Extreme Fabric Connect: a Cure for an Ailing Hospital Network Environment

When you're saving lives, there's little time for anything else. But when your networks require as much time as your patients and impact your daily operations, it's time to improve the condition of your infrastructure. In such a case, Extreme Fabric Connect is just what the doctor ordered!

Responsible for transferring vital communications, data, and medical records, IT networks at hospitals, clinics, care centers, and other similar facilities can be easily compared to a blood circulatory system in a human body. In other words, it's best to take great care of it – even more so now, with the rapid technological transformation we see in the healthcare industry! Still, many healthcare organizations are using older network infrastructure – some haven't seen an upgrade since the turn of the century. Moreover, some larger macro trends around privacy and the rapid digitization of healthcare records are driving the need for a move toward network  fabric. So let's try to diagnose some of the major pain points of 'traditional' networks:

• So much manual configuration. Traditional networks are largely configured switch by switch through a command-line interface (CLI). Manual configuration is time-consuming in today's hospital environment, where new devices and applications are moved, added, or changed frequently. It also introduces the risk of a much-fared network outage or security breach resulting from a human error.
• Slow network recovery. Traditional networks require administrators to understand and configure many interdependent protocols. These include Spanning Tree Protocol (STP), Open Shortest Path First (OSPF), Protocol Independent Multicast (PIM), and Border Gateway Protocol (BGP). All this complexity can slow network recovery because each layer relies on the layer below it to re-establish connectivity.
• Vulnerability to breaches. With medical IoT devices and the flow of medical documentation, the security of hospital networks means everything. In legacy networks, separating different traffics has traditionally required multiple VLANs with access controls and firewalls. However, if you are sharing a routing table, your IP network is flat, and if someone breaches your network, they might make their way to patient health records or, even worse, life-critical devices like insulin pumps.
• Costs. On top of the critical need for an always-available, highly secure network to support dense network environments while protecting patient information, hospitals face the additional challenge that every healthcare system nationwide is dealing with – the extreme pressure to reduce costs.

"The combination of healthcare and IT raises so many problems that I can hardly imagine a more challenging environment. Especially with the trend towards even more wireless networks and the ever-growing need for capacity." - Franz Steinhauser, ICT advisor, Elisabeth-TweeSteden Hospital (the Netherlands)

All the Simplicity and None of the Headaches

When the networking teams are swamped in day-to-day manual operations and network complexity – manually provisioning each device – it's evident that they're looking for efficiencies wherever they can be found. "We needed a secure, agile, and resilient network infrastructure to cope with increased demand from thousands of personal and medical devices so our visitors and staff can continue to experience reliable connectivity," says Rob Bergfeld, Managed ICT Services at Cordaan, one of the largest healthcare providers in the Netherlands. One of the key advantages of the fabric networks is that they support Layer 2 and Layer 3 services for end devices, embrace server virtualization, and provide automation for complete plug-and-play provisioning. With the help of Extreme Fabric Connect, healthcare organizations can dramatically simplify the network's edge and automate the attachment of users and devices. This is critical since hospital environments often include thousands of clients at any time! With a fabric-based network, the hospital staff can oversee their own devices and connect them to the network without the networking team even getting involved – they don't need to worry about what port they're plugged into or make sure it has the right security.

"Thanks to Extreme's technology, our visitors can stay better connected while our team confidently carries out the critical work of caring for and assisting our patients." - Rob Bergfeld, Managed ICT Services, Cordaan (the Netherlands)

Don't Worry About the Availability

The most important criterion by which a clinic or a hospital evaluates its network is availability. When a critical application doesn't work, this has a direct impact. A failing network can make the difference between life and death. Since adding and removing network services in a fabric network only needs to be done at the edge and is typically done from a centralized management system, mistakes are far less likely, and the network is much more stable. Extreme Fabric Connect also provides the opportunity to simplify your network by reducing the number of protocols in use. With a simpler network, recovery times are faster. Also, more interconnectivity means the loss of a link or even a network device will not impact your applications. "Using Extreme Fabric Connect, migrations are now much easier and cause little to no downtime. Moving core switches can be done without downtime", says Dennis Groen, Senior Project Manager at ETZ, one of the largest hospitals in North Brabant in the Netherlands. "Expanding new ports and switches to Satellite Equipment Rooms is much easier and doesn't require configuring all the uplinks. The network does that all by itself and is much faster and more reliable with these tasks". But what about multi-site networks with mobile endpoints? You might wonder…

Extending Extreme Fabric Connect to the Campus Wiring Closet with the Fabric Edge Solution

The digitization of healthcare means more IP-connected medical devices are required in more places to input information. However, it's far too expensive to place a medical device everywhere it may be needed. To solve that problem, hospitals are rolling out digitization programs where medical devices can be moved from location to location where a physician, nurse, or technician needs it. Alas, the amount of configuration required on network devices can be staggering, especially given a large number of edge switches. So how can you reduce the number of configuration requirements at the edge? That's where Extreme's Fabric Edge comes into play.

