Driscoll Childrens Hospital Network Desi

1
u10a2: Network Design
Driscoll Children’s Hospital (DCH)
Kathleen H. Jungck
E-mail: Kjungck@CapellaUniversity.edu
September 16, 2011
TS5325 Network Analysis
Capella University
Instructor: Dr. Steve Klingaman

DCH Network Design u10a1: Network Design TS5325
September 16, 2011 2
Table of Contents
List of Figures ................................................................................................................................... 4

List of Tables .................................................................................................................................... 5
1. Introduction .............................................................................................................................. 7
1.1. Customer Priorities ......................................................................................................... 7
1.2. Missing Information....................................................................................................... 10
2. Network Architecture ............................................................................................................. 12
2.1. Medical Grade Network ................................................................................................ 12
2.2. Redundancy.................................................................................................................. 13
2.3. Security ......................................................................................................................... 14
2.3.1. Enterprise Campus ....................................................................................................... 15
2.3.2. Server Farm / Data Center ........................................................................................... 15
2.3.3. Edge (Remote Access & VPN, Internet, & WAN/MAN)................................................ 16
2.3.4. Branch........................................................................................................................... 17
2.3.5. Teleworker .................................................................................................................... 17
2.4. Baseline Network Analysis ........................................................................................... 17
3. Planned Design ..................................................................................................................... 19
3.1. Transmission Media...................................................................................................... 19
3.2. Core Layer .................................................................................................................... 20
3.2.1. Core Switch Location .................................................................................................... 20
3.2.2. Core/Distribution Switch Model Selection..................................................................... 21
3.3. Distribution Layer .......................................................................................................... 22
3.4. Access Layer ................................................................................................................ 24
3.4.1. Access Layer Media ..................................................................................................... 24
3.4.2. Access Switches ........................................................................................................... 24
3.4.3. Access Layer Ports ....................................................................................................... 25
4. WAN Design .......................................................................................................................... 27
4.1. Customer WAN Requirements ..................................................................................... 27
4.2. WAN Connection recommendation .............................................................................. 28
4.3. WAN Hardware ............................................................................................................. 29
4.4. Software ........................................................................................................................ 30
4.5. Redundancy.................................................................................................................. 31
4.6. Connectivity Cost Estimates ......................................................................................... 31
4.7. Scalability ...................................................................................................................... 32
5. IP Addressing Scheme .......................................................................................................... 33
5.1. Scalability ...................................................................................................................... 33
5.2. IPv6 ............................................................................................................................... 33
5.3. Manageability ................................................................................................................ 33
5.4. Hierarchical Addressing & Routing ............................................................................... 34
5.5. Addressing Scheme...................................................................................................... 35
6. IP Telephony Design ............................................................................................................. 37
6.1. VoIP vs. Telephony....................................................................................................... 37
6.2. Infrastructure Voice & Video Requirements ................................................................. 39
7. Unified Wireless Network (UWN) Design .............................................................................. 41
7.1. Endpoint Security.......................................................................................................... 42
7.1.1. Guest Access ................................................................................................................ 43
7.2. Wireless Network Security ............................................................................................ 43
7.3. System Management .................................................................................................... 44

7.4. UWN Device Counts and Location ............................................................................... 44
7.5. UWN Diagram ............................................................................................................... 46
8. Integrated Network Security Design ...................................................................................... 47
8.1. Endpoint Security.......................................................................................................... 47
8.1.1. Guest Access ................................................................................................................ 49
8.2. Network Security........................................................................................................... 50
8.3. Content and Application Security ................................................................................. 52
8.4. System Management .................................................................................................... 52
9. Summary ............................................................................................................................... 53
Appendix A: DCH Information Security Management Policy ......................................................... 60
Appendix B: DCH Network Access Control Policy......................................................................... 62
Appendix C: DCH Acceptable Use of Network Policy ................................................................... 63
Appendix D: DCH Information Security Incident Response Policy ................................................ 64
Appendix E: DCH IP Telephony Components ............................................................................... 66
Appendix F: DCH Network Diagram ..............................................................................................67
List of Figures
Figure 1. Campus Map.................................................................................................................. 20
Figure 2. IPv6 Address Format ...................................................................................................... 35
Figure 3. DCH IPv6 Address Scheme ........................................................................................... 36
Figure 4. Major UWN Component Configuration ........................................................................... 42

List of Tables
Table 1. Initial Requirements ......................................................................................................... 10
Table 2. Missing Information .......................................................................................................... 11
Table 3. Cisco SONA Modules for Driscoll Children’s Hospital .................................................... 13
Table 4. Transmission Media Characteristics ................................................................................ 19
Table 5. Core Switch Ports ............................................................................................................ 21
Table 6. VSS Core Switch Configuration ....................................................................................... 21
Table 7. Port Module Configuration for Distribution VSS............................................................... 22
Table 8. Distribution Layer Port Counts ......................................................................................... 23
Table 9. Access Layer Switch Configuration ................................................................................. 24
Table 10. Access Layer Port Counts ............................................................................................. 26
Table 11. Edge Switch/Router Configuration ................................................................................. 29
Table 12. ISR G2 Configuration ..................................................................................................... 30
Table 13. Service Provider Quotes for Monthly Service per site, 3yr contract .............................. 31
Table 14. Monthly Solution Pricing for 3 yr contract ...................................................................... 32
Table 15. Proposed DCH IPv6 Address Aggregation .................................................................... 36
Table 16. Telephone Endpoint Count ............................................................................................ 37
Table 17. Peak Load Rates ........................................................................................................... 39
Table 18. Access Port and WLC Counts and Location.................................................................. 46

Executive Summary
Driscoll Children’s Hospital (DCH) is a tertiary care center providing specialty pediatric services to
children ages 0-21 across a wide geographical area in southwest Texas. As a specialty center, DCH
treats more seriously ill children with advanced needs, including radiology, oncology, cardiology, and
other digital imaging intensive specialties. Many of DCH patients are from low income families in rural
areas with low technology bases. It is often difficult for patients to travel to the main facility in Corpus
Christi, so staff members commute to branch facilities in Harlingen and McAllen, perform a large number
of home visits, and are increasingly utilizing telemedicine to support the widely distributed client base.
DCH is interested in upgrading their current network to support the rapidly growing demand for
their services, the increasing demand on information services to improve patient care, to meet regulatory
compliance requirements. This report presents a proposed coherent, layered solution to meet DCH
requirements for an upgraded, integrated network based on the Cisco Medical Grade Network
architecture. Solution recommendations include a Cisco sole provider solution utilizing Cisco IOS, VSS
core and distribution switches, light wireless access points and wireless LAN controllers, integrated
services routers, IP telephony with Cisco Unified Communications Manager, IPv6 addressing, MPLS VPN
communications with remote branches, VPDN support for remote access and teleworkers, and integrated
security components.
Driscoll Children’s Hospital Network Design
1. Introduction
Driscoll Children’s Hospital (DCH) is a tertiary care center providing specialty pediatric services to
children in 31 counties across more than 33,000 square miles in southwest Texas as well as children
from northern Mexico (“DCH Overview”, 2011). DCH primary patient population is children age 0-21. As
a specialty center, DCH treats more seriously ill children with advanced needs, including radiology,
oncology, cardiology, and other digital imaging intensive specialties. Many of the patients are from low
income families in rural areas with low technology bases. It is often difficult for patients to travel to the
main facility in Corpus Christi, so staff members commute to branch facilities in Harlingen and McAllen, as
well perform a large number of home visits. Telemedicine use is also increasing to support the widely
distributed client base, and to consult with general practice pediatricians.
DCH is interested in upgrading their current network to support the growing demand of
information services, to meet regulatory compliance for HIPAA, HITECH, and JCAHO for electronic
patient medical records, and to increase productivity through consolidation of voice, data, and video
services into one network. DCH has specifically requested consolidation into a unified sole provider
solution through use of a Cisco SONA three layer architecture medical grade network (MGN) design with
priority on high availability, robustness, scalability, manageability, and mobility.
This report presents a proposed coherent, layered solution to meet DCH requirements for an
upgraded, integrated network. Section 1 introduces customer requirements and priorities, section 2
presents architectural design considerations and options, section 3 presents the proposed architectural
design, section 4 details WAN design considerations and recommendations, section 5 discusses IP
addressing schemes and routing protocol selection, section 6 details IP telephony considerations and
requirements for voice services integration, section 7 discusses Unified Wireless Network design choices
and recommendations, and section 8 presents network security considerations and recommendations.
1.1. Customer Priorities
The utmost priority for DCH is maintaining patient confidentiality, providing high quality patient
care, and supporting patient, staff, and visitor safety. High priority requirements for the DCH network
upgrade include extremely high availability (99.9%) and security associated with a medical grade
network; scalability to support future growth in additional specialty clinic sites, facility growth, service use,
and technology use; manageability of a growing, integrated network without significant staff increase;
integrating voice, data, and video services to reduce cost and provide improved services; telemedicine
support; support for high quality digital medical imaging; ubiquitous wireless access to support high
mobility to improve patient care; and robust remote access to support teleworkers and patient home
visits.
Compliance issues for DCH include HIPAA, HITECH, and JCAHO for electronic medical records,
PCI-DSS for payment services, and the Children’s Children’s Online Privacy Protection Act due to the age
of their primary patient population.
Physical security concerns must also be considered, making it important that information security
policies and procedures coordinate with overall hospital security and safety and policies. The primary
goals for policies at DCH are to protect the privacy, health, and safety of DCH patients, staff, and visitors.
Information security specific policies focus on protecting the confidentiality, integrity, and availability of
information systems infrastructure, equipment, networks, and associated devices to support patient care
at DCH facilities. A full examination of security concerns and recommended controls is addressed in
section 8.
A summary of DCH requirements, goals, and constraints are presented in Table 1. Missing
information and related assumptions applicable to diagramming DCH’s existing network are related in
section 1.2, and summarized in Table 2.

