Академический Документы
Профессиональный Документы
Культура Документы
Kathleen H. Jungck
E-mail: Kjungck@CapellaUniversity.edu
Capella University
Table of Contents
List of Figures
List of Tables
Table 13. Service Provider Quotes for Monthly Service per site, 3yr contract .............................. 31
Executive Summary
Driscoll Children’s Hospital (DCH) is a tertiary care center providing specialty pediatric services to
children ages 0-21 across a wide geographical area in southwest Texas. As a specialty center, DCH
treats more seriously ill children with advanced needs, including radiology, oncology, cardiology, and
other digital imaging intensive specialties. Many of DCH patients are from low income families in rural
areas with low technology bases. It is often difficult for patients to travel to the main facility in Corpus
Christi, so staff members commute to branch facilities in Harlingen and McAllen, perform a large number
of home visits, and are increasingly utilizing telemedicine to support the widely distributed client base.
DCH is interested in upgrading their current network to support the rapidly growing demand for
their services, the increasing demand on information services to improve patient care, to meet regulatory
compliance requirements. This report presents a proposed coherent, layered solution to meet DCH
requirements for an upgraded, integrated network based on the Cisco Medical Grade Network
architecture. Solution recommendations include a Cisco sole provider solution utilizing Cisco IOS, VSS
core and distribution switches, light wireless access points and wireless LAN controllers, integrated
services routers, IP telephony with Cisco Unified Communications Manager, IPv6 addressing, MPLS VPN
communications with remote branches, VPDN support for remote access and teleworkers, and integrated
security components.
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 7
1. Introduction
Driscoll Children’s Hospital (DCH) is a tertiary care center providing specialty pediatric services to
children in 31 counties across more than 33,000 square miles in southwest Texas as well as children
from northern Mexico (“DCH Overview”, 2011). DCH primary patient population is children age 0-21. As
a specialty center, DCH treats more seriously ill children with advanced needs, including radiology,
oncology, cardiology, and other digital imaging intensive specialties. Many of the patients are from low
income families in rural areas with low technology bases. It is often difficult for patients to travel to the
main facility in Corpus Christi, so staff members commute to branch facilities in Harlingen and McAllen, as
well perform a large number of home visits. Telemedicine use is also increasing to support the widely
DCH is interested in upgrading their current network to support the growing demand of
information services, to meet regulatory compliance for HIPAA, HITECH, and JCAHO for electronic
patient medical records, and to increase productivity through consolidation of voice, data, and video
services into one network. DCH has specifically requested consolidation into a unified sole provider
solution through use of a Cisco SONA three layer architecture medical grade network (MGN) design with
This report presents a proposed coherent, layered solution to meet DCH requirements for an
upgraded, integrated network. Section 1 introduces customer requirements and priorities, section 2
presents architectural design considerations and options, section 3 presents the proposed architectural
design, section 4 details WAN design considerations and recommendations, section 5 discusses IP
addressing schemes and routing protocol selection, section 6 details IP telephony considerations and
requirements for voice services integration, section 7 discusses Unified Wireless Network design choices
and recommendations, and section 8 presents network security considerations and recommendations.
The utmost priority for DCH is maintaining patient confidentiality, providing high quality patient
care, and supporting patient, staff, and visitor safety. High priority requirements for the DCH network
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 8
upgrade include extremely high availability (99.9%) and security associated with a medical grade
network; scalability to support future growth in additional specialty clinic sites, facility growth, service use,
and technology use; manageability of a growing, integrated network without significant staff increase;
integrating voice, data, and video services to reduce cost and provide improved services; telemedicine
support; support for high quality digital medical imaging; ubiquitous wireless access to support high
mobility to improve patient care; and robust remote access to support teleworkers and patient home
visits.
Compliance issues for DCH include HIPAA, HITECH, and JCAHO for electronic medical records,
PCI-DSS for payment services, and the Children’s Children’s Online Privacy Protection Act due to the age
Physical security concerns must also be considered, making it important that information security
policies and procedures coordinate with overall hospital security and safety and policies. The primary
goals for policies at DCH are to protect the privacy, health, and safety of DCH patients, staff, and visitors.
Information security specific policies focus on protecting the confidentiality, integrity, and availability of
information systems infrastructure, equipment, networks, and associated devices to support patient care
at DCH facilities. A full examination of security concerns and recommended controls is addressed in
section 8.
A summary of DCH requirements, goals, and constraints are presented in Table 1. Missing
information and related assumptions applicable to diagramming DCH’s existing network are related in
Requirement Comments
Network Applications and Network Services Assumptions made regarding applications when
not specified
Digital Imaging – PACS, RIS DICOM standard for X-ray, MRI, etc.
Horizon Medical Imaging from McKesson
Cisco Collaborative Imaging
Patient Medical Records, Billing, AMR EPIC, with web access portals – one database
Mobile Voice Recording / Medical Transcription Dragon Medical 10.1
Language Translation software Cisco Collaborative Care – Language
Interpretation Services
E-mail, contacts, calendar Outlook, Outlook Web Ap (OWA)
Office productivity MS Office (Word, Excel, Powerpoint, etc)
Teleconferencing - telemedicine Cisco TelePresence and/or Care-at-a-Distance
VoIP Unified voice, video & data service, voicemail, etc.
Various Cisco products
IP multicast (support teleconferencing)
Web Browser Internet Explorer, Firefox, Safari, Opera, etc.
Organizational Goals
Immediate, continual access to patient records Fast response, high availability, both view & update
Location independent access Work from home as in office (teleworkers); home
visits
Ubiquitous, secure wireless access Anywhere on any campus
High degree of clarity for medical images Bandwidth capability to support frequent
transmission of large files
Integrate voice, video & data - single network
Centralized data center Accessible from all locations with high availability &
reliability
HIPAA Compliance
Joint Commission on the Accreditation of
Hospitals (JCAHO) Compliance
Create unified organizational policy Network Access Control, Acceptable Use of
Network, Security Management, Incident
Response
Increase end-user device options Thin-clients, PDA, wireless notebooks, cell phones,
tablets, GPS devices in addition to Desktop PCs
and notebook computers
Organizational Constraints
Main Campus – site dimensions 8 buildings, 8 story office tower – 8 floors, 10,000
sq ft per floor
Main Campus – staffing 100 doctors/250 nurses/1000 support staff
Harlingen branch – site 10,000 sq ft, single story
Harlingen branch – staffing 25 doctors/75 nurses/200 support staff
McAllen branch – site 18,000 sq ft, single story
McAllen staff 35 doctors/100 nurses/300 support staff
Large number of home visits Medical staff visit patients off-campus
Large number of teleworkers Medical staff work from home as needed
Staff is not confined to single site Medical staff rotate among sites to accommodate
patients
Policy Migrating from hybrid, divergent network to
unified, single infrastructure that maximizes
robustness & scalability
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 10
Requirement Comments
Technical Goals
Integrated, sole provider architecture to maximize Move away from disjointed, multi-vendor
robustness, expandability & bandwidth specialized platforms. Prefers Cisco Enterprise
Model – 3 Layer Architecture with Cisco IOS
High Bandwidth – 1Gb to desktop Frequent transmission of large image files
Upgrade routing devices Replace hubs & dumb switches with all layer-3 &
layer-4 intelligent switches
Fast response / Performance Constant need for access to medical records
High availability 99.9%
Adaptability
Scalability
Support & configure VLANs
Multi-dimensional security Firewalls, ACLs, virus protection, data encryption,
redundant backup
Quality of Service (QoS) metrics
Secure teleworkers support VPN tunnels, encryption authorization, password
challenges
Simplify network addressing scheme, replacing Convert from IPv4 to IPv6 & utilize DHCP where
static addressing with dynamic where possible possible
Monitor & Manage network performance through Management Information Base (MIB), Simple
improved manageability Network Management Protocol (SNMP), & Tools
including Netflow & RMON (Remote Monitoring)
Mobility
Upgrade cabling to CAT 6 Replace as much CAT 3 & CAT 5 as possible
Upgrade routing protocols Replace RIP-1 and IGRP with RIP-2, EIGRP &
OSPF
Technical Constraints
Remote access from low-tech areas Medical staff on home visits need remote access
from areas with low technology base
Current Status Static addressing, low bandwidth (10Mb)
Outdated infrastructure Not adaptable, no remote management with hubs
and simple Layer 2 switches
Existing cabling Replace CAT 3 & CAT 5 where possible,
ubiquitous wireless
Existing network devices Replace unmanaged hubs & switches with multi-
layer switches as part of modular 3-tier
hierarchical architecture design
Bandwidth ability Increase to leased lines (fractional-T1/T1, T3)
Divergent LAN topologies – Multiple NOS (Novell, Standardize to support IPv6, DHCP, performance
Appletalk, MS, +); Token Ring, Ethernet metrics, management, & security objectives w/
modular SONA format
Table 1. Initial Requirements
While DCH specified several critical and important applications, including electronic patient
medical records, digital imaging, language translation, and medical dictation, special applications were
not identified. Research on widely used software fitting those applications was used where usage and
bandwidth assumptions were required to develop existing network scenarios. Additional applications
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 11
commonly used in large hospitals was also identified, and are listed below in Table 2. Specific network
services that were identified as a priority, including security, but were also detailed, are also listed in
Table 2. Organizational and technical constraints that could affect the design project such as existing
building and equipment layouts, staffing, and budget were also listed. Research has identified that DCH
is affiliated with Texas A&M University, so the possibility of an extranet was also identified.
2. Network Architecture
Major design areas to address in the DCH network design include identification of relevant
applications, modularization of the network, identification of scope, and appropriate design alternatives to
achieve DCH goals (Teare, 2004). Identifying relevant applications is a major factor in network design in
order to determine what resources are required to meet performance levels. Interoperability must be
considered, as well as logical connectivity requirements, and what network services are required to
support each application. Quality of Service (QoS) metrics must also be identified.
Modularization of the network, taking into account geographical distribution of the organization,
aids in prioritizing redesign tasks, as well as identifying scope. Network modules for DCH may include
the major campus LAN in Corpus Christi, the centralized server farm, DMZ server farm, the intranet edge
which includes the border, extranet, WAN, and internet, service providers such as ISP or PTSN, remote
access for teleworkers or home visits, and branch campuses at Harlingen and McAllen.