The solution reduces the number of network protocols by replacing the multi-chassis link aggregation protocol, the VLAN signaling protocol, and the stacking protocol with a single fabric protocol that is also used in the core of the network (IS-IS). The result is an end-to-end fabric that provides a single operational model from Datacenter to Core to Campus-Edge, with the option to expand it even to the Branch. Extending fabric from the network's core and aggregation (MDF) layer to the access (IDF) switching layer simplifies all operational aspects of a network solution, from initial deployment to network expansions and, most importantly, daily operations. "Thanks to Extreme Fabric Connect, we can manage the network with a small team. It allows us, among other things, to very easily stretch the VLAN from one site to another or to manage the routing – 'point-to-point' – on the network itself. In the previous network configuration, we always had to rely on an external partner for that type of intervention", says Paul Tassin from the ICT Infrastructure team at Groupe Jolimont, the biggest health group in the Walloon Region of Belgium.

Auto-Sense Ports

For infrastructure links such as uplinks as well as intra-IDF links, further reduction of edge configuration is achieved by employing Zero-touch fabric, which automatically establishes fabric connectivity among devices within an IDF, as well as towards the MDF, since there is no need to configure stacking or uplinks to the aggregation layer anymore. This edge automation is enabled by a new port functionality where a port state can change based on sensing what is connected to it. This functionality is called port auto-sense. Zero-touch-fabric leverages the auto-sense port functionality to detect whether a fabric switch is connected to another fabric-capable switch. If detected, the fabric is automatically expanded to the connected device, signaling and negotiating all relevant fabric configuration parameters across the fabric link, enabling a plug-and-play deployment model.

In addition to fabric link detection, auto-sense port functionality is also used to dynamically detect fabric-attach (FA) capable devices such as EXOS and ERS switches, Access Points, or third-party FA-capable devices enabling automated service signaling directly from the FA device. Auto-sense ports can also detect whether they are connected to IP Phones or hosts with or without 802.1X login procedures. This elaborate auto-sense port state machine dramatically reduces the need for edge switch configurations, thus significantly simplifying IDF deployments. The automated onboarding service creation is an additional essential element of this zero-touch deployment solution. The fabric automatically creates an isolated connection for each onboarding device towards the network management segment, where devices can reach the DHCP, Radius, and network management servers. This onboarding service ensures secure reachability to the management tools for all connected network devices and end devices. End devices remain in an isolated guest segment until they are assigned to a specific user segment.

Network Segmentation

Hospital rooms today are seeing a true influx of IoT. While a healthcare network must be capable of connecting all medical devices, it must also be very selective in doing so. Authorized devices should be expeditiously onboarded, while unauthorized ones must be prevented from gaining access to the network or moved to a guest network. In other words, already supporting thousands of devices on their network, hospital networks need a reliable way to isolate medical devices to prevent potential security risks. Luckily, Fabric networking makes it relatively easy! Extreme Fabric Connect provides a secure solution without compromising simplicity through policy-based, end-to-end hyper-segmentation. While traditional network segmentation approaches are complex, with multiple levels of protocols, route policies, and access control lists, Extreme's approach based on policy and fabric delivers a simpler, more automated alternative. 

Having a network that can easily be segmented at scale allows you to improve your overall security posture by dramatically reducing the attack surface and preventing lateral movement to more sensitive areas of the network. However, a stealth network prevents malicious actors from discovering the network topology in the first place! Through fabric security features like hyper-segmentation and stealth, compliance with the European Union's General Data Protection Regulation (GDPR) can be facilitated. Secure network segments can be created quickly and easily, end-to-end, without requiring any additional overlay protocols. The network can be designed to fit the needs of different departments in a traditional multitenant environment, like a clinic or patient records department, and separate different types of devices and users, such as smartphones or IoT devices worn by patients. 

Healthcare organizations are under constant pressure to enhance patient care and safety, increase operational efficiency, and reduce the cost of care delivery. The need to be more efficient relates to everything they do at the hospital – including IT and the network. Extreme Fabric Connect is an inherently secure solution that allows hospitals to gradually phase out multiple complex legacy technologies and enables all services through a single, next-generation technology.