scheduling.
• A wellness readings Store server – to save and/or retrieve wellness readings.
• An IFrame based integration with an existing partner/customer portal – for providing an integrated user experience across portals with single sign-on (SSO).
• A custom authentication system being used by the partner/customer – to authenticate Providers.
• A custom scheduling system being used by the partner/customer – for appointment scheduling.
Note A partner server is not a mandatory component, as there can be deployments without any customer/partner systems integration. A partner server can be in the same data center as the Cisco Extended Care server (for example, HL7 EMR system maintained by the partner/customer) or can be on the cloud (for example, wellness readings Store server).
Cisco Extended Care Proxy Server
Cisco Extended Care Proxy server (see Figure 1-2) is software that enables the Provider and the Patient to connect to Cisco Extended Care application from outside the enterprise network.
Cisco Extended Care Application Server
The Cisco Extended Care Application server (see Figure 1-2) is data center software that manages all of the connectivity and provides services to the end users. This server ties together all the components of Cisco Extended Care.
1-5Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 1 Overview Data Center Components
Data Center ComponentsCisco Extended Care requires software and data center hardware in an enterprise data center. The required components can vary, depending on the features and video components selected. This section briefly describes the required components.
Data Center Software RequirementsCisco Extended Care Application Server is the data center software that manages all of the connectivity, It is comprised of the following internal components:
• Cisco Extended Care Application Server – This server ties together all the components of Cisco Extended Care. Specifically, the Cisco Extended Care Application Server:
– maintains the master information about resources and manages the resources
– manages sessions and appointments
– implements patient and provider workflows
– manages the Cisco Extended Care Administrative Server, the Cisco Extended Care Portal, and the Unified Communications (UC) servers
– interfaces with applications supporting Cisco Extended Care connectors
• Cisco Extended Care Provider Portal – This Portal maintains the provider login sessions, provides the UI to the providers and interfaces to the Application Server to validate sessions.
• Cisco Extended Care Patient Portal – This Portal maintains the patient login sessions, provides the UI to the patients and interfaces to the Application Server to validate sessions.
• Cisco Extended Care Administration Server – This management server is used to configure, administer and manage the Application Server and the Cisco Extended Care Portal.
Note A software disk will be made available for Cisco Extended Care install.
Data Center Hardware RequirementsCisco Extended Care Application Server runs on the following platforms:
• Enterprise Server
– Processor: Two (2) multi-threaded four (4) core 2.4GHz CPUs with 12MB cache
– Minimum Hard drive: 100GB SATA/SSD/SAS
– Minimum Memory: 16GB DDR3, 1333 MHz
– Network Interface Card: Quad Port 10/100/1Gb
– Optical Drive DVD±R
– RAID support optional
– Red Hat Enterprise Linux 5.7 or later compatible
• Virtual Machine
– Virtual Machine Version 7 or 8
1-6Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 1 Overview Data Center Components
– Guest OS: RHEL 5 64 Bit
– Virtual Processor
– Number of Virtual Sockets: 2
– Number of cores per virtual Socket: 2
– Memory: 16 GB
– Hard Disk: 100 GB
– Virtual Network Interface Cards: 1 Adapter : E1000
• Additional components required if implementing the high availability design option:
– an additional physical server that is identical to the first one
– VMware vSphere Hypervisor (ESXi) 5.1
– Vsphere Client 5.1. This runs on a Windows platform
– Network File System1
– vCenter Server 5.1. This runs on a 64 bit Windows platform
• Additional components required if accessing Cisco Extended Care from outside the enterprise network:
– A separate Server to act as the Reverse Proxy server similarly configured as the Enterprise server.
Video Conferencing Data Center ComponentsCisco Extended Care supports a variety of servers and multipoint bridges that typically reside in a data center.
Servers
Cisco Extended Care supports the following servers:
• Cisco Unified Communication Manager (CUCM)
• Cisco TelePresence Video Communications Manager (VCS) (Both Control and Expressway)
• TelePresence Management Suite (may be required when using Cisco Jabber Video for TelePresence).
With Cisco Extended Care, the application can support interoperability between diverse video endpoints in a point-to-point configuration, greatly reducing the cost of deployment. For more detail on Call Control options and interoperability, see Chapter 3, “Video Endpoint Considerations”.
Multi-point Control Units
In addition, Cisco Extended Care supports the following multipoint control units:
Cisco TelePresence™ Multipoint Switch (CTMS) – Software using Cisco TelePresence-only endpoints can use the CTMS.
1. The Network File System should be compatible with the ESXi and vCenter used in Cisco Extended Care. Refer to the ESXi/vCenter documents before deciding which Network File System to use.
1-7Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 1 Overview Data Center Components
Cisco TelePresence Server MSE and the Cisco TelePresence MCU MSE - combine to provide a high-capacity voice and video conferencing media services engine that supports conference bridging, interoperability, gateway, management and recording functions.
Cisco TelePresence Multipoint Control Units (MCUs) – Software using only non-CTS-500 video endpoints can use the MCU.
For more detail on video endpoint switching and interoperability, see Chapter 3, “Video Endpoint Considerations”.
Video EndpointsThe video endpoint facilitates video conferencing for two or more locations. Supporting a variety of video endpoints gives enterprises a choice in video quality, size/form factors, bandwidth required and cost. Cisco Extended Care facilitates video conferencing with the following video endpoints2 in Figure 1-3.
Figure 1-3 Video Endpoints
Cisco Extended Care is compatible with a SIP-standards based video conferencing system, and the compatibility falls into one of three categories:
• Fully integrated - one click Join and Leave on the Cisco Extended Care window.
• Partially integrated - one click Join on the Cisco Extended Care window, but ending the teleconference is handled outside of Cisco Extended Care.
• Compatible but not integrated - manual dial is required
2. The Cisco TelePresence System (CTS) 500 (with a 37 inch display), Cisco TelePresence System Edge 95 MXP, and Cisco E20 IP Phone are no longer sold, but supported by Cisco Extended Care for the current install base of those products.
1-8Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 1 Overview Infrastructure Requirements
Table 1-1 lists all the fully integrated, partially integrated, or compatible but not integrated video endpoints. For setting up the video endpoints, see the applicable manual as outlined in the following table.
Table 1-1 Supporting Documentation for Fully Integrated, Partially Integrated or Compatible Video Endpoints
These video endpoints are described in detail in Chapter 3, “Video Endpoint Considerations”.
