Dedalus Adopts BloxOne DDI as it Works to Digitally Transform the Global Healthcare Ecosystem
Dedalus is one of the largest health software companies in the world. In 2016, Dedalus decided to accelerate its expansion strategy by focusing on the growing demand for innovative and comprehensive solutions to support the digital transformation of the healthcare ecosystem. Working across the entire healthcare continuum and offering open standards-based solutions, Dedalus helps hospitals and clinics to deliver new models of care. Dedalus software is used widely across the world, managing each year more than three billion diagnostic results, serving 540 million in population, 28 million inpatient and 35 million emergency admissions. In primary care, Dedalus serves more than 120 million citizens.
The Situation – A Sudden Jump to Enterprise Size and Global Leader Status Through M&A
With deep roots in Italy, France and western Europe, Dedalus in the late 2010s / early 2020s began a global expansion that saw it make several major acquisitions and business expansions. M&A activity included deals with industry leaders Medasys and Agfa Health, but most notably, it acquired the healthcare software solutions division of the U.S.-based DXC Technology. This buyout considerably elevated Dedalus’ stature within the hospital and diagnostic software solutions sector, giving it a presence in over 40 countries worldwide—the largest footprint of any non-U.S. player in the market.
Enrico Cafiero, Group CIO at Dedalus, who joined the organization in early 2021 as many of these activities were underway, explains that the IT priorities of the post-merger company were a profound change from previously. “From a company mostly focused on Italy, Spain and Western Europe, almost overnight we were covering the Central Europe DACH market, Belgium, Brazil and South America, along with a major expansion into markets within the APJ. Just consider that we now have a leading presence across Australia and New Zealand, working with every territory health system, district health board and most private hospital groups.”
With these major changes in business scope, yet still with the charter to effect digital transformation of the healthcare ecosystem, Cafiero and his team realized that fundamental changes would need to be made to key IT capabilities. Most crucially, the merged entity would now be home to research and development teams numbering well over 2,000 individual engineers and medical researchers, primarily based in Italy and the U.S. Empowering these teams to maintain high levels of innovation and productivity, Cafiero understood, was mission critical.
“Because we were bringing together multiple different cultures and different approaches in our core R&D teams, we realized the place to start facilitating smooth collaboration and cooperation was with common infrastructure and services,” said Cafiero. “Timing was an important factor also. As quickly as possible, we needed to make it possible for teams to operate synchronously, to have coordination and exchange of resources across the globe at the network level. We came to the realization that our existing internal DNS and DCHP infrastructure was a bottleneck, and that it was going to be mandatory for us to design something simpler than what we had in place. That was where the Infoblox solution came in.
Industry: Software / HealthTech
Location: Milan, Italy
Initiatives: Refresh network infrastructure to update and modernize DNS, DHCP and IPAM (DDI) processes, Move DDI infrastructure to the cloud in order to improve network performance and eliminate latency issues for remote users of SaaS applications, Better position the company to execute on its objectives to support the digital transformation of the global healthcare ecosystem.
Outcomes: Began the consolidation of DDI operations onto the BloxOne DDI platform, Established a cloud-first model for DDI that’s quickly and easily replicable worldwide—a key capability in supporting the company’s expansive growth strategy, Fully automated previously manual IP address management (IPAM) operations.
The Challenge – On-Premises DDI in the Data Center Not Flexible Enough for a Global Enterprise
Dedalus had run its DNS and DHCP operations on Microsoft Active Directory for many years in its main data center in Italy. This arrangement performed well, but several factors arose through a combination of both the M&A activity and the regulatory environment that would present difficulties moving forward. The European General Data Privacy Regulation (GDPR), which came into effect in May 2018, stipulates that sensitive personal information should be stored in an individual’s country of residence. So, if cancer researchers are working with a data set containing information on Italian citizens, that data needs to be stored on servers or within a data center in Italy, not Germany or France. As Dedalus expanded, these GDPR concerns had to be addressed within the context of the company’s IT architecture.
A second issue was that, while Dedalus end users working within or very close to the primary data center experienced excellent network performance with the Microsoft DNS architecture, employees and users in farther flung remote and branch offices often did not. With conventional hub and spoke network architecture, DNS network traffic in branch locations is backhauled to the data center—an extra hop that can and often does introduce latency into connections and sessions. Especially for users of SaaS applications such as Salesforce, Office 365—and, significantly, DevOps tools—this latency can slow apps to a crawl and seriously impact productivity.
A logical solution to these challenges was to move DNS to the cloud. Doing so would enable the Dedalus IT team to provide DNS services locally, wherever and whenever needed—an extremely valuable capability with the company’s global expansion. This approach would also remove the backhaul requirement to ensure optimum SaaS application performance, another key step toward facilitating smooth collaboration and cooperation across the dispersed R&D team.