Scope must be determined to identify which network modules are to be redesigned, and to what
extent. Security requirements, HIPAA and JCAHO compliance, remote access requirements,
telemedicine, consolidation, and architecture considerations such as intelligent switches and other
customer required features such as QoS metrics will contribute to scope decisions. Design alternatives
will likely need to be considered for the Corpus Christi campus LAN, redesigning routing protocols, and
In order to support these goals, it is important that the network be robust, highly redundant, have
high quality of service (QoS), support multicast, and provide ubiquitous wireless access. Cisco® Medical
Grade Network (MGN) architecture best addresses the primary concerns of a medical grade network.
Cisco® MGN architecture is based on the best practices to support a healthcare environment.
MGN focuses on communication, information, technology, bandwidth, and integrations needs for
clinicians, administrators, patients, and partners to support the transfer and storage of large medical
datasets as well as to ensure industry and government regulatory compliance such as HIPAA and PCI
DSS. MGN also supports unified voice, video, and data networks to support telemedicine and improved
patient care. Identity and policy based mechanisms that extend beyond the Enterprise Campus are
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 13
utilized to limit access to authorized individuals. MGN utilizes the Cisco SONA architecture, a 3-tier
hierarchy of network design modularized into six main parts and respective sub-modules as detailed in
Table 3.
2.2. Redundancy
Redundancy is critical to ensure the high availability required by medical grade networks.
Redundancy can be provided in several ways, including architectural design, alternate routing, and
hardware design. Architectural design elements include use of redundant nodes, mesh and partial mesh
topology, use of multiple links between nodes, and use of backup service providers in case of primary
failure. Virtual Switching Systems (VSS) adaptation supports high availability and performance by
integrating network systems and redundancy into a single node. For the DCH network upgrade,
redundancy must be addressed in the design, especially focused on the core, server farm, and service
provider modules. Cisco MGN also recommends the following best practices to support hardware
1. No single point-of-failure through use of elements including redundant chassis' and stackable
4. Protocols implemented that can quickly detect faults and failover appropriately
5. Redundant network services where access or network capability is limited by a service(e.g., DNS)
Other methods of promoting high availability include the use of Wide Area Application Services
(WAAS) that use optimized caching, transport flow optimization, and compression to reduce traffic
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 14
bandwidth across the WAN. Low cost Wide Area Application Engines (WAE) appliances provide global
LAN like access to central data centers or server farms from remote locations over the WAN (Teare,
2008). Communications Manager Express (CME) modules also support redundancy by allowing calls to
be routed through integrated services routers in the event the centralized call manager is unavailable
The selection of multiple service providers also supports redundancy. Alternate ISP and MPLS
vendors provide redundancy in case of a failure of the primary provider’s network, thus ensuring
continued availability. MPLS is becoming more desirable for medical networks due to its increased
bandwidth, reliability, class of services, and speed over other connection types, rivaling the speed of T1
and T3 leased lines but at more consistent quality of service. (“MPLS: Is it the future”, 2007).
2.3. Security
Cisco MGN architecture is based on best practices to be protected, interactive, responsive, and
resilient (Higgins, Mah, Anderson & et al, 2011). Security is one the top three concerns for healthcare
CIO, and top security concerns are internal breach, regulatory compliance, and inadequate deployment of
technology (“MGN 2.0 Security Architecture”, nd). A healthcare network is considered protected when
best practices are employed to the entire environment. The Cisco security control framework (SCF) is
employed at each place in network (PIN), such as campuses, remote clinics, and branches. Five major -
areas to be addressed are end-point security, network security, content security, application security, and
In the DCH design, security needs to be addressed at a network level as well as within each
module. Some appliances interact in multiple parts to create a cohesive security system. At the network
level, security is provided through infrastructure protection on the switching and routing platforms, through
the use of firewalls and firewall service modules, an Adaptive Security Appliance (ASA), firewall
integrated with the integrated services router (ISR), CSM (network management console) and CS-MARS
(Security Monitoring, Analysis & Response System). Module specific security needs will be identified in
the associated module sections below, and recommended security implementations are addressed in
2.3.1.Enterprise Campus
The Campus core provides connectivity to the entire campus network, and should be designed to
support the highest availability levels. Redundancy through hardware, multiple redundant switching
fabrics using VSS, and high scalable bandwidth are needed up to 1.4 Tb. It is important to focus on
throughput at the core, so no extraneous security devices are recommended at this layer.
The distribution layer provides services and controls between the core and access layers and
balances, Intrusion Prevention System (IPS), Network Admission Control (NAC) server, Wireless LAN
Controllers (WLC), and Network Administration Modules (NAM) should be implemented at the building
distribution layer to support security services and centralized network management. WLCs manage
lightweight access points (LAP) at the access level that download centrally managed configurations to
increase manageability and decrease the risk of tampering. NAC and NAM gather information about the
local network segments to be collected and analyzed centrally. The DCH network will utilize network
virtualization with Cisco 6500-series multi-layer switches and Supervisor 720 modules to provide virtual
route forwarding (VRF) and VSS to ensure enterprise-quality network response and path isolation of
The MGN access layer enables multiple services and provides connectivity to biomedical devices
and end-users. The access layer separates computing devices from network infrastructure to provide
additional security, quality of service (QoS) traffic management. Additional to this layer include LAP and
IP phones. Care must be taken in wireless implementation to segment devices appropriately, as some
medical devices require dedicated bandwidth and isolation from other network traffic (Higgins, Mah,
Anderson, & et al, 2011). Cabling will need to be upgraded where possible to support 1GbE to the
desktop. VLANs will need to be assigned to isolate IP phones from other traffic, and PoE requirements
calculated to determine the appropriate ratio of switches to support access layer devices.
These changes will support the customer’s requirements for wireless access, IP telephony,
DCH does not support an external data center, so the server farm module is more applicable.
The data center should be connected directly to the core through the distribution layer VSS. The server
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 16
farm should function as a protected area in order to safeguard the most important information assets of
the enterprise as well as network devices to support central network management, load balancing,
Within the server farm module, a number of security services and appliances are needed to meet
1. NAC controller and profiler to manage NAC Servers throughout the network that ensure
security policy compliance; limit access to trusted, compliant endpoint devices like PCs,
PDAs, and servers; mitigates risks from viruses & worms; and provide shared service areas
4. Access Control Server (ACS) that supports RADIUS authentication, NAC, directory services,
as well as correlating infrastructure based telemetry, firewall, and APS data for threat
9. Application Control Engine (ACE) and/or ACE/XML gateway to provide both high availability
maintenance. (“Cisco Medical Grade Network 2.0 – Security”, nd). ACE also controls
application access, provides end-to-end encryption through SSL termination service, offers
protection for common attacks, and supports HIPAA and PCI-DSS compliance (“Cisco
The Edge provides boundary protection, separating the main campus from external connections
such as Remote access & VPN, WAN/MAN, and Internet as well as the E-commerce and service provider
modules. To support high availability to the branch locations, the Service Provider module for DCH
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 17
should support primary and secondary private MPLS VPN connections through separate providers. For
Internet connectivity, DCH should utilize both a primary T3 connection and secondary T1 connection
through separate providers for both campus internet access, but also to support VPN access for the
Teleworkers module. A PTSN connection should be maintained to support dial-in access for the
Within the Campus Edge Module, multi-layer distribution switches will assist in distributing the
traffic into multiple sub-modules: Remote Access & VPN, Internet Connectivity, and E-commerce. IPS
systems should be added to each sub module, routers should be upgraded to ISR with firewall modules,
and VPN/IPSec termination servers should be supported in the Remote Access & VPN sub-module.
2.3.4.Branch
At the Branch module(s), the existing router should be replaced with an ISR-G2 router with
firewall, wireless access point, and WAE modules that provide integrated security solutions and support
integrated data, video, and telephony services. WAE optimizes the use of enterprise applications. NAM
should be added to support centralized network management and CME modules should also be added to
2.3.5.Teleworker
The Teleworker module should include support for both clinicians and teleworkers utilizing a
standard Internet connection using VPN as well as clinicians on home visits restricted to lower technology
such as dial-up. This can be accomplished through registered mobile devices authenticated through the
ACS in the server farm, and VPN terminations in the Edge remote access sub-node. ISR providing
wireless access can also support mobile devices connected to it for remote authentication.
A Cisco Partner, Dartware Intermapper is capable of gathering real-time, vendor neutral data on
the network using the SNMP protocol. This is important as there are currently no intelligent network
devices in place and the current network is extremely heterogeneous. The current configuration of hubs
may require agents such as Splunk, another Cisco partner, to be installed on host based systems for
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 18
more granular awareness. NetFlow would not be a good choice at this time as the network is so
heterogeneous. If any of the current routers or switches support RMON, an MIB that includes the ability
to trigger alarms for user defined threshold events, RMON could be used to gather LAN traffic data.
Once the Cisco sole-provider architecture is in place, NetFlow would be a good choice to monitor
the network in combination with the Cisco Security Management Suite. Splunk and Intermapper would
continue to compliment the solution by integrating event and logging data from enterprise wide devices.