Infrastructure RequirementsThe user’s infrastructure must meet the basic minimum specified requirements for Cisco Extended Care to perform as intended. This includes, but is not limited to:
• adequate bandwidth
• appropriate latency, jitter and error rate
• appropriate video call control and routing equipment
Video Endpoint Integration Manual
CTS-500 Join / Leave Cisco TelePresence System 500 Assembly, First-Time Setup, and Field Replaceable Unit Guide
Cisco TelePresence Codec C20
Join / Leave Profile Series, Codec C Series and Quick Set C20/C20Plus Getting started guide or Installing the TANDBERG Quick Set C20
Cisco TelePresence Codec C40
Join / Leave Cisco TelePresence Codec C40 Installation Guide
Cisco TelePresence Codec C60
Join / Leave Cisco TelePresence Codec C60 Installation Guide
Cisco TelePresence SX20
Join / Leave Cisco TelePresence SX20 Installation Guide
Cisco TelePresence System EX60
Join / Leave Cisco TelePresence System EX60 Installation Guide
Cisco TelePresence System EX90
Join / Leave Cisco TelePresence System EX90 Installation Guide
Cisco Jabber Video Join only Cisco TelePresence Movi Administrator Guide
Cisco TelePresence MX200
Join/Leave Cisco TelePresence MX200 Installation Guide
Cisco DX650 IP Phone Join/Leave Cisco DX650 IP Phone Datasheets and Literature
Cisco E20 IP Phone Manual Dial
Cisco E20 IP Phone Installation Guide
Cisco Edge95 MXP Join/Leave Cisco Edge95 MXP Datasheets and Literature
Cisco Jabber™ for iPad Join only Cisco Jabber for iPad Administration Guide
Cisco Desktop Video1
1. If you want to know more about Jabber SDK ports, protocols, and open issues, refer to the Jabber SDK Release
Notes, which can be found at http://developer.cisco.com/web/jabber-developer/release-notes-3.0.1.
Join/Leave Cisco Desktop Video Jabber Developer
1-9Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 1 Overview Key Considerations
• appropriate capacity routing and switching equipment
• proper software security levels
• adequate network security
• adequate physical security
For a complete description of the Cisco Extended Care used by the Provider, see the Cisco Extended Care 1.0 User Guide for Provider.
For a complete description of the Cisco Extended Care used by the Patient, see the Cisco Extended Care 1.0 User Guide for Patient.
Key ConsiderationsWhen designing a Cisco Extended Care, consider the following:
Deployment Models: There are several options for how you deploy your Cisco Extended Care (both in the data center and in the network).
Video Endpoints and Unified Communications (UC) Architecture: If you have an install base of video endpoints and those endpoints meet the specific requirements of Cisco Extended Care, you may want to leverage those endpoints in your design. Alternatively, if purchasing new video endpoints, you have a number to select from. In either case, you need to determine how you will configure these video endpoints to support video conferencing, and if applicable, what multi-point switches you will use.
Quality of Service (QoS) and Bandwidth: QoS provisions are required to help assure that critical data gets priority and that real-time video3 is handled without degradation of the images.
In addition, while a well-designed QoS strategy can minimize bandwidth requirements, a minimum amount of bandwidth is required for each of the three site types:
– Data center
– Patient Video Endpoints
– Provider Video Endpoints
Your choice of video endpoints may influence how much bandwidth you need to provision. In addition, having point to point or multipoint conferences can also impact bandwidth.
Security: Cisco Extended Care has a number of features to enhance security. In addition, we support access to Cisco Extended Care outside of the corporate firewall. It offers the capability for enterprises to define a security policy for user authentication. As part of that security policy, you need to determine if you want an external directory server to authenticate end users or if you want that authentication done by Cisco Extended Care.
Cisco Services: There are several options for how Cisco Extended Care can be serviced. This decision needs to be made up front as it may affect the network design.
Utilizing the Cisco Extended Care Collaboration APIs: Cisco Extended Care can be used with compatible healthcare applications, directory services and EMR systems to facilitate the healthcare workflow. To leverage this, you need to understand the options and compatible applications.
Each of these topics is covered in this document.
3. Real-time, in this instance, refers to the traffic classification of Cisco TelePresence. The Cisco Extended Care Application software is not intended to perform real-time, active, or online patient monitoring, and does not transmit or display any real-time data that is intended to alert a physician of alarms or other conditions that require a physician's immediate action or response.
1-10Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 1 Overview Key Considerations
Network and QoS design are touched upon briefly in this document. For more information on network and QoS design, refer to one of the following:
• Medianet Campus QoS Design 4.0
• Enterprise Medianet Quality of Service Design 4.0 - Overview
• Enterprise QoS Solution Reference Network Design Guide
1-11Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 1 Overview Key Considerations
1-12Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
OL-30842-01
C H A P T E R 2
Designing the FrameworkRevised: November 25, 2013, OL-30842-01
Cisco Extended Care offers a great deal of flexibility in how you implement your application. This chapter provides the information you need to design the framework of your Cisco Extended Care, including:
• Data center deployment models
• Network deployment options
Note Framework decisions will impact the cost, deployment time, and additional components required, and therefore these decisions should be made before continuing with the rest of your design.
Data Center Deployment ModelsCisco Extended Care can be implemented in-house using one of the three enterprise deployment models.
Enterprise Deployment OptionsThere are three options available for enterprises that want to implement Cisco Extended Care in their own data center - Enterprise, Enterprise with High Availability, and Enterprise with Multiple Instances.
Enterprise
The Enterprise option is for organizations that want to implement their own instance of the Cisco Extended Care Application Server in their data center. The Enterprise option includes a single Cisco Extended Care Application Server that runs on the Server platform.
Enterprise with High Availability
The Enterprise with High Availability option is for organizations that want to implement their own instance of the Cisco Extended Care Application Server in their data center and also want to maximize availability by implementing redundant Cisco Extended Care servers and a separate Network File System (NFS) data store. This deployment option requires two Cisco Extended Care Application Servers1.
2-1Cisco Extended Care 1.0 Solution Design Guide
Chapter 2 Designing the Framework Data Center Deployment Models
Additional components required if implementing the high availability option are:
• Network File System
• vCenter Server 5.1
For more information about achieving higher availability, refer to Achieving Higher Availability, page 2-2.
Enterprise with Multiple Instances
In Cisco Extended Care, you can run multiple instances of the operating system, databases and Cisco Extended Care software on the same physical server (this is also known as hardware virtualization). This capability is available only if the multiple instances are licensed for the same enterprise and use.
Figure 2-1 shows the Cisco Extended Care multiple-instances architecture. This feature enables multiple instances of the Cisco Extended Care Application Server to reside on a single server while remaining logically isolated.
Additional components required for multiple instnances are:
• VMware Hypervisor ESXi 5.1
Figure 2-1 Cisco Extended Care Multiple Instances Architecture
Achieving Higher AvailabilityCisco Extended Care is designed to maximize high availability. Some features are inherent and others involve additional components.
1. Since only one is active at a time, only one license is required.
2-2Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 2 Designing the Framework Network Deployment Options
Application Recovery: The Cisco Extended Care data center applications are monitored for failures and restarted using a leaky bucket scheme. That is, as long as the application fails less than a prescribed number of times within a time period, it will be restarted automatically. If the application fails more than the prescribed number of times within the time period, manual intervention is required to restore system availability.