Requirement Comments
Network Applications and Network Services Assumptions made regarding applications when
not specified
Digital Imaging – PACS, RIS DICOM standard for X-ray, MRI, etc.
Horizon Medical Imaging from McKesson
Cisco Collaborative Imaging
Patient Medical Records, Billing, AMR EPIC, with web access portals – one database
Mobile Voice Recording / Medical Transcription Dragon Medical 10.1
Language Translation software Cisco Collaborative Care – Language
Interpretation Services
E-mail, contacts, calendar Outlook, Outlook Web Ap (OWA)
Office productivity MS Office (Word, Excel, Powerpoint, etc)
Teleconferencing - telemedicine Cisco TelePresence and/or Care-at-a-Distance
VoIP Unified voice, video & data service, voicemail, etc.
Various Cisco products
IP multicast (support teleconferencing)
Web Browser Internet Explorer, Firefox, Safari, Opera, etc.
Organizational Goals
Immediate, continual access to patient records Fast response, high availability, both view & update
Location independent access Work from home as in office (teleworkers); home
visits
Ubiquitous, secure wireless access Anywhere on any campus
High degree of clarity for medical images Bandwidth capability to support frequent
transmission of large files
Integrate voice, video & data - single network
Centralized data center Accessible from all locations with high availability &
reliability
HIPAA Compliance
Joint Commission on the Accreditation of
Hospitals (JCAHO) Compliance
Create unified organizational policy Network Access Control, Acceptable Use of
Network, Security Management, Incident
Response
Increase end-user device options Thin-clients, PDA, wireless notebooks, cell phones,
tablets, GPS devices in addition to Desktop PCs
and notebook computers
Organizational Constraints
Main Campus – site dimensions 8 buildings, 8 story office tower – 8 floors, 10,000
sq ft per floor
Main Campus – staffing 100 doctors/250 nurses/1000 support staff
Harlingen branch – site 10,000 sq ft, single story
Harlingen branch – staffing 25 doctors/75 nurses/200 support staff
McAllen branch – site 18,000 sq ft, single story
McAllen staff 35 doctors/100 nurses/300 support staff
Large number of home visits Medical staff visit patients off-campus
Large number of teleworkers Medical staff work from home as needed
Staff is not confined to single site Medical staff rotate among sites to accommodate
patients
Policy Migrating from hybrid, divergent network to
unified, single infrastructure that maximizes
robustness & scalability
Requirement Comments
Technical Goals
Integrated, sole provider architecture to maximize Move away from disjointed, multi-vendor
robustness, expandability & bandwidth specialized platforms. Prefers Cisco Enterprise
Model – 3 Layer Architecture with Cisco IOS
High Bandwidth – 1Gb to desktop Frequent transmission of large image files
Upgrade routing devices Replace hubs & dumb switches with all layer-3 &
layer-4 intelligent switches
Fast response / Performance Constant need for access to medical records
High availability 99.9%
Adaptability
Scalability
Support & configure VLANs
Multi-dimensional security Firewalls, ACLs, virus protection, data encryption,
redundant backup
Quality of Service (QoS) metrics
Secure teleworkers support VPN tunnels, encryption authorization, password
challenges
Simplify network addressing scheme, replacing Convert from IPv4 to IPv6 & utilize DHCP where
static addressing with dynamic where possible possible
Monitor & Manage network performance through Management Information Base (MIB), Simple
improved manageability Network Management Protocol (SNMP), & Tools
including Netflow & RMON (Remote Monitoring)
Mobility
Upgrade cabling to CAT 6 Replace as much CAT 3 & CAT 5 as possible
Upgrade routing protocols Replace RIP-1 and IGRP with RIP-2, EIGRP &
OSPF
Technical Constraints
Remote access from low-tech areas Medical staff on home visits need remote access
from areas with low technology base
Current Status Static addressing, low bandwidth (10Mb)
Outdated infrastructure Not adaptable, no remote management with hubs
and simple Layer 2 switches
Existing cabling Replace CAT 3 & CAT 5 where possible,
ubiquitous wireless
Existing network devices Replace unmanaged hubs & switches with multi-
layer switches as part of modular 3-tier
hierarchical architecture design
Bandwidth ability Increase to leased lines (fractional-T1/T1, T3)
Divergent LAN topologies – Multiple NOS (Novell, Standardize to support IPv6, DHCP, performance
Appletalk, MS, +); Token Ring, Ethernet metrics, management, & security objectives w/
modular SONA format
Table 1. Initial Requirements
1.2. Missing Information
While DCH specified several critical and important applications, including electronic patient
medical records, digital imaging, language translation, and medical dictation, special applications were
not identified. Research on widely used software fitting those applications was used where usage and
bandwidth assumptions were required to develop existing network scenarios. Additional applications
commonly used in large hospitals was also identified, and are listed below in Table 2. Specific network
services that were identified as a priority, including security, but were also detailed, are also listed in
Table 2. Organizational and technical constraints that could affect the design project such as existing
building and equipment layouts, staffing, and budget were also listed. Research has identified that DCH
is affiliated with Texas A&M University, so the possibility of an extranet was also identified.
Missing Information Comments and Assumptions

Network Applications and Network Services
Groupware Cisco Collaborative Imaging, Cisco Unified Meeting
Place
HR – payroll, employee records Oracle Peoplesoft
Custom applications TBD
Internet access Required to support VPN, e-mail, etc
Extranet Vendor or insurance clearing house partnering?
Texas A&M University?
Security PKI, LDAP, anti-virus, smartcards
Technical Goals
Expected performance metrics Query customer
Technical Constraints
Current deployment: topology & configuration What is in use where & how – WAN, wireless,
Criticality and/or priority of applications
Network audit / assessment information Management tools n/a
Organizational Goals
Expansion Forecasts
CCTV or other surveillance
Organizational Constraints
Budget Not specified
Schedule TBD
Building Layouts What services needed where, grouping of
devices, site related constraints
Staffing / Equipment Who works where, when – extended hours?
multiple shifts? How often rotate to other clinics,
how many teleworkers, etc.
Network Administration / Support Personnel # of personnel, consultants, contractors
Table 2. Missing Information
2. Network Architecture
2.1. Medical Grade Network
Major design areas to address in the DCH network design include identification of relevant
applications, modularization of the network, identification of scope, and appropriate design alternatives to
achieve DCH goals (Teare, 2004). Identifying relevant applications is a major factor in network design in
order to determine what resources are required to meet performance levels. Interoperability must be
considered, as well as logical connectivity requirements, and what network services are required to
support each application. Quality of Service (QoS) metrics must also be identified.
Modularization of the network, taking into account geographical distribution of the organization,
aids in prioritizing redesign tasks, as well as identifying scope. Network modules for DCH may include
the major campus LAN in Corpus Christi, the centralized server farm, DMZ server farm, the intranet edge
which includes the border, extranet, WAN, and internet, service providers such as ISP or PTSN, remote
access for teleworkers or home visits, and branch campuses at Harlingen and McAllen.
Scope must be determined to identify which network modules are to be redesigned, and to what
extent. Security requirements, HIPAA and JCAHO compliance, remote access requirements,
telemedicine, consolidation, and architecture considerations such as intelligent switches and other
customer required features such as QoS metrics will contribute to scope decisions. Design alternatives
will likely need to be considered for the Corpus Christi campus LAN, redesigning routing protocols, and
an upgrade to the WAN links to support performance.
In order to support these goals, it is important that the network be robust, highly redundant, have
high quality of service (QoS), support multicast, and provide ubiquitous wireless access. Cisco® Medical
Grade Network (MGN) architecture best addresses the primary concerns of a medical grade network.
Cisco® MGN architecture is based on the best practices to support a healthcare environment.
MGN focuses on communication, information, technology, bandwidth, and integrations needs for
clinicians, administrators, patients, and partners to support the transfer and storage of large medical
datasets as well as to ensure industry and government regulatory compliance such as HIPAA and PCI
DSS. MGN also supports unified voice, video, and data networks to support telemedicine and improved
patient care. Identity and policy based mechanisms that extend beyond the Enterprise Campus are
utilized to limit access to authorized individuals. MGN utilizes the Cisco SONA architecture, a 3-tier
hierarchy of network design modularized into six main parts and respective sub-modules as detailed in
Table 3.
1. Enterprise Campus 2. Enterprise Edge

o Campus Core o E-Commerce
o Building Distribution o Internet Connectivity
o Building Access o Remote Access and VPN
o Server Farm and Data Center o Site-to-Site, WAN and MAN VPN
3. Enterprise Sever Farm 4. Service Provider
(an off-site Data Center is not part of the o Internet Service Provider
current design for DCH) o PSTN
o MPLS
5. Enterprise Branch 6. Enterprise Teleworker
Table 3. Cisco SONA Modules for Driscoll Children’s Hospital
2.2. Redundancy
Redundancy is critical to ensure the high availability required by medical grade networks.
Redundancy can be provided in several ways, including architectural design, alternate routing, and
hardware design. Architectural design elements include use of redundant nodes, mesh and partial mesh
topology, use of multiple links between nodes, and use of backup service providers in case of primary
failure. Virtual Switching Systems (VSS) adaptation supports high availability and performance by
integrating network systems and redundancy into a single node. For the DCH network upgrade,
redundancy must be addressed in the design, especially focused on the core, server farm, and service
provider modules. Cisco MGN also recommends the following best practices to support hardware
redundancy (Higgins, Mah & Anderson, 2011):
1. No single point-of-failure through use of elements including redundant chassis' and stackable
switches, especially towards the core of the network.
2. Redundant supervisor, fan, and power modules in access layer devices
3. Redundant power and fan in core and distribution devices
4. Protocols implemented that can quickly detect faults and failover appropriately
5. Redundant network services where access or network capability is limited by a service(e.g., DNS)
Other methods of promoting high availability include the use of Wide Area Application Services
(WAAS) that use optimized caching, transport flow optimization, and compression to reduce traffic
bandwidth across the WAN. Low cost Wide Area Application Engines (WAE) appliances provide global
LAN like access to central data centers or server farms from remote locations over the WAN (Teare,
2008). Communications Manager Express (CME) modules also support redundancy by allowing calls to
be routed through integrated services routers in the event the centralized call manager is unavailable
(Higgins, Mah, Anderson & et al, 2011).
The selection of multiple service providers also supports redundancy. Alternate ISP and MPLS
vendors provide redundancy in case of a failure of the primary provider’s network, thus ensuring
continued availability. MPLS is becoming more desirable for medical networks due to its increased
bandwidth, reliability, class of services, and speed over other connection types, rivaling the speed of T1
and T3 leased lines but at more consistent quality of service. (“MPLS: Is it the future”, 2007).
2.3. Security
Cisco MGN architecture is based on best practices to be protected, interactive, responsive, and
resilient (Higgins, Mah, Anderson & et al, 2011). Security is one the top three concerns for healthcare
CIO, and top security concerns are internal breach, regulatory compliance, and inadequate deployment of
technology (“MGN 2.0 Security Architecture”, nd). A healthcare network is considered protected when
best practices are employed to the entire environment. The Cisco security control framework (SCF) is
employed at each place in network (PIN), such as campuses, remote clinics, and branches. Five major -
areas to be addressed are end-point security, network security, content security, application security, and
system network and event management.
In the DCH design, security needs to be addressed at a network level as well as within each
module. Some appliances interact in multiple parts to create a cohesive security system. At the network
level, security is provided through infrastructure protection on the switching and routing platforms, through
the use of firewalls and firewall service modules, an Adaptive Security Appliance (ASA), firewall
integrated with the integrated services router (ISR), CSM (network management console) and CS-MARS
(Security Monitoring, Analysis & Response System). Module specific security needs will be identified in
the associated module sections below, and recommended security implementations are addressed in
more detail within section 8.

