Erick Ortiz

Healthcare Systems Engineer

eriortiz@cisco.com

Cisco Medical Grade Network 2.0 Campus Architectures

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2

Cisco Medical-Grade Network Goals

Protected

� Security for patient privacy and system availability

� Compliant with regulatory requirements

� Protection against security breaches

Interactive

� Facilitates Collaboration

� Enables application access

� Integrates data, voice, video and imaging

Responsive

� Network adapts to change and business/clinical needs

� Has ability to incorporate new technologies

Resilient

� Fault-tolerant and capable of business continuity

� No single point of failure

� Serves mission-critical needs

Cisco Medical-Grade Network 2.0

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3

� Hierarchal designs

� No single pointsof failure

� Utilize in boxredundancy

� Optimize convergence

� Best practices mustadapt to unique healthcare requirements

Cisco Campus Architecture in Healthcare

SiSi

NAM

Intrusion Prevention

System

Network

Analysis ModuleNAC Server

Wireless LAN

Controller(s)

North Access 1

North Access 2

South Access 1

South Access 2

802.11n AP

802.11n AP

Portable

UltrasoundSmart Infusion

Pump

Clinical

Workstation

CT / MR

CoW

Medication

Administration Cart

RFID

TAG

7925G

Point of

Sale Device

Patient

Monitor

TelePresence

Nx 10G

Access

Distribution

Core

SiSi

SiSi

SiSi

SiSi

SiSi

SiSi SiSi

complete

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4

Cisco MGN 2.0 Campus Design

Access

Distribution

Distribution

Access

Core

WAN

SiSi SiSi SiSi SiSi

Layer 3

stackable switches

VSS

Access

VSS

Distribution

VSS/Hybrid Core

SiSi SiSi

SiSi SiSi

WAN

Data Center 10Gbps Nexus

complete

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 5

MGN High Availability Campus Design

� Eliminate all singlepoints of failure

Implement hierarchicaldesigns

Utilize redundant chassisor smart stackable switches

� Redundant switchingand power fabrics

� In the box and network redundant services

� Utilized IGP protocols thatquickly detect faults andprovide sub-second failover

SiSi SiSi SiSi SiSi SiSi SiSi

SiSi SiSi SiSi SiSi SiSi SiSi

WAN Internet

SiSi SiSi

Data Center

Redundant

Links

Redundant

Switches

Layer 3 Equal

Cost Link’s

Layer 2 or

Layer 3

Redundant

Supervisor

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 6

Supervisor Redundancy Is Provided by Stateful Switch Over (SSO)

� Active/Standby supervisors run in synchronized mode

� Depending on platform, line card and protocol this incurs from 0 to 3 seconds of outage

� Switch processors synchronize Layer 2 and Layer2 / Layer 3 FIB, QoS and ACL tables

� Line cards with DFC are populated with Layer 2 / Layer 3 routing information and ACL tables

� Line card protocol status is maintained during failover reducing impact and improving clinical access

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7

Healthcare Campus Challenges

� Remember old days of flexibility, add/move and mobility promise?

� Spanning VLAN solved that and created some more problems of

Stability

Response times

Inefficient use of resources

Managing end host behavior

Age Old Problem

Historically —A Compromise

L2

SiSi SiSi

VLAN 10 VLAN 10 VLAN 10

Core

VLAN 20 VLAN 20 VLAN 20

Looped TopologyAll VLANs spans All Access-switches

Core

SiSi SiSi

VLAN 10 VLAN 20 VLAN 30

L3

VLAN 110 VLAN 120 VLAN 130

Loop Free TopologyVLAN = Subnet = Closet

� Do not span VLANs.

� No Loops no underlying threat to the

network

� Solution gave up critical need of not able to

span VLANs.

� However, in many healthcare deployments,

clinical and biomedical devices requires

vendor dedicated VLANs

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 8

Virtual Switching

� Solving the same olddesign problem and yet not loose the benefits of stability and mobility

� Virtual Switching allows elimination of loops in the network, while allowing for spanning of VLANs VLAN 10 VLAN 10 VLAN 10

Core

VLAN 20 VLAN 20 VLAN 20

VSS Enabled Loop Free Topology

VLANs spans Access-switches

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 9

Virtual SwitchVirtual Switching System 1440 (VSS)

� Virtual Switching System consists of two Cisco Catalyst 6500 Series defined as members of the same virtual switch domain

� Single control plane with dual active forwarding planes

� Design to increase forwarding capacity while increasing availability by eliminating STP loops – a loop-free topology

� Reduced operational complexity by simplifying configuration

VSS —Single Logical Switch=Switch 1 + Switch 2

Virtual Switch Domain

Virtual Switch Link

SiSi SiSi

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 10

VSS Enabled Healthcare Campus Design End-to-End VSS Design Option

SiSi SiSi

SiSi SiSi

SiSi SiSi

RR

R

R RR

STP-based Redundant Topology R = STP Blocked Link

Fully Redundant

Virtual Switch Topology

complete

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11

Three Options for Multi-Chassis EtherChannelDesigns to Remove Spanning Tree

Virtual Port Channel

� Separate control plane

� Separate management plane with VPC state synchronization (CFS)

� Redundant supervisors per chassis with hitless SSO

� Manual port sync config (DataCenterNetworkMgr)

� Local SVI HSRP/PIM forwarding enhancements to act as active-active pair

Virtual Switching System

� Single control plane

� Single management plane

� Single supervisor per chassis

� Automatic port config sync (single control plane)

� Single L3 domain (single SVI) no need for FHRP

SW2SW1

VPC peer-link

VPC FT-Link

Stackwise+

� Single control plane controlled by Master Switch

� Master switch controls etherchannel

� Redundant master switches per stack

� Automatic port configsync (single control plane)

� Stack appears as a single router, no need for FHRP

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 12

Campus Design Option: VSS

Key Benefits to Healthcare Providers

� Eliminates complexity of Spanning Tree Protocol and prevents potential for loops in network.

� Faster failover by eliminating need for gateway redundancy protocols (HSRP, VRRP, GLBP)

� Simplified network management (less links/configuration, fewer operational points)

� Conserves bandwidth (no unicast flooding, MEC optimizes number of hops

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13

Environmental Considerations

Cooling� Examine BTU

generation compared to HVAC systems

� Redundant HVAC chillers on separate power

� Consider rRack design for front to back vs side to side airflow

Monitoring� Use 802.11 based

thermal & humidity monitoring

� Implement smart building technologies (Cisco Connected Real Estate) for power and cooling monitoring

� Track battery health for localized UPS devices

� Utilize under floor water detectors

Physical Security

� Monitor and maintain access to IT infrastructure

� Log access to key distribution areas

� Utilize video surveillance

� Take precautions to prevent unauthorized access and prevent data loss

Power� Separate grid based

power feeds

� Building based Backup Generator Power

� Localized UPS Power especially for PoEdeployments

� Redundant Power Supplies

Cisco Medical-Grade Network 2.0

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 14

Biomedical Devices Considerations in CampusRequirements

� Traffic Flows VaryPatient monitors: Small (300 byte), but frequent (4x/sec) broadcasts, multicasts or unicast(vendor-specific)

IV pumps: Formulary and firmware updates are usually small and not a daily occurrence

Biomedical devices often communicate back to central monitoring station

� SLA Requirements

Prevent < 50ms jitter

Maintain < 20msconnectivity loss from patient monitor to central station

� Unique Layer 2 and Layer 3 requirements

Many vendors require separate parallel Layer 2 VLANs

Layer 3 and multicast functionality may be limited

� Path Isolation may be required

Patient MonitorsProvides real time

monitoring of vital signs

(blood pressure, oximetry

etc) on continuous basis.

May connect to central

station

Infusion (IV) Pumps Administers medication to

patients and requires

formulary and drug library

updates on an intermittent

basis.

Patient

Monitors

IV

Pumps

Portable Radiology

DevicesConnects to the RIS and

PACS system.

Radiology

Devices

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 15

Biomedical Devices Path Isolation Options

� Generic Routing Encapsulation (GRE) Tunneling

Create Closed User Groups

� Virtual Routing and Forwarding (VRF-lite)

Lightweight

Single routing device

� Multiprotocol Label Switching (MPLS)

Cisco Catalyst 6500

� Overlay Transport Virtualization (OTV)

Emerging Technology in Data Center

SSID Vendor A

VLAN10

SSID Vendor B

VLAN30

VLAN10

VLAN30

Vendor B

Central Station

Central

Station

Campus

Network

For More Information: http://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html

SiSi

SiSi

Path Isolation

Options

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 16

IEC 80001: Application of risk management for IT-networks incorporating medical devices

� IEC-80001 is a voluntary international standard, dealing with risk management of IT networks incorporating medical devices

� Provides framework for the “Application of risk management for General purpose IT-networks incorporating medical devices”

� Three “Key Properties”—Safety, Effectiveness, Data and System Security

� Four supplementary documents or Technical Reports (TR’s) in development:

Wireless Guidance

Healthcare Delivery Organization (HDO) Step-by-Step guide

Security Guidance

HDO Implementation Guidance

Medical IT-Network

Planning and

Operation

Biomedical

Devices

IT Infrastructure

Vendor

Biomedical Device

Vendor

Responsible Organization

(HDO)

IEC-80001-1

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 17

Medical Grade NetworkQoS Classifications

Application ClassPer-Hop

BehaviorQueuing and Dropping Medical Applications

Network Control CS6 BW Queue

VoIP Telephony EF Priority Queue (PQ) Constant Bit Rate Biomed Feeds

Broadcast Video CS5 (Optional) PQ

Realtime Interactive CS4 (Optional) PQ Cisco Healthcare, Telepresence

Multimedia Confrencing AF4 BW Queue + DSCP WREDCisco Unified Personal

Communicator

Multimedia Streaming AF3 BW Queue + DSCP WRED *Biomedical Telemetry Steaming

Call-Signaling CS3 BW Queue

Ops/Admin/Mgmt (OAM) CS2 BW Queue

Transactional Data AF2 BW Queue + DSCP WRED*Biomedical Devices, Critical

Apps, WebEx

Bulk Data AF1 BW Queue + DSCP WRED PACS, Large File Apps

Best Effort DF Default Queue + REDBack Office, Archiving, Patient

Records

Scavenger CS1 Min BW Queue (Deferential) Guest Traffic

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18

For More Information: http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html

QoS Boundaries

� Summary of trust, marking, policing and queuing boundaries

� Correct Trust and Markings at Access

� Interswitch links in Campus will trust DSCP markings

� Perform Policing and Queuing where appropriate Conditionally

Trusted Endpoints

Trusted

Endpoints

Conditionally-Trusted Endpoint Port QoS:

� Conditional-Trust with Trust-DSCP

� [Optional Ingress Marking/ Policing]

� 1P3QyT Queuing

Switch-to-Switch/Router Port QoS:

� Trust DSCP

� 1P3QyT or 1P7QyT Queuing

Untrusted Endpoint Port QoS:

� No Trust

� [Optional Ingress Marking/ Policing]

� 1P3QyT Queuing

Trusted Endpoint Port QoS:

� Trust-DSCP

� [Optional Ingress Marking/ Policing]

� 1P3QyT Queuing

Access Distribution CoreUntrusted

Endpoints

complete

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 19

Campus Voice and Collaboration Considerations

� In Order to Provide Optimal Patient Care, Collaboration Among Caregivers is Essential

� Due to the Critical Nature of the Collaboration both the Campus Infrastructure and the Collaboration Systems Must be Constantly Available

� The Diversity of Caregivers Requires that a Wide Range of both Wired and Wireless Endpoints Must Be Supported

ChallengesThe Connected Health Community

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 20

For More Information: http://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html

Campus Voice and Collaboration Considerations � Power over Ethernet

Switches

End Points

� Voice over WLAN

VoWLAN QoS

Multicast

� Unified Communication

UC Manager Resiliency

Security

Session Manager Edition

SRST

PoE Devices

IP Phone Portfolio

complete

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 21

Rapid Fault Isolation

SiSi

SiSi

Access

Distribution

Core

SiSi

SiSi

SiSi

SiSi

NA

M

Intrusion

Prevention

System

Network

Analysis Module

NAC Server

Wireless LAN

Controller(s)

North Access 1

North Access 2

South Access 1

SiSi

South Access 2

SiSi

802.11n

AP

802.11n

AP

Portable

Ultrasound

Smart

Infusion

Pump

Clinical

Workstation

CT / MR

CoW

Medication

Administration CartRFID

TAG

7925G

Point of Sale

Device

Patient

Monitor

TelePresence

Nx

10G

Challenges

� Healthcare Networks are Critical to Patient Care

� Network Failure Could Critically Impact Patient Care

� The Network Should Be Designed for Maximum Up Time, but Even the Best Design Can’t Guarantee 100% Uptime

� Provisions Should Be Made So That When a Fault Occurs, It Can Be Isolated and Corrected in Minimal Time

complete

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 22

Rapid Fault Isolation

Fault Identification and Isolation may be achieved using a number of standard and Cisco provided tools

� First Failure Analysis

Monitoring applications like Syslog, SNMP, Netflow and XML can identify persistent Network Problems

� Cisco.com Tools

A number of tools are available on Cisco.com that identify know problems and notify customers of critical issues, assist in the interpretation of error outputs and messages, and automatically notify TAC when a problem occurs

� IOS Tools

Features are built into IOS to both proactively manage issues

(like EMM and MLS Rate Limit) and to assist in isolating

problems (like SPAN, RSPAN and ERSPAN)

� Cisco Remote Management Services

Cisco Data Center Remote Management Services provide comprehensive monitoring and management of your data center infrastructure 24 hours a day, 365 days a year

0

2

4

6

8

10

12

14

1 4 7 10 13 16 19 22 25 28 31 34 37 40 43 46 49 52

samples

load [%]

Smart Call Home

Netflow Results

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 23

Rapid Fault Isolation

� Hardware Features

Features incorporated in hardware (like TDR line cards and power management) assist in isolating problems and optimizing system performance

Features like Core Dump, SEA, and OBFL provide information for troubleshooting and failure analysis

� Cisco Advanced Services

AS offers a range of services that enhance network performance and minimize down time ranging from Bug Scrub to Code Recommendations to Network Analysis and Optimization to Remotely Managing the Network.

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 24

MGN 2.0 Campus Summary

� Increasing usage of clinical and non-clinical applications within Campus

� Healthcare Applications Requirements

High Availability

Supports Medical Devices and Mission Critical Clinical Applications

Change Management

Enhance patient experience

� Cisco Medical Grade Network 2.0 - Campus architectures outlines best practices to build a resilient, protected, interactive, responsive network.

© 2010 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 25