Externalized Database: Cisco Extended Care application data (not patient data) can be stored in an external MySQL database in the Network File System server. This allows the system state to remain persistent in the event of an application failure and allows availability to be restored in the fastest possible time.
Hardware Backup with Mirroring: You can maximize availability of your Cisco Extended Care by implementing a redundant server and utilizing the vCenter Server to achieve high availability. With these components in place, if the active server fails, the Cisco Extended Care applications will be migrated to the spare server and will continue to run.
In addition, the servers that are being used for this release provide high availability at the hardware level by providing support for such features as RAID mirroring and dual power supplies.2
Network Availability: Various best practices like multi-pathing and running Hot Standby Routing Protocol (HSRP) or Virtual Router Redundancy Protocol (VRRP) on network routers should be implemented to provide a high available network platform.
Network Deployment OptionsCisco Extended Care can be implemented either as an overlay network or as a converged network.
Overlay Network With an overlay network, new servers, routers, switches and lines are installed specifically to handle Cisco Extended Care. The network is built from the start using QoS best practices with adequate bandwidth to handle an effective Cisco Extended Care software. Change management is simplified as the changes required for the Cisco Extended Care network do not impact the other network applications and vice versa.
Converged Network This alternative allows customers to leverage the existing investment in their production networks. This is an option as long as that the current customer network can or will meet the overall requirements of the converged network. The challenges are optimizing the network for additional load and real-time video requirements and addressing change management requirements to enable integration of the new components while keeping existing components stable.
Note Real-time, in this instance, refers to the traffic classification of Cisco TelePresence.
2. These need to be configured and setup appropriately according to the deployment environment to enable higher availability.
2-3Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 2 Designing the Framework Network Deployment Options
Communication with Resources Outside the Cisco Extended Care NetworkYou may require the capability for interaction between the new Cisco Extended Care network components and the resources outside the Cisco Extended Care network. A key part of the design process is to make this determination. At a minimum, consider the following:
• Support - Will the software require remote access from the support team to the Cisco Extended Care Application to resolve issues?
• Printing - You may choose to leverage the print capability of Cisco Extended Care with a networked printer. That printer can be dedicated to Cisco Extended Care or may be outside the Cisco Extended Care network.
• Authentication - If you use an existing LDAP directory to authenticate users, Cisco Extended Care needs to be able to communicate with LDAP directory server.
• EMR - If you choose to integrate an existing EMR server with Cisco Extended Care, then Cisco Extended Care needs to be able to communicate to your integration engine which in turn, needs to be able to communicate with EMR server.
By maintaining a firewall between the networks and punching holes in that firewall for specific port numbers and IP addresses, you can address these requirements without compromising security.
Accessing Resources Outside the Enterprise NetworkSome third party applications and environments may use open APIs. In this case, the network must be designed to enable Cisco Extended Care components to access those applications and environments over the Internet.
In addition, patients and some Cisco Extended Care Providers may be outside of the enterprise network.
• To enable access to applications and services outside of an enterprise network, the following are required:
– The vendor edge firewall must allow specific ports and protocols for accessing Cisco Extended Care from the Internet.
– The trusted sites configured at the Provider(s)/Patients browser must include the applicable servers for any integrated third-party applications.
– VCS Expressway (for establishing video conferencing)
– Cisco Extended Care Proxy Server (installed on a separate Server as shown in Figure 2-2)
Figure 2-2 shows the components required to enable Providers and Patients to be outside of the enterprise network.
2-4Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 2 Designing the Framework Network Deployment Options
Figure 2-2 Components and Configuration Required when Patients and Providers are Outside the Enterprise Network
2-5Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 2 Designing the Framework Network Deployment Options
2-6Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
OL-30842-01
C H A P T E R 3
Video Endpoint ConsiderationsRevised: November 25, 2013, OL-30842-01
This section describes the following:
• Description of Supported Video Endpoints
• Supported Servers
• Supported Multi-Point Bridges
This chapter touches on each of these topics and describes where to find additional information.
Supported Video EndpointsSeveral video endpoints are deemed compatible with Cisco Extended Care. A subset of these devices are no longer being sold (they have reached end of life) but they have a current install base, so are listed here. The following list includes all the supported video endpoints1.
Current video endpoints (that is, video endpoints that can still be purchased) include the following:
• Cisco TelePresence SX20
• Cisco TelePresence Codec C20/C40/C40
• Cisco TelePresence System EX60/EX90
• Cisco TelePresence MX200
• Cisco DX650 IP Phone
• Cisco Jabber™ for iPad
• Cisco Jabber Video
• Cisco Desktop Video
Legacy video endpoints are video endpoints that are supported but can no longer be purchased from Cisco. Legacy video endpoints include the following:
• Cisco TelePresence 500
• Cisco Edge 95 MXP
• Cisco E20 IP Phone
1. Cisco Extended Care application is not responsible for the performance of the video endpoints that are not in the supported video endpoints list.
3-1Cisco Extended Care 1.0 Solution Design Guide
Chapter 3 Video Endpoint Considerations Servers
Note With the exception of Cisco Jabber Video and Cisco Jabber ™ for iPad, all supported video endpoints are fully integrated. That is, the telepresence video conference is started by clicking on the Join button and ended by clicking on the Leave button. With Jabber Video and Jabber™ for iPad, Join starts the video conference, but the Patient or Provider must use Jabber video controls to end the video conference.
ServersCisco Extended Care supports the following servers:
• Cisco Unified Communication Manager (CUCM)
• Cisco TelePresence Video Communications Manager (VCS) (Both Control and Expressway)
VCS Expressway is required to register endpoints outside of the enterprise network and must be used in conjunction with the Cisco Extended Care Application Proxy Server.
• Cisco TelePresence Management Suite (TMS) may be required if using Cisco Jabber Video and Cisco Jabber™ for iPad. When used to support Jabber Video, TMS must be used in conjunction with VCS and must be configured to work with VCS. Jabber end users are provisioned in TMS with phone numbers for user names. When configuring the Jabber Video, the phone number must match the TMS user name and the passwords must match. The Server group specified at the endpoint must contain the VCS server that is configured to work with TMS.
Server GroupsCisco Extended Care allows you to configure server groups. These groups enable you to specify a group of servers that can be used by an endpoint to establish video conferences. To make a video conference call on behalf of an endpoint, the Cisco Extended Care Application Server will attempt to reach any of the servers in the group.
You cannot mix CUCM servers with VCS servers in a server group.
When endpoints are configured, they are associated with a server group. You MUST configure at least one server group (even if there is only one server in that group) and if you have both VCS and CUCM servers, you must configure at least two server groups.
