A Leading
Private Health Hospital
The hospital, owned and operated by a private health and care specialist, offers a range of world-class healthcare services, including fundamental outpatient services, complex multi-disciplinary care, and intensive care.
The hospital was purpose-built as a state-of-the-art private facility for complex procedures and excellence in patient care – since its opening there have been huge advancements in the way technology can support a better patient experience and improve clinical outcomes and the hospital has continually evolved to take advantage of these new digital developments, often being at the very leading edge.
How does one of the UK’s largest private hospitals build the technology foundations to support world-class care to patients from over 100 countries?
Small beginnings
As part of its quality improvement programme the hospital undertakes regular technology reviews. A review in the autumn of 2014 identified some limitations in their core and edge network infrastructure that needed to be remediated, so they contacted Block.
The start of a beautiful friendship
Our network team worked with the hospital’s own IT team to undertake an assessment of the existing infrastructure followed by a project to stabilise and modernise the environment. The hospital was so impressed by the work that the project team delivered that they decided to take a Block Managed Service to help with network operations day to day.
Modern Management Platforms
Following the remediation activities that were undertaken to stabilise the network, Block was asked to help make the wireless network more secure, more functional and more available.
To ensure that the hospital could support BYOD connectivity and improve guest wireless access, Block introduced two new systems: Cisco Identity Services Engine and Cisco Prime Infrastructure.
Cisco Identity Services Engine (ISE)
A critical component of any zero-trust strategy is securing the workplace that everyone and everything connects to.
Cisco Identity Services Engine enables a dynamic and automated approach to policy enforcement that simplifies the delivery of highly secure network access control. Management with ISE is much easier, empowering software-defined access and automating network segmentation within IT and OT environments.
Cisco Prime Infrastructure (PI)
PI is a Cisco network management platform that enables centralised configuration and management of Cisco network devices from WLCs to LAN switches.
PI includes the configuration, performance monitoring, security, fault management and accounting options used at the WLAN controller level as well as a graphical view of RF coverage. Integration with ISE allows greater visibility into wireless client sessions as well as more meaningful reporting.
Future Ready. Foundations.
The hospital saw the potential that a modern network infrastructure could deliver, particularly in a hospital that was becoming more and more digitally connected. Block’s network engineers were on hand again to refresh the edge network.
Putting in the leg work
Digital projects require supporting new Cloud applications, telehealth programs and the Internet of Things (IoT). Many of these initiatives result in the proliferation of devices being added to the network and, in many cases, an explosion of unmanaged devices with differing requirements.
It’s clear why the supporting infrastructure needs to be capable of handling a level of information inconceivable even a few years ago.
Before designing the new network we started with a Wireless Survey. People are often surprised to see a surveyor in a hi-vis vest carrying a tripod around, setting it up and taking readings, but without this critical step you simply won’t get the best possible experience from any new investment.
So wherever we’re working, we’ll always take the entire environment into consideration: every present or absent supporting wall, every multi-storey edifice, every lift shaft, every closet and cranny.
Self Service Private Cloud
The hospital had an ageing datacentre infrastructure that had reached capacity, and was end of life.
The infrastructure had no real capacity for growth, investment costs were high and delivered poor ROI and management tasks such as patching and upgrading were becoming increasingly difficult.
The Cloud as an Enabler of Transformation
Block and the hospital came together for extensive consultation on how to address the challenges and create an environment that would offer much more flexibility, agility and value for money. The answer: A private Cloud infrastructure with self-service capability and a Block Managed Service wrap.
The solution was based on the Cisco/Nimble Smart Stack reference architecture with new datacentre network switches installed to support the deployment.
Cisco UCS Director was chosen as the overarching management, automation, and orchestration solution for the deployment. UCS Director integrates with the compute, storage, virtualisation, and network layers to enable a hospital ‘private Cloud’. From a service perspective, it ensured that any expansion or common configuration tasks could be performed quickly and consistently.
Future Ready. Networks.