The Solution – Cloud-Native BloxOne DDI from Infoblox
Cafiero, in consultation with Riccardo Rolando, CEO of Upgrade S.r.L.—the design and integration partner on the project—elected to initiate an implementation of BloxOne DDI from Infoblox. The industry’s first solution that fully enables provisioning and management of DNS, DHCP and IP address management (DDI) from the cloud, BloxOne DDI simplifies network management by centralizing core operations on a single cloud interface. It also delivers multi-cloud visibility and supports accelerates service roll out across remote locations.
“The goal with BloxOne was build a brand new distributed DDI architecture that would set a strong foundation for our global expansion,” explained Cafiero. “BloxOne DDI is unique in that it provides unprecedented flexibility in provisioning design choices via the cloud, and the full range of Infoblox APIs for integrations with network management and security tools,” added Rolando.
The initial architecture plan was focused on internal DNS, Dynamic DNS and DHCP services within the main Dedalus data center powered from colocation instances in the cloud. Local DDI capabilities would also be provisioned via the cloud at nine remote sites in Europe. The project will enable Dedalus to move its DDI infrastructure to Equinix cloud colocation centers and remove existing hardware from its legacy data center and the remote sites. As a prototype architecture, the Dedalus team expects to replicate this design and scale horizontally by adding more remote site instances around the world in the future.
Design features include BloxOne virtual and dedicated hardware appliances for centrally cloud-managed DNS/DHCP/ IPAM (DDI), with additional appliances for DHCP active-active high availability. The nine remote sites are served from the main cloud data centers using a dedicated instance for each. BloxOne provides extensive logging and reporting capabilities, which deliver valuable insight to events occurring in the network. As with all Infoblox DDI offerings, BloxOne has a powerful API layer that facilitates enterprise-grade DDI service provisioning and also enables extensive integrations with security infrastructure, development pipelines and other IT operations.
“We’re taking full advantage of the APIs to optimize the value Dedalus can realize from this implementation,” explained Rolando. “First, we’re integrating BloxOne into the Dedalus security operations center (SOC) in order to do anomaly detection and maintain control of requests from SIEM and SOAR systems. The second integration is with NetBox, which is an infrastructure resource modeling (IRM) tool designed to empower network automation. It gives us a domain-specific source of truth for all network operations and equipment, including hierarchical regions, site groups, sites and locations; racks, devices and device components; IT addresses and lease reservations; cable and wireless connections, power distribution and so forth. The third integration is that we are remotely using DHCP and DNS over the network so we can we create a template with what we call the WWN—World Wide Network. The idea here is that we’re able to remove all legacy hardware servers from the remote sites—we have only firewalls onsite at now.”
Result – A Fully Empowered R&D Team Focused on Digital Transformation of the Healthcare Ecosystem
“More than anything else, Dedalus now has a cloud-first model for DDI that’s quickly and easily replicable worldwide,” explained Cafiero. “We’ll still have our core data center in Italy for the foreseeable future, but BloxOne enables us to stretch the value of the legacy Microsoft AD implementation there even while we’re getting rid of the physical domain controllers, which simplifies the footprint. So, we have better automation opportunities, better security integration and also much fasters deployment—we’re getting more and we can move faster.”
Cafiero and his team see Dedalus’s R&D team as a primary customer that they serve, and with the new cloud DDI capabilities, they’re better positioned to do so—especially in terms of their digital transformation mandate. Dedalus’s core product offerings in the diagnostic and clinical space have, as with the vast majority of competing offerings in the space, have been almost entirely provided as on-premises solutions. That’s changing fast, however, as the R&D team is looking to offer the company’s hospital and clinical customers flexible options on how to access and use their solutions.
“We’re anticipating that the R&D team will be asking for more cloud-first networking capabilities, and BloxOne DDI has set us up to deliver when asked,” explained Cafiero. When the proper demand on the customer side emerges, we’re well prepared to offer robust DDI functionality in the cloud, that may be on a on a localized branch of a private cloud, or maybe a public cloud. We have something in between, where the new products are being developed as cloud native, yet the agreement with customers and regulators are still proceeding. In the meantime, we are offering the model to the developer workloads and developers as a strategy of moving all the products to a more cloud-native posture. In some of our markets this will be easier, some tougher. But with BloxOne we have a proven methodology, and we’re well positioned to support our R&D team in their objectives.”
Making a final point, Rolando explains that while the BloxOne DDI implementation was focused primarily on internal DNS and DHCP, getting access to Infoblox’s powerful IP management capabilities—native to the BloxOne Platform—was much more than a ‘nice to have.’ “Like many organizations that have grown quickly, Dedalus found itself growing to enterprise scale, yet still relying on the all-powerful Excel file from Microsoft to manage IT addresses,” he mused. “But all joking aside, through all this M&A growth, Dedalus made a huge quantum jump in size. It was almost a greenfield situation where we said, ‘ok, how best to go about IP management now that we’re so much bigger.’ BloxOne DDI provided a pathway to fully automate IPAM. From scratch, we imported our existing IP subnet and IP segmentation data at a very high level and then we populated everything via API—fully automated. So, basically no manual data entry was done in this project, we just did the minimum necessary to start. Another positive outcome from BloxOne that we’re very excited about.”