Multi-Point Control UnitsCisco Extended Care supports the following multipoint control units, which are configured as Meeting Resources to Cisco Extended Care:
Cisco TelePresence™ Multipoint Switch (CTMS) – Can be used with all video endpoints except for Desktop Video and Jabber™ for iPad. The video endpoints must be registered to CUCM if they are to connect to the CTMS.
Cisco TelePresence Server MSE and the Cisco TelePresence MCU MSE - combine to provide a high-capacity voice and video conferencing media services engine that supports conference bridging, interoperability, gateway, management and recording functions. The 8710 can be used with any of the supported video endpoints. The 8510 can be used with any of the supported video endpoints except the CTS-500.
3-2Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 3 Video Endpoint Considerations Multi-Point Control Units
Cisco TelePresence Multipoint Control Units (MCU) – Works with VCS and can be used with all supported video endpoints except for the CTS-500.
Note that an MCU is required when more than two parties have to join a video appointment.
In addition to configuring the meeting resources to the Cisco Extended Care Administration Server, there are other configuration steps required. Table 3-1 provides a high level overview of the steps required to configure a CUCM environment and a VCS environment and indicates which bridges are supported in each environment.
Table 3-1 Support and Configuration of Resources
Table 3-2 For More Information
Server Supported Endpoints Supported Bridges Configuration
CUCM CTS-500, DX650, EX-60, EX-90, C20, C40, C60, E20, Desktop Video, SX20, MX200, Jabber™ for iPad
CTMS1, MSE 8710, MSE 8510, Codian MCU
1. CTMS is not supported for Desktop Video and Jabber™ for iPad
• Create Trunks for the CUCM to the Bridge
• Associate route patterns with each trunk
• Configure the multipoint devices to work with CUCM
• Register endpoints to CUCM
VCS or VCS Expressway
Edge 95 MXP, EX-60, EX-90, C20, C40, C60, Jabber Video2, E20, SX20, MX200, Jabber™ for iPad2,
2. Also requires TelePresence Management Suite.
MSE 8710, MSE 8510, Codian MCU
• Register MCU to VCS
• Create a conference
• Associate Conference ID (bridge number)
• Register endpoints to VCS
Tip: After you register the device, make sure the device can reach the static bridge you created
Product Additional Product Documentation
CUCM http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/docguide/8_6_1/dg861.html
VCS (all releases) http://www.cisco.com/en/US/products/ps11337/prod_maintenance_guides_list.html
TelePresence Management Suite
http://www.cisco.com/en/US/docs/telepresence/infrastructure/tms/config_guide/Cisco_TMS_Provisioning_Deployment_Guide_13-0.pdf
MSE 8710 http://www.cisco.com/en/US/docs/telepresence/infrastructure/ts/user_guide/Cisco_TelePresence_Server_2-2_Product_user_guide.pdf
MSE 8510 http://www.cisco.com/en/US/prod/collateral/ps7060/ps11305/ps11317/ps11340/data_sheet_c78-627558.pdf
3-3Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 3 Video Endpoint Considerations Multi-Point Control Units
CTMS http://www.cisco.com/en/US/docs/telepresence/multipoint_switch/1_8/administration/guide/preface.html
MCU http://www.cisco.com/en/US/products/ps11341/products_user_guide_list.html
Product Additional Product Documentation
3-4Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
OL-30842-01
C H A P T E R 4
Cisco Extended Care Bandwidth Requirements and Quality of Service RecommendationsRevised: November 25, 2013, OL-30842-01
This chapter discusses the minimum recommended bandwidth required for Cisco Extended Careand the recommended QoS settings used when installing Cisco Extended Care so that the existing network traffic is not impacted by the addition of Cisco Extended Care traffic.
For more information on QoS, refer to one of the following:
• Medianet Campus QoS Design 4.0
• Enterprise Medianet Quality of Service Design 4.0 - Overview
• Enterprise QoS Solution Reference Network Design Guide
Bandwidth Requirements for Endpoints Using Cisco Extended Care
Bandwidth requirements vary depending on the following factors:
• the quality selected for the video endpoint.
– The Cisco TelePresence System 500 offers two resolution settings (720p or 1080p) and four quality settings (lite, good, better or best). Other video endpoints also have multiple resolution settings.
– The Cisco TelePresence System EX60/EX90/Edge 95 MXP and the Cisco TelePresence C20/C40 offer high, medium, and normal settings at 30fps or 60fps.
Note that on top of any bandwith figures contained in this chapter, there will be at a minimum an additional 30 kbps overhead for loading web pages.
Note The recommended minimum bandwidth for any Cisco Extended Care Endpoint Computer (a customer-supplied computer that customers, such as patients or providers, use for Extended Care sessions) is 512kbps. See Table 4-1 for more details.
4-1Cisco Extended Care 1.0 Solution Design Guide
Chapter 4 Cisco Extended Care Bandwidth Requirements and Quality of Service Recommendations Bandwidth Requirements for Endpoints Using Cisco Extended Care
Video Endpoint BandwidthThe bandwidth requirements can vary based on a number of parameters: video endpoints, resolution, frames per second (fps), and for certain endpoints, the optimal definition profile. The bandwidth required at the per video endpoint is:
• Cisco TelePresence System 500: between 1164 kbps and 4628 kbps for transmitting and between 1292 kbps and 4756 kbps for receiving.
• Cisco TelePresence System EX60/EX90/Edge and the Cisco TelePresence C20/C40: between 512kbps and 2560kbps.
• Jabber video requires between 128kbps to 720kbps.
Cisco TelePresence System EX60/EX90/Edge 95 and Cisco TelePresence C20/C40 Bandwidth Requirements
For the Cisco TelePresence System EX60/EX90/Edge 95 and Cisco TelePresence C20/C40, the minimum bandwidth required depends on the resolution (from 1080p to 448p) and the frames per second (fps).
Table 4-1 Cisco TelePresence System EX60/EX90/Edge95 MXP and Cisco TelePresence C20/C40 Minimum
Bandwidth Requirements in kbps
For the Cisco Extended Care application itself, Cisco recommends a minimum Committed Information Rate (CIR) of 128 kbps.
The rest of the bandwidth requirement is based on the video endpoint. See Table 1-1.
Cisco Extended Care / Jabber Video Bandwidth Requirements
To address environments where bandwidth is limited, the Jabber Video option combined with using the low resolution for the video requires the least total bandwidth. Jabber Video requires between 128kbps to 720kbps.
• If high video resolution is selected for streaming video, the total bandwidth for the Jabber Video, including overhead, is between 2034kbps and 2744kbps.
• If low video resolution is selected for streaming video, the total bandwidth for the Jabber Video, including overhead, is between 934kbps and 1644kbps.