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 19
3. Planned Design
To support current and future performance and bandwidth needs of the campus core backbone,
new laser optimized multimode fiber (nMMF) OM4 at 850nm is recommended to interconnect the campus
core, distribution, and access layer infrastructure. nMMF OM4 is a good choice over Single Mode fiber
because of cost, higher port density, and lower energy consumption (Congdon, nd). OM4 will support
both current 10G links as well as evolving 40/100G links (Kish, 2010). Table 4 below details the
Copper UTP
Parameter MM Fiber nMMF OM4 SM Fiber Wireless
6E 6A
Distance 100m – 100m – 1G 550m – 1G 1100m – 1G 5km -1G 500m –
(Range) 1G 100m – 300m – 10G 550m – 10G 80km – 10G 1Mbps
55m – 10G 125m – 2km –
10G 40/100G 40/100G
Bandwidth <= 1G/s <= 10Gb/s <= 10Gb/s <= 100Gb/s <= 100Gb/s Half duplex
to 27 Mb/s
Price Inexpensiv Moderately Moderate Moderate Moderate to Moderate
e Inexpensiv expensive
e
Area Wiring Wiring Internode or Internode or Internode or Internode or
closet closet Interbuilding Interbuilding interbuilding Interbuilding
Service 10+ years 10+ years 15-20 years 15-20 years 20+ years
Life
Table 4. Transmission Media Characteristics
Copper unshielded twisted pair (UTP) at Category 6E and 6A will provide the bulk of the wired
connections to the end-user. Cat 6E is required at minimum to support 1G to the desktop and to support
more intensive applications such as telemedicine, VoIP, and high resolution digital imaging. Cat 6A
would be recommended to support future 10G to the desktop, anticipated to be the enterprise norm within
5 years with the emergence of 40/100G considering Moore’s Law. A combination of OM4 and wireless
will support end-user locations that are not easily reached by UTP or with excessive electromagnetic or
radio frequency interference. Cabling within the hospital, both OM4 and UTP Cat 6, may be required to
have plenum coatings for fire safety. Building codes must be confirmed for cable selection, as plenum
The Server Farm/Data Center and network operations are located within building #4, as shown in
Figure 1 below, which also houses the main administrative services for the campus. The Core switches
are easily accommodated into the equipment room adjacent to the Data Center in the southeast corner of
building #4. This allows for maximum support by network operations, ease of centralized administration,
and is within the transmission media limitations of OM4 cabling for both 10Gb performance and future
40/100Gb performance to distribution switches in all campus buildings as well as to the Data Center. The
servers in the Data Center will be connected to four fabric switches through dual 10GbE fiber
connections. The fabric switches will connect to the core switches through building #2 distribution
switches. Edge distribution will be located in building #5, which is the closest campus location to service
NORTH
0 100ft
A redundant pair of core layer switches will operate as a Virtual Switching System (VSS)
interconnected by a pair of 10Gb/E modules. Each core switch will require (2) ports to support a
distribution VSS in each of the eight buildings, the Data Center/Server Farm in building #4, and the
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 21
enterprise edge in building #5. Each VSS distribution switch will connect to the core in a triangle
redundancy pattern. DCH has requested Cisco IOS, instead of Catalyst IOS, in support of IPv6
migration, MPLS, server load balancing, and other future service improvements.
VSS logically defines two redundant Catalyst 6500 switches into a single unit for the campus
core, which will be located in building #4. VSS provides a high performance, resilient, and highly
available backbone. Throughput is provided by Multichassis Ether Channel and 802.3ad link
aggregation. High availability is provided through a loop free design with stateful switch over (SSO), non-
stopf forwarding (NSF), and in-server software upgrades (ISSU). The core switch pair will each require at
least two 16 port 10Gb/E modules with fiber transceivers to provide dual link connections to each of the
22 planned distribution switches (11 pairs). This configuration will provide 10 ports on each core switch
for redundant spares and future growth. The core VSS should be configured as described in Table 6:
Cisco Catalyst 6500 Virtual Switching System 1440 (Cisco IOS included)
Cisco Catalyst 6500 Switch Cisco Catalyst 6500 Switch
Supervisor 720-10G-3CXL – VSS Engine Supervisor 720-10G-3CXL – VSS Engine
• (2) 10G optic (X2) upload ports • (2) 10G optic (X2) upload ports
• (2) 1G Ethernet SFP ports • (2) 1G Ethernet SFP ports
• (1) selectable 10/100/1000 RJ-45 • (1) selectable 10/100/1000 RJ-45
• MSFC3 PFC3C XL • MSFC3 PFC3C XL
Primary + Redundant Power Supply Primary + Redundant Power Supply
(min 2500 W ea) (min 2500 W ea)
(2) 16 port 10Gb/E modules - X2 fiber transceivers (2) 16 port 10Gb/E modules - X2 fiber transceivers
22 ports allocated; 2-VSS; 10 open 22 ports allocated; 2-VSS; 10 open
(1) 16 port 10Gb/E module - X2 fiber transceiver (1) 16 port 10Gb/E module - X2 fiber transceiver
spare for module failure + growth spare for module failure + growth
(1) 8 port 10Gb/E module – copper as alternate 1) 8 port 10Gb/E module – copper as alternate spare
spare port links port links
X2 fiber transceivers with OM4 nMMF cabling will connect distribution switches to each access
layer switch. Distribution switches will utilize the same primary VSS 1440 configuration as the core layer
switches, but with varying numbers and port counts of 10Gb/E X2 modules depending on access layer
density. Module configuration for distribution layer VSS switches is specified in Table 7 and distribution
layer port counts are specified in Table 8 below. Branch modules are not included in Table 7 as the
branch access layer switches are aggregated through the integrated services router at each branch rather
Total Ports
Location Notes
Ports in Use
Main Building (Hospital) #1 96 64 8 floors, 4 wiring closets per floor, 1 access switch
VSS Distribution Switches with per wiring closet. 8 x 4 x 2 = 64.
Dual uplinks (Total = 16 x 3 x 2 – 1 spare)
McIver Furnan, Bldg #2 32 20 5 Floors, 2 wiring closets per floor, 1 access switch
VSS Distribution Switches with per closet. 5 x 2 x 2 = 20
Dual uplinks (Total = 16 x 1 x 2 )
Joseph M. Sloan, Bldg #3 32 20 5 floors, 2 closets per floor, 1 access switch per
VSS Distribution Switches with closet. 5 x 2 x 2 = 20
Dual uplinks
Health Center, Bldg #4 16 8 (4) Fabric Switches for Server Farm/D. C.
Server Farm (8 x 1 x 2; 1 spare 8 port).
VSS Distribution Switches w/
Dual Uplinks
Health Center, Bldg #4 32 16 4 floors, 2 closets per floor, 1 access switch per
VSS Distribution Switches w/ Dual closet. 4 x 2 x 2 = 16
Uplinks
Pediatric Center, Bldg #5 16 8 2 floors, 2 closets per floor, 1 access switch per
VSS Distribution Switches w/ Dual closet. 2 x 2 x 2 = 8
Uplinks
Bldg #5 – Edge WAN 16 6 TBD
Distribution Switches w/ Dual
Uplinks
Bldg #5 – Edge Internet 8 4 TBD
Distribution Switches w/ Dual
Uplinks
Rehab Center, Bldg #6 16 6 2 floors; 1 wc 1st floor (pool); 2 wc 2nd floor, 1
VSS Distribution Switches w/ Dual access switch per closet. (1 + 2) x 2 = 6
Uplinks
Ronald McDonald House, Bldg 8 2 1 access switch
#7. VSS Distribution Switches w/
Dual Uplinks
Children’s Learning Center 8 4 2 floors, 1 access switch per floor. 2 x 1 x 2 =4
Bldg #8, VSS Distribution
Switches w/Dual Uplinks
Harlingen Brach 8 4 TBD
VSS Edge WAN Distribution
Switches w/ Dual Uplinks
McAllen Branch 8 4 TBD
VSS Edge WAN Distribution
Switches w/Dual Uplinks
Total 296 166
Table 8. Distribution Layer Port Counts
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 24
Copper UTP, Category 6E and/or Category 6A, will be installed to support 1Gb/E to the end-user
devices and wireless access points. Cat 6E is required to support the higher demands of telemedicine
conferencing, digital medical imaging, and IP telephony. Cat 6A would be a prudent investment to
support network growth over the next 10 years, as 10Gb/E to the desktop is emerging, and based on
3.4.2.Access Switches
Catalyst 4500 Switches will be utilized at the access layer. The Catalyst 4500 is a multilayer
switch capable of providing QoS to support IP telephony, telemedicine, and other multimedia applications,
to provide port security, and route via IP rather than MAC address. Teare (2008) notes that routing in the
access layer can provide increased performance. The Catalyst 4500 also provides 60W of 802.3af POE
per port, 30W simultaneously across all ports, which will support IP phones, wireless access points, and
other devices. Cisco Catalyst multi-layer 4507R+E switch models with redundant 7E supervisors and
dual power supplies are the preferred model for most buildings. These switches provide fail-over,
redundancy, plenty of PoE per port, have (4)10G uplinks and (1) 1G uplink, and support IPv6 (“Cisco
Catalyst 4500”, nd). The scalability and modular nature of these switches would be the best option for
growth. One switch per closet should be sufficient, as the top power supply can provide up to 4200W of
PoE. Each switch can support up to 192 access ports, scalable in 48 port increments depending on
building concentrations.
Many of the physicians and nursing staff are highly mobile, rotating between the primary facility in
Corpus Christy and the sub-specialty centers in Harlingen & McAllen as well as performing patient home
visits. As such, staff counts do not accurately reflect the number of stationery devices in a particular
location, and counts have been adjusted accordingly. Ubiquitous wireless access will be provided
throughout the enterprise by Light Wireless Access Points (LWAPP) managed through a central
controller. Due to channel separation requirements, since some medical devices require a particular
frequency, multiple LWAPPs may be necessary in areas with high concentrations of medical devices.
Cisco Aironet 3500 series supports multicast for multimedia applications like voice and
videoconferencing, and helps to minimize interference from multiple access points. Dedicated medical
device support may only require Aironet 1140 models. Some areas may require higher or lower density
than average. This installation is highly scalable, as the manager can support up to 18,000 access points
Several Cisco platforms, including ISR routers and Catalyst switches support multi-domain
authentication. This allows PCs and IP phones to authenticate to the same switch port, but operate on
separate VLANs. This reduces the access layer port count, especially in branch offices.
4. WAN Design
6. Security
8. Scalability
9. Manageability
DCH supports a very large geographical area – 330,000 square miles in southeast Texas, and
even patients in Mexico. Specialists at DCH travel to remote specialty clinics, perform home visits for
patients, and even work from their own homes in order to service such a large area. Staff need to access
patient records from any of these locations, some of which are very low technology areas. To support
these remote access requirements, VPDN service through a service provider would supply the most
Driscoll Children’s Hospital (DCH) is a tertiary care medical center. Tertiary care centers
specialize in the more severe cases that often require extensive medical testing including radiology.
Current levels of care support radiology for more than just diagnosing broken bones. CT scans, MRIs,
and ultrasound are utilized for many specialized diagnoses, from heart conditions, to breathing problems,
to stomach ailments. This makes supporting high resolution digital imaging with 100Mb file transfers
Specialists at DCH also consult via telephone and, where available, videoconferencing with
primary care pediatricians to reduce the travel requirements for ill children and their families. To support
IP voice and video telephony, end-to-end QoS support is required. Cisco Medianet architecture
(“Overview of Medianet”, nd). A primary DS3 connection, with redundant fractional DS3 speed
connection, would help to satisfy both bandwidth and high availability requirements of a medical grade
network.
