“There’s a certain elegance about a solution where you can put an IP address on a device, run a few PERL scripts...and you’re ready to go.” — Network architect, INTEGRIS Health
INTEGRIS Health is Oklahoma’s largest not-for-profit health care system with over 50 Wide Area Network locations throughout the state including hospitals, rehabilitation centers, physician’s clinics, and mental health facilities. INTEGRIS has the state’s largest and only comprehensive organ transplant program and has one of the most technologically advanced burn centers in the United States. The organization supports approximately 9,000 full-time employees and has built a reputation as one of the most technologically advanced health care organizations in the country, winning Wired magazine’s “Most Wired” award for five consecutive years from 1999 to 2003.
Constant advances and changes in medical technology require a robust and flexible network that can support both the current and future needs of a growing health care system. In this dynamic environment, the network services team for INTEGRIS Health is responsible for managing the day-to-day operations and critical network services of two major urban medical centers as well as the company’s other locations geographically dispersed throughout the state.
In addition to providing 24/7 reliability and performance across the network, the team is currently upgrading the health system’s entire infrastructure, a multi-year endeavor. This includes the implementation of technologies such as asynchronous transfer mode (ATM), wireless, and multi-media applications. In total, INTEGRIS Health supports more than 450 different applications from radiology to wireless tablet applications.
“Basically our job is to make sure that enterprise applications are available wherever and whenever they’re needed, at speeds which the users consider acceptable,” says Bob Hodge, Manager of Network Services for INTEGRIS. “If it’s on the network it’s our responsibility to serve as a technical resource of last resort.”
INTEGRIS recognizes that DNS is critical to its network and business. To support its vast and growing array of IP-based technology initiatives, INTEGRIS Health’s network includes over 200 Windows™ NT servers, VMS, and Unix servers. Like many organizations, the two primary systems were managed via a Microsoft DNS configuration, with a multitude of secondary DNS servers spread across wide geographic boundaries. With this configuration, INTEGRIS Health personnel were frequently required to come in—in the middle of the night—to perform upgrades or install security patches during scheduled production down windows. As a result, team members were unavailable the following day, leaving the technical teams short-staffed during the busiest hours.
Network users were also complaining of slow Internet response times or reporting difficulties getting to certain web pages due to DNS timeouts. There were other critical DNS configuration issues as well. For instance, the NT boxes were not forwarding requests to the root servers correctly. As a result, they ended up forwarding to their ISPs name servers which in turn were forwarding to the public root servers. Target host access became less reliable and access times were often unsatisfactory.
To address this growing list of DNS challenges, INTEGRIS Health began looking for an alternative DNS solution that would complement its Microsoft environment.
The Solution: DNSone Network Identity Appliance
The team considered several possible solutions but ultimately chose Infoblox appliances running the DNSone package to serve as the company’s core external name servers.
The team was impressed with the speed of the Infoblox appliances and the ease of installation. They gave the device an IP address, clicked a few boxes, transferred their zones over, and were done.
Upgrading has been just as easy. “The upgrades come out and with Infoblox’s one-button upgrade solution, it is less than 15 minutes per upgrade, versus numerous security patches per week from Microsoft,” said Phillip Stallcup, Network Architect for INTEGRIS Health. “Now, the whole patch process, across two servers, takes no more than 30 minutes.”
INTEGRIS is so pleased with the Infoblox appliances, they are looking at using them to provide DHCP for their VoIP solution as well as for an internal DNS configuration to complement a Microsoft Active Directory environment.
Because Infoblox monitors CERT advisories, and provides an easy upgrade process, INTEGRIS Health has seen efficiency gains in keeping its external DNS servers up-to-date from a security standpoint. The hardened appliance operating system approach also lowers the amount of security patches that are necessary to apply to the solution.
INTEGRIS Health has also seen the expected improvements in hardware reliability in moving from a server-based solution to an appliance-based solution.
“There’s a certain elegance about a solution where you can put an IP address on a device, run a few PERL scripts to convert from an existing solution, and you’re ready to go,” said Phillip Stallcup, Network Architect.