A Digital Prescription: Leveraging Cisco ACI for Cost Savings and Healthcare IT Excellence
High-quality patient care is the main priority of any healthcare facility. But the meaning of patient care has taken on a new definition, along with new roles and responsibilities in the emergence of the digital era. As such, it’s no longer acceptable for healthcare IT teams to struggle to manage their outdated systems, applications, networks, and technologies. It is clear that IT’s role in patient care has evolved, and it is the responsibility of these teams to identify any gaps in their technology and rectify the situation as soon as possible.
The systems and applications utilized by doctors, nurses, and administrators are critical tools. When these systems fail to meet the needs of the ultimate end users — the patients — the outcome can mean the difference between life or death. Healthcare IT teams take our duties seriously. Our role is the backbone that helps support the entire healthcare ecosystem.
When IT works correctly, you simply forget it is there. When one aspect goes wrong in a different area of the ecosystem, oftentimes the IT infrastructure is there to quietly support, and in some cases, rectify the situation. However, when the digital backbone begins to falter in certain areas or needs an upgrade to continue to operate at maximum efficiency and functionality, it must be a priority.
This is something I have learned in my role as the Chief Information Officer (CIO) of the Hospitaller Order of Saint John of God in Austria. We operate hospitals as well as retirement homes and facilities for people with special needs, worldwide. We have approximately 90,000 employees across the globe and we're separated into 21 global regions, called provinces. I belong to the Austrian province, which is comprised of Austria, Hungary, Slovakia, and the Czech Republic.
Performance on a Budget
At the Hospitaller Order of Saint John of God, performance is a high priority. Our customers expect to have the best experience and, previously, we were unable to deliver on those expectations due to the existing security restrictions. We had several firewalls regulating traffic in our data centers, which impacted our performance.
We decided to adopt and integrate Cisco ACI as a solution to our performance issues. We then committed to further implement some macro- and micro-segmentation within our ACI. As such, we now completely bypass any negative effects relating to both the security regulations and performance impact. We’ve created terabit firewalling via ACI to make micro-segmentations within intra-tenant traffic.
We chose Cisco ACI because, from the perspective of a CIO, we need to be mindful of our budgets. In particular, we must be observant of opportunities for savings with our headcount. We have a networking team in our department data center, and we would like to integrate all our IT employees to make them responsible for networking — not just the data center networking team. That means the networking team is still accountable, but the IT division, as a whole, shares the responsibility.
However, the main reason why Cisco ACI makes a great deal of sense, from a C-Level perspective, is that it’s a minimal hardware investment with only a few components. That means I do just need a single switching on-premises installation for all of our customers.
A project of this magnitude takes a lot of deliberation. Our budgets are tight, so we have to choose wisely what tools we use and what we pick as our investments. Because of these considerations, the integration of ACI and UCS was the right move for us.
A Cohesive Network
In addition to the financial side of the equation, we were already quite familiar with Cisco’s products, having used several of their solutions over the years. We use a wide range of Cisco products, including Cisco’s Unified Computing System (UCS), Cisco ASA and Firepower Appliances, Cisco Web Security, and Cisco Email Security. We have extensive experience with Cisco’s products, and we trust in their technology. Therefore, it was simply a natural next step to use ACI in our data center.
From our perspective, no other vendor offers a comparable solution that can be integrated within our infrastructure, which meets our requirements. We highly value the fact that Cisco ACI could integrate Prime in our structure, and could meet some of our future needs by leveraging this strategy.
Healthcare IT’s Greatest Innovations
Now that we’ve implemented ACI, one of the biggest advancements for us is that we can do updates without downtime. That means our medical and care staff do not have any impact when we update our infrastructure. The IT team can do their job while our customers or users do their own jobs. That's imperative.
On the security side, each of our facilities constantly manages highly sensitive data, including patient files and other personal information. Therefore, it is crucial we take appropriate measures to secure our data. By implementing micro-segmentation, we’ve ensured that only those who need access to data are the ones who receive it.
It is also imperative to implement an overview process to confirm the devices that should be allowed to communicate with each other. Advance preparation is critically necessary. There needs to be some kind of documentation first: Which application needs which protocol, along with the source of destination IP. This identifies the endpoint groups that communicate and the contract that needs an ACI to establish this communication.
It is important to clarify whether it is truly necessary to open all protocols for a simple HTTP application. Obviously, it isn’t. Implementing Cisco ACI in this way has given me greater insight as to its applications and implementation strategies.
Scripting the Future
With our new setup, we now look to the future. We're evaluating to integrate the multi-site controllers with two data centers: one in Austria and one in Germany. Those data centers have separate ACI installations. We currently use the public API so that our scripting experts can make a script to replicate the confederation from one data center to the other. We’re looking forward to using the multi-site controller to achieve this previously difficult task.
We have completed the Cisco ACI installation more than once because we did not know before that Cisco ACI is not enabled to change the naming scheme of the objects. If we had invested more time in the naming scheme, in our overall expectations of the installation, and clearly defined what we wanted to do with this ACI. With each successful implementation, we have learned from our errors and continue to apply these lessons going forward.
All that we do, from an IT perspective, works to keep our end-users and our customers satisfied and productive. If IT’s role within the healthcare ecosystem is the digital skeleton, then the heart is our desire to constantly improve our capabilities for the welfare of all involved. And with every beat, we take one step closer to realizing our potential.