cisco medical grade network campus architectures · the cisco medical-grade network is an optimized...

Michal Remper, CCIE#8151

Account Manager – Public, [email protected]

Cisco Medical Grade NetworkCampus Architectures

© 2011 Cisco Systems, Inc. All rights reserved.MGN 2.0 2

What Is the Cisco Medical-Grade Network?

The Cisco Medical-Grade Network is an optimized architecture for the healthcare industry based on Cisco’s best practices for security, campus, data center, remote office, and wireless networks

The Cisco MGN 2.0—campus architecture:•Industry-specific framework following a set of proven best practices

•Provides a mapping of clinical and business needs to technology solutions

•Optimizes interactions between processes, applications, and technical architecture components

•Facilitates business and clinical communications throughout the continuum of care

•Enhances collaboration across the technology partner ecosystem


Cisco’s Medical-Grade Network Framework for Healthcare

Data Center

Enabled by Borderless Networks

Enable patients

and guests to stay

connected through secure

connectivity

Enable an interoperable

healthcare ecosystem

through a flexible and

scalable network framework

Allow nurses and doctors

to administer patient care

from anyplace, anytime

through secure wireless

capabilities

Meet government

and industry mandates

through a regulatory

compliant architecture

(ex: PCI)

Bring connectivity

to the hospital's

infrastructure through

automated biomed

devices


Cisco Medical-Grade Network Goals

Protected

Protection for any patient data on rest and in transit

Compliant with regulatory requirements

Posture for each device with ePHI access

Interactive

Ability of care providers and vendors to interact with net seamlessly

Wireless, VPNextends net into BN

Integrates data, voice, video and

imaging

Responsive

Network adapts to change and business/clinical needs

Has ability to incorporate new technologies

Resilient

Fault-tolerant and capable of business continuity

No single point of failure

Rapid convergence

Cisco Medical-Grade Network 2.0


Biomedical Devices Considerations in Campus

Requirements

Unique Layer 2 and Layer 3 requirements

Many vendors require separate parallel Layer 2 VLANs

Layer 3 and multicast functionality may be limited

Traffic Flows VaryPatient monitors: Small (300 byte), but frequent (4x/sec) broadcasts, multicasts or unicast(vendor-specific)

IV pumps: Formulary and firmware updates are usually small and not a daily occurrence

Biomedical devices often communicate back to central monitoring station

SLA Requirements

Prevent < 50ms jitter

Maintain < 20msconnectivity loss from patient monitor to central station

Path Isolation may be required

Patient MonitorsProvides real time

monitoring of vital signs

(blood pressure, oximetry

etc) on continuous basis.

May connect to central

station

Infusion (IV) Pumps Administers medication to

patients and requires

formulary and drug library

updates on an intermittent

basis.

Patient

Monitors

IV

Pumps

Portable Radiology

DevicesConnects to the RIS and

PACS system.

Radiology

Devices

http://images.google.com/imgres?imgurl=http://www.equipstat.com/catalog/images/Patient-Monitor-GT9003-.jpg&imgrefurl=http://www.equipstat.com/catalog/index.php?cPath=0_17&h=360&w=360&sz=46&hl=en&start=3&um=1&tbnid=D0v_kNgN3M71GM:&tbnh=121&tbnw=121&prev=/images?q=patient+monitor&um=1&hl=en

http://images.google.com/imgres?imgurl=http://www.siemensmedical.com/siemens/en_US/rg_marcom_FBAs/images/press_room_images/2003/042.03acusonsequoia.jpg&imgrefurl=http://www.medical.siemens.com/webapp/wcs/stores/servlet/SMContentSelect?storeId=10001&langId=-1&catalogId=-1&catTree=100011,18301,13839&relatedCatId=17722&selectView=PressReleaseListView&selectName=year&refererView=CategoryDisplay&categoryId=17722&year=2003&usg=__o9k0dpBS8vK42_u7OI9r9vGrJ-I=&h=1679&w=1500&sz=210&hl=en&start=7&tbnid=WYAA5WYOQlt8MM:&tbnh=150&tbnw=134&prev=/images?q=siemens+Ultrasound&gbv=2&hl=en


Biomedical DevicesWireless considerations

Wireless Challenges

Special RF RequirementsVendor specificic requirements for 802.11 a/b/g/n usage

Dedicated SSIDs interference elimination recommendations, etc.