Extremely high availability is required for access to electronic patient health records and to
support IP telephony, so any service level agreement (SLA) must ensure 99.99% availability, through the
use of redundant or alternate connections if necessary. DCH also has need for scalability to support the
rapid growth they have experienced in the recent past and expect to continue into the future. Security is
another requirement for DCH WAN design. HIPAA and HI-TECH compliance requirements mandate
confidentiality and integrity protection of patient records. VLAN support is required to segment voice and
data traffic as well as site to site VPN and remote VPDN support to ensure confidentiality.
MPLS presents the best option to meet DCH requirements for high availability, scalability,
manageability, ubiquitous remote access for teleworkers and home visits, security, and QoS to support
Voice over IP (VoIP) and video teleconferencing for telemedicine. A dual connection MPLS (one primary,
and one shadow) through a service provider would be the best choice to connect the remote branches.
The shadow connection is lower cost than a dedicated second connection, but is still available when
needed, and doesn’t require the long term commitment of dark fiber. MPLS provides scalability (including
scalable VPN), flexibility, speeds ranging from T1 – T3, can support overlapping addressing for VPN use,
provides end-to-end QoS, supports traffic engineering, and implements fast rerouting (FFR) to provide
quick recovery. MPLS also supports VPN in a more manageable fashion, along with security protocols
such as IPSec (Teare, 2008). The demands of the branches require a DS3 (T3) speed link to support
45Mbps of integrated video, voice, and data with a redundant fractional T3 link in case of primary link
Security is provided through appliances such as Adaptive Security Appliances (ASA), Application
Control Engines (ACE), Wide Area Application Engine (WAE); IDS/IPS; network access control modules
(NAC); VPN access modules; Integrated Services Routers (ISR); multilayer switches, firewall services
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 29
modules (FWSM), wireless services modules (WiSM) and WLAN controllers, and authentication and
directory service. VLAN's over a Virtual Switching System (VSS) also enhance security and performance.
At the enterprise WAN Edge, the VSS 1440 (paired Catalyst 6500 Switches) can be outfitted with
FlexWAN modules to aggregate the enterprise edge. FlexWAN modules support integrated network
services, security, and QoS metrics. They utilize Cisco IOS and share many of the same components,
reducing the quantity of spares needed on hand. Edge distribution switches can be fitted with FlexWan
modules, WAE engines, IPS, and firewall modules to perform secure routing functions. Wide Area
Application Services (WAAS) can help reduce WAN traffic by 20-50% by use of optimization and
compression (“Overview of Medianet Architecture”, nd). Utilizing this configuration at the Enterprise Edge
reduces cost, increases manageability by reducing equipment diversity and quantity, and reduces energy
Cisco Catalyst 6500 Virtual Switching System 1440 (Cisco IOS included) for Edge Routing
(3) WS-X6182-2PA FlexWan Modules, 2 ports (3) WS-X6182-2PA FlexWan Modules, 2 ports
ea (6 total ports) ea (6 total ports)
(2) WS-X6182-2PA= FlexWan Module, spare (2) WS-X6182-2PA= FlexWan Module, spare
(4 Total ports) (4 Total Ports)
Can support up to 12 FlexWAN Modules, so lots Can support up to 12 FlexWAN Modules, so lots
of room left of room left
Teare (2008) recommends a single layer model for a small branch. Both Harlingen and McAllen
are relatively small branches that can be supported by a single integrated services router (ISR) G2 3945E
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 30
plus two access layer switches for redundancy. The ISR G2 3945E provides hardware redundancy, dual
power supplies, appropriate appliances, switching modules, and wireless LAN controller. The 3945
model supports multi-domain authentication, so PCs and IP phones can share a switch port but be on
separate VLANs. This reduces the total number of ports required, lowers operating costs, and simplifies
troubleshooting. Appliance modules include WAAS/VSEC-P(SRE) that provide VPN security, firewall,
IPS, and WAAS. These modules also include Unified Communications, CME, and SSRT support to
continue phone service at the branch in case the main communications manager is unreachable. The
3945 also provides security services such as VLAN ACLs, Dynamic ARP, DHCP Snooping, IP Source
Guard, Private VLANs, Unicast RPF, 802.1x, and port security. Table 12 presents a proposed
Dual Power Supply for 1040 W POE @ 803.2af (up to 65 devices) and hardware redundancy
4.4. Software
Cisco IOS network operating system will be used throughout the network infrastructure.
Applications such as Cisco Virtual Office can extend enterprise services and security to the remote
teleworkers. Unified Communications Endpoints phone and desktop clients extend the communications
infrastructure to support remote workers. Cisco AnyConnect VPN and Secure VPN Desktop solutions
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 31
provide encryption to protect patient information and prevent local caching of sensitive information.
4.5. Redundancy
Cisco Medianet architecture highly recommends a secondary WAN connection, ISR router(s),
and use of performance routing (PfR) for each branch. A secondary shadow connection for each link, as
well as redundant bundled 3G/4G cellular wireless cards for each site from the service provider, would
provide secondary and tertiary backup strategies for WAN access in case the primary link fails. Wireless
cards can be bundled in groups of up to 10 with automated failover to provide more acceptable
bandwidth. A shadow connection can be utilized at times of high demand to provide additional
bandwidth. This is less expensive than a dedicated connection, and in some cases is offered by the
vendor at no charge if peak usage is less than ¼ of total capacity (Teare, 2008).
Redundancy in hardware is built in by the use of a VSS switch router at the enterprise edge,
which is a logical single switch with a hot backup. Splitting the incoming carrier link in a traditional router
redundancy pattern breaks QoS designs, reducing voice and video quality. Routing redundancy can
instead be supplied at the branches by use of a second fully configured router with a failover switch and
4G cellular coverage is only available in Corpus Christi with 3G coverage available in McAllen
and Harlingen. The difficulty with cellular networks is a lack of guaranteed bandwidth. Sprint offers 4G
speeds of up to 10Mbps, but that bandwidth is shared between all users in an area (“4G”, nd) and is only
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 32
available in select locations within Texas. Godinez (2010) documented 4G at 3-4Mbps for downloads
and uploads of 0.9-1.0 Mbps. 3G averaged 550Kps for both download and uploads (Godinez, 2010).
Cellular cards can be bundled in groups of up to 10 to provide more sufficient bandwidth for a tertiary
solution.
AT&T, as brokered by TelecoBrokers, offers service in the requested primary configuration of (3)
50M MPLS circuits, one per site, and (1) 50M EaMIS circuit with internet access to be shared from the
main campus for $7636 per month. AT&T also offers VPDN service for an additional $950 per month.
Secondary redundancy through (3) 20M MPLS circuits and (1) 20M EaMIS circuit is available from
Earthlink through TelecoBrokers for $4650 per month. A tertiary redundant 3G/4G non-MPLS solution for
each site is available $1500 that provides 5M – 10M of capacity depending on the site.
An alternate configuration could include the primary solution, (2) 20M MPLS from the secondary
solution, and bundled 4G wireless at 10M from the primary campus as the internet access backup. This
4.7. Scalability
Multiple 50M links can be bonded to both preserve MPLS usage as well as increase bandwidth.
MetroEthernet is available in the region which is scalable to 1G, allowing some growth room.
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 33
5. IP Addressing Scheme
5.1. Scalability
Driscoll Children’s Hospital (DCH) supports a very large geographical area – 330,000 square
miles in southeast Texas, and even patients in Mexico. DCH has experienced significant growth, which is
expected to continue. Staff members commute from the main campus to subspecialty clinics in two
remote locations, with three other clinics under consideration for the near future, with more possible as
patient growth continues. Any addressing scheme must be scalable to support future growth.
5.2. IPv6
The Asia Pacific Network Information Center (APNIC) released its last block of IPv4 addresses in
April 2011, and the American Registry for Internet Numbers (ARIN) is expected to exhaust its supply by
the end of 2011 (Vaughn-Nichols, 2011). Use of IPv6 addressing resolves concerns about exhaustion of
IPv4 addresses and eliminates the need for NAT and private addressing. Dual stack DNS address
resolution, 6 to 4 capable routers from the ISP, and updated APIs support transparent transition
strategies for IPv4 legacy applications and systems as well as interaction between IPv6 nodes across
In addition to large address space, IPv6 also offers improved security through the mandatory use
of IPSec; flow labeling capability to support QoS and real-time service; site multihoming through multiple
ISPs; improved header format efficiency; globally unique addresses that eliminate the need for NAT,
which interfered with end-to-end QoS; and increased mobility and multicast capabilities. If an IPv6
address block is acquired by the end of 2011, ARIN is offering a 25% discount on the registration fee, for
a onetime charge of $937.50 (“Fee Schedule”, 2011). An annual maintenance fee of $100 will then be
assessed to retain the addresses, and only one maintenance fee will be assessed to organizations
5.3. Manageability
With an upgrade to an integrated voice, video, and data network, workloads on DCH network
administration staff have increased significantly. Use of dynamic address assignment wherever possible
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 34
would increase manageability for administrative staff and reduce the workload necessary to maintain
static addressing on thousands of devices. A hybrid dynamic/static address assignment scheme would
address both manageability and security concerns. A centralized Dynamic Host Configuration Protocol
(DHCPv6) server within the Server Farm module and each branch coupled with DHCP relay agents on
each subnet with IPSec communication security would provide more secure address assignment than
previous versions of DHCP. Stateful dynamic addressing for end user devices would allow extended
administrative control without additional workload. Network infrastructure devices such as switches,
routers, and servers, a small percentage of the overall total number of devices, would be assigned
manual static addresses for security and administrative purposes. Additional security could be provided
through use of Internet Key Exchange (IKE) protocol that utilizes a Certificate Authority (CA) to update
keys or through the use of Cryptographically Generated Addressing (CGA) that does not require a CA or
extensive key infrastructure. CGAs are IPv6 addresses that use an interface identifier generated by a one
way hash function using a public key plus other parameters (Jiang & Shen, 2011).