30fps 1080p 720p 576p 448p
Bandwidth 2560 1152 768 512
60fps
Bandwidth NA 2240 1472 1152
4-2Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 4 Cisco Extended Care Bandwidth Requirements and Quality of Service Recommendations Bandwidth Requirements for a Cisco Extended Care Application Server
Bandwidth Requirements for a Cisco Extended Care Application Server
The bandwidth required for a Cisco Extended Care Application Server depends on whether point to point or multipoint is configured. The only significant traffic that flows through the Application Server (or more accurately, through the multipoint switch) is the video conferencing traffic in a multi-point configuration. Therefore, to estimate the bandwidth required at a Application Server, determine the maximum number of concurrent endpoints that will be in a multi-point appointment at any point in time, and add the bandwidth required for each endpoint using the values specified in Table 4-1, and then add 20% for encapsulation overhead.
Quality of ServiceA major benefit of the Cisco’s Extended Care solution is that real-time1, high-definition video and audio (Cisco TelePresence) can be transported over a converged IP network. The key enabling technology to accomplish this convergence is Quality of Service (QoS).
QoS technologies refer to the set of tools and techniques (such as queuing and prioritization) to manage network resources so that varying network traffic requirements are addressed. In particular, for real-time interactive traffic, such as Cisco TelePresence, latency, jitter, and loss are minimized. QoS technologies allow different types of traffic to intelligently contend for network resources. For example, voice and real-time video may be granted strict priority service, while some critical data applications may receive (non-priority) preferential services and some undesired applications may be assigned deferential levels of service. Therefore, QoS is a critical, intrinsic element for the successful network convergence of voice, video, and data.
The Cisco Extended Care solution incorporates a number of components. Several of these components generate a different type of traffic and hence have different QoS requirements. The traffic types include:
• Other Video Conferencing Systems: While less bandwidth intensive, other supported video conferencing endpoints still require adequate bandwidth and prioritization to assure that the end user experience is optimal.
• Video conferencing traffic flows through the application server if it is a multiparty call (in other words, if an MCU is involved.)
• HTTPS/HTTP data (patient data, questionnaires, historical wellness readings, messages, and application data to begin and end appointments and manage the flow of the Cisco Extended Care appointment). This traffic is typically encrypted and always goes to the Application Server. It is not significant from a bandwidth perspective. For simplicity, this data can be marked and queued with the multimedia streaming traffic or left unmarked and sent in the best effort queue.
• Jabber SDK to Jabber SDK: See Table 4-2.
1. Real-time, in this instance, refers to the traffic classification of Cisco TelePresence. The Cisco Extended Care Application Server software is not intended to perform real-time, active, or online patient monitoring, and does not transmit or display any real-time data that is intended to alert a physician of alarms or other conditions that require a physician's immediate action or response.
4-3Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 4 Cisco Extended Care Bandwidth Requirements and Quality of Service Recommendations QoS Best Design Practices for Cisco Extended Care
Table 4-2 Cisco Jabber SDK to Jabber SDK QoS Parameter Recommendations at 512 Kbps
QoS Best Design Practices for Cisco Extended CareWhen designing a network to support Cisco Extended Care, QoS best design practices should be employed wherever possible. These best practices include the following:
• Classification and marking policies should be implemented in Cisco Catalyst hardware as close to the source of the traffic as possible (e.g., on the access edge switch to which the Cisco Extended Care System is attached).
• Use Differentiated Services Code Point (DSCP) whenever possible. DSCP provides more granularity than IP Precedence.
• Always deploy QoS in hardware, rather than software, whenever a choice exists. QoS policies, like classification, marking/remarking, and/or policing can all be performed at line rates with zero Central Processing Unit (CPU) impact in Catalyst switches. Cisco IOS routers, on the other hand, perform QoS operations in software, resulting in a marginal CPU impact, the degree of which depends on the platform, the policies, the link speeds, and the traffic flows involved.
• Follow industry standards whenever possible, as this extends the effectiveness of your QoS policies beyond your direct administrative control. For example, if you mark a real-time application, such as VoIP, to the industry standard recommendation as defined in RFC 3246 (An Expedited Forwarding Per-Hop Behavior), it receives high priority servicing at every node within your enterprise network. The relevant standards are listed below in chronological order:
– Between Cisco’s QoS Baseline and RFC 4594 is the RFC 4594 recommendation to mark Call Signaling as CS5. Cisco plans to continue marking Call Signaling as CS3 until future business requirements arise that necessitate another marking migration. Therefore, for the remainder of this document, RFC 4594 marking values are used throughout, with the one exception of swapping Call-Signaling marking (to CS3) and Broadcast Video (to CS5). These marking values are summarized in Table 4-3.
Table 4-3 Cisco Marking Recommendations
Parameter Value
Latency <150ms
Jitter 0 ms (constant) and 0 ms of jitter
Packet loss 0%
Multiparty Mode (Mcu Call) Not Supported @ 512
Point To Point w/high BW Endpoint Good video takes approx. 2 minutes
Point To Point w/controlled BW - 256Kbps (option to set incoming/outgoing in 2nd Endpoint)
Good video takes approx. 50 seconds
4-4Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 4 Cisco Extended Care Bandwidth Requirements and Quality of Service Recommendations Marking Cisco Extended Care Traffic
Best Practices for Converged Networks
In addition to the above best practices, the following best practices apply to converged networks:
• Limit the amount of real-time voice and video traffic to 33% of the link capacity or else data may be starved out resulting in very slow and erratic performance of data applications.
• Reserve at least 25% of the link bandwidth for the default Best Effort data class.
• Utilize a 1% Scavenger or Low-Priority class to ensure that unruly applications do not dominate your default Best Effort data class.
• Use Weighted Random Early Detection (WRED) on all TCP flows, where ever possible, preferably DSCP-based WRED.
Marking Cisco Extended Care TrafficThe recommended marking for traffic is as follows:
• Cisco TelePresence System 500: Class Selector 4 (CS4)
Application L3 ClassificationPHB
L3 Classification DSCP
Application Examples
Network Control / Routing CS6 48 EIGRP, OSPF, HSRP, IKE
VoIP Telephony / Voice EF 46 Cisco IP Phone
Broadcast Video (RFC 4594 only)
CS3 by RFC 4594,
CS5 by Cisco
24 by RFC4594,
40 by Cisco
Cisco IPVS, Enterprise TV
Real-time Interactive CS4 32 Cisco TelePresence System 500
Multimedia Conferencing AF4 34 Cisco CUPC, WebEx, Interactive Video
Multimedia Streaming AF3 or CS4 26 Cisco DMS, IP/TV,
Call Signaling (same name used by both)
CS5 by RFC 4594,
CS3 by Cisco
40 by RFC4594,
24 by Cisco
SCCP, SIP, H323
Low-Latency Data / Transactional Data
AF21 18 ERP Apps, CRM Apps
Operations/Administration/Management (OAM) / Network Management
CS2 16 SNMP, SSH, Syslog
High-Throughput Data / Bulk Data
AF11 10 Email, FTP, Backups
Best Effort - same name used by both
DF 0 Default Class
Low-Priority Data / Scavenger
CS1 8 You Tube, Gaming, P2P
4-5Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 4 Cisco Extended Care Bandwidth Requirements and Quality of Service Recommendations Marking Cisco Extended Care Traffic
• Interactive video from all other video endpoints: DSCP AF41
4-6Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
OL-30842-01
C H A P T E R 5
Cisco Extended Care SecurityRevised: November 25, 2013, OL-30842-01
OverviewThis chapter discusses the security features in Cisco Extended Care. It is the responsibility of the enterprise to assure that any other required security measures are implemented (for example, securing data sent to a printer or protecting passwords.)