Varying Authentication/Encryption Methods

WEP, WPA, WPA2

802.1x not common on today's biomedical devices

Unique Layer 2 (L2) and Layer 3 (L3) requirements

Many vendors require separate parallel Layer 2 VLANs


A 1:1 SSID/VLAN mapping generally required or recommended

Traffic Flows VaryPatient monitors: small (300 byte), but frequent (4x/sec) broadcasts, multicasts or unicast (vendor-specific)

IV pumps: formulary and firmware updates are usually small and not a daily occurrence

Biomedical devices often communicate back to central monitoring station

Portable radiology devices store studies on the PACS while the device is in use at the point of care

Patient MonitorsProvides real time

monitoring of vital signs

(blood pressure, oximetry

etc) on continuous basis.

Infusion (IV) Pumps Administers medication to

patients and requires

formulary and drug library

updates on an intermittent

basis.

Patient

Monitors

IV

Pumps

Portable Radiology

DevicesProvide wireless connectivity

to the RIS and PACS system.

Eliminate delays in storing

studies acquired at point

of care.

Radiology

Devices


Patient Monitor Wireless Guidelines

RF Requirements

1:1 SSID/VLAN mapping

25 dB min SNR co-channel separation

Authentication and Encryption

Utilize WPA or WPA2

Unique Layer 2 and Layer 3 requirements

Dedicate separate VLAN for each patient monitor vendor type


SLA Requirements

Prevent <50ms jitter

Maintain <20ms connectivity loss from patient monitor to central station, QoS !!!

SiSi

Portable

Ultrasound

SSID Vendor A

VLAN10

SSID Vendor B

VLAN30

VLAN10

VLAN30

Vendor A

Vendor B

Central Station

Central

Station

SiSi


Mobile Units Desktop Video

Stationary Care

Patient comes to

the clinic

SmartPhones

Wireless Tablets

Mobility

Mobile Devices

What’s Available and on the Horizon

Tandberg

Carts

Mobile Care

Care comes to

the patient

Desktop care

Low cost

Low-bandwidth

http://onetandberg/C1/Tactical/Image Library/Forms/DispForm.aspx?ID=5

http://onetandberg/C4/C9/Clinical Presence System/Clinical Presence System Images/CPS with storage modules open front.jpg


Clinical Systems

Wireless Challenges

Legacy applications intolerant of connectivity loss due to signal or roaming issues

If designed for LAN and not tuned for WAN/VPN/WLAN some applications may fail to respond or recover

Wide range of implementations/ requirements

Even within a single vendors product line bandwidth, security, chattiness, delay tolerance may vary

Patient privacy

Protected Health Information (PHI) will be in the data transmitted across the network

Access security and encryption must be used end-to end

Varied Wireless Client RF Characteristics

Wireless clients of different models or vendors may have significantly different roaming or receiver sensitivities

Smart

phones/

PDAs

Computers on Wheels

(CoWs)Carts built specifically for

the healthcare market with

on board computers that run

clinical applications

General Purpose

Computing DevicesGeneral purpose tablets,

laptops, and computers with

clinical applications loaded

Smartphones/PDAsSmartphones or PDAs

(typically owned by the

clinician) used to access

clinical applications

CoWs

General

Computing

Devices


Healthcare Requirements in Campus

Medical Grade Network

Highly availability (fast recovery and convergence)

Path isolation

Flexible L2 and/or L3 to access

Network access controland Identity based

Clinical Devices and Systems

Mission critical

Jitter/latency demands

HIPAA and privacy

Wired and wirelessconsiderations

Biomedical Devices

Mission critical

Some layer 2 adjacencydemands, L3 considerations

Central station connectivityrequirements

Endpoint security

Highly availability (fast recovery and convergence)

Protection of ePHI andclinical systems

Compute/storage/virtualization within Data Center

Clinical App Requirement Medical Grade Network

complete



High throughput

High availability

Compute/storage/virtualization within Data Center

Regulatory and Security

HIPAA/joint commission

Payment card industry

Local country regulatory (EC 95/46)

IEC-80001

Fulfilling meaningful use requirements

PACS and Modalities

Large image transfer

Storage demands

Quick access/retrieval

Geographically remote modalities

Intrusion prevention and patch management

Device identity and access control

HiTRUST

Cisco security intelligence operations


complete



Internet access and logical segmentation

Network admission control

Posture assessment

Acceptable use policy

Voice/Video/Collaboration

Emerging trends

Medical device integration

Cisco Healthcare solutions

HMI collaboration,Nurse Connect

Biomed NAC,Health Presence etc

Guest Services

Wireless

Network access control

Acceptable use policy

Visiting physician access

Quality of service

Network responsiveness

Network interactivity

Modular design


complete


Cisco Medical-Grade NetworkOverall Campus Architecture

Remote Clinician

CoreDistribution Data CenterAccess

Remote Ambulatory CareWAN Edge

An Optimized

Network

Architecture for

the Healthcare

Industry

NAM

Intrusion

Prevention

System

Network

Analysis Module NAC

Server

Wireless LAN

Controller(s)

North Access 1

North Access 2

South Access 1

South Access 2

Nx 10G

SiSi

SiSi

SiSi

SiSi

SiSi

Access

Private

WAN

SiSi

Public

WAN

VP

N

Tu

nn

el

Distribution

Core

SiSi

SiSi

802.11n

AP

802.11n

AP

Clinical

Workstation

CT / MR

CoW

Point of Sale Device

Acute Care Campus Environment

http://images.google.com/imgres?imgurl=http://www.dqtech.co.za/test/tech/device-workstation-lg.jpg&imgrefurl=http://www.dqtech.co.za/test/dqtech.php?tech=products&selection=21&usg=__6qWuMdZIEUNffN7YmDjqRtUYmVI=&h=252&w=280&sz=16&hl=en&start=1&tbnid=8saTn5M8Sni5HM:&tbnh=103&tbnw=114&prev=/images?q=point+of+sale+device&gbv=2&hl=en&sa=G



Hierarchal designs

No single pointsof failure

Utilize in boxredundancy

Optimize convergence

Best practices mustadapt to unique healthcare requirements

R&S enables such interconnection

Legacy Apps and devices result in suboptimal, overlay design, often dedicated networks

Cisco Campus Architecture in Healthcare

SiSi

NAM

Intrusion Prevention

System

Network

Analysis ModuleNAC Server

Wireless LAN

Controller(s)

North Access 1

North Access 2

South Access 1

South Access 2

802.11n AP

802.11n AP

Portable

UltrasoundSmart Infusion

Pump

Clinical

Workstation

CT / MR

CoW

Medication

Administration Cart

RFID

TAG

7925G

Point of

Sale Device

Patient

Monitor

TelePresence

Nx 10G

Access

Distribution

Core

SiSi

SiSi

SiSi

SiSi

SiSi

SiSi SiSi

complete



ACS WCSMSENAC

Wireless

Management

PC—Browser

Based

Third-Party

Integration to RTLS

(Nurse Call, BioMed,

EMR)

MGN 2.0

CampusCisco Catalyst

6500 Wireless

Services Module

(WiSM)

Wireless LAN

Controller (WLC)