A hierarchical addressing scheme would provide the most benefit for a large enterprise network
of several thousand devices and allow hierarchical routing. Hierarchical routing provides modularity,
routing stability, enhanced availability, supports network scalability, and supports route aggregation for
improve performance. Hierarchies in the Cisco SONA architecture at the core, distribution, and access
layers should be recognized in the addressing scheme. Cisco recommends restricting VLANs to an
access switch and separating voice and data traffic into separate VLANs to reduce broadcast traffic
(“Overview of Medianet”, nd). Extending the subnetting per access switch, and then by VLAN, allows the
most efficient route aggregation. IPv6 addressing permits 65,684 possible subnets (Teare, 2008) which
allows for adequate separation and scalability under the proposed hierarchy.
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 35
3 23 32 48 64 128
2000::/3
Global prefix
Devices can contain more than one IPv6 address. IPv6 addresses include unicast, anycast,
multicast, local, and global addresses. The DCH IP addressing scheme focuses on global unicast
addresses that support mobility. IPv6 addresses are 128 bits in length with a 48 bit global routing prefix,
a 16 bit subnet id, and 64 bit interface ID of the individual host. The addresses are written as a
sequence of (8) 4 digit hexadecimal numbers (0-F) separated by colons and may use subnet masking like
IPv4 for route aggregation. The global routing prefix is hierarchical. The first three bits are a fixed prefix
assigned by IANA identifying a global aggregatable address; the next 20 bits are a registry identifier
assigned by IANA; the next 12 bits are an ISP identifier assigned by the associated registry, such as
ARIN; and the last 16 bits are assigned by the ISP to individual customers. The 16 subnet bits can then
be arranged by DCH, and it is proposed that the first 8 bits be used for building or site aggregation, and
the second eight bits be used for service segregation. Per ARIN, the following IPv6 address assignments
/56 for small sites only expected to need a few subnets over the next 5 years
The /48 is allocated by the ISP to the entire DCH organization. /56 addresses are then allocated
by DCH administrators per campus and /64 would then be assigned at the VLAN level for a single subnet.
An example of this address scheme for moderate size campuses with branches is currently being utilized
by Pittsburg State University ("IPv6Freelys", 2009). Figure 2 shows the IPv6 address composition and
Figure 3 details the DCH address scheme. Local addresses can be used for applications such as IP
3 23 32 48 56 64 128
The proposed scheme would permit 256 (28) buildings or sites throughout the enterprise
representing the distribution layer, and 256 service segregations per building or site representing the
access layer. Each service segregation is able to support 264 devices. . Table 15 lists a possible
addressing hierarchy utilizing a sample site address for presentation. The use of octets simplifies the
written form of the addressing scheme itself as written as each level has two corresponding hexadecimal
characters.
6. IP Telephony Design
DCH currently supports a main, multiple building campus in Corpus Christi and remote
subspecialty clinics in Harlingen and McAllen. Growth projections anticipate expansion within the
Harlingen and McAllen clinics as well as new subspeciality clinics in Laredo, Victoria, and Browning in the
near future with other areas under consideration (DCH, 2011). Due to projected growth, any IP telephony
design must support scalability, and as a medical grade network reliability is required. As the network
DCH has requested a unified voice, video, and data network to decrease cost, reduce the
complexity of managing two separate networks, support scalability, and to enhance current services.
Currently, DCH supports two separate networks for voice and data. Telephone endpoint requirements
have been identified as 1:1 for physicians, 1:2 for nursing staff, and 1:5 for other staff. This results in the
Two options are available to support integrated voice service: Voice over IP (VoIP) or IP
telephony. Vo IP operates using existing TDM analog handsets and PBX system, but connects to the
Public Switched Telephone Network (PSTN) and IP network using a voice capable router. Some
organizations choose this option for low entry price, but it does not provide the additional services or
IP telephony requires an investment in IP endpoints, where the endpoint, or phone, itself converts
the analog voice signal to a digital signal, as well as additional servers in the server farm to support the
call and dialing manager, Cisco Unified Communications Manager (CUCM), and servers for selected
services. Services include Unity integrated e-mail and voice mail, Cisco Meetingpoint web conferencing
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 38
and video conferencing to support telemedicine, and Cisco IP Interactive Voice Response (IVR) that
The IP endpoint (telephone) is then directly connected to the IP network at the access layer. As
DCH has chosen to use a sole provider Cisco solution, Cisco IP phones of various models including
7961G-GE, 8961, 9951 & 9971 will be needed to replace existing analog phones depending on the
functionality required. In a medical setting, phone requirements vary depending on whether it is a patient
room, a treatment room, a central nurse’s station, administrator, receptionist, and so forth. PC enabled
softphones may also be utilized to support mobility. Call control functions will be provided by Skinny
Client Control Protocol (SSCP), a Cisco proprietary protocol that the CUCM uses to communication with
IP phones (Teare, 2008). The UCM will manage the IP phones, authenticate the device, register the
phone, push the configuration to the phone, and configure the IP address and VLAN. Local addressing is
recommended on the IP phones for security (Higgins, Mah, Anderson, Mehta, Parmenter, Zaldivar, Bell,
Nejad, Nowell, Laundry, Brown, & Jones, 2011). Voice traffic will be separated from data traffic by using
a separate VLAN for voice. Quality of Service (QoS) trust boundaries will be established at the access
layer for IP phones, with priority and policy marking occurring at that time. PC softphone applications
should utilize a trusted relay to a gateway, and then receive QoS marking and trust boundaries at the
gateway.
consume a lower bandwidth. Uncompressed voice traffic requires 64kbps of bandwidth for each
conversation. A variety of codec algorithms are available that reduce bandwidth consumption, but care
must be used as the quality of voice is inversely proportional to the compression level. Cisco
recommends G.711 codec, which utilizes 64kps and provides an MOS voice quality score of 4.01, be
used for LAN applications because of the high bandwidth available and the processing overhead required
to implement the codec algorithm (Teare, 2008). G.729, which utilizes 8kbps per call and provides an
MOS of 3.92, is recommended for WAN voice traffic due to the reduced bandwidth available (Teare,
2008).
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 39
Integrated voice and video networks require more bandwidth than data networks and have QoS
considerations. Voice and real time video also have timing requirements not present in most data
applications. The amount of bandwidth required for voice and video depend on the peak loads
anticipated for those services. Peak loads are determined by identifying the one hour during a 24 hour
cycle with the highest concurrent voice and/or video usage. The network should then be designed to
support that peak load. For the main campus, the maximum possible load could be 425 enduring
simultaneous calls, which is unlikely. Teare (2008, p. 550) postulates that the peak load is approximately
17% of maximum. The peak load for the MPLS network would be the total of the peak rate for all remote
locations. Table 17 below presents an estimate of the peak load for each campus.
Location Maximum Peak Peak load estimate G.729 @ 26kbps G.729 w/ cRPT
# Phones load Max * peak per call @11kpbs per call
rate
Corpus Christi 425 17% 72.25 N/A
Harlingen 103 17% 17.51 455.26 kbps 192.61 kbps
McAllen 145 17% 24.65 640.90 kbps 271.15 kbps
MPLS 248 17% 42.12 1.069 Mbps 463.32 kbps
These peak load requirements influence the type of cabling selected in a network, the types of
switches and routers that are used, and QoS settings within the network. Cat 6A cabling selected for the
access layer supports 1Gb Ethernet LAN as well as eventual migration to 10Gb Ethernet LAN which
supplies sufficient bandwidth for all applications. MMF fiber at the distribution and core layers provides
40Gb Ethernet with eventual migration to 100Gb Ethernet, maintaining bandwidth requirements for
current and future growth. Even at 425 simultaneous calls at 64Kbps, only 26.56 Mbps would be used,
with 4.5 Mbps the anticipated peak for Corpus Christi for a LAN voice load. Video, though, requires more
videoconferences at 5Mbps would consume 361.25 Mbps. The combined anticipated peak video and
voice load at 365.75 Mbps remains under 50% of capacity, providing ample bandwidth for data and
network applications.
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 40
WAN connections to the remote clinics are supported by 50 Mbps (T3 equivalent) links, with 1Gb
Ethernet at the access layer at the clinics. Additional T3 links may be bundled if future expansion
requires increased bandwidth. G.729 codec compresses bandwidth requirements 40% to 26 kbps, or
further to 11kbps if cRTP is used to compress the header. However, cRTP requires more processing
overhead. Anticipated maximum peak load is 42.12 conversations over the MPLS WAN from both clinics.
At 26 Mbps, the peak load would require 1.07Mbps; at 11Mbps 463.32Kbps would be required. G.729
Compressed video requires 2.03125 Mbps (40% compression). The WAN link will only support 14
simultaneous video conferences from both remote sites if 60% of the bandwidth is allocated for priority
voice and video, with 40% allocated for all other traffic such as electronic medical records and digital
imaging. As each remote clinic has 12 exam rooms, the anticipated peak load rate is 4 video
Switches and routers used in an integrated network must support integrated services (voice,
video) as well as provide Power over Ethernet (PoE) for devices like IP phones and wireless access
points. Catalyst switches selected for the DCH implementation support integrated services and PoE.
Edge and brand routers have been selected as Integrated Services Routers (ISR G2) to support voice
and video requirements. Catalyst switches have AutoQoS functions that automatically assign priority
A PSTN connection will be required from the main Corpus Christi campus for outgoing calls.
Integrated services routers (ISR) will connect voice traffic across the MPLS WAN between campuses to
eliminate toll chargers for calls between campuses. Each branch will utilize Communication Manager
Express (CME) to handle local call routing and to provide Survivable Remote Site Telephony (SSRT)
backup services if the main UCM is unreachable. A tertiary backup option is a connection to the PTSN
from each remote branch if the WAN fails. While WAN failure is unlikely with the current design, it still
should be considered in a medical environment with requirements for extremely high availability. The
main campus will also have SSRT support through its edge ISR.
DCH currently supports a main, multiple building campus in Corpus Christi and remote
subspecialty clinics in Harlingen and McAllen. Growth projections anticipate expansion within the
Harlingen and McAllen clinics as well as new subspeciality clinics in Laredo, Victoria, and Browning in the
near future with other areas under consideration (DCH, 2011). Due to projected growth, any UWN design
must support scalability, and as a medical grade network, reliability and security are essential. As the
In a medical grade network (MGN), many devices utilize wireless network services including
biomedical devices such as monitors and infusion pumps, carts on wheels (CoW), tablet PCs, PDAs,
laptops, and RFID tags. Wireless LANs (WLAN), just like wired LANs, require user authentication,
authorization, auditing and protection from threats such as viruses and other malicious code. WLANs,
however, communicate over easily interceptable radio frequency (RF) waves so information must be
encrypted to prevent interception and to protect integrity. Biomedical devices which may not support
typical WPA2 or EAP security protocols must also be considered and appropriate security protections
taken to protect both the confidentiality of patient information and to prevent tampering to sensitive
medical equipment.