Patient Information PrecautionsCisco Extended Care may collect patient information during an appointment between a patient and a care provider over secure links.
Medical facilities using Cisco Extended Care should take proper precautions with patient information obtained in a Cisco Extended Careappointment, including the following:
• Securely handling any printed or transcribed information
• Securing the room in which the care provider is conducting the teleconference appointment when an appointment is in progress (in particular, if the Provider needs to leave the room briefly)
• Instructing the participants to exit the appointment session upon the conclusion of the appointment by selecting Exit.
Patient PrivacyThe CEC browser pages will have a login to enforce authentication. Cisco recommends also using passwords to lock/unlock the Endpoint Computers.
Anyone not a part of the same appointment as the Provider is unable to view the historical wellness readings. When the Provider leaves the appointment or logs off, the historical wellness readings are removed from the Provider’s Cisco Extended Care appointment window. However, the data (historical wellness readings, questionnaires, etc.) are available for future access once a provider or patient logs back into Extended Care.
5-1Cisco Extended Care 1.0 Solution Design Guide
Chapter 5 Cisco Extended Care Security Authentication / Access Control
If an appointment session is idle for a configurable number of minutes, the end users get a warning message. If there is no response to the warning message in 5 minutes1, the appointment is terminated and the user is logged out.
Authentication / Access ControlThe security policy for Cisco Extended Care should be determined prior to installation. As part of the install process, you will be asked how you want your end users to be authenticated and if you want the end users authenticated by Cisco Extended Care, how you want passwords, inactivity and lockout handled. This section covers the decisions you need to make prior to installation and in addition, discusses other security features of Cisco Extended Care.
Authentication OptionsCisco Extended Care allows members of he care team, such as a Provider, to be authenticated in one of three ways:
• External LDAP directory
• External directory that is part of an integrated third-party application like OpenEMR
• Directly with Cisco Extended Care
If required, you can configure your system to support both direct and external authentication. The alternatives are described below.
External LDAP-Authentication
Cisco Extended Care works with any LDAP directory that supports either anonymous or password-based authentication. It is supported over either unsecure (ldap) or secure (ldaps) connections.
Note that LDAP authentication can be used only for providers and not for patients.
There are a number of reasons to choose external LDAP authentication. By choosing to authenticate using an external LDAP directory:
• End users can use the same username for multiple applications.
• End users change their password once and the new password is then valid across all systems that interface to the LDAP server.
• Administrators can remove an end user from all systems at once.
• Administrators can reset a password and have it affect all systems at once.
• Site wide security policy and changes are automatically reflected in Cisco Extended Care.
External Third-Party Application Authentication
Third party applications can support the Cisco Extended Care connectors to enable them to be integrated with Cisco Extended Care. If a third-party application supports the Authentication Connector, then Cisco Extended Care can authenticate users against the directory in the third-party application.2
1. This is the default, but the value is configurable.
2. Third party applications must be validated by Cisco.
5-2Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 5 Cisco Extended Care Security Authentication / Access Control
Dedicated Cisco Extended Care Authentication
You can choose to have Cisco Extended Care authenticate end users if you do not have an external LDAP server, aren’t using an integrated third party applications or if you want Cisco Extended Care users to have a unique user name or password that works only with Cisco Extended Care (but note that there is no way to assure that the end user doesn’t use the same password in all cases).
Mixed Authentication
Mixed authentication can be useful if you want LDAP-authenticated users and Cisco Extended Care authenticated users. In this case, mixed authentication allows you to leverage external directories to authenticate most Cisco Extended Care users, but it also allows special user IDs to be created ad hoc for training purposes or perhaps for temporary employees. It also allows you to utilize the training and testing user names that ship with the product, regardless of how you want other users authenticated.
If you opt for mixed authentication, your site administrator can add users to be authenticated by Cisco Extended Care or enable users (who are authenticated using an external directory) to use Cisco Extended Care.
Cisco Extended Care Security PolicyAs part of the installation of Cisco Extended Care, you need to make certain decisions about the security policy you want to have enforced. That security policy primarily applies to Cisco Extended Care Authenticated Users, but has two additional parameters that apply to all users.
Security Policy Controls for Cisco Extended Care-Authenticated User Names
Access to the Cisco Extended Care software is controlled by passwords at both the Patient Endpoint and the Provider Endpoint.
All data (including username, password, patient data, readings, questionnaires, etc) that flow between the browser (both patient and provider endpoints) and the server are transmitted over an HTTPS connection. This uses a 256 bit key for encryption.
Extended Care has two ways of storing passwords based on their usage:
• All user (provider and patient) login passwords are stored after hashing using an MD5 algorithm. This is a one-way hash mechanism that does not require an encryption key.
• Passwords that are required for authenticating against external systems (like CUCM password, VCS password, etc.) are encrypted using a 128 bit key before storage.
The following security policies can be modified for end users that are authenticated by Cisco Extended Care (dedicated):
• Force a password change on the first login.
• Disable an account if the user does not log in for a certain number of days. The inactivity days can range from 1 to 730. (This does not apply to the site administrator id.)
• Have passwords expire after a certain number of days. The expiration days can range from 1 to 999.
• Require strong passwords. You can specify the minimum password length and the minimum number of character types. The length of strong passwords can be between 1 and 15 characters with a minimum of character types ranging from 1 to 4.
• Prevent password reuse. You can specify the number (1-20) of saved passwords.
5-3Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 5 Cisco Extended Care Security Transmission Security
Security Policy Controls for All Cisco Extended Care User Names
The following security policy affects all users (including externally authenticated users):
• Auto-log out a user for inactivity (pressing enter, clicking a mouse key, etc.) during a Cisco Extended Care session. The log out can be specified to occur after a specified period (between 1 and 999 minutes) of inactivity, after which a warning message is displayed. You can also specify the duration of time after the warning message and before the log out. It can be any integer between 1 and 60 minutes.
Other Authentication Security Features
Associating Endpoints to Access Cisco Extended Care
When adding users and selecting a Cisco Extended Care Endpoint, the Site Administrator selects Default Endpoint.