Cisco Catalyst®

3750G Integrated

Wireless LAN

Controller

Cisco ISR

Wireless LAN

Controller Module

SSC

MGN 2.0 Wireless Architecture

Voice and QoS

Enabled L3 Access

Switches


Cisco MGN 2.0 Campus Design

Access

Distribution

Distribution

Access

Core

WAN

SiSi SiSi SiSi SiSi

Layer 3

stackable switches

VSS

Access

VSS

Distribution

VSS/Hybrid Core

SiSi SiSi

SiSi SiSi

WAN

Data Center 10Gbps Nexus

complete


MGN High Availability Campus Design

Eliminate all singlepoints of failure

Implement hierarchicaldesigns

Utilize redundant chassisor smart stackable switches

Redundant switchingand power fabrics

In the box and network redundant services

Utilized IGP protocols thatquickly detect faults andprovide sub-second failover

SiSi SiSi SiSi SiSi SiSi SiSi

SiSi SiSi SiSi SiSi SiSi SiSi

WAN Internet

SiSi SiSi

Data Center

Redundant

Links

Redundant

Switches

Layer 3 Equal

Cost Link’s

Layer 2 or

Layer 3

Redundant

Supervisor

complete


Supervisor Redundancy Is Provided by Stateful Switch Over (SSO)

Active/Standby supervisors run in synchronized mode

Depending on platform, line card and protocol this incurs from 0 to 3 seconds of outage

Switch processors synchronize Layer 2 and Layer2 / Layer 3 FIB, QoS and ACL tables

Line cards with DFC are populated with Layer 2 / Layer 3 routing information and ACL tables

Line card protocol status is maintained during failover reducing impact and improving clinical access


Healthcare Campus Challenges

Remember old days of flexibility, add/move and mobility promise?

Spanning VLAN solved that and created some more problems of

Stability

Response times

Inefficient use of resources

Managing end host behavior

Age Old Problem

Historically —A Compromise

L2

SiSi SiSi

VLAN 10 VLAN 10 VLAN 10

Core


Looped TopologyAll VLANs spans All Access-switches

Core

SiSi SiSi


L3


Loop Free TopologyVLAN = Subnet = Closet

Do not span VLANs.

No Loops no underlying threat to the

network

Solution gave up critical need of not able to

span VLANs.

However, in many healthcare deployments,

clinical and biomedical devices requires

vendor dedicated VLANs


Virtual Switching System consists of two Cisco Catalyst 6500 Series defined as members of the same virtual switch domain

Single control plane with dual active forwarding planes

Design to increase forwarding capacity while increasing availability by eliminating STP loops – a loop-free topology

Reduced operational complexity by simplifying configuration

VSS —Single Logical Switch=Switch 1 + Switch 2

Virtual Switch Domain

Virtual Switch Link

SiSi SiSi

Virtual SwitchVirtual Switching System 1440 (VSS)


Virtual Switching

Solving the same olddesign problem and yet not loose the benefits of stability and mobility

Virtual Switching allows elimination of loops in the network, while allowing for spanning of VLANs VLAN 10 VLAN 10 VLAN 10

Core


VSS Enabled Loop Free Topology

VLANs spans Access-switches


VSS Enabled Healthcare Campus Design End-to-End VSS Design Option

SiSi SiSi

SiSi SiSi

SiSi SiSi

RR

R

R RR

STP-based Redundant Topology R = STP Blocked Link

Fully Redundant

Virtual Switch Topology

complete


Three Options for Multi-Chassis EtherChannelDesigns to Remove Spanning Tree

Virtual Port Channel

Separate control plane

Separate management plane with VPC state synchronization (CFS)

Redundant supervisors per chassis with hitless SSO

Manual port sync config (DataCenterNetworkMgr)

Local SVI HSRP/PIM forwarding enhancements to act as active-active pair

Virtual Switching System

Single control plane

Single management plane

Single supervisor per chassis

Automatic port config sync (single control plane)

Single L3 domain (single SVI) no need for FHRP

SW2SW1

VPC peer-link

VPC FT-Link

Stackwise+

Single control plane controlled by Master Switch

Master switch controls etherchannel

Redundant master switches per stack

Automatic port configsync (single control plane)

Stack appears as a single router, no need for FHRP


Campus Design Option: VSS

Key Benefits to Healthcare Providers

Eliminates complexity of Spanning Tree Protocol and prevents potential for loops in network.