Cisco recommends the use of the Security Control Framework (SCF) as part of the design
process for medical grade networks (MGN). MGN Security Architecture is based upon SCF, and
comprised of five key security domains (“Cisco Medical Grade Network 2.0 – Security Architecture”,
(2010)): Endpoint Security, Network Security, Content Security, Application Security, and System
Management. Of these five domains, three are of most concern in designing a UWN: Endpoint, Network,
and System Management. Products, protocols, and other solutions will be discussed in context of the
applicable domain.
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 42
WiSM
WiSM
IP
MPLS
ACS WCS
VPN
(IP) IP
NAC
Profiler IP
NAC VSS 1440
Server Farm ISR G2
Server Farm (Voice
WiSM Enabled)
McAllen
LWAPP
LWAPP ISR G2
(Voice LWAPP
Enabled) LWAPP
Infusion Harlingen
Corpus Christi
Pump
Main Campus LWAPP
PDA
Monitor
Network endpoints are considered one of the most vulnerable parts of any network. It is
important that security policies are enforced for users and devices, including physical security. Physical
security considerations and manageability of large enterprise networks prompt the choice of light wireless
access points (LWAP) over autonomous access points. LWAP at the access layer are configured by
wireless LAN controllers (WLC) at the distribution layer, which are in turn managed by a central Wireless
Control Server (WCS) within the Server Farm. This permits standardized security policies, intrusion
protection, RF management, and QoS settings. LWAPs also prevent physical tampering with the access
points.
WLC can either be separate appliances or modules on Catalyst switches or integrated services
routers (ISR). LWAPs communication with WLCs using the LWAPP protocol across the wired network.
The WLC then utilizes WPA2, EAP, and CCMP security protocols with RADIUS (ACS) authentication;
WEP is no longer considered HIPAA compliant (“Cisco MGN 2.0 Security”, 2010). Once the WLC has
authenticated a user through the Access Control Server (ACS) which includes RADIUS support, that user
is entered into a database on the WLC and a key can be cached on the endpoint device to support
mobility.
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 43
Access points and WLC utilize 32 character Secure Session Identifiers (SSID) to segment
wireless traffic. Each device can support up to 16 SSIDs. The WLC can map EAP/WPA2 devices to the
appropriate VLAN by SSID for policy and QoS settings, including voice traffic, non-legacy medical
devices, legacy medical devices, critical electronic health record (EHR) data, or guest access. VLANs
can also be separated by broadcast channels, such as separating biomedical devices to the 802.11a
band; Common clinical data access to the 802.11n band; Critical Clinical data access (CoW/CPOE,
VLANs can then be used to isolate wireless biomedical devices by type into security zones with
their respective servers or controllers on the wired network. Security zones can also be used to
exchange information with other systems, such as physician orders (CPoE) via the EHR that are then
communicated to a biomedical device server. Security zones could include IT Administration, Voice
communications, Clinical Users, Smart Pumps, Ventilators, EKG Monitoring, PACS/Radiology, Lab, and
Guest.
7.1.1.Guest Access
separate VLAN on an isolated WLC within the DMZ. Appropriate bandwidth limitations and other QoS
measures can be applied to guest access to limit resource usage below critical applications, prohibit
access to secure data, and prohibit unwanted access to other private areas of the enterprise network. A
A MGN presents a challenge with the use of biomedical devices that may not be WPA2 or 802.1x
security protocol compatible; WEP is not considered sufficient for a MGN and WPA2 with a key length of
192 bits or larger is recommended (“Cisco MGN 2.0 Security Architecture”, 2010). Profiles can be
created using Network Access Controller (NAC) and NAC Profiler for a medical device based on a MAC
address, DHCP Vendor ID, or other specific attributes of the device. The profile can then be used to
assign the device to an appropriate VLAN for security policy and QoS settings. Alternatively, if the legacy
device server cannot support appropriate encryption protocols but is web enabled, a SSL VPN supported
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 44
by Cisco ACE may be used. If the application is not web enabled, Virtual Desktop Infrastructure (VDI) is
a possible option.
Mobility services allow the definition of mobility groups across WLCs, so that security policies
seamlessly follow a device as it roams throughout the campus. This permits the device to move across
access points or WLCs within the mobility group without the need to reauthenticate to the RADIUS server
WLCs are best administered in deterministic controller redundancy, where the administrator
configures redundancy selection manually. While this method requires more planning and administration
time up front, it provides predictability and easier long term management, stability, additional flexibility
over dynamic load balancing, and faster fallback options (Teare, 2008). N+1 fallback assignment is
recommended for the DCH controller redundancy plan by allocating one additional WLC as a fallback for
Additional access points that are not intended to serve clients can be utilized at selected locations
as network monitors, rogue detectors, or sniffers feeding information back to the WCS in order to
diagnose and protect the wireless network. Placement of this non-client access points should be made at
The Cisco Wireless Control Server (WCS) is located in the Server Farm module and acts as a
central management point for all WLCs. Cisco Secure Access Control System (ACS) is also located in
the Server Farm module and provides centralized identity and access control, including RADIUS, for both
wired and wireless network access and device administration. LDAP support is also available. The ACS
authenticates and authorizes wireless users and hosts and enforces wireless specific policies. The ACS
also supports dynamic provisioning of VLANs and ACLs on a per user basis and 802.1x with port based
security.
Environmental considerations, wireless endpoint density, and user application requirements must
be taken into account in the decision for access point quantity and placement. Environmental factors
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 45
such as dense construction materials found in elevators and stairwells, reflection and refraction from
metallic and glass materials, dense areas such as filing or storage areas, and interference from other RF
producing equipment such as microwaves and radiology equipment must be considered. Some areas
may require use of semi-directional antennas rather than unidirectional antennas to compensate for
environmental factors. Site surveys gather environmental data and recommend AP placement
accordingly.
Non-client serving APs can be placed in vulnerable areas to scan for rogue APs, monitor traffic,
and report back to the WLC. Additionally, non-client serving APs are also readily available as fallbacks in
For user application requirements such as voice service over WLAN (VoWLAN) Cisco
recommends one access point (AP) per 7-8 VoWLAN devices; otherwise the recommendation is 20 data
devices per AP (Higgins, Mah, Anderson, 2010). Access Point coverage overlap is recommended at 15-
20% for VoWLAN, teleconferencing, and critical application support (Higgins, Mah, & Anderson, 2010).
Site survey recommendations for AP and WLC use are listed in Table 1 below.
network diagram includes components such as wireless services modules (WiSM) modules for Catalyst
VSS servers in the distribution layer, WiSM modules for ISR G2 routers at the branches, and ACS, WCS,
NAC, and NAC Profiler in the Server Farm. The annotated diagram includes addressing, equipment, and
SONA modularization to present a coherent network infrastructure. Table 18 below presents counts of
light wireless access points (LWAP) per building and associated wireless LAN controller placement and
counts.
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 47
Cisco Security Control Framework (SCF) supports the Cisco Medical Grade Network (MGN)
Security Architecture which addresses the primary concerns shared by DCH. SCF is comprised of five
key security domains (“Cisco Medical Grade Network 2.0 – Security Architecture”, (2010): Endpoint
Security, Network Security, Content Security, Application Security, and System Management. While it is
important to ensure the security of the DCH network infrastructure, the foundation on which the
information and telecommunications services at DCH depend, effective security is a layered approach
Patient privacy concerns must be coordinated with the Chief Privacy Officer and physical security
considerations must be coordinated with the Chief Security Officer to take into account concerns about
drug seekers, gang violence, internal theft or malfeasance, patient abduction, and prisoner control that
may intersect with information security. The first step in this coordination is explicit, non-ambiguous
policies detailing the goals, ethical foundation, boundaries, and disciplinary penalties related to
information security at DCH. Any policy intended for use by patients or visitors must be available in both
English and Spanish versions due to the population DCH serves. English versions are presented for
reference. The DCH Information Security Management Policy is presented in Appendix A, the Network
Access Control Policy is presented in Appendix B, the Acceptable Use of Network Policy is presented in
Appendix C, and the Information Security Incident Response Policy is presented in Appendix D.
At times the vocabulary of information security can be confusing. Network endpoints are subject
to security policies in the form of written documentation describing the goals and boundaries of expected
behavior, but also to logical security policies that are programmed into network devices to enforce
documented policies. Logical security policies include assignments to VLANs, access limitations, and
quality of service (QoS) metrics such as processing priority and bandwidth assignment. In this section,
Network endpoints including workstations, servers, laptops, PDAs, smartphones, and biomedical
devices are considered one of the most vulnerable parts of any network. It is important that security
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 48
policies and access control are enforced for users and devices, including physical security. Physical
security considerations and manageability of large enterprise networks prompt the choice of light wireless
access points (LWAP) over autonomous access points. LWAP at the access layer are configured by
wireless LAN controllers (WLC) at the distribution layer, which are in turn managed by a central Wireless
Control Server (WCS) within the Server Farm. This permits standardized security policies, intrusion
protection, RF management, and QoS settings. LWAPs also prevent physical tampering with the access
points.
WLC can either be separate appliances or modules on Catalyst switches or integrated services
routers (ISR). LWAPs communicate with WLCs using the LWAPP protocol across the wired network.
The WLC then utilizes WPA2, EAP, and CCMP security protocols with RADIUS (ACS) authentication;
WEP is no longer considered HIPAA compliant (“Cisco MGN 2.0 Security”, 2010). Once the WLC has
authenticated a user through the Access Control Server (ACS) which includes RADIUS support, that user
is entered into a database on the WLC and a key can be cached on the endpoint device to support
mobility.