Enabling Users to Access Cisco Extended Care
A site administrator is responsible for configuring Cisco Extended Care end users to enable them to access the Cisco Extended Care software. Configuration varies dependent on how those end users are authenticated.
• End users authenticated by Cisco Extended Care must be added. The site administrator must specify a username, password and display name. In addition, the site administrator must check a box for each role that this end user will require. Roles include: Provider, Patient, Participant, Presenter, and Siteadmin. An end user can be configured with any combination of these roles.
• Externally authenticated end users are enabled to access Cisco Extended Care. In addition, these end users can be configured to support any combination of the five user profiles. The display name of externally authenticated end users is their LDAP common name.
Transmission SecurityIt is crucial that Electronic Protected Health Information (ePHI) be protected from unauthorized access. That means that any time health information is transmitted with an identifier (such as a patient's name), that information must be protected from unauthorized access. As part of the Cisco Extended Care Plan, Design and Implement phase, Cisco or its partners will review the customer’s security requirements and take these requirements into consideration in the design. It is imperative that the customer’s Security Office be involved in the design sign off. Their involvement and sign off will help ensure that the technology design integrates with the customer’s policies, procedures and workflow to allow the customer to protect ePHI. The customer and covered entity is ultimately responsible for protecting ePHI.
When ePHI traverses public networks, some form of encryption must be utilized. To provide security, HTTPS is the default for communication across all web services.
The following security measures are implemented to secure data in transit:
• HTTPS channel
• Auto redirect from HTTP to HTTPS
• Cisco Extended Care Portal Server accessible with SSL encryption only
• Secure Web services for registration and authentication
5-4Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 5 Cisco Extended Care Security Network Security
Network SecurityThe Cisco network has inherent security features that provide additional security. These include:
• VPN Security
• Endpoint Encryption
• CTMS Encryption
• Dedicated Overlay
• Firewall Access
As part of the Cisco Extended Care Plan, Design and Implement phase, Cisco or its partners will utilize one or more of these capabilities to implement the security requirements defined by the customer's security officer.
Using Firewalls in Converged NetworksA firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices which is configured to permit or deny computer applications based upon a set of rules and other criteria. By controlling access to Cisco Extended Care servers, a firewall can prevent malicious or unauthorized network connections from being initiated to critical servers, which could impact performance or availability. By inspecting the connections to ensure that they meet the access control policy and that the connection conforms to expected behavior, firewalls provide a first line of defense for a secure deployment.
To enable firewalls and allow Cisco Extended Care to function properly, you may need to know the ports and protocols used by Cisco Extended Care. Table 5-1 shows the ports and protocols used by various components of Cisco Extended Care. If using a video endpoint other than the CTS-500, verify that the correct ports are opened.
Also, to efficiently manage certain tasks, you may want to provide access between Cisco Extended Care servers and outside resources. For example, you may want to enable Cisco support to remotely access an Cisco Extended Care Endpoint Computer. You may need remote printing or access to LDAP directories or Electronic Medical Records systems.
Cisco Extended Care and Cisco TelePresence TCP and UDP portsThe Cisco Extended Care solution uses the ports described in Table 5-1.
Table 5-1 Ports used by Cisco Extended Care 3
Product Protocol Transport Ports
Cisco Extended Care Application Server
HTTP/HTTPS TCP
UDP
22 - SSH / TCP
443 - HTTPS / TCP
161 - SNMP / UDP
5-5Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 5 Cisco Extended Care Security Using Firewalls in Converged Networks
Ports and Protocols Required for Third-Party ApplicationsIf the installation has integrated any HL7 based EMR, the communication between Extended Care Application Server and the EMR / integration engine happens over MLLP (Minimal Lower Layer Protocol). The port for transport needs to be finalized during deployment. Cisco Extended Care supports the following versions: 2.1, 2.2, 2.3, 2.3.1, 2.4, 2.5, 2.5.1, and 2.6.
3. You may need to enable additional ports for your specific video endpoints, for EMR, for LDAP, or for a networked printer. This should be determined as part of the Planning phase.
CUCM JTAPI UDP/TCP 2748, 8443 - HTTPS / TCP; the app server calls the CUCM on port 8443
Hosted Cisco TelePresence Exchange System
SOAP/HTTP 8080
Product Protocol Transport Ports
5-6Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
OL-30842-01
C H A P T E R 6
Cisco Services for Cisco Extended CareRevised: November 25, 2013, OL-30842-01
IntroductionCisco offers a full lifecycle of professional services from planning and installation to optimization and support.
Installations and ConfigurationsThe Cisco Extended Care Plan, Design, and Implement (PDI) Services team assesses the existing network and physical environments, develops an implementation-ready design based on the organization’s unique requirements, and works with internal IT staff throughout implementation, testing, and end-user training.
The PDI Services team performs the following tasks:
• Project management: When an enterprise is ready to begin the plan phase of deployment, the team or an authorized Cisco partner delivers a comprehensive project schedule for the implementation and provides a single point of contact for all issues relating to the solution.
• Requirements validation: The team performs a detailed requirements validation to assess the customer's business and technical requirements and verify that the deployment will meet expectations.
• Network path assessment: If relevant, the team examines the customer’s network and the links between sites to identify the optimal path and network requirements for the solution.
• Detailed design development: The team creates a detailed design for the entire solution, including recommendations for network components (e.g., switches and routers), network configuration recommendations (e.g., security and QoS), call control and collaboration network infrastructure components, link speeds and other related components that affect the efficiency and effectiveness of the Cisco Extended Care solution.
• Network implementation plan: The team prepares an implementation plan with all configuration details including IP addresses, call control and collaboration network infrastructure components configuration parameters, user IDs, and passwords. The implementation plan is then used to configure the Cisco Extended Care components.
6-1Cisco Extended Care 1.0 Solution Design Guide
Chapter 6 Cisco Services for Cisco Extended Care Introduction
• Verification Testing: Once Extended Care is installed and configured, the team performs verification testing that includes test cases for a provider and a patient site to validate readiness of the installation for live production.
• Administrative knowledge transfer: The team trains the system administrators, support staff, and end users on how to use the Cisco Extended Care technology.
Additional ServicesIn addition to the PDI Services described above, other service offerings available to customers of Cisco Extended Care 1.0 are:
• Cisco Extended Care Workshop
• Cisco Extended Care Custom Application Support
• Cisco SMARTnet
Cisco Extended Care Workshop
This workshop identifies the cost savings, productivity enhancement, and business transformation opportunities enabled by the solution. The workshop is a collaborative exercise between Cisco and the customer. The solutions as well as related quantifications are developed and validated with the customer before being finalized. Using a systematic process, a detailed quantification of the business benefits is produced including the impact on productivity, impact on business transformation, and the savings potential of tele-health.
