As healthcare institutions grow and the industry consolidates, healthcare IT professionals face a mounting list of pressures to streamline network infrastructure and costs while delivering heightened security for regulatory compliance and maintaining network availability.

In addition to network services required by most modern organizations—like e-mail, web, etc.—healthcare groups face additional challenges as more medical devices and systems, including telemetry applications, move to an IP-based infrastructure. This places increasing pressure on notoriously understaffed IT teams to manage a growing number of IP-related devices and services. The can be further complicated by distributed healthcare campuses and the consolidation of multiple networks caused by mergers and acquisitions.

Also unique to the health care industry are the significant challenges in protecting network access and maintaining JCAHO and HIPAA compliance. The Joint Commission on Accreditation of Healthcare Organizations and the Health Insurance Portability and Privacy Act both require stringent demands when it comes to protecting patient data and ensuring fine-grained network access control. Hospitals, in particular, have dozens of vendors that require network access to maintain, diagnose, and upgrade IP-based diagnostic and telemetry equipment, and must prevent unauthorized access to sensitive applications and data.

The confluence of the trend toward IP-based applications and growing regulatory pressures represent a constant and dynamic challenge for healthcare IT professionals. Essential to addressing these trends are core network services, which operate as the essential “glue” between the network infrastructure and applications and play an essential role in access control. These core network services—IP address assignment and management (DHCP and IPAM), name resolution (DNS), and authentication and authorization (RADIUS), among others—are the foundation of IP network availability, effective management strategies, and granular access control and data protection. Ineffective core network services delivery often leads to problems with:

• Network Access for staff, patients, and vendors
• Security Vulnerabilities caused by lack of visibility into integrated core network services data
• Availability of key applications, such as wireless systems, diagnostics, Voice over IP, and IP-based medical devices
• Ability to scale to support growth and consolidation requirements as the healthcare industry continues to evolve
• High operational costs caused by network management inefficiency

Inadequacies of Conventional Core Network

Services Infrastructure

Shortcomings in conventional core network services solutions (i.e., general-purpose servers, operating systems and freeware) drive management inefficiency, can unexpectedly disrupt network availability, and hinder regulatory compliance. Specific concerns with legacy solutions in healthcare environments include:

• Administrative cost is high: There is no central point for enterprise-wide administration and each server has to be managed independently, consuming already limited healthcare IT resources
• Unreliable: It is difficult to implement high-availability solutions and achieve failover, which can compromise healthcare network and application availability; this can disrupt day-to-day functions as more medical devices rely upon the network, also driving up costs for downtime of critical equipment (MRI machines, etc.)
• Requires experts to maintain: Frequent updates and patching consumes already limited healthcare IT resources that can be applied to more advanced and pressing projects
• Vulnerable to attacks: General-purpose operating systems and older BIND versions are open to attack, which can compromise system availability and the integrity of sometimes life-saving data and systems
• Limited means to segment network users: Distinguishing among staff, patients, and vendors with clear access rights is nearly impossible to achieve with discrete systems
• Disjointed systems: Provide little means for organization-wide IP address audit logs/lease history to investigate network breeches and reinforce authorized access
• Scalability is poor: As more devices are introduced to the healthcare network and application demands increase, the need for more capacity and functionality can produce latency that costs time and reduces productivity
• Un-auditable: Healthcare institutions spend countless hours and dollars on protecting data privacy in their applications but are often not able to easily audit their core network services data

To provide nonstop cost-effective core network services, eliminate reliance on experts and improve security—including the ability to distinguish access rights by user—healthcare institutions need to consider a next-generation approach to delivering and managing core network services infrastructure.

Infoblox Core Network Services Platform

Infoblox appliances meet the requirements of next-generation healthcare and life sciences networks, today. They deliver an integrated suite of core network services—including DNS, DHCP, IPAM, RADIUS, TFTP, NTP, and more—in purpose-built, reliable and hardened platforms and as such they can play a key role in enabling hospitals, clinics, labs, and related organizations to meet escalating IT requirements.

Breaking the White Box Barrier: Driving Down Network Costs While Improving Services
The Infoblox platform employs a series of “right-sized” appliances and integrated services to improve operating efficiencies while driving down real costs, making the move from traditional white box solutions an easy transition. Entry-level Infoblox models cost no more than equivalent white box servers. Customers who implement appliance-based core network services recognize both quantitative and qualitative business benefits. These benefits fall into two main categories: “hard dollar benefits” that deliver a return on investment (ROI) through reduced IT operations costs, and “business performance benefits” that contribute to improved security, higher network availability, simplified disaster recovery (DR), improved visibility and reporting, cost-effective administration, and easier compliance with regulations

Appliances Deliver High-availability Services and Easy-to-Deploy, Secure Infrastructure
Based on purpose-built appliance platforms that are designed for nonstop operation in high-performance networks, Infoblox provides high availability (HA) between appliances using industry-standard Virtual Router Redundancy Protocol (VRRP) for sub 5-second network failover.

Of critical importance to many healthcare organizations, the Infoblox DHCP module provides high-performance, feature-rich DHCP services that use an enhanced version of the industry-standard ISC DHCP protocol engine and is tightly integrated with Infoblox bloxSDB database technology. Infoblox enhancements enable DHCP “server restarts” to occur in seconds, and avoid restarts completely for operations such as MAC filter updates, which minimizes service outages—particularly critical in supporting voice over IP. In addition, the Infoblox implementation of DHCP failover addresses known limitations in the standard approach and has been proven to provide reliable failover operation and avoid the lockups and errors frequently exhibited by standard DHCP implementations.

Infoblox appliances are preconfigured with operating and application software, eliminating build time, and enabling “one-button” upgrades to accommodate new features and easy installation of the latest BIND releases. This simplifies deployment, eliminates the need for experts to maintain the systems, and increases scalability and security. Additionally, the custom Infoblox NIOS™ operating software is hardened and, therefore, secure from vulnerabilities associated with general-purpose operating system approaches.

Grid Technology Ensures Continuous Uptime, Centralized Management & Data Integrity
Infoblox’s grid technology, which includes a unique semantic database, links appliances distributed across an organization into a unified, distributed system that is centrally managed and resilient to network and equipment failures, and protects network data.

Data are exchanged among appliances in an Infoblox grid using sophisticated distributed database technology with full transactional integrity. Data remain complete and correct in the face of WAN and device failures and under high loads. This is critical in today’s dynamic network environments in which incorrect data can render applications unusable, create security breaches, and violate compliance requirements.

Unique DHCP Authentication Capability Increases Access Security
To accommodate healthcare environment requirements to distinguish access rights by user (i.e. staff versus patients or vendors), Infoblox offers the ability to authenticate users at the time of IP address assignment. Infoblox DHCP authentication capabilities validate the identity of users before granting them access to a network, registers unknown users and ensures that only valid devices and users (i.e. doctors) are granted full access to the network (i.e. administrative systems). Patients, visitors, vendors, and other guests on the network can be provided access only to appropriate applications (i.e. the Internet, public domains, etc.). This provides network quarantine and guest access with no changes to existing routers and switches.

Summary

Healthcare organizations are under growing pressure to re-evaluate their core network services to simplify management, ensure availability, and enhance data and access security. The Infoblox core network services platform delivers a superior alternative to legacy solutions by providing simplified administration across distributed organizations while ensuring maximum availability, security, and cost-effectiveness.

To learn more about Infoblox solutions or to evaluate Infoblox products in your environment, please contact us at info@infoblox.com or call +1.408.625.4200.