Access points and WLC utilize 32 character Secure Session Identifiers (SSID) to segment
wireless traffic. Each device can support up to 16 SSIDs. The WLC can map EAP/WPA2 devices to the
appropriate VLAN by SSID for policy and QoS settings, including voice traffic, non-legacy medical
devices, legacy medical devices, critical electronic health record (EHR) data, or guest access. VLANs
can also be separated by broadcast channels, such as separating biomedical devices to the 802.11a
band; Common clinical data access to the 802.11n band; Critical Clinical data access (CoW/CPOE,
VLANs can then be used to isolate wireless biomedical devices by type into security zones with
their respective servers or controllers on the wired network. Security zones can also be used to
exchange information with other systems, such as physician orders (CPoE) via the EHR that are then
communicated to a biomedical device server. Security zones could include IT Administration, Voice
communications, Clinical Users, Smart Pumps, Ventilators, EKG Monitoring, PACS/Radiology, Lab, and
Guest.
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 49
For the wired network, VLAN assignments can be configured at the switch port level. Catalyst
switches can differentiate between workstations and VoIP phones, so a workstation and VoIP phone can
share a cable drop, but be segregated into different VLAN channels by the ACS. End users when they
authenticate for network access are also further segregated by authorization. Unknown devices, for
which the ACS does not recognized the IP or MAC address are automatically quarantined to the DMZ, at
which time the acceptable use policy is displayed and guest authentication requested.
All DCH workstations, both wired and mobile laptops, are offered further protection by use of the
Cisco Security Agent software which provides anti-X protections (including spyware, malware, adware,
and virus), host intrusion protection (HIPS), supports IPSec or SSL VPN access, and ties in to the Access
Control System (ACS). All endpoints and users, including patients, staff, and guests, should be
8.1.1.Guest Access
separate VLAN on an isolated WLC within the DMZ, a quarantined section of the network with limited
access. Guests are then authenticated and appropriately authorized through the ACS. Appropriate
bandwidth limitations and other QoS measures can be applied to guest access to limit resource usage
below critical applications, prohibit access to secure data, and prohibit unwanted access to other private
SSIDs should not be broadcast from the LWAPs. Legitimate guest access credentials can be
provided by reception and posted in guest accessible areas on media access posters such as in patient
rooms or waiting areas. This may also facilitate multiple levels of guest access, such as for vendors who
Network Access Control (NAC) appliance can also provide additional security policy options and
functionality beyond simple guest access. NAC can define very granular guest user policy groups with
different user portals per group and endpoint security policies. This allows groups to be identified for
visiting physicians or others users that are not segregated to the DMZ, but rather allowed limited access
to the clinical network (“Cisco MGN 2.0 Security Architecture”, 2010). Limitations can also be made for
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 50
patient access, to ensure appropriate filters are applied to comply with the Children’s Online Privacy
Protection Act.
require extremely high availability (99.9%). Equipment redundancy and failover capabilities, routing
redundancies, and alternate connection paths help ensure high availability. Physical security of network
infrastructure also helps to ensure high availability by diminishing the risk of damage or tampering with
the network equipment on which all other equipment and communications depend.
Physical security considerations include limiting access and monitoring access to the facility
through patient ID bracelets which function as patient locators, staff ID access cards, security guards,
locked doors, screening visitors to sensitive areas, and CCTV monitoring. Further physical security of
network infrastructure includes securing network components by storing them in locked cabinets, wiring
closets, or data centers wherever possible. Hardening of all network infrastructure devices helps support
physical security as well as infrastructure and information asset security by providing a trusted network
platform. All shared and default administrative accounts and unused operating system or network
operating systems services should be removed from infrastructure equipment such as switches and
routers and insecure services such as FTP or Telnet should be disabled in favor of SSH or SCOPY
(Teare, 2008).. Unused ports on switches should be disabled to prevent unauthorized access. Access
should be controlled through use of a centralized Cisco Access Control Server (ACS) with roles based
access that provides authentication, authorization, and accountability. ACS provides both security and
audit trails for to prevent unauthorized access if physical either physical or logical protections are
Filtering is applied to both content and network traffic flow. Filtering should be applied to deter
access to inappropriate adult content, block inappropriate websites that are not consistent with DCH
documented policies or business, and to prevent network incursions or attacks. Network traffic is filtered
at the firewall, through DHCP snooping and ARP/DAI to prevent forged IP address usage and to verify
usability of a return access, Access Control Lists (ACL) on switches and routers to limit access to
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 51
sensitive network areas to authorized systems, and through rate limiting to avoid denial of service (DOS)
Network security is also provided through various cryptographic, or encryption, methods. Public
Key Infrastructure (PKI) supports single-sign on authentication and access control through the ACS,
IPSec protects the confidentiality of network communications between devices and hosts, and Digital
Signatures help to verify integrity, identity, and accountability. LWAPP, WPA2 and 802.1x security
For biomedical devices unable to support WPA2 or 802.1x, Network Access Controller (NAC) and
NAC Profiler can be used to create profiles for medical devices based on a MAC address, DHCP Vendor
ID, or other specific attributes of the device. The profile can then be used to assign the device to an
appropriate VLAN for security policy and QoS settings. Alternatively, if the legacy device server cannot
support appropriate encryption protocols but is web enabled, a SSL VPN supported by Cisco ACE may
be used.
Mobility services allow the definition of mobility groups across WLCs, so that security policies
seamlessly follow a device as it roams throughout the campus. This permits the device to move across
access points or WLCs within the mobility group without the need to reauthenticate to the RADIUS server
Network operations, wired, wireless, and infrastructure, should be subject to real-time monitoring,
Applications and appliances including syslog, NetFlow, Kismet, Snort, the SNMPv3 protocol, CSM, and
CS-MARS are utilized to monitor, analyze, and report on network status. Network appliances and
applications including Cisco Security Agent on endpoints and Firewall Services Modules (FWSM), IPS,
and NAM on Catalyst switches or ISR routers also provide information on network operations that can be
analyzed.
Additional access points that are not intended to serve clients can be utilized at selected locations
as network monitors, rogue detectors, or sniffers feeding information back to the WCS in order to
diagnose and protect the wireless network. Placement of this non-client access points should be made at
Content security is provided through appliances and applications such as Cisco Unity, which
integrates security with e-mail and voice mail services, web security appliance (WSA), and intrusion
protection (IPS). Application security is provided through the Cisco Application Control Engine (ACE)
Documented policy decisions to set goals, priorities, metrics, roles, and responsibilities including
infrastructure equipment, and managed through the ACS and CSM systems. Logical policy
implementations include segmentation of the network into logical trust domains and quality of service
The Cisco Wireless Control Server (WCS) is located in the Server Farm module and acts as a
central management point for all WLCs. Cisco Secure Access Control System (ACS) is also located in
the Server Farm module and provides centralized identity and access control, including RADIUS, for both
wired and wireless network access and device administration. The ACS authenticates and authorizes
wireless users and hosts and enforces wireless specific policies. The ACS also supports dynamic
provisioning of VLANs and ACLs on a per user basis and 802.1x with port based security.
Other security devices and applications located in the server farm include the Cisco Unified
Communications Manager (UCM) that interacts with Communication Manager Express modules at the
branches to provide telecommunications security and Survivable Remote Site Telephony (SSRT) is
provided on the edge and branch routers. Call control functions will be provided by Skinny Client Control
Protocol (SSCP), a Cisco proprietary protocol that the CUCM uses to communication with IP phones
(Teare, 2008). The UCM will manage the IP phones, authenticate the device, register the phone, push
the configuration to the phone, and configure the IP address and VLAN.
Throughout the various networks and applications, effective change controls are necessary to
maintain a secure and manageable network. The use of centralized administration tools like CSM, WCS,
9. Summary
The proposed coherent, layered, and integrated network solution presented in this document
based on the Cisco Medical Grade Network architecture meets the DCH requirements for high availability,
manageability, scalability, and security. The Cisco sole provider solution utilizing Cisco IOS, VSS core
and distribution switches, light wireless access points and wireless LAN controllers, integrated services
routers, IP telephony with Cisco Unified Communications Manager, IPv6 addressing, MPLS VPN
communications with remote branches, VPDN support for remote access and teleworkers, and integrated
security components will support secure, ubiquitous access for DCH staff, patients, and visitors to
Operating costs will be reduced through the use of a single, integrated network. By utilizing a
modular, redundant, and highly flexible architecture with appropriate security appliances, and network
administration tools and software, the integrated network can be managed by current personnel. Through
the use of nMMf fiber and CAT 6A UTP, the network will remain highly scalable and be positioned for
transition to 10GbE at the desktop and 40/100G at the core for LAN services as those technologies
become more cost effective. The proposed plan supports not just the current needs for DCH, but is also
positioned to support growth and evolutionary requirements over the next 10 years.
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 54
References
http://shop2.sprint.com/en/stores/popups/4G_coverage_popup.shtml
https://www.arin.net/policy/nrpm.html#six54
http://www.zytrax.com/tech/layer_1/cables/tech_lan.htm#10g
Brown, K. (2011). LightCounting Forecasts over 300% CAGR for 10GBASE-T Port Shipments from 2009
Cat6, Enhanced Cat6(Cat6e) and Augmented Cat6(Cat6A) Bulk Cable. (nd). Broadband Utopia.
Cisco Enhanced EtherSwitch Service Modules for Cisco 2900 and 3900 Series Routers. (nd). Cisco
http://www.cisco.com/en/US/prod/collateral/routers/ps10536/data_sheet_c78-
553980_ps10537_Products_Data_Sheet.html
Cisco Integrated Services Routers Generation 2. (2011, April). Cisco Systems Inc. Retrieved from
http://www.cisco.com/en/US/prod/collateral/modules/ps10598/ordering_guide_c07_557736_ps10536
_Products_Data_Sheet.html
Cisco Integrated Services Routers Generation 2 At a Glance. (2010). Cisco Systems Inc. Retrieved from
http://www.cisco.com/en/US/prod/collateral/routers/ps10538/aag_c45_556315.pdf
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/vss.html?
referring_site=bodynav#wp1053927
Cisco Aironet 1140 Series Access Point. (nd). Cisco Systems. Retrieved from
http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps10092/datasheet_c78-502793.html
Cisco Aironet 3500 Series Access Point. (nd). Cisco Systems. Retrieved from
http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps10981/data_sheet_c78-594630.html
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 55
Cisco Catalyst 4500 Series Switches. (nd). Cisco Systems. Retrieved from
http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html
Cisco Catalyst 6500 Series: Optimized for Wiring Closet Deployments. (2008). Cisco Systems. Retrieved
from http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/aag_C45-422048_v1.pdf
Cisco Catalyst 6500 Virtual Switching System 1440: Cisco Catalyst 6500 Virtual Switching System
Deployment Best Practices. (2011, January 31). Cisco Systems. Retrieved from
http://www.cisco.com/en/US/products/ps9336/products_tech_note09186a0080a7c837.shtml
Cisco Collaborative Care – Language Interpretation Services Design and Implementation Guide OL-
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns165/c649/ccmigration_09186a00808863d0
http://www.cisco.com/en/US/technologies/tk583/tk372/technologies_white_paper0900aecd801dc5b2
_ps6660_Products_White_Paper.html
Cisco Medical Grade Network 2.0 – Security Architecture. (2010). Retrieved from
http://www.cisco.com/en/US/docs/solutions/Verticals/Healthcare/MGN_2.0.pdf
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps5664/ps5669/data_sheet_c78-
602803.html
COMP-Sec 4.1.1: Incident Response Procedure (2006). Tenet Healthcare Corporation. Retrieved from
http://www.tenethealth.com/About/Documents/Ethics%20and%20Compliance%20Policies/Patient%2
0Rights/COMP-Sec%204.1.1%20Incident%20Response%20Procedure.pdf
Congdon, H. V. (nd). Optical Fiber Networks: Industry Trends, Application Influences and New Options for
http://www.fols.org/fols_library/presentations/documents/OpticalFiberNetworks.pdf
http://www.driscollchildrens.org/about_us/index.php?action=displaysection§ion=dch_overview&s
ectionid=133
software/medical-version.html
Driscoll Children’s Specialty Center – Harlingen. (2011). Driscoll Children’s Hospital. Retrieved from
http://www.driscollchildrens.org/about_us/index.php?action=displaysection§ion=driscoll_children
_s_specialty_center_-_harlingen§ionid=155
Driscoll Children’s Specialty Center – McAllen. (2011). Driscoll Children’s Hospital. Retrieved from
http://www.driscollchildrens.org/about_us/index.php?action=displaysection§ion=
driscoll_children_s_medical_plaza_-_mcallen§ionid=150
http://www.pspaec.com/popups/Driscoll%20Childrens%20Specialty%20Clinics.html
Features of Features of InterMapper Network Monitoring, Mapping and Alerting Software (2011).
FlexWAN Module for the Catalyst 6500 and Cisco 7600 Series. (nd). Cisco Systems, Inc. Retrieved from
http://www.cisco.com/en/US/prod/collateral/routers/ps368/product_data_sheet09186a00800923bf.ht
ml
Godinez, V. (2010, May 28). 4G and 3G bandwidth test results on EVO 4G in downtown Dallas. The
bandwidth-test-resul.html
Higgins, S., Mah, C., & Anderson, T. (2010, May 27). Cisco Medical-Grade Network (MGN) 2.0—Wireless
http://www.cisco.com/en/US/docs/solutions/Verticals/Healthcare/MGN_wireless_adg.html
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 57
Higgins, S., Mah, C., Anderson, T., Mehta, T., Parmenter, S., Zaldivar, N., Bell, J., Nejad, H., Nowell, C.,
Laundry, B., Brown, D. & Jones, P. (2011, March 31). Cisco Medical Grade Network (MGN) 2.0 –
http://www.cisco.com/en/US/docs/solutions/Verticals/Healthcare/MGN_Campus.pdf
http://www.mckesson.com/en_us/McKesson.com/For%2BHealthcare%2BProviders/Hospitals/Imagin
g%2Band%2BPACS/Horizon%2BMedical%2BImaging/Horizon%2BMedical%2BImaging.html
ipv6/
IEEE Launches 40 Gb/s Ethernet optical interface standard. (2011, April 12). Retrieved from
http://www.net-security.org/secworld.php?id=10878
Information Security and Privacy Policy. (2007). Central DuPage Hospital. Retrieved from
http://www.cdh.org/Information-Security-Privacy-Policy.aspx
IPv6Freelys IPv6 Addressing Scheme. (2009, March 9). Pittsburg State Universities. Retrieved from
http://inetpro.org/wiki/IPv6Freelys_IPv6_Addressing_Scheme
Jiang. S. & Shen, S. (2011, June 16) Secure DHCPv6 Using CGAs. IETF Trust. Retrieved from
http://tools.ietf.org/html/draft-ietf-dhc-secure-dhcpv6-03
Kish, P. (2010, February). Next generation Fiber arrives. CNS Magazine. Retrieved from
http://www.belden.com/pdfs/techpprs/cnsstandardsjanfeb2010.pdf
http://www.drischollchildrens.org/about_us/index.php?action=displaysection§ion=locations,_map
_and_directions&dsectionid=134
Medical Grade Network: Providing Foundational Architectures for Healthcare (nd). Cisco. Retrieved from
http://www.cisco.com/web/strategy/docs/healthcare/09CS2124-MGN.pdf
Medianet Branch Cisco ISR G2 QoS Design At-a-Glance. (2011). Cisco Systems Inc. Retrieved from
http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qosbranchisraag.html
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 58
Medianet Campus Cisco Catalyst 6500 QoS Design At-a-Glance. (2011). Retrieved from
http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampuscat6500aag.html
Migration to 40/100G in the Data Center with OM3 and OM4 Connectivity. (2010, Dec.). Corning Cable
MPLS: Is it the future of communications for business? (2007). ShopForBandwidth. Retrieved from
http://www.shopforbandwidth.com/mpls-the-future-of-communication.php
Nadel, B. (2010, December 15). 3G vs 4G: Real-world speed tests. ComputerWorld. Retrieved from
http://www.computerworld.com/s/article/9201098/3G_vs._4G_Real_world_speed_tests?taxonomyId=
79&pageNumber=2
Network Allows Physicians to Reach Isolated Populations: Ontario Telemedicine Network provides expert
care for patients in remote locales. (2009, November 23). Cisco Systems. Retrieved from
http://www.cisco.com/warp/public/146/news_cisco/mobile/dlls/global/canada/news/2009/pr_11-
24.html
http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/vrn.html
Personal Health Records and Portals. (2011). EPIC Systems Corporation. Retrieved from
http://www.epic.com/software-phr.php
Picture archiving and communications system (PACS) in Wikipedia. (2011, July 17). Retrieved July 22,
Prysmian Cables & Systems. (nd). Fiber Optic Cable Service Life. Retrieved from
http://www.gatelsupply.com/index.cfm/feature/226/fiber-cable-service-life----prysmian-cable.cfm
Smith, W. (2011, August). TelecoSultions. Private electronic correspondence, August 8-12, 2011.
Splunk Enterprise Security Suite v1.1.2. (2011). Splunk, Inc. Retrieved from
http://www.splunkbase.com/apps/All/4.x/Suite/app:Splunk+Enterprise+Security+Suite
http://www.ecmag.com/?fa=article&articleID=5854
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 59
http://www.cisco.com/en/US/products/hw/switches/index.html
Teare, D. (2004). Campus Design Methodology in CCDA Self-Study: Designing for Cisco Internetwork
http://www.ciscopress.com/articles/article.asp?p=102304
Teare, D. (2008). Authorized self study guide: Designing for Cisco Internetwork Solutions (DESGN). (2nd
Ed.). Cisco Systems, Inc. Cisco Press. Indianapolis, IN. ISBN: 9781580752729.
Typical MPLS Carrier Solutions. (2010). A2000 Network Solutions, Inc. Retrieved from
http://failoverswitch.com/mlps.htm
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/8x/endpnts.html
hospitals/driscoll-children%27s-hospital-6740737/details
Vaughan-Nichols, S. J. (2011, April 14). It’s Official: Asia just ran out of IPv4 addresses. ZDNET.
addresses/948
Whitman, M. E., & Mattord, H. J. (2010). Management of information security (3rd ed.). Boston: Cengage
http://www.grh.org/patwireless.html
Yang, F. (2011, February 24th). CommScope Speaks On 40/100GbE And Data Center Network At
40100gbe-and-data-center-network-at-ethernet-technology-summit/
Kathleen Jungck u10a1: Network Security Design TS5325
September 16, 2011 Driscoll Children’s Hospital 60
1
(“Information Security”, 2007)
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 61
Media storage that is no longer required for use and that has been used to record sensitive or protected
health information must be destroyed according to the DCH Media Disposal policy using approved
destruction methods. Under no circumstances are media, whether paper, electronic, or other, that may
have possibly contained PHI to be disposed of in an insecure method. Failure to follow proper
procedures may result in disciplinary actions up to and including termination.
In general, e-mail communications between a provider or physician and their patients or patient parent or
guardian is permitted if it is mutually agreed upon with the patient affected pursuant to the DCH Electronic
Communications Policy. Pursuant to the Children’s Online Privacy Protection Act, patients under 13
years of age must have the consent of a parent or guardian to receive directed e-mail communications. It
is the responsibility of the individual to use professional judgment in assuring that such transmissions are
authorized, and that communications are directed to the appropriate family member for younger patients.
Physicians may also receive e-mail distribution of patient-related reports containing PHI only after
authorization by the Medical Staff Office and validation of active e-mail accounts.
DCH has put in place policies regarding access to medical records by staff and employees and has
carefully outlined the circumstances under which a patient's PHI may be released to parties outside the
hospital or physician practice in the DCH Privacy Practices policy. Please refer to the Privacy Practices
Policy in situations where there is need to disclose or request PHI from another organization.
III. CONTACT INFORMATION
Spanish language versions of this policy as well as the DCH Privacy Practices policy are available upon
request. If you have questions regarding this policy or require additional information regarding
Information Security or Privacy at DCH, please contact the individuals as follows:
Kellie Barnett, Chief Privacy and Compliance Officer, (361)694-4035; or
Rebecca Brown, Chief Information Officer, (361)694-4319
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 62
2
(“Information Security”, 2007)
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 63
3
(“Wireless Internet”, 2011)
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 64
4
(“COMP-Sec 4.1.1”, 2006)
DCH Network Design u10a1: Network Design TS5325
September 16, 2011 65
Voice
Trunk PSTN
Edge
SSRT
Voice
Cisco Unified Cisco Cisco Trunk SSRT
Communications Unity IP Cisco
IP
Manager IVR Meetingplace MPLS
VSS 1440 w/ FlexWAN VPN CME
ISR G2
Corpus Christi (Voice
IP IP
Main Campus Enabled)
Harlingen
IP IP
DCH Network Design TS5325
September 16, 2011 67