Cisco Extended Care Custom Application Support (CAS)
CAS is a support service for the Cisco Extended Care software. CAS is a Cisco Advanced Service offering that should be ordered for every Cisco Extended Care Endpoint and renewed annually as long as the endpoints are in use. CAS includes the following support services:
• Application support: Provides timely fixes to issues found in the Cisco Extended Care code and ongoing software upgrades for minor releases of Cisco Extended Care. It also enables the customer to use a single point of contact to address any issues with any of the solution’s components.
• Configuration management: Maintains an inventory of the Cisco Extended Care solution components and update the solution configuration as needed with a qualified support team.
• Change management: Manages network resiliency by assuring changes are made in a manner that maximizes availability and performance while minimizing the impact on normal business processes.
• Incident management: Manages Tier-2 escalated incidents and problems to resolution and closure on Cisco Extended Care components.
Cisco SMARTnet
SMARTnet is a support service for components of Cisco Extended Care 1.0 and other Cisco solutions and products. This service complements Cisco Extended Care Custom Application Support. SMARTnet provides dedicated, system-level support and maintenance and global 24-hour-day, 365-day-a-year access to highly skilled engineers. SMARTnet includes advance hardware replacement options with the option of onsite installation, providing enterprises with parts delivery and replacement by the next business day or within four hours on the same business day. The service also includes ongoing operating system and sytsem software updates, which strengthen the reliability, functionality, and stability of the
6-2Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 6 Cisco Services for Cisco Extended Care Introduction
Cisco Extended Care 1.0. In addition, companies gain registered access to an array of online support and information systems. These include interactive consulting tools, a comprehensive database, and knowledge transfer resources available through Cisco.com.
This set of Cisco technical tools and product information increases the self-sufficiency and unified communications expertise of internal IT staff. SMARTnet should be ordered and renewed annually to ensure high availability of the solution.
In addition to the Day 2 support service offerings discussed above, customers have the option of the following two Day 2 support models:
• Partner Delivered Day 2 Support Model:
Day 2 Support for the Cisco Extended Care solution is offered by authorized Cisco partners to their customers. These authorized Cisco partners provide support for the Cisco Extended Care solution, track issues, perform Level 1 Initial Triage and Level 2 Video Support, and escalate customer complaints directly to Cisco.
• Customer Managed Day 2 Support Model:
Day 2 support can be managed by Cisco customers if they wish. The customer provides Tier 1 (initial triage and troubleshooting) support and escalates issues to Cisco using SMARTnet and CAS contracts for entitlement. In this model, Cisco provides Tier 2 support for customer-escalated Cisco Extended Care solution issues and Cisco product issues.
For an overview of the Support Call Flow, see Figure 6-1.
Figure 6-1 Cisco Extended Care Customer Managed or Partner Delivered Support Call Flow -
6-3Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
Chapter 6 Cisco Services for Cisco Extended Care For More Information
For More InformationFor more information about Cisco Services for Cisco Extended Care or for other Cisco products and solutions, contact your Cisco service account manager or send an email to [email protected]
Note For the latest Cisco Service descriptions, see http://www.cisco.com/web/about/doing_business/legal/service_descriptions/index.html.
6-4Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
CisOL-30842-01
A
P P E N D I X A Software CompatibilityRevised: November 25, 2013, OL-30842-01
Browser CompatibilityTable A-1 lists the browsers and their level of support in Cisco Extended Care. Fully supported means the relevant components have been completely tested on these browsers and are certified to work. Compatible means the relevant browser components have been functionally tested on these browsers at a high level but exhaustive testing has not been done.
Table A-1 Browser Compatibility by Operating System and User Type
Platform Browser Name Browser Version Support Level
Patient
Windows 7 Internet Explorer 8 Fully Supported
Internet Explorer 9 Fully Supported
Chrome 26 Fully Supported
Firefox 23.0.1 Fully Supported
Windows 8 Internet Explorer 10 Fully Supported
Chrome 26 Fully Supported
Mac OS 10.8.4 Safari 6.0.3 Fully Supported
Chrome 26 Compatible
iPad iOS 6.1.3 Safari 6.0.3 Fully Supported
Chrome 26 Not Supported
Provider
Windows 7 Internet Explorer 8 Fully Supported
Internet Explorer 9 Fully Supported
Chrome 26 Fully Supported
Firefox 23.0.1 Fully Supported
Windows 8 Internet Explorer 10 Fully Supported
Mac OS 10.8.4 Safari 6.0.3 Fully Supported
A-1co Extended Care 1.0 Solution Design Guide
Appendix A Software Compatibility Browser Compatibility
iPad iOS 6.1.3 Safari 6.0.3 Fully Supported
Chrome 26 Not Supported
Administrator
Windows 7 Internet Explorer 8 Fully Supported
Internet Explorer 9 Fully Supported
Firefox 23.0.1 Fully Supported
Platform Browser Name Browser Version Support Level
A-2Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
OL-30842-01
G L O S S A R Y
Revised: November 25, 2013, OL-30842-01
A
API An application programming interface (API) specifies how some software components should interact with each other.
B
Browser A computer application that connects your computer with the Internet. Refer to Appendix A, “Browser Compatibility” for a list of browsers tested for Cisco Extended Care.
C
Cisco Extended Care Cisco Extended Care is a personal health and wellness collaboration platform, enabling patient engagement and care team interactions at any time and from anywhere.
Conference A Telepresence conference using Cisco Extended Care.
Consult An appointment option that allows you to include more than one Provider in an appointment. If your Cisco Extended Care installation is configured to support consult calls, the Provider chooses whether the call is going to be a two-party call (a point-to-point call) or a consult call (a bridge call).
E
EMR Electronic Medical Records. If your system includes the necessary software and is configured to enable an EMR interface, then you can save data from the appointment to EMR.
H
Hosted A software delivery model in which the Cisco Extended Care solution and associated client data reside in a central location managed by a hosting service, and are accessed by clients using a web browser.
GL-1Cisco Extended Care 1.0 Site Administration Guide
Glossary
P
Provider The care provider who provides medical evaluations from a remote site.
Provider Group A collection of Providers who can be requested to accept a Cisco Extended Care appointment with a single click. A facility can configure any number of Provider Groups.
Provider Station The place where the Provider sits during the Cisco Extended Care appointment.
S
Site Admin Site Administrator. The person who maintains user accounts on the Cisco Extended Care solution.
T
Telepresence TelePresence is a technology that combines visual, audio, and interactive technologies to create an in person experience.
U
URL Uniform Resource Locator. An address on the World Wide Web. When you click a URL, your web page is redirected to that location.
User Role Your User Role determines which screens you see, and which functions you can perform. User Accounts are configured so that users with a particular role (or roles) see only the windows and options appropriate to that job description. Any given user can have from one to five roles within one User Account. The Site Administrator configures the User Accounts.
GL-2Cisco Extended Care 1.0 Site Administration Guide
OL-30842-01