Sussex HIS

The Challenge

The Sussex Health Informatics Service (HIS) commenced a significant overhaul of its IT infrastructure, working towards centralization of IT services for all its customer organizations.This requires a unified approach to networking, security and application delivery to ultimately increase the level of patient care across Sussex.

Part of this forward-thinking ethos is a Community of Interest Network (COIN) that provides a Gigabit-speed WAN, linking core node sites to over 270 National Health Service (NHS) sites inSussex. The COIN is being leveraged to provide common network services, including a single global Microsoft Active Directory repository. It also will serve as the backbone to eventually deliver IP Telephony services for all the NHS sites.

This consolidation and centralization of network services was a daunting task. Microsoft Active Directory (AD) is the distributed directory service and the information hub of Microsoft Windows Server 2003 and 2000 Server operating systems. AD provides critical services such as Windows login, and also supports a wide range of directory services for Microsoft applications.

Two core network services upon which Active Directory relies are the Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP).

DNS and DHCP are provided as part of Microsoft AD and are often deployed on Microsoft Domain Controllers along with other services, such as print and file sharing. However, loss ofthese services results in loss of Microsoft application services (e.g. Windows Domain Logon, Exchange, file and print sharing) and also impacts all non-Microsoft applications (e.g. Unix) that utilize DNS services. As a result, the security and availability of DNS and DHCP services is especially critical.

Previously, many of the 270+ sites across Sussex were running Microsoft NT4 Domain Controllers. But, to achieve the levels of reliability and central manageability the team required to support the COIN, Sussex HIS set out to migrate all the sites to a resilient appliance-based platform.

Mark Walker, infrastructure consultant for the Sussex HIS team and responsible for the project commented: “Leveraging the Microsoft Domain Controllers, we previously found that DNS andDHCP services were often a source of network downtime.”

The Solution

As a result, Khipu Networks suggested the use of purpose-built Infoblox-1550 appliances, which provide a unified platform for DNS, DHCP, IP address management (IPAM) and other services, such as network time. The Infoblox appliances provide a migration path as well as many high availability features to ensure core network services are always available.

The Sussex HIS team deployed eight Infoblox-1550 appliances in three consecutive days without any interruption to their network uptime. They are now able to migrate sites onto their centralized network whenever they require.

Infoblox is a Microsoft Partner with a Gold Management & Virtualization competency, and an Independent Software Vendor Partner in the Microsoft System Center Alliance Partner Program. Infoblox has developed an integration pack for Microsoft Server 2012 that automates the provisioning of IP addresses for physical and virtual machines across physical, virtual, and cloud environments. The appliances are based on the security-hardened Infoblox NIOS™ operating system, which allows no root access and presents no unnecessary open ports.

Infoblox appliances are easy to install and manage and can load updated software with a single click. They also provide extensive built-in support for high-availability, delegated management, logging and auditing. Collections of Infoblox appliances can be easily linked into robust grids that extend these capabilities across a distributed enterprise while providing centralized management.

These features, combined with transparent integration with Microsoft Active Directory make Infoblox appliances an excellent choice for offloading DNS and DHCP services from Domain Controllers.

The Result

Mark Walker commented: “We found Khipu Networks approach innovative. They suggested the use of Infoblox-1550 appliances so that the Sussex HIS could unify DNS, DHCP, IPAM and network time. We worked with Khipu Networks in a design workshop where our Microsoft, infrastructure and security teams discussed the minimum and ideal requirements for core network services. We were impressed by their understanding of our requirements and the related recommendations. Since installing the Infoblox devices that Khipu recommended, we have a more effective, available, secure and resilient solution that also decreases the administration overhead for us. The Infoblox appliances are essential to delivering our vision and requirements for the COIN.”

In conclusion, the Infoblox solution has positively impacted the successful implementation of theC OIN and is a key infrastructure component to enabling additional applications in the future, like IP Telephony.