2.3.1.Enterprise Campus
The Campus core provides connectivity to the entire campus network, and should be designed to
support the highest availability levels. Redundancy through hardware, multiple redundant switching
fabrics using VSS, and high scalable bandwidth are needed up to 1.4 Tb. It is important to focus on
throughput at the core, so no extraneous security devices are recommended at this layer.
The distribution layer provides services and controls between the core and access layers and
balances, Intrusion Prevention System (IPS), Network Admission Control (NAC) server, Wireless LAN
Controllers (WLC), and Network Administration Modules (NAM) should be implemented at the building
distribution layer to support security services and centralized network management. WLCs manage
lightweight access points (LAP) at the access level that download centrally managed configurations to
increase manageability and decrease the risk of tampering. NAC and NAM gather information about the
local network segments to be collected and analyzed centrally. The DCH network will utilize network
virtualization with Cisco 6500-series multi-layer switches and Supervisor 720 modules to provide virtual
route forwarding (VRF) and VSS to ensure enterprise-quality network response and path isolation of
medical devices from other network traffic.
The MGN access layer enables multiple services and provides connectivity to biomedical devices
and end-users. The access layer separates computing devices from network infrastructure to provide
additional security, quality of service (QoS) traffic management. Additional to this layer include LAP and
IP phones. Care must be taken in wireless implementation to segment devices appropriately, as some
medical devices require dedicated bandwidth and isolation from other network traffic (Higgins, Mah,
Anderson, & et al, 2011). Cabling will need to be upgraded where possible to support 1GbE to the
desktop. VLANs will need to be assigned to isolate IP phones from other traffic, and PoE requirements
calculated to determine the appropriate ratio of switches to support access layer devices.
These changes will support the customer’s requirements for wireless access, IP telephony,
mobility, telemedicine, and 1GbE to the desktop.
2.3.2.Server Farm / Data Center
DCH does not support an external data center, so the server farm module is more applicable.
The data center should be connected directly to the core through the distribution layer VSS. The server
farm should function as a protected area in order to safeguard the most important information assets of
the enterprise as well as network devices to support central network management, load balancing,
communications servers, and application acceleration.
Within the server farm module, a number of security services and appliances are needed to meet
customer requirements, including:
1. NAC controller and profiler to manage NAC Servers throughout the network that ensure
security policy compliance; limit access to trusted, compliant endpoint devices like PCs,
PDAs, and servers; mitigates risks from viruses & worms; and provide shared service areas
for wireless or VPN access
2. Web Applications Firewall
3. Host IPS on database servers and critical file servers
4. Access Control Server (ACS) that supports RADIUS authentication, NAC, directory services,
as well as correlating infrastructure based telemetry, firewall, and APS data for threat
identification and mitigation.
5. Web Security Appliance (WSA)
6. Email Security Appliance (ESA)
7. WAAS to improve performance and security of critical applications.
8. WLC/MSE for centralized wireless LAN control
9. Application Control Engine (ACE) and/or ACE/XML gateway to provide both high availability
and maintain security by supporting non-disruptive removal of application servers for
maintenance. (“Cisco Medical Grade Network 2.0 – Security”, nd). ACE also controls
application access, provides end-to-end encryption through SSL termination service, offers
protection for common attacks, and supports HIPAA and PCI-DSS compliance (“Cisco
Medical Grade Network 2.0 – Security”, nd).
2.3.3.Edge (Remote Access & VPN, Internet, & WAN/MAN)
The Edge provides boundary protection, separating the main campus from external connections
such as Remote access & VPN, WAN/MAN, and Internet as well as the E-commerce and service provider
modules. To support high availability to the branch locations, the Service Provider module for DCH
should support primary and secondary private MPLS VPN connections through separate providers. For
Internet connectivity, DCH should utilize both a primary T3 connection and secondary T1 connection
through separate providers for both campus internet access, but also to support VPN access for the
Teleworkers module. A PTSN connection should be maintained to support dial-in access for the
Teleworker module as well as a tertiary backup for the campus.
Within the Campus Edge Module, multi-layer distribution switches will assist in distributing the
traffic into multiple sub-modules: Remote Access & VPN, Internet Connectivity, and E-commerce. IPS
systems should be added to each sub module, routers should be upgraded to ISR with firewall modules,
and VPN/IPSec termination servers should be supported in the Remote Access & VPN sub-module.
WAE’s and IPS should be utilized within the E-commerce module.
2.3.4.Branch
At the Branch module(s), the existing router should be replaced with an ISR-G2 router with
firewall, wireless access point, and WAE modules that provide integrated security solutions and support
integrated data, video, and telephony services. WAE optimizes the use of enterprise applications. NAM
should be added to support centralized network management and CME modules should also be added to
support IP telephony call routing in case the main server is unreachable.
2.3.5.Teleworker
The Teleworker module should include support for both clinicians and teleworkers utilizing a
standard Internet connection using VPN as well as clinicians on home visits restricted to lower technology
such as dial-up. This can be accomplished through registered mobile devices authenticated through the
ACS in the server farm, and VPN terminations in the Edge remote access sub-node. ISR providing
wireless access can also support mobile devices connected to it for remote authentication.
2.4. Baseline Network Analysis
A Cisco Partner, Dartware Intermapper is capable of gathering real-time, vendor neutral data on
the network using the SNMP protocol. This is important as there are currently no intelligent network
devices in place and the current network is extremely heterogeneous. The current configuration of hubs
may require agents such as Splunk, another Cisco partner, to be installed on host based systems for
more granular awareness. NetFlow would not be a good choice at this time as the network is so
heterogeneous. If any of the current routers or switches support RMON, an MIB that includes the ability
to trigger alarms for user defined threshold events, RMON could be used to gather LAN traffic data.
Once the Cisco sole-provider architecture is in place, NetFlow would be a good choice to monitor
the network in combination with the Cisco Security Management Suite. Splunk and Intermapper would
continue to compliment the solution by integrating event and logging data from enterprise wide devices.
3. Planned Design
3.1. Transmission Media
To support current and future performance and bandwidth needs of the campus core backbone,
new laser optimized multimode fiber (nMMF) OM4 at 850nm is recommended to interconnect the campus
core, distribution, and access layer infrastructure. nMMF OM4 is a good choice over Single Mode fiber
because of cost, higher port density, and lower energy consumption (Congdon, nd). OM4 will support
both current 10G links as well as evolving 40/100G links (Kish, 2010). Table 4 below details the
characteristics of popular transmission media types.
Copper UTP
Parameter MM Fiber nMMF OM4 SM Fiber Wireless
6E 6A
Distance 100m – 100m – 1G 550m – 1G 1100m – 1G 5km -1G 500m –
(Range) 1G 100m – 300m – 10G 550m – 10G 80km – 10G 1Mbps
55m – 10G 125m – 2km –
10G 40/100G 40/100G
Bandwidth <= 1G/s <= 10Gb/s <= 10Gb/s <= 100Gb/s <= 100Gb/s Half duplex
to 27 Mb/s
Price Inexpensiv Moderately Moderate Moderate Moderate to Moderate
e Inexpensiv expensive
e
Area Wiring Wiring Internode or Internode or Internode or Internode or
closet closet Interbuilding Interbuilding interbuilding Interbuilding
Service 10+ years 10+ years 15-20 years 15-20 years 20+ years
Life
Table 4. Transmission Media Characteristics
Copper unshielded twisted pair (UTP) at Category 6E and 6A will provide the bulk of the wired
connections to the end-user. Cat 6E is required at minimum to support 1G to the desktop and to support
more intensive applications such as telemedicine, VoIP, and high resolution digital imaging. Cat 6A
would be recommended to support future 10G to the desktop, anticipated to be the enterprise norm within
5 years with the emergence of 40/100G considering Moore’s Law. A combination of OM4 and wireless
will support end-user locations that are not easily reached by UTP or with excessive electromagnetic or
radio frequency interference. Cabling within the hospital, both OM4 and UTP Cat 6, may be required to
have plenum coatings for fire safety. Building codes must be confirmed for cable selection, as plenum
coated cabling is significantly more expensive.

3.2. Core Layer
3.2.1.Core Switch Location
The Server Farm/Data Center and network operations are located within building #4, as shown in
Figure 1 below, which also houses the main administrative services for the campus. The Core switches
are easily accommodated into the equipment room adjacent to the Data Center in the southeast corner of
building #4. This allows for maximum support by network operations, ease of centralized administration,
and is within the transmission media limitations of OM4 cabling for both 10Gb performance and future
40/100Gb performance to distribution switches in all campus buildings as well as to the Data Center. The
servers in the Data Center will be connected to four fabric switches through dual 10GbE fiber
connections. The fabric switches will connect to the core switches through building #2 distribution
switches. Edge distribution will be located in building #5, which is the closest campus location to service
provider access points for WAN connectivity.
NORTH
0 100ft
Figure 1. Campus Map
A redundant pair of core layer switches will operate as a Virtual Switching System (VSS)
interconnected by a pair of 10Gb/E modules. Each core switch will require (2) ports to support a
distribution VSS in each of the eight buildings, the Data Center/Server Farm in building #4, and the
enterprise edge in building #5. Each VSS distribution switch will connect to the core in a triangle
redundancy pattern. DCH has requested Cisco IOS, instead of Catalyst IOS, in support of IPv6
migration, MPLS, server load balancing, and other future service improvements.
# Core Switches Ports / distribution VSS # VSS Distribution Total Ports

2 2 11 44
Table 5. Core Switch Ports
3.2.2.Core/Distribution Switch Model Selection
VSS logically defines two redundant Catalyst 6500 switches into a single unit for the campus
core, which will be located in building #4. VSS provides a high performance, resilient, and highly
available backbone. Throughput is provided by Multichassis Ether Channel and 802.3ad link
aggregation. High availability is provided through a loop free design with stateful switch over (SSO), non-
stopf forwarding (NSF), and in-server software upgrades (ISSU). The core switch pair will each require at
least two 16 port 10Gb/E modules with fiber transceivers to provide dual link connections to each of the
22 planned distribution switches (11 pairs). This configuration will provide 10 ports on each core switch
for redundant spares and future growth. The core VSS should be configured as described in Table 6:
Cisco Catalyst 6500 Virtual Switching System 1440 (Cisco IOS included)
Cisco Catalyst 6500 Switch Cisco Catalyst 6500 Switch
Supervisor 720-10G-3CXL – VSS Engine Supervisor 720-10G-3CXL – VSS Engine
• (2) 10G optic (X2) upload ports • (2) 10G optic (X2) upload ports
• (2) 1G Ethernet SFP ports • (2) 1G Ethernet SFP ports
• (1) selectable 10/100/1000 RJ-45 • (1) selectable 10/100/1000 RJ-45
• MSFC3 PFC3C XL • MSFC3 PFC3C XL
Primary + Redundant Power Supply Primary + Redundant Power Supply
(min 2500 W ea) (min 2500 W ea)
(2) 16 port 10Gb/E modules - X2 fiber transceivers (2) 16 port 10Gb/E modules - X2 fiber transceivers
22 ports allocated; 2-VSS; 10 open 22 ports allocated; 2-VSS; 10 open
(1) 16 port 10Gb/E module - X2 fiber transceiver (1) 16 port 10Gb/E module - X2 fiber transceiver
spare for module failure + growth spare for module failure + growth
(1) 8 port 10Gb/E module – copper as alternate 1) 8 port 10Gb/E module – copper as alternate spare
spare port links port links
Table 6. VSS Core Switch Configuration

3.3. Distribution Layer
X2 fiber transceivers with OM4 nMMF cabling will connect distribution switches to each access
layer switch. Distribution switches will utilize the same primary VSS 1440 configuration as the core layer
switches, but with varying numbers and port counts of 10Gb/E X2 modules depending on access layer
density. Module configuration for distribution layer VSS switches is specified in Table 7 and distribution
layer port counts are specified in Table 8 below. Branch modules are not included in Table 7 as the
branch access layer switches are aggregated through the integrated services router at each branch rather
than the use of a distribution layer switch.
Module X2 Port # Modules (pairs) # Modules (pairs)

Building
Count in service spare
1 – Hospital 16 2 1
2-McIver Furnan
3- J. M. Sloan 16 1 1
4 – Health Center
4 – Server Farm
5 – Pediatric Center
8 1 1
5 – Edge*
6 – Rehab Center
7 – Ronald McDonald House
4 1 1
8 – Children’s Learning Center
Table 7. Port Module Configuration for Distribution VSS