The hospital anticipated the increased use of mobile apps and technology to help deliver healthcare more efficiently and in more innovative ways, so began investigating ways to leverage the investment in the wireless infrastructure for services like location tracking and wayfinding.
Time for the network to deliver
Block had to make sure the underlying infrastructure could support the current and future demand, whilst helping to deliver an improved and consistent experience for the staff and patients.
The hospital saw the potential that a modern network infrastructure could deliver, particularly in a hospital that was becoming more and more digitally connected. Block’s network engineers were on hand again to redesign the infrastructure to fit the mission critical nature of the network, designing in more modern capabilities and ensuring an even more reliable and performant service.
Access points
Configuration of the APs via the Wireless LAN Controllers (WLCs) and the existing Prime Infrastructure.
New WLCs
The new Cisco WLCs centrally manage and control the new wireless APs, providing a seamless migration from the existing hardware to the new wireless infrastructure.
Data outlets
High level Cat5e data outlets for wireless access points installed, tested and labelled by the Block professional services team. All done out of hours to minimise disruption.
Future Ready. Security.
With existing Cisco firewalls becoming end of life and more importantly soon to be no longer supported by Cisco, the hospital again engaged Block to replace these perimeter firewalls with a new supported model which would also provide enhanced features and functionality, such as next-generation threat detection and prevention.
Increasing Firepower – centralising, integrating, and simplifying management
The aim of this project was to minimise the cost to the hospital by consolidating the functionality of the Web Security Appliances and leveraging more modern security technology.
Below you can see an overview of each of the Firepower services and the benefits these provided to the hospital:
- Next-generation IPS (NGIPS) – provides highly effective threat prevention and full contextual awareness of users, infrastructure, applications, and content to detect multifactor threats and automate defence response
- URL Filtering – provides the capability to perform internet URL filtering based on categorisation and web reputation scoring
- Advanced Malware Protection (AMP) – provides industry leading breach detection effectiveness, a low total cost of ownership, and superior protection value that helps discover, understand, and stop malware and emerging threats missed by other security layers.
AICU Network Extension
The hospital was developing a state of the art Adult Intensive Care Unit (AICU) in a newly renovated part of the hospital. The AICU will leverage a digital clinical information system called ICCA, allowing the AICU to support paper-free clinical activities.
Secure and resilient
The hospital team identified the importance of effective segmentation between the existing campus network and the newly deployed AICU infrastructure and asked for Block’s assistance in applying this.
In consultation with the hospital team, Block designed the policies to be applied for the AICU segmentation solution; including configuration of the VLANs, IP addresses and firewall rules.
The chosen network segmentation solutions ensured security via segmentation and enabled resiliency and redundancy whilst utilising existing firewall infrastructure, thus minimising expenditure on new hardware.
Future Ready. Workspace.
The hospital, in response to the 2020 coronavirus pandemic, needed to provide staff with the ability to work from home to support social distancing and isolation. The hospital needed remote working that supported full access to all of their teams’ required applications whilst, ensuring a seamless user experience.
Safe, effective care services from anywhere
The hospital chose to work with Block to deploy a Virtual Desktop Infrastructure (VDI) supported by Azure Cloud.
The new VDI service would provide improved levels of support and management for the IT team and lead to improved to a far superior user experience. Instead of managing hundreds of devices, each with applications and settings installed and needing regular updates, Block’s Clinical Workspace service can be deployed quickly and scaled as needed.
The hospital would realise many benefits:
- Device flexibility – any device can be used to access applications and data securely via the Internet
- Better performance – unlike the current VPN solution only the screen updates traverse the Internet, not data, therefore applications perform much better
- Improved reliability – Users can quickly resume where they left off after any change of location or network interruption
- Resilience – if a user’s device fails they have the ability to use a different device such as their personal laptop, MacBook or PC
- Management – IT don’t have to update and secure every device but only the centralised virtual desktop gold image, improving the time to deploy new applications and updates and leading to improved user experiences.