Faster failover by eliminating need for gateway redundancy protocols (HSRP, VRRP, GLBP)

Simplified network management (less links/configuration, fewer operational points)

Conserves bandwidth (no unicast flooding, MEC optimizes number of hops


Environmental Considerations

Cooling Examine BTU

generation compared to HVAC systems

Redundant HVAC chillers on separate power

Consider rRack design for front to back vs side to side airflow

Monitoring Use 802.11 based

thermal & humidity monitoring

Implement smart building technologies (Cisco Connected Real Estate) for power and cooling monitoring

Track battery health for localized UPS devices

Utilize under floor water detectors

Physical Security

Monitor and maintain access to IT infrastructure

Log access to key distribution areas

Utilize video surveillance

Take precautions to prevent unauthorized access and prevent data loss

Power Separate grid based

power feeds

Building based Backup Generator Power

Localized UPS Power especially for PoEdeployments

Redundant Power Supplies

Cisco Medical-Grade Network 2.0


Convergence of Biomedical and General Purpose IT Networks

In the past – biomedical devices lived on dedicated networks/frequencies, no IT connection

Biomedical devices very expensive – no HA

Vendors touch IT networks – adoption IP and Eth

Due to the regulatory and vendor restrictions – results in unpatched OS running critical apps

Biomedical devices very fast populate IT networks – Network Virtualization and Path Isolation Requirements in Healthcare Networks !!!


Biomedical Devices Path Isolation Options

Generic Routing Encapsulation (GRE) Tunneling

Create Closed User Groups

Virtual Routing and Forwarding (VRF-lite)

Lightweight

Single routing device

Multiprotocol Label Switching (MPLS)

Cisco Catalyst 6500

Overlay Transport Virtualization (OTV)

Emerging Technology in Data Center

SSID Vendor A

VLAN10

SSID Vendor B

VLAN30

VLAN10

VLAN30

Vendor B

Central Station

Central

Station

Campus

Network

For More Information: http://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html

SiSi

SiSi

Path Isolation

Options

complete

http://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html


Functional Elements in Virtualized Campus Networks


IEC 80001: Application of risk management for IT-networks incorporating medical devices

IEC-80001 is a voluntary international standard, dealing with risk management of IT networks incorporating medical devices

Provides framework for the ―Application of risk management for General purpose IT-networks incorporating medical devices‖

Three ―Key Properties‖—Safety, Effectiveness, Data and System Security

Four supplementary documents or Technical Reports (TR’s) in development:

Wireless Guidance

Healthcare Delivery Organization (HDO) Step-by-Step guide

Security Guidance

HDO Implementation Guidance

Medical IT-Network

Planning and

Operation

Biomedical

Devices

IT Infrastructure

Vendor

Biomedical Device

Vendor

Responsible Organization

(HDO)

IEC-80001-1


QoS in Healthcare Convergence of medical systems onto a common network with ubiquitous

access to info rises the potential network congestion and app failure

Clinical Apps

Medical Devices

PACS

Voice

Video and Collaboration

Network Control Protocols

Device Control Protocols

Guest Services

Standard IT Traffic

QoS necessary … !!!


Medical Grade NetworkQoS Classifications

Application ClassPer-Hop

BehaviorQueuing and Dropping Medical Applications

Network Control CS6 BW Queue

VoIP Telephony EF Priority Queue (PQ) Constant Bit Rate Biomed Feeds

Broadcast Video CS5 (Optional) PQ

Realtime Interactive CS4 (Optional) PQ Cisco Healthcare, Telepresence

Multimedia Confrencing AF4 BW Queue + DSCP WREDCisco Unified Personal

Communicator

Multimedia Streaming AF3 BW Queue + DSCP WRED *Biomedical Telemetry Steaming

Call-Signaling CS3 BW Queue

Ops/Admin/Mgmt (OAM) CS2 BW Queue

Transactional Data AF2 BW Queue + DSCP WRED*Biomedical Devices, Critical

Apps, WebEx

Bulk Data AF1 BW Queue + DSCP WRED PACS, Large File Apps

Best Effort DF Default Queue + REDBack Office, Archiving, Patient

Records

Scavenger CS1 Min BW Queue (Deferential) Guest Traffic


For More Information: http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html

QoS Boundaries

Summary of trust, marking, policing and queuing boundaries

Correct Trust and Markings at Access

Interswitch links in Campus will trust DSCP markings

Perform Policing and Queuing where appropriate Conditionally

Trusted Endpoints

Trusted

Endpoints

Conditionally-Trusted Endpoint Port QoS:

Conditional-Trust with Trust-DSCP

[Optional Ingress Marking/ Policing]

1P3QyT Queuing

Switch-to-Switch/Router Port QoS:

Trust DSCP

1P3QyT or 1P7QyT Queuing

Untrusted Endpoint Port QoS:

No Trust


1P3QyT Queuing

Trusted Endpoint Port QoS:

Trust-DSCP


1P3QyT Queuing

Access Distribution CoreUntrusted

Endpoints

complete

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html


Campus Voice and Collaboration Considerations

In Order to Provide Optimal Patient Care, Collaboration Among Caregivers is Essential

Due to the Critical Nature of the Collaboration both the Campus Infrastructure and the Collaboration Systems Must be Constantly Available

The Diversity of Caregivers Requires that a Wide Range of both Wired and Wireless Endpoints Must Be Supported

ChallengesThe Connected Health Community


For More Information: http://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html

Campus Voice and Collaboration Considerations Power over Ethernet

Switches

End Points

Voice over WLAN

VoWLAN QoS

Multicast

Unified Communication

UC Manager Resiliency

Security

Session Manager Edition

SRST

PoE Devices

IP Phone Portfolio

complete

http://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html


Voice over Wireless LAN

Wireless Challenges

Tighter Specifications than Data Wireless

More overlap required

Site survey essential

Pervasive Coverage

Including: Elevators, stairways, building walkways, campus grounds, parking garages

Fast Roaming

Poor roaming performance may drop or impair active voice calls

Quality of Service

Call quality impacted by jitter, delay, and signal quality

Multimode

Phones

Wireless IP

Phones

Laptops

with Voice

Clients

Wireless IP Phones802.11a/b/g/n phones for

mobile communications and

integrated applications

Multimode PhonesCellular phones with

802.11a/b/g/n capabilities.

Typically smart phones that

are capable of data

applications

Laptops/PDAs with Voice

ClientsThese are primarily data

devices with an application

giving them voice call

functionality. Applications run

from Cisco Unified Personal

Communicator to Skype or

Fring


Voice over Wireless LAN

Security Recommendations

Authentication—EAP-FAST

Key Management—WPA

Encryption—TKIP

Fast Roaming Protocol—CCKM

AP PlacementAP Cell Boundary at -67dBm

AP Cell Overlap of 20%

Channel Separation of 19dB (CCA)


Guest Services—Wireless Architecture

Wireless Guest

Services

Provides patients and guests with wireless access to specific hospital ―walled garden‖ resources or Internet

Supports Login, Anonymous, and Acceptable Use Policy acceptance

Can be provided by the hospital utilizing hospital’s Internet resources, or outsourced to a third-party wireless guest service provider utilizing existing WLAN infrastructure

Corporate Servers

DHCP

WCS

Internet Anchor ControllersDNS WEB

Campus

Controllers/Foreign

WLC

EoIP Tunnels

EoIP Tunnels

LWAPP

Guest User Login Page

Acceptable Use Policy

http://images.google.com/imgres?imgurl=http://www.phaster.com/golden_hill_free_web/free_wi_fi_spot.gif&imgrefurl=http://www.priestleyforsyth.org/&usg=__BcwbX13yHfSHI62u5L9bkysdhfk=&h=350&w=600&sz=7&hl=en&start=1&um=1&tbnid=8P20P4K8QdaGqM:&tbnh=79&tbnw=135&prev=/images?q=Wifi+Hot+Spot&hl=en&sa=N&um=1


Normal Change Process Flow

Authentication and Access Control

Who, when, where and how a group of individuals is allowed to use MGNservices

Cisco’s Network Access Control and BioMedical NAC

Integration:

• Physical access control

• IP video surveillance

• Door lock controllers

• Badge or biomedical readers

• Alarm controllers

Smart+Connected Control System

cisco medical grade network campus architectures · the cisco medical-grade network is an optimized...

Documents