Total Ports
Location Notes
Ports in Use
Main Building (Hospital) #1 96 64 8 floors, 4 wiring closets per floor, 1 access switch
VSS Distribution Switches with per wiring closet. 8 x 4 x 2 = 64.
Dual uplinks (Total = 16 x 3 x 2 – 1 spare)
McIver Furnan, Bldg #2 32 20 5 Floors, 2 wiring closets per floor, 1 access switch
VSS Distribution Switches with per closet. 5 x 2 x 2 = 20
Dual uplinks (Total = 16 x 1 x 2 )
Joseph M. Sloan, Bldg #3 32 20 5 floors, 2 closets per floor, 1 access switch per
VSS Distribution Switches with closet. 5 x 2 x 2 = 20
Dual uplinks
Health Center, Bldg #4 16 8 (4) Fabric Switches for Server Farm/D. C.
Server Farm (8 x 1 x 2; 1 spare 8 port).
VSS Distribution Switches w/
Dual Uplinks
Health Center, Bldg #4 32 16 4 floors, 2 closets per floor, 1 access switch per
VSS Distribution Switches w/ Dual closet. 4 x 2 x 2 = 16
Uplinks
Pediatric Center, Bldg #5 16 8 2 floors, 2 closets per floor, 1 access switch per
VSS Distribution Switches w/ Dual closet. 2 x 2 x 2 = 8
Uplinks
Bldg #5 – Edge WAN 16 6 TBD
Distribution Switches w/ Dual
Uplinks
Bldg #5 – Edge Internet 8 4 TBD
Distribution Switches w/ Dual
Uplinks
Rehab Center, Bldg #6 16 6 2 floors; 1 wc 1st floor (pool); 2 wc 2nd floor, 1
VSS Distribution Switches w/ Dual access switch per closet. (1 + 2) x 2 = 6
Uplinks
Ronald McDonald House, Bldg 8 2 1 access switch
#7. VSS Distribution Switches w/
Dual Uplinks
Children’s Learning Center 8 4 2 floors, 1 access switch per floor. 2 x 1 x 2 =4
Bldg #8, VSS Distribution
Switches w/Dual Uplinks
Harlingen Brach 8 4 TBD
VSS Edge WAN Distribution
Switches w/ Dual Uplinks
McAllen Branch 8 4 TBD
VSS Edge WAN Distribution
Switches w/Dual Uplinks
Total 296 166
Table 8. Distribution Layer Port Counts
3.4. Access Layer
3.4.1.Access Layer Media
Copper UTP, Category 6E and/or Category 6A, will be installed to support 1Gb/E to the end-user
devices and wireless access points. Cat 6E is required to support the higher demands of telemedicine
conferencing, digital medical imaging, and IP telephony. Cat 6A would be a prudent investment to
support network growth over the next 10 years, as 10Gb/E to the desktop is emerging, and based on
Moore’s Law, should be the industry norm within five years.
3.4.2.Access Switches
Catalyst 4500 Switches will be utilized at the access layer. The Catalyst 4500 is a multilayer
switch capable of providing QoS to support IP telephony, telemedicine, and other multimedia applications,
to provide port security, and route via IP rather than MAC address. Teare (2008) notes that routing in the
access layer can provide increased performance. The Catalyst 4500 also provides 60W of 802.3af POE
per port, 30W simultaneously across all ports, which will support IP phones, wireless access points, and
other devices. Cisco Catalyst multi-layer 4507R+E switch models with redundant 7E supervisors and
dual power supplies are the preferred model for most buildings. These switches provide fail-over,
redundancy, plenty of PoE per port, have (4)10G uplinks and (1) 1G uplink, and support IPv6 (“Cisco
Catalyst 4500”, nd). The scalability and modular nature of these switches would be the best option for
growth. One switch per closet should be sufficient, as the top power supply can provide up to 4200W of
PoE. Each switch can support up to 192 access ports, scalable in 48 port increments depending on
building concentrations.
Cisco Catalyst 4500E Access Layer Switch Configurations
Cisco Catalyst 4507R+E Switch with Cisco IOS XE
(2) Supervisor 7E WS-X45-SUP7-E (fail over redundancy)

• (4) 10G optic (X2) upload ports
• [up to 4] WS-X4648-RJ45V+E: 48-port 802.3af PoE 10/100/1000 (RJ-45)
Primary + Redundant Power Supply (up to 4200W ea)
Table 9. Access Layer Switch Configuration

3.4.3.Access Layer Ports
Many of the physicians and nursing staff are highly mobile, rotating between the primary facility in
Corpus Christy and the sub-specialty centers in Harlingen & McAllen as well as performing patient home
visits. As such, staff counts do not accurately reflect the number of stationery devices in a particular
location, and counts have been adjusted accordingly. Ubiquitous wireless access will be provided
throughout the enterprise by Light Wireless Access Points (LWAPP) managed through a central
controller. Due to channel separation requirements, since some medical devices require a particular
frequency, multiple LWAPPs may be necessary in areas with high concentrations of medical devices.
Cisco Aironet 3500 series supports multicast for multimedia applications like voice and
videoconferencing, and helps to minimize interference from multiple access points. Dedicated medical
device support may only require Aironet 1140 models. Some areas may require higher or lower density
than average. This installation is highly scalable, as the manager can support up to 18,000 access points
(“Cisco Aironet 1140”, nd).
Several Cisco platforms, including ISR routers and Catalyst switches support multi-domain
authentication. This allows PCs and IP phones to authenticate to the same switch port, but operate on
separate VLANs. This reduces the access layer port count, especially in branch offices.
Location Total Used LWAPP IP POE Data 4507R+E

Ports Ports Phones (48,96,144, or 192 ports)
#1, Hospital, 1st Floor 384 139 14 20 50 75 10,000 sq ft. E/R, Nuclear
Medicine, no beds. Four
wiring closets per floor, each
with access switch Assume 25
staff per floor average.
#1, Hospital, 2nd Floor 384 138 13 20 50 75 10,000 sq ft. LAB, (2) Surgery
Suites, 21 beds
#1, Hospital, 3rd Floor 384 138 13 20 50 75 10k sq ft. (2) Surgery Suites,
21 beds
#1, Hospital, 4th Floor 384 138 13 20 50 75 10K sq ft. N-ICU 40 beds
#1, Hospital, 5th Floor 384 138 13 20 50 75 10K sq ft P-ICU 18 beds
#1, Hospital, 6th Floor 384 141 16 20 50 75 10K sq ft Surg. Suite, 21 beds
#1, Hospital, 7th Floor 384 141 16 20 50 75 10K sq ft Surg. Suite, 21 beds
#1, Hospital, 8th Floor 384 141 16 20 50 75 10,000 sq ft (2) Surgery Suites,
20 beds
#2, McIver Furnan 1st 96 55 5 12 25 25 3,000 sq ft. (switch 2 cards)
Location Total Used LWAPP IP POE Data 4507R+E

Ports Ports Phones (48,96,144, or 192 ports)
#2, M. F. 2nd 96 55 5 12 25 25 3,000 sq ft.
#2, M. F. 3rd 96 55 5 13 25 25 3,000 sq ft.
#2, M. F. 4th Floor 96 55 5 12 25 25 3,000 sq ft.
#2, M.F. 5th Floor 96 55 5 13 25 25 3,000 sq ft.
#3, J. M. Sloan, 1st 96 55 5 13 25 25 3,000 sq ft.
#3, J. M. Sloan, 2nd 96 55 5 12 25 25 3,000 sq ft. -
#3, J M. Sloan, 3rd 96 55 5 13 25 25 3,000 sq ft.
#3, J M. Sloan,4th 96 55 5 12 25 25 3,000 sq ft.
#3, J M. Sloan, 5th 96 55 5 13 25 25 3,000 sq ft.
#4, Health Center - 144 96 96 5,000 sq ft
Server Farm 1st Floor
#4, Health Center - 96 66 6 12 25 35 remainder of 5,000 sq ft;
1st Floor Remaining
#4, Health Center – 2nd 96 62 7 15 25 30 5,000 sq ft
#4 Health Center -3rd 96 62 7 15 25 30 5,000 sq ft
#4, Health Center 4th 96 62 7 15 25 30 5,000 sq ft
#5, Ped. Center 1st 96 58 8 12 25 25 5,000 sq ft 3 slot
#5, Ped. Center 2nd 96 57 7 13 25 25 5,000 sq ft - 3 slot
#6, Rehab Center, 1st 96 30 5 5 15 10 8,000 sq ft (pool)
#6, Rehab Center, 2nd 96 36 11 7 15 10 8,000 sq ft
#7, Ronald McDonald 96 70 15 20 25 30 25 guest rooms
#8, Learning Center 96 64 4 5 30 30 5 staff, 20 computers, 5 phones
Harlingen 192 144 16 103* 25 30 10,000 sq ft. Most of staff
rotates or home visit. 300 staff
listed, assume only 20 on-site at
time (ISR G2). Max phone
count is at full 55K sq ft size,
not current level
McAllen 288 181 21 145* 25 35 18,000 sq ft Most of staff
rotates or home visit. Assume
35 on-site at time. (*) Multi-
domain authentication reduces
total port count. Max phone
count at full 55K size, not
current level
Total 5616 2597
Table 10. Access Layer Port Counts

4. WAN Design
4.1. Customer WAN Requirements
1. Ubiquitous Remote Access
2. 100 MB file transfers
3. DS3 (50Mbps) bandwidth
4. Quality of Service (QoS) to support VoIP and videoconferencing
5. Extremely high availability – MGN 99.99% SLA with redundancy support
6. Security
7. IPv6 with support for classless interdomain routing (CIDR)
8. Scalability
9. Manageability
DCH supports a very large geographical area – 330,000 square miles in southeast Texas, and
even patients in Mexico. Specialists at DCH travel to remote specialty clinics, perform home visits for
patients, and even work from their own homes in order to service such a large area. Staff need to access
patient records from any of these locations, some of which are very low technology areas. To support
these remote access requirements, VPDN service through a service provider would supply the most
scalable option to support teleworkers, regardless of location.
Driscoll Children’s Hospital (DCH) is a tertiary care medical center. Tertiary care centers
specialize in the more severe cases that often require extensive medical testing including radiology.
Current levels of care support radiology for more than just diagnosing broken bones. CT scans, MRIs,
and ultrasound are utilized for many specialized diagnoses, from heart conditions, to breathing problems,
to stomach ailments. This makes supporting high resolution digital imaging with 100Mb file transfers
extremely important for DCH.
Specialists at DCH also consult via telephone and, where available, videoconferencing with
primary care pediatricians to reduce the travel requirements for ill children and their families. To support
IP voice and video telephony, end-to-end QoS support is required. Cisco Medianet architecture
recommendations include a DS3 (45Mbps) connection speed to remote branches to support

videoconferencing and IP telephony, as a single videoconference may require 4-12Mb of bandwidth
(“Overview of Medianet”, nd). A primary DS3 connection, with redundant fractional DS3 speed
connection, would help to satisfy both bandwidth and high availability requirements of a medical grade
network.
Extremely high availability is required for access to electronic patient health records and to
support IP telephony, so any service level agreement (SLA) must ensure 99.99% availability, through the
use of redundant or alternate connections if necessary. DCH also has need for scalability to support the
rapid growth they have experienced in the recent past and expect to continue into the future. Security is
another requirement for DCH WAN design. HIPAA and HI-TECH compliance requirements mandate
confidentiality and integrity protection of patient records. VLAN support is required to segment voice and
data traffic as well as site to site VPN and remote VPDN support to ensure confidentiality.
4.2. WAN Connection recommendation
MPLS presents the best option to meet DCH requirements for high availability, scalability,
manageability, ubiquitous remote access for teleworkers and home visits, security, and QoS to support
Voice over IP (VoIP) and video teleconferencing for telemedicine. A dual connection MPLS (one primary,
and one shadow) through a service provider would be the best choice to connect the remote branches.
The shadow connection is lower cost than a dedicated second connection, but is still available when
needed, and doesn’t require the long term commitment of dark fiber. MPLS provides scalability (including
scalable VPN), flexibility, speeds ranging from T1 – T3, can support overlapping addressing for VPN use,
provides end-to-end QoS, supports traffic engineering, and implements fast rerouting (FFR) to provide
quick recovery. MPLS also supports VPN in a more manageable fashion, along with security protocols
such as IPSec (Teare, 2008). The demands of the branches require a DS3 (T3) speed link to support
45Mbps of integrated video, voice, and data with a redundant fractional T3 link in case of primary link
failure (“Overview of Medianet Architecture”, 2010).
Security is provided through appliances such as Adaptive Security Appliances (ASA), Application
Control Engines (ACE), Wide Area Application Engine (WAE); IDS/IPS; network access control modules
(NAC); VPN access modules; Integrated Services Routers (ISR); multilayer switches, firewall services
modules (FWSM), wireless services modules (WiSM) and WLAN controllers, and authentication and
directory service. VLAN's over a Virtual Switching System (VSS) also enhance security and performance.
4.3. WAN Hardware
At the enterprise WAN Edge, the VSS 1440 (paired Catalyst 6500 Switches) can be outfitted with
FlexWAN modules to aggregate the enterprise edge. FlexWAN modules support integrated network
services, security, and QoS metrics. They utilize Cisco IOS and share many of the same components,
reducing the quantity of spares needed on hand. Edge distribution switches can be fitted with FlexWan
modules, WAE engines, IPS, and firewall modules to perform secure routing functions. Wide Area
Application Services (WAAS) can help reduce WAN traffic by 20-50% by use of optimization and
compression (“Overview of Medianet Architecture”, nd). Utilizing this configuration at the Enterprise Edge
reduces cost, increases manageability by reducing equipment diversity and quantity, and reduces energy
consumption. Table 11 describes a proposed configuration for an edge aggregation switch.
Cisco Catalyst 6500 Virtual Switching System 1440 (Cisco IOS included) for Edge Routing
Cisco Catalyst 6500 Switch Cisco Catalyst 6500 Switch
Supervisor 720-10G-3CXL – VSS Engine Supervisor 720-10G-3CXL – VSS Engine

• (2) 10G optic (X2) upload ports • (2) 10G optic (X2) upload ports
• (2) 1G Ethernet SFP ports • (2) 1G Ethernet SFP ports
• MSFC3 PFC3C XL • MSFC3 PFC3C XL
Primary + Redundant Power Supply Primary + Redundant Power Supply

(min 2500 W ea) (min 2500 W ea)
(3) WS-X6182-2PA FlexWan Modules, 2 ports (3) WS-X6182-2PA FlexWan Modules, 2 ports
ea (6 total ports) ea (6 total ports)
(2) WS-X6182-2PA= FlexWan Module, spare (2) WS-X6182-2PA= FlexWan Module, spare
(4 Total ports) (4 Total Ports)
Can support up to 12 FlexWAN Modules, so lots Can support up to 12 FlexWAN Modules, so lots
of room left of room left
Table 11. Edge Switch/Router Configuration
Teare (2008) recommends a single layer model for a small branch. Both Harlingen and McAllen
are relatively small branches that can be supported by a single integrated services router (ISR) G2 3945E
plus two access layer switches for redundancy. The ISR G2 3945E provides hardware redundancy, dual
power supplies, appropriate appliances, switching modules, and wireless LAN controller. The 3945
model supports multi-domain authentication, so PCs and IP phones can share a switch port but be on
separate VLANs. This reduces the total number of ports required, lowers operating costs, and simplifies
troubleshooting. Appliance modules include WAAS/VSEC-P(SRE) that provide VPN security, firewall,
IPS, and WAAS. These modules also include Unified Communications, CME, and SSRT support to
continue phone service at the branch in case the main communications manager is unreachable. The
3945 also provides security services such as VLAN ACLs, Dynamic ARP, DHCP Snooping, IP Source
Guard, Private VLANs, Unicast RPF, 802.1x, and port security. Table 12 presents a proposed
configuration for a branch router with switch support.
Cisco 3945 Integrated Services Router G2 Configurations
Cisco 3945with Cisco IOS XE
• (2) SPE 250 Engines with (4) integrated 1G/E ports

• Unified Communications for up to 2500 sessions
• Integrated Firewall, VPN support
• (1) SM-D-ES3E-48-P 48 1G/E port module

• (2) SM-D-ES3E-24-P 24 1G/E port modules [total of 98 1G/E ports ]
• (2) NM-1T3/E3 T3 WAN Connections, 1 port each

• (1) NME-AIR-WLCK12-K9 WLC controller for up to 12 APs
• (1) NME-NAM-80S Network Administration Modules
• (1) WAAS/VSEC-P(SRE) Module
Dual Power Supply for 1040 W POE @ 803.2af (up to 65 devices) and hardware redundancy
Table 12. ISR G2 Configuration
4.4. Software
Cisco IOS network operating system will be used throughout the network infrastructure.
Applications such as Cisco Virtual Office can extend enterprise services and security to the remote
teleworkers. Unified Communications Endpoints phone and desktop clients extend the communications
infrastructure to support remote workers. Cisco AnyConnect VPN and Secure VPN Desktop solutions
provide encryption to protect patient information and prevent local caching of sensitive information.
MPLS VPN services, supported by Cisco IOS, help ensure confidentiality.
4.5. Redundancy
Cisco Medianet architecture highly recommends a secondary WAN connection, ISR router(s),
and use of performance routing (PfR) for each branch. A secondary shadow connection for each link, as
well as redundant bundled 3G/4G cellular wireless cards for each site from the service provider, would
provide secondary and tertiary backup strategies for WAN access in case the primary link fails. Wireless
cards can be bundled in groups of up to 10 with automated failover to provide more acceptable
bandwidth. A shadow connection can be utilized at times of high demand to provide additional
bandwidth. This is less expensive than a dedicated connection, and in some cases is offered by the
vendor at no charge if peak usage is less than ¼ of total capacity (Teare, 2008).
Redundancy in hardware is built in by the use of a VSS switch router at the enterprise edge,
which is a logical single switch with a hot backup. Splitting the incoming carrier link in a traditional router
redundancy pattern breaks QoS designs, reducing voice and video quality. Routing redundancy can
instead be supplied at the branches by use of a second fully configured router with a failover switch and
redundant routing protocols (“Typical MPLS”, nd).
4.6. Connectivity Cost Estimates
Vendor D3/T3 F. D3 D3/T3 F. D3 3M 1.5M Cellular Cellular

50M 20M 50M 20M EaMIS MPLS 3G/4G Install fee
EaMIS EaMIS MPLS MPLS Bundle (one time)
5.5M/10M
TelecomSolutions
AT&T $1762 $1358 $1888 $1362
Telecom Brokers
Earthlink $1450 $2125 $1600 $996 $400 $500 $299
AT&T (10% Promo) $1586 $1221 $1700 $1250
ESC Telecom
Qwest $2500 $2250 $3125 $2750
Table 13. Service Provider Quotes for Monthly Service per site, 3yr contract
4G cellular coverage is only available in Corpus Christi with 3G coverage available in McAllen
and Harlingen. The difficulty with cellular networks is a lack of guaranteed bandwidth. Sprint offers 4G
speeds of up to 10Mbps, but that bandwidth is shared between all users in an area (“4G”, nd) and is only
available in select locations within Texas. Godinez (2010) documented 4G at 3-4Mbps for downloads
and uploads of 0.9-1.0 Mbps. 3G averaged 550Kps for both download and uploads (Godinez, 2010).
Cellular cards can be bundled in groups of up to 10 to provide more sufficient bandwidth for a tertiary
solution.
AT&T, as brokered by TelecoBrokers, offers service in the requested primary configuration of (3)
50M MPLS circuits, one per site, and (1) 50M EaMIS circuit with internet access to be shared from the
main campus for $7636 per month. AT&T also offers VPDN service for an additional $950 per month.
Secondary redundancy through (3) 20M MPLS circuits and (1) 20M EaMIS circuit is available from
Earthlink through TelecoBrokers for $4650 per month. A tertiary redundant 3G/4G non-MPLS solution for
each site is available $1500 that provides 5M – 10M of capacity depending on the site.
Primary Secondary Tertiary

Configuration (3) 50M MPLS (3) 20M MPLS (3) 10 card 3G/4G
(1) 50M EaMIS w/ (1) 20M EaMIS w/ wireless bundles w/
Internet Access Internet Access Internet access
VPDN support (no MPLS)
Vendor AT&T Earthlink Earthlink/Sprint
$7,636 $4,650 $1,500
Cost
$7,636 $12,286 $13,786
Cumulative Cost
Table 14. Monthly Solution Pricing for 3 yr contract
An alternate configuration could include the primary solution, (2) 20M MPLS from the secondary
solution, and bundled 4G wireless at 10M from the primary campus as the internet access backup. This
configuration would price at $11,336.
4.7. Scalability
Multiple 50M links can be bonded to both preserve MPLS usage as well as increase bandwidth.
MetroEthernet is available in the region which is scalable to 1G, allowing some growth room.
5. IP Addressing Scheme
5.1. Scalability
Driscoll Children’s Hospital (DCH) supports a very large geographical area – 330,000 square
miles in southeast Texas, and even patients in Mexico. DCH has experienced significant growth, which is
expected to continue. Staff members commute from the main campus to subspecialty clinics in two
remote locations, with three other clinics under consideration for the near future, with more possible as
patient growth continues. Any addressing scheme must be scalable to support future growth.
5.2. IPv6
The Asia Pacific Network Information Center (APNIC) released its last block of IPv4 addresses in
April 2011, and the American Registry for Internet Numbers (ARIN) is expected to exhaust its supply by
the end of 2011 (Vaughn-Nichols, 2011). Use of IPv6 addressing resolves concerns about exhaustion of
IPv4 addresses and eliminates the need for NAT and private addressing. Dual stack DNS address
resolution, 6 to 4 capable routers from the ISP, and updated APIs support transparent transition
strategies for IPv4 legacy applications and systems as well as interaction between IPv6 nodes across
IPv4 areas (Teare, 2008).
In addition to large address space, IPv6 also offers improved security through the mandatory use
of IPSec; flow labeling capability to support QoS and real-time service; site multihoming through multiple
ISPs; improved header format efficiency; globally unique addresses that eliminate the need for NAT,
which interfered with end-to-end QoS; and increased mobility and multicast capabilities. If an IPv6
address block is acquired by the end of 2011, ARIN is offering a 25% discount on the registration fee, for
a onetime charge of $937.50 (“Fee Schedule”, 2011). An annual maintenance fee of $100 will then be
assessed to retain the addresses, and only one maintenance fee will be assessed to organizations
holding both IPv4 and IPv6 addresses (“Fee Schedule”, 2011).
5.3. Manageability
With an upgrade to an integrated voice, video, and data network, workloads on DCH network
administration staff have increased significantly. Use of dynamic address assignment wherever possible
would increase manageability for administrative staff and reduce the workload necessary to maintain
static addressing on thousands of devices. A hybrid dynamic/static address assignment scheme would
address both manageability and security concerns. A centralized Dynamic Host Configuration Protocol
(DHCPv6) server within the Server Farm module and each branch coupled with DHCP relay agents on
each subnet with IPSec communication security would provide more secure address assignment than
previous versions of DHCP. Stateful dynamic addressing for end user devices would allow extended
administrative control without additional workload. Network infrastructure devices such as switches,
routers, and servers, a small percentage of the overall total number of devices, would be assigned
manual static addresses for security and administrative purposes. Additional security could be provided
through use of Internet Key Exchange (IKE) protocol that utilizes a Certificate Authority (CA) to update
keys or through the use of Cryptographically Generated Addressing (CGA) that does not require a CA or
extensive key infrastructure. CGAs are IPv6 addresses that use an interface identifier generated by a one
way hash function using a public key plus other parameters (Jiang & Shen, 2011).
5.4. Hierarchical Addressing & Routing
A hierarchical addressing scheme would provide the most benefit for a large enterprise network
of several thousand devices and allow hierarchical routing. Hierarchical routing provides modularity,
routing stability, enhanced availability, supports network scalability, and supports route aggregation for
improve performance. Hierarchies in the Cisco SONA architecture at the core, distribution, and access
layers should be recognized in the addressing scheme. Cisco recommends restricting VLANs to an
access switch and separating voice and data traffic into separate VLANs to reduce broadcast traffic
(“Overview of Medianet”, nd). Extending the subnetting per access switch, and then by VLAN, allows the
most efficient route aggregation. IPv6 addressing permits 65,684 possible subnets (Teare, 2008) which
allows for adequate separation and scalability under the proposed hierarchy.
5.5. Addressing Scheme
3 23 32 48 64 128
Registry Customer Interface ID

ISP Subnet
(ARIN) (DCH) (Host)
2000::/3
Global prefix
Figure 2. IPv6 Address Format
Devices can contain more than one IPv6 address. IPv6 addresses include unicast, anycast,
multicast, local, and global addresses. The DCH IP addressing scheme focuses on global unicast
addresses that support mobility. IPv6 addresses are 128 bits in length with a 48 bit global routing prefix,
a 16 bit subnet id, and 64 bit interface ID of the individual host. The addresses are written as a
sequence of (8) 4 digit hexadecimal numbers (0-F) separated by colons and may use subnet masking like
IPv4 for route aggregation. The global routing prefix is hierarchical. The first three bits are a fixed prefix
assigned by IANA identifying a global aggregatable address; the next 20 bits are a registry identifier
assigned by IANA; the next 12 bits are an ISP identifier assigned by the associated registry, such as
ARIN; and the last 16 bits are assigned by the ISP to individual customers. The 16 subnet bits can then
be arranged by DCH, and it is proposed that the first 8 bits be used for building or site aggregation, and
the second eight bits be used for service segregation. Per ARIN, the following IPv6 address assignments
should be used (“6.5.4 Assignments”, 2011):
/64 for sites requiring only one subnet
/56 for small sites only expected to need a few subnets over the next 5 years
/48 for large sites
The /48 is allocated by the ISP to the entire DCH organization. /56 addresses are then allocated
by DCH administrators per campus and /64 would then be assigned at the VLAN level for a single subnet.
An example of this address scheme for moderate size campuses with branches is currently being utilized
by Pittsburg State University ("IPv6Freelys", 2009). Figure 2 shows the IPv6 address composition and
Figure 3 details the DCH address scheme. Local addresses can be used for applications such as IP
phones that should not extend beyond the edge router.

3 23 32 48 56 64 128
Registry Customer Interface ID

ISP
(ARIN) (DCH) Building Service (Host)
Figure 3. DCH IPv6 Address Scheme
The proposed scheme would permit 256 (28) buildings or sites throughout the enterprise
representing the distribution layer, and 256 service segregations per building or site representing the
access layer. Each service segregation is able to support 264 devices. . Table 15 lists a possible
addressing hierarchy utilizing a sample site address for presentation. The use of octets simplifies the
written form of the addressing scheme itself as written as each level has two corresponding hexadecimal
characters.
Location Number of IP Rounded Address Block Assigned

Addresses Power of
Required 2
DCH Core 5,668 8,192 2001:0DA8:460D::/48
Corpus Christi Building 1 – Hospital 3,072 4,096 2001:0DA8:460D:01::/56
st
Hospital, 1 Floor, VLAN 1 25 32 2001:0DA8:460D:0101::/64
nd
Hospital, 2 Floor, VLAN 22 25 32 2001:0DA8:460D:0116::/64
Corpus Christi Building 2 480 512 2001:0DA8:460D:02::/56
Corpus Christy Building 4 576 1024 2001:0DA8:460D:04::/56
Server Farm, Building 4 96 128 2001:0DA8:460D:0C::/56
Corpus Christi, Building 5 288 512 2001:0DA8:460D:05::/56
Enterprise Edge, Building 5 96 128 2001:0DA8:460D:0E::/56
McAllen 98 128 2001:0DA8:460D:20::/56
Harlingen 98 128 2001:0DA8:460D:25::/56
Table 15. Proposed DCH IPv6 Address Aggregation

6. IP Telephony Design
DCH currently supports a main, multiple building campus in Corpus Christi and remote
subspecialty clinics in Harlingen and McAllen. Growth projections anticipate expansion within the
Harlingen and McAllen clinics as well as new subspeciality clinics in Laredo, Victoria, and Browning in the
near future with other areas under consideration (DCH, 2011). Due to projected growth, any IP telephony
design must support scalability, and as a medical grade network reliability is required. As the network
grows, manageability is also essential.
DCH has requested a unified voice, video, and data network to decrease cost, reduce the
complexity of managing two separate networks, support scalability, and to enhance current services.
Currently, DCH supports two separate networks for voice and data. Telephone endpoint requirements
have been identified as 1:1 for physicians, 1:2 for nursing staff, and 1:5 for other staff. This results in the
identified number of telephone endpoints detailed in Table 16:
Location Physicians Nurses Staff Total

Corpus Christi 100 125 200 425
Harlingen 25 38 40 103
McAllen 35 50 60 145
Total 160 213 300 673
Table 16. Telephone Endpoint Count
6.1. VoIP vs. Telephony
Two options are available to support integrated voice service: Voice over IP (VoIP) or IP
telephony. Vo IP operates using existing TDM analog handsets and PBX system, but connects to the
Public Switched Telephone Network (PSTN) and IP network using a voice capable router. Some
organizations choose this option for low entry price, but it does not provide the additional services or
capabilities available from IP telephony.
IP telephony requires an investment in IP endpoints, where the endpoint, or phone, itself converts
the analog voice signal to a digital signal, as well as additional servers in the server farm to support the
call and dialing manager, Cisco Unified Communications Manager (CUCM), and servers for selected
services. Services include Unity integrated e-mail and voice mail, Cisco Meetingpoint web conferencing
and video conferencing to support telemedicine, and Cisco IP Interactive Voice Response (IVR) that
supports automated voice services for applications like pharmacy refills.
The IP endpoint (telephone) is then directly connected to the IP network at the access layer. As
DCH has chosen to use a sole provider Cisco solution, Cisco IP phones of various models including
7961G-GE, 8961, 9951 & 9971 will be needed to replace existing analog phones depending on the
functionality required. In a medical setting, phone requirements vary depending on whether it is a patient
room, a treatment room, a central nurse’s station, administrator, receptionist, and so forth. PC enabled
softphones may also be utilized to support mobility. Call control functions will be provided by Skinny
Client Control Protocol (SSCP), a Cisco proprietary protocol that the CUCM uses to communication with
IP phones (Teare, 2008). The UCM will manage the IP phones, authenticate the device, register the
phone, push the configuration to the phone, and configure the IP address and VLAN. Local addressing is
recommended on the IP phones for security (Higgins, Mah, Anderson, Mehta, Parmenter, Zaldivar, Bell,
Nejad, Nowell, Laundry, Brown, & Jones, 2011). Voice traffic will be separated from data traffic by using
a separate VLAN for voice. Quality of Service (QoS) trust boundaries will be established at the access
layer for IP phones, with priority and policy marking occurring at that time. PC softphone applications
should utilize a trusted relay to a gateway, and then receive QoS marking and trust boundaries at the
gateway.
A second benefit of IP telephony is the ability to compress/decompress (codec) voice traffic to
consume a lower bandwidth. Uncompressed voice traffic requires 64kbps of bandwidth for each
conversation. A variety of codec algorithms are available that reduce bandwidth consumption, but care
must be used as the quality of voice is inversely proportional to the compression level. Cisco
recommends G.711 codec, which utilizes 64kps and provides an MOS voice quality score of 4.01, be
used for LAN applications because of the high bandwidth available and the processing overhead required
to implement the codec algorithm (Teare, 2008). G.729, which utilizes 8kbps per call and provides an
MOS of 3.92, is recommended for WAN voice traffic due to the reduced bandwidth available (Teare,
2008).
6.2. Infrastructure Voice & Video Requirements
Integrated voice and video networks require more bandwidth than data networks and have QoS
considerations. Voice and real time video also have timing requirements not present in most data
applications. The amount of bandwidth required for voice and video depend on the peak loads
anticipated for those services. Peak loads are determined by identifying the one hour during a 24 hour
cycle with the highest concurrent voice and/or video usage. The network should then be designed to
support that peak load. For the main campus, the maximum possible load could be 425 enduring
simultaneous calls, which is unlikely. Teare (2008, p. 550) postulates that the peak load is approximately
17% of maximum. The peak load for the MPLS network would be the total of the peak rate for all remote
locations. Table 17 below presents an estimate of the peak load for each campus.
Location Maximum Peak Peak load estimate G.729 @ 26kbps G.729 w/ cRPT
# Phones load Max * peak per call @11kpbs per call
rate
Corpus Christi 425 17% 72.25 N/A
Harlingen 103 17% 17.51 455.26 kbps 192.61 kbps
McAllen 145 17% 24.65 640.90 kbps 271.15 kbps
MPLS 248 17% 42.12 1.069 Mbps 463.32 kbps
Table 17. Peak Load Rates
These peak load requirements influence the type of cabling selected in a network, the types of
switches and routers that are used, and QoS settings within the network. Cat 6A cabling selected for the
access layer supports 1Gb Ethernet LAN as well as eventual migration to 10Gb Ethernet LAN which
supplies sufficient bandwidth for all applications. MMF fiber at the distribution and core layers provides
40Gb Ethernet with eventual migration to 100Gb Ethernet, maintaining bandwidth requirements for
current and future growth. Even at 425 simultaneous calls at 64Kbps, only 26.56 Mbps would be used,
with 4.5 Mbps the anticipated peak for Corpus Christi for a LAN voice load. Video, though, requires more
bandwidth. Each videoconferencing session requires up to 5Mbps per conversation. 72
videoconferences at 5Mbps would consume 361.25 Mbps. The combined anticipated peak video and
voice load at 365.75 Mbps remains under 50% of capacity, providing ample bandwidth for data and
network applications.
WAN connections to the remote clinics are supported by 50 Mbps (T3 equivalent) links, with 1Gb
Ethernet at the access layer at the clinics. Additional T3 links may be bundled if future expansion
requires increased bandwidth. G.729 codec compresses bandwidth requirements 40% to 26 kbps, or
further to 11kbps if cRTP is used to compress the header. However, cRTP requires more processing
overhead. Anticipated maximum peak load is 42.12 conversations over the MPLS WAN from both clinics.
At 26 Mbps, the peak load would require 1.07Mbps; at 11Mbps 463.32Kbps would be required. G.729
Compressed video requires 2.03125 Mbps (40% compression). The WAN link will only support 14
simultaneous video conferences from both remote sites if 60% of the bandwidth is allocated for priority
voice and video, with 40% allocated for all other traffic such as electronic medical records and digital
imaging. As each remote clinic has 12 exam rooms, the anticipated peak load rate is 4 video
conferences, so there should be adequate WAN bandwidth available.
Switches and routers used in an integrated network must support integrated services (voice,
video) as well as provide Power over Ethernet (PoE) for devices like IP phones and wireless access
points. Catalyst switches selected for the DCH implementation support integrated services and PoE.
Edge and brand routers have been selected as Integrated Services Routers (ISR G2) to support voice
and video requirements. Catalyst switches have AutoQoS functions that automatically assign priority
from voice or video originating from an identified trust boundary.
A PSTN connection will be required from the main Corpus Christi campus for outgoing calls.
Integrated services routers (ISR) will connect voice traffic across the MPLS WAN between campuses to
eliminate toll chargers for calls between campuses. Each branch will utilize Communication Manager
Express (CME) to handle local call routing and to provide Survivable Remote Site Telephony (SSRT)
backup services if the main UCM is unreachable. A tertiary backup option is a connection to the PTSN
from each remote branch if the WAN fails. While WAN failure is unlikely with the current design, it still
should be considered in a medical environment with requirements for extremely high availability. The
main campus will also have SSRT support through its edge ISR.
A diagram of the major DCH IP Telephony components is depicted in Appendix E.

7. Unified Wireless Network (UWN) Design
DCH currently supports a main, multiple building campus in Corpus Christi and remote
subspecialty clinics in Harlingen and McAllen. Growth projections anticipate expansion within the
Harlingen and McAllen clinics as well as new subspeciality clinics in Laredo, Victoria, and Browning in the
near future with other areas under consideration (DCH, 2011). Due to projected growth, any UWN design
must support scalability, and as a medical grade network, reliability and security are essential. As the
network grows, manageability is also increasingly important.
In a medical grade network (MGN), many devices utilize wireless network services including
biomedical devices such as monitors and infusion pumps, carts on wheels (CoW), tablet PCs, PDAs,
laptops, and RFID tags. Wireless LANs (WLAN), just like wired LANs, require user authentication,
authorization, auditing and protection from threats such as viruses and other malicious code. WLANs,
however, communicate over easily interceptable radio frequency (RF) waves so information must be
encrypted to prevent interception and to protect integrity. Biomedical devices which may not support
typical WPA2 or EAP security protocols must also be considered and appropriate security protections
taken to protect both the confidentiality of patient information and to prevent tampering to sensitive
medical equipment.
Cisco recommends the use of the Security Control Framework (SCF) as part of the design
process for medical grade networks (MGN). MGN Security Architecture is based upon SCF, and
comprised of five key security domains (“Cisco Medical Grade Network 2.0 – Security Architecture”,
(2010)): Endpoint Security, Network Security, Content Security, Application Security, and System
Management. Of these five domains, three are of most concern in designing a UWN: Endpoint, Network,
and System Management. Products, protocols, and other solutions will be discussed in context of the
applicable domain.
WiSM
WiSM
IP
MPLS
ACS WCS
VPN
(IP) IP
NAC
Profiler IP
NAC VSS 1440
Server Farm ISR G2
Server Farm (Voice
WiSM Enabled)
McAllen
LWAPP
LWAPP ISR G2
(Voice LWAPP
Enabled) LWAPP
Infusion Harlingen
Corpus Christi
Pump
Main Campus LWAPP
PDA
Monitor
Figure 4. Major UWN Component Configuration
7.1. Endpoint Security
Network endpoints are considered one of the most vulnerable parts of any network. It is
important that security policies are enforced for users and devices, including physical security. Physical
security considerations and manageability of large enterprise networks prompt the choice of light wireless
access points (LWAP) over autonomous access points. LWAP at the access layer are configured by
wireless LAN controllers (WLC) at the distribution layer, which are in turn managed by a central Wireless
Control Server (WCS) within the Server Farm. This permits standardized security policies, intrusion
protection, RF management, and QoS settings. LWAPs also prevent physical tampering with the access
points.
WLC can either be separate appliances or modules on Catalyst switches or integrated services
routers (ISR). LWAPs communication with WLCs using the LWAPP protocol across the wired network.
The WLC then utilizes WPA2, EAP, and CCMP security protocols with RADIUS (ACS) authentication;
WEP is no longer considered HIPAA compliant (“Cisco MGN 2.0 Security”, 2010). Once the WLC has
authenticated a user through the Access Control Server (ACS) which includes RADIUS support, that user
is entered into a database on the WLC and a key can be cached on the endpoint device to support
mobility.
Access points and WLC utilize 32 character Secure Session Identifiers (SSID) to segment
wireless traffic. Each device can support up to 16 SSIDs. The WLC can map EAP/WPA2 devices to the
appropriate VLAN by SSID for policy and QoS settings, including voice traffic, non-legacy medical
devices, legacy medical devices, critical electronic health record (EHR) data, or guest access. VLANs
can also be separated by broadcast channels, such as separating biomedical devices to the 802.11a
band; Common clinical data access to the 802.11n band; Critical Clinical data access (CoW/CPOE,
Medical Administration) to 802.11a; and guest access to 802.11n.
VLANs can then be used to isolate wireless biomedical devices by type into security zones with
their respective servers or controllers on the wired network. Security zones can also be used to
exchange information with other systems, such as physician orders (CPoE) via the EHR that are then
communicated to a biomedical device server. Security zones could include IT Administration, Voice
communications, Clinical Users, Smart Pumps, Ventilators, EKG Monitoring, PACS/Radiology, Lab, and
Guest.
7.1.1.Guest Access
To ensure isolation from enterprise communications, guest access should be segmented to a
separate VLAN on an isolated WLC within the DMZ. Appropriate bandwidth limitations and other QoS
measures can be applied to guest access to limit resource usage below critical applications, prohibit
access to secure data, and prohibit unwanted access to other private areas of the enterprise network. A
more thorough discussion of guest access security considerations is presented in Section 8.
7.2. Wireless Network Security
A MGN presents a challenge with the use of biomedical devices that may not be WPA2 or 802.1x
security protocol compatible; WEP is not considered sufficient for a MGN and WPA2 with a key length of
192 bits or larger is recommended (“Cisco MGN 2.0 Security Architecture”, 2010). Profiles can be
created using Network Access Controller (NAC) and NAC Profiler for a medical device based on a MAC
address, DHCP Vendor ID, or other specific attributes of the device. The profile can then be used to
assign the device to an appropriate VLAN for security policy and QoS settings. Alternatively, if the legacy
device server cannot support appropriate encryption protocols but is web enabled, a SSL VPN supported
by Cisco ACE may be used. If the application is not web enabled, Virtual Desktop Infrastructure (VDI) is
a possible option.
Mobility services allow the definition of mobility groups across WLCs, so that security policies
seamlessly follow a device as it roams throughout the campus. This permits the device to move across
access points or WLCs within the mobility group without the need to reauthenticate to the RADIUS server
or obtain a new IP address while within the mobility group.
WLCs are best administered in deterministic controller redundancy, where the administrator
configures redundancy selection manually. While this method requires more planning and administration
time up front, it provides predictability and easier long term management, stability, additional flexibility
over dynamic load balancing, and faster fallback options (Teare, 2008). N+1 fallback assignment is
recommended for the DCH controller redundancy plan by allocating one additional WLC as a fallback for
the other modules.
Additional access points that are not intended to serve clients can be utilized at selected locations
as network monitors, rogue detectors, or sniffers feeding information back to the WCS in order to
diagnose and protect the wireless network. Placement of this non-client access points should be made at
locations most vulnerable to outside interference or physical tampering.
7.3. System Management
The Cisco Wireless Control Server (WCS) is located in the Server Farm module and acts as a
central management point for all WLCs. Cisco Secure Access Control System (ACS) is also located in
the Server Farm module and provides centralized identity and access control, including RADIUS, for both
wired and wireless network access and device administration. LDAP support is also available. The ACS
authenticates and authorizes wireless users and hosts and enforces wireless specific policies. The ACS
also supports dynamic provisioning of VLANs and ACLs on a per user basis and 802.1x with port based
security.
7.4. UWN Device Counts and Location
Environmental considerations, wireless endpoint density, and user application requirements must
be taken into account in the decision for access point quantity and placement. Environmental factors
such as dense construction materials found in elevators and stairwells, reflection and refraction from
metallic and glass materials, dense areas such as filing or storage areas, and interference from other RF
producing equipment such as microwaves and radiology equipment must be considered. Some areas
may require use of semi-directional antennas rather than unidirectional antennas to compensate for
environmental factors. Site surveys gather environmental data and recommend AP placement
accordingly.
Non-client serving APs can be placed in vulnerable areas to scan for rogue APs, monitor traffic,
and report back to the WLC. Additionally, non-client serving APs are also readily available as fallbacks in
case of other AP failure.
For user application requirements such as voice service over WLAN (VoWLAN) Cisco
recommends one access point (AP) per 7-8 VoWLAN devices; otherwise the recommendation is 20 data
devices per AP (Higgins, Mah, Anderson, 2010). Access Point coverage overlap is recommended at 15-
20% for VoWLAN, teleconferencing, and critical application support (Higgins, Mah, & Anderson, 2010).
Site survey recommendations for AP and WLC use are listed in Table 1 below.
Location LWAPP LWAPP WLC Comments

(Client) (Security)
#1, Hospital, 1st Floor 12 2 1 10,000 sq ft. E/R, Nuclear Medicine, waiting area,
reception, no beds. WLC supports buildings 1 & 8
#1, Hospital, 2nd Floor 12 1 0 10,000 sq ft. LAB, (2) Surgery Suites, 21 beds
#1, Hospital, 3rd Floor 12 1 0 10,000 sq ft. (2) Surgery Suites, 21 beds
#1, Hospital, 4th Floor 12 1 0 10,000 sq ft. N-ICU 40 beds
#1, Hospital, 5th Floor 12 1 0 10,000 sq ft P-ICU 18 beds
#1, Hospital, 6th Floor 12 4 0 10,000 sq ft Surgery Suite, 21 beds
#1, Hospital, 7th Floor 12 4 0 10,000 sq ft Surgery Suite, 21 beds
#1, Hospital, 8th Floor 12 4 0 10,000 sq ft (2) Surgery Suites, 20 beds

#2, McIver Furnan 1st 4 1 1 3,000 sq ft. – WLC supports buildings 2, 3, & 6
#2, M. F. 2nd 4 1 0 3,000 sq ft.
#2, M. F. 3rd 4 1 0 3,000 sq ft.
#2, M. F. 4th Floor 4 1 0 3,000 sq ft.
#2, M.F. 5th Floor 4 1 0 3,000 sq ft.
#3, J. M. Sloan, 1st 4 1 0 3,000 sq ft. share WLC from bldg 2
#3, J. M. Sloan, 2nd 4 1 0 3,000 sq ft.
Location LWAPP LWAPP WLC Comments

(Client) (Security)
#3, J M. Sloan, 3rd 4 1 0 3,000 sq ft.
#3, J M. Sloan,4th 4 1 0 3,000 sq ft.
#3, J M. Sloan, 5th 4 1 0 3,000 sq ft.
#4, Health Center - 0 0 2 (1) WLC supports buildings 4, 5, & 7
Server Farm 1st Floor (1) WLC fail over
#4, Health Center - 1st
4 2 0 remainder of 5,000 sq ft; public access area
Floor Remaining
#4, Health Center 2nd 6 1 0 5,000 sq ft
#4 Health Center 3rd 6 1 5,000 sq ft
#4, Health Center 4th 6 1 5,000 sq ft
#5, Ped. Center 1st 6 2 1 5,000 sq ft WLC for DMZ in Edge Module
#5, Ped. Center 2nd 6 1 5,000 sq ft
#6, Rehab Center, 1st 4 1 8,000 sq ft (pool)
#6, Rehab Center, 2nd 9 2 8,000 sq ft 25 staff, 10 phones
#7, Ronald McDonald 12 3 25 guest rooms, 30 phones,
#8, Learning Center 3 1 5 staff, 20 computers, 5 phones, 3 LWAPP
Harlingen 12 4 1 10,000 sq ft. WLC is module on ISR G2
McAllen 21 4 1 18,000 sq ft WLC is module on ISR G2
Total 231 51 7
Table 18. Access Port and WLC Counts and Location
7.5. UWN Diagram
An annotated network diagram including UWN infrastructure is presented in Appendix F. The
network diagram includes components such as wireless services modules (WiSM) modules for Catalyst
VSS servers in the distribution layer, WiSM modules for ISR G2 routers at the branches, and ACS, WCS,
NAC, and NAC Profiler in the Server Farm. The annotated diagram includes addressing, equipment, and
SONA modularization to present a coherent network infrastructure. Table 18 below presents counts of
light wireless access points (LWAP) per building and associated wireless LAN controller placement and
counts.
8. Integrated Network Security Design
Cisco Security Control Framework (SCF) supports the Cisco Medical Grade Network (MGN)
Security Architecture which addresses the primary concerns shared by DCH. SCF is comprised of five
key security domains (“Cisco Medical Grade Network 2.0 – Security Architecture”, (2010): Endpoint
Security, Network Security, Content Security, Application Security, and System Management. While it is
important to ensure the security of the DCH network infrastructure, the foundation on which the
information and telecommunications services at DCH depend, effective security is a layered approach
which addresses all five areas of the SCF.
Patient privacy concerns must be coordinated with the Chief Privacy Officer and physical security
considerations must be coordinated with the Chief Security Officer to take into account concerns about
drug seekers, gang violence, internal theft or malfeasance, patient abduction, and prisoner control that
may intersect with information security. The first step in this coordination is explicit, non-ambiguous
policies detailing the goals, ethical foundation, boundaries, and disciplinary penalties related to
information security at DCH. Any policy intended for use by patients or visitors must be available in both
English and Spanish versions due to the population DCH serves. English versions are presented for
reference. The DCH Information Security Management Policy is presented in Appendix A, the Network
Access Control Policy is presented in Appendix B, the Acceptable Use of Network Policy is presented in
Appendix C, and the Information Security Incident Response Policy is presented in Appendix D.
8.1. Endpoint Security
At times the vocabulary of information security can be confusing. Network endpoints are subject
to security policies in the form of written documentation describing the goals and boundaries of expected
behavior, but also to logical security policies that are programmed into network devices to enforce
documented policies. Logical security policies include assignments to VLANs, access limitations, and
quality of service (QoS) metrics such as processing priority and bandwidth assignment. In this section,
policy refers to logical policy implementation unless otherwise specified.
Network endpoints including workstations, servers, laptops, PDAs, smartphones, and biomedical
devices are considered one of the most vulnerable parts of any network. It is important that security
policies and access control are enforced for users and devices, including physical security. Physical
security considerations and manageability of large enterprise networks prompt the choice of light wireless
access points (LWAP) over autonomous access points. LWAP at the access layer are configured by
wireless LAN controllers (WLC) at the distribution layer, which are in turn managed by a central Wireless
Control Server (WCS) within the Server Farm. This permits standardized security policies, intrusion
protection, RF management, and QoS settings. LWAPs also prevent physical tampering with the access
points.
WLC can either be separate appliances or modules on Catalyst switches or integrated services
routers (ISR). LWAPs communicate with WLCs using the LWAPP protocol across the wired network.
The WLC then utilizes WPA2, EAP, and CCMP security protocols with RADIUS (ACS) authentication;
WEP is no longer considered HIPAA compliant (“Cisco MGN 2.0 Security”, 2010). Once the WLC has
authenticated a user through the Access Control Server (ACS) which includes RADIUS support, that user
is entered into a database on the WLC and a key can be cached on the endpoint device to support
mobility.
Access points and WLC utilize 32 character Secure Session Identifiers (SSID) to segment
wireless traffic. Each device can support up to 16 SSIDs. The WLC can map EAP/WPA2 devices to the
appropriate VLAN by SSID for policy and QoS settings, including voice traffic, non-legacy medical
devices, legacy medical devices, critical electronic health record (EHR) data, or guest access. VLANs
can also be separated by broadcast channels, such as separating biomedical devices to the 802.11a
band; Common clinical data access to the 802.11n band; Critical Clinical data access (CoW/CPOE,
Medical Administration) to 802.11a; and guest access to 802.11n.
VLANs can then be used to isolate wireless biomedical devices by type into security zones with
their respective servers or controllers on the wired network. Security zones can also be used to
exchange information with other systems, such as physician orders (CPoE) via the EHR that are then
communicated to a biomedical device server. Security zones could include IT Administration, Voice
communications, Clinical Users, Smart Pumps, Ventilators, EKG Monitoring, PACS/Radiology, Lab, and
Guest.
For the wired network, VLAN assignments can be configured at the switch port level. Catalyst
switches can differentiate between workstations and VoIP phones, so a workstation and VoIP phone can
share a cable drop, but be segregated into different VLAN channels by the ACS. End users when they
authenticate for network access are also further segregated by authorization. Unknown devices, for
which the ACS does not recognized the IP or MAC address are automatically quarantined to the DMZ, at
which time the acceptable use policy is displayed and guest authentication requested.
All DCH workstations, both wired and mobile laptops, are offered further protection by use of the
Cisco Security Agent software which provides anti-X protections (including spyware, malware, adware,
and virus), host intrusion protection (HIPS), supports IPSec or SSL VPN access, and ties in to the Access
Control System (ACS). All endpoints and users, including patients, staff, and guests, should be
authenticated through the ACS, which provides authorization and accountability.
8.1.1.Guest Access
To ensure isolation from enterprise communications, guest access should be segmented to a
separate VLAN on an isolated WLC within the DMZ, a quarantined section of the network with limited
access. Guests are then authenticated and appropriately authorized through the ACS. Appropriate
bandwidth limitations and other QoS measures can be applied to guest access to limit resource usage
below critical applications, prohibit access to secure data, and prohibit unwanted access to other private
areas of the enterprise network.
SSIDs should not be broadcast from the LWAPs. Legitimate guest access credentials can be
provided by reception and posted in guest accessible areas on media access posters such as in patient
rooms or waiting areas. This may also facilitate multiple levels of guest access, such as for vendors who
could be issued temporary guest accounts at slightly higher access levels.
Network Access Control (NAC) appliance can also provide additional security policy options and
functionality beyond simple guest access. NAC can define very granular guest user policy groups with
different user portals per group and endpoint security policies. This allows groups to be identified for
visiting physicians or others users that are not segregated to the DMZ, but rather allowed limited access
to the clinical network (“Cisco MGN 2.0 Security Architecture”, 2010). Limitations can also be made for
patient access, to ensure appropriate filters are applied to comply with the Children’s Online Privacy
Protection Act.
8.2. Network Security
A primary consideration of information security is availability. Medical Grade Networks (MGN)
require extremely high availability (99.9%). Equipment redundancy and failover capabilities, routing
redundancies, and alternate connection paths help ensure high availability. Physical security of network
infrastructure also helps to ensure high availability by diminishing the risk of damage or tampering with
the network equipment on which all other equipment and communications depend.
Physical security considerations include limiting access and monitoring access to the facility
through patient ID bracelets which function as patient locators, staff ID access cards, security guards,
locked doors, screening visitors to sensitive areas, and CCTV monitoring. Further physical security of
network infrastructure includes securing network components by storing them in locked cabinets, wiring
closets, or data centers wherever possible. Hardening of all network infrastructure devices helps support
physical security as well as infrastructure and information asset security by providing a trusted network
platform. All shared and default administrative accounts and unused operating system or network
operating systems services should be removed from infrastructure equipment such as switches and
routers and insecure services such as FTP or Telnet should be disabled in favor of SSH or SCOPY
(Teare, 2008).. Unused ports on switches should be disabled to prevent unauthorized access. Access
should be controlled through use of a centralized Cisco Access Control Server (ACS) with roles based
access that provides authentication, authorization, and accountability. ACS provides both security and
audit trails for to prevent unauthorized access if physical either physical or logical protections are
breached (“MGN Security”, 2010).
Filtering is applied to both content and network traffic flow. Filtering should be applied to deter
access to inappropriate adult content, block inappropriate websites that are not consistent with DCH
documented policies or business, and to prevent network incursions or attacks. Network traffic is filtered
at the firewall, through DHCP snooping and ARP/DAI to prevent forged IP address usage and to verify
usability of a return access, Access Control Lists (ACL) on switches and routers to limit access to
sensitive network areas to authorized systems, and through rate limiting to avoid denial of service (DOS)
attacks through overloading the network.
Network security is also provided through various cryptographic, or encryption, methods. Public
Key Infrastructure (PKI) supports single-sign on authentication and access control through the ACS,
IPSec protects the confidentiality of network communications between devices and hosts, and Digital
Signatures help to verify integrity, identity, and accountability. LWAPP, WPA2 and 802.1x security
protocols are utilized to protect wireless communications.
For biomedical devices unable to support WPA2 or 802.1x, Network Access Controller (NAC) and
NAC Profiler can be used to create profiles for medical devices based on a MAC address, DHCP Vendor
ID, or other specific attributes of the device. The profile can then be used to assign the device to an
appropriate VLAN for security policy and QoS settings. Alternatively, if the legacy device server cannot
support appropriate encryption protocols but is web enabled, a SSL VPN supported by Cisco ACE may
be used.
Mobility services allow the definition of mobility groups across WLCs, so that security policies
seamlessly follow a device as it roams throughout the campus. This permits the device to move across
access points or WLCs within the mobility group without the need to reauthenticate to the RADIUS server
or obtain a new IP address while within the mobility group.
Network operations, wired, wireless, and infrastructure, should be subject to real-time monitoring,
analysis of gathered information, and reporting of network status to appropriate IT management.
Applications and appliances including syslog, NetFlow, Kismet, Snort, the SNMPv3 protocol, CSM, and
CS-MARS are utilized to monitor, analyze, and report on network status. Network appliances and
applications including Cisco Security Agent on endpoints and Firewall Services Modules (FWSM), IPS,
and NAM on Catalyst switches or ISR routers also provide information on network operations that can be
analyzed.
Additional access points that are not intended to serve clients can be utilized at selected locations
as network monitors, rogue detectors, or sniffers feeding information back to the WCS in order to
diagnose and protect the wireless network. Placement of this non-client access points should be made at
locations most vulnerable to outside interference or physical tampering.

8.3. Content and Application Security
Content security is provided through appliances and applications such as Cisco Unity, which
integrates security with e-mail and voice mail services, web security appliance (WSA), and intrusion
protection (IPS). Application security is provided through the Cisco Application Control Engine (ACE)
web application firewall and ACE XML Gateway.
8.4. System Management
Documented policy decisions to set goals, priorities, metrics, roles, and responsibilities including
identification of trust domains should be implemented through logical policies programmed on
infrastructure equipment, and managed through the ACS and CSM systems. Logical policy
implementations include segmentation of the network into logical trust domains and quality of service
metrics such as traffic prioritization and bandwidth assignment.
The Cisco Wireless Control Server (WCS) is located in the Server Farm module and acts as a
central management point for all WLCs. Cisco Secure Access Control System (ACS) is also located in
the Server Farm module and provides centralized identity and access control, including RADIUS, for both
wired and wireless network access and device administration. The ACS authenticates and authorizes
wireless users and hosts and enforces wireless specific policies. The ACS also supports dynamic
provisioning of VLANs and ACLs on a per user basis and 802.1x with port based security.
Other security devices and applications located in the server farm include the Cisco Unified
Communications Manager (UCM) that interacts with Communication Manager Express modules at the
branches to provide telecommunications security and Survivable Remote Site Telephony (SSRT) is
provided on the edge and branch routers. Call control functions will be provided by Skinny Client Control
Protocol (SSCP), a Cisco proprietary protocol that the CUCM uses to communication with IP phones
(Teare, 2008). The UCM will manage the IP phones, authenticate the device, register the phone, push
the configuration to the phone, and configure the IP address and VLAN.
Throughout the various networks and applications, effective change controls are necessary to
maintain a secure and manageable network. The use of centralized administration tools like CSM, WCS,
and ACