Using Cisco Software-Defined Access to Deliver Patient Care Faster

When you're part of the National Health Service (NHS) you have to deliver outstanding medical care on a public sector budget. That means achieving value for money and making the most of the resources at your disposal. This can be challenging in the world of ICT, where upgrades and new technologies are a daily reality. Supporting patient care while keeping a tight rein on the purse strings requires operational planning, and an infrastructure partner with the tools and know-how to realise your vision.

The Aneurin Bevan University Health Board (ABUHB) is a network of hospitals in Wales. We serve the areas of Blaenau Gwent, Caerphilly, Monmouthshire, Newport, Torfaen, and South Powys. We employ 14,800 people in 300 departments spread over 120 sites. Two-thirds of our staff are directly involved in patient care—including 1,000 hospital and general practice doctors, as well as 6,000 nurses, allied healthcare professionals, and community workers. 

We are currently in the middle of a digital transformation to bring patient care closer to home. We aim to treat patients at the nearest hospital or resource centre in their area or dispatch healthcare workers to assist them in their homes. To do this, we'll use IoT, remote monitoring, and mobile solutions that will enable people to get the healthcare they need where they are, thus limiting the number of patients that have to travel to one of our hospitals. This approach is not only cost-effective but also provides a superior patient experience. 

Standardising Our ICT

About three years ago, we realised we needed a technology partner that shared our vision and could better meet our long-term needs of providing world-class digital services. 

In 2018, the Network and Information Systems Regulations came into effect. It covers operators of essential services like hospitals and electric utilities and requires us to implement security measures that ensure user privacy and protect us against cyberattacks and other threats that can impact availability. 

We wanted to standardise our network equipment, network security, and be able to provide greater assurance from a trusted vendor. As ABUHB's head of ICT, it was up to me to find the perfect partner, and the top name on my list was Cisco.

Cisco has a global presence. Their product portfolio covers every aspect of the ITC spectrum, from IP telephony to edge networks. They have an international presence, and their products are widely available. There are dozens of Cisco solutions partners in the UK. Using their products also allows us to attract the best talent in the country. Cisco-certified professionals are lining up to work for us because they want to get their hands on cutting-edge technology like Cisco SDA (Software-Defined Access) and Cisco ISE (Identity Services Engine).

Transitioning to Cisco ICT Infrastructure

We started talking to Cisco a couple of years ago. At first, the case didn’t quite stack up, but once Cisco understood the scale of our initiative, they got on the same page as us. 

We started with a refresh of the LAN and Wi-Fi at two of our hospitals in 2018. But we had a bigger project on the horizon: Our £360 million Grange University Hospital in Gwent was set to open in March of 2021 and required new ICT infrastructure from the ground up. This major project opened the door to refreshing the approach to our IT and telephony networks across all our other sites.

ABUHB also started offering CCNP (Cisco Certified Network Professional) training to current and new hires to retain and attract the best people. Cisco is helping us level up in terms of both technology and staff. We are not only boosting our network capacity but also building up our expertise. 

Accelerating Our Plans to Deal with the Pandemic

Of course, all our plans went out the window when the pandemic hit. In January and early February of 2020, the pandemic was in the news, but it didn’t yet seem real. Everything changed halfway through the month, as hospitals in Wales started modelling ICU bed demand and setting up separate zones for COVID-19 cases and all the other patients they were treating.

We sped up the work on Grange University Hospital to handle the pandemic. Our team and Cisco made it look like an action movie. We set up telephony, a building maintenance system (BMS), and Wi-Fi6 infrastructure for two major zones at the site that was based on Cisco Catalyst 9120 Series Access Points. We'd initially scheduled ten months to deploy, but it only took four weeks.  

Making Compromises

Due to the accelerated timeline, we had to make some compromises. To ensure the deployment of an IoT-ready network and roll our building management platform on time, we postponed implementing Cisco ISE and resorted to MAC authentication. It was the most sensible way to authenticate dumb network devices.

Unfortunately, to proceed with that form of authentication, we needed to know the MAC addresses. But our building contractor didn’t know what the MAC addresses were. And for us to get them, they’d have to first be on the network. It was a bit of a catch-22. Cisco came to the rescue and flew in Matt Graham, a senior pre-sales technical engineer. 

He helped us build a logical network using the Cisco Digital Network Architecture (Cisco DNA) for a software-defined access approach. We used Cisco DNA Center to assemble an entire virtual network from scratch and mapped all its MAC addresses, which we then harvested to connect our IoT and Building Management System (BMS) devices.  

The Core of Our Network Refurbishment Process

Cisco DNA Center is the core of our network refurbishment process. It has taken us from manually configuring and managing individual switches and switching ports to working with a visual, rules-based engine. Cisco DNA Center allows us to install any physical device and configure it remotely using a single pane of glass. We had to install and configure 250 Cisco Catalyst 9500 and 9300 Series Switches alone at Grange University Hospital, and it would have taken days, if not weeks, to set them up by hand. 

With Cisco DNA Center, we were able to configure and deploy the entire network in a matter of hours, which allowed us to get everything working months ahead of schedule to deal with the global pandemic crisis. We'll be rolling out Cisco software-defined networks at all 120 of our sites in the next few years. The savings in time and money will be exponential. 

Segmenting, Securing, and Migrating Our ICT Infrastructure

We will soon be rolling out Cisco ISE across all our sites. Cisco ISE, along with Cisco Software-Defined Access (SD-Access) and Cisco TrustSec, will allow us to segment parts of the network and cordon off specific services to limit the spread of ransomware, and enables rapid threat containment. For example, we can assign CCTV cameras to a separate logical network that is entirely cut off from the patient administration database. We can segment IoT and medical devices from the wider network as well as limiting the movement of threats around the network. We couldn't do that with physical network infrastructure. With tens of thousands of devices connecting to the network daily, Cisco TrustSec is giving us the assurances we need.

We use Cisco Adaptive Security Appliance (ASA) to protect our breakout onto the health VRF, providing segmentation from other parts of NHS Wales. We have also used Cisco Firepower to provide content filtering for non-domain joined devices or managing complex and dynamic rules sets such as Office 365 that produce a lot of workload and our web filtering solution cannot easily scale to provide.

In addition we have adopted Cisco Unified Communications Manager (UCM) as our IP telephony service. We currently have about 9,000 handsets across all our locations and have replaced over 1,000 of them with Cisco devices. Over the next half-decade, we'll migrate 75 distinct servers to a centralised, highly-available virtual platform split across data centres.

Partnering to Revolutionise Healthcare

At the end of the day, ICT is about giving everyone at ABUHB access to the resources they need to provide outstanding healthcare. Cisco has given us the tools to create a robust and reliable network. I can go to our Board of Directors and say with confidence that we have everything under control. I can tell them we have built a solid foundation that will accelerate the digital transformation of our patient services. I can also assure our executive team that Cisco has our best interests in mind and is looking at a long-term technology partnership instead of making a quick sale.

In the coming months, we'll move our primary data centre to a new location and leverage software-defined architecture to seamlessly migrate services and data from one site to the other. We will also continue to refresh our Wi-Fi infrastructure. We still have some legacy hardware in place but have already moved 60% of our networks to Cisco. Finally, we will roll out Cisco DNA Center, Cisco ISE, and Cisco SDA across all our sites over the next five years and hope to achieve full network visibility and automation by 2025. 

We are also officially opening Grange University Hospital on 15 November, five months earlier than our planned March 2021 date.

Thanks to Cisco, ABUHB has a greater sense of security and control. We can identify and troubleshoot problems with greater ease. We also have greater confidence in the relationship and know that Cisco are working with us to deliver class-leading digital services. My network engineers are happier, too. Now that we're giving them better ICT tools and systems, they can see we’re investing in the right technology to help revolutionise healthcare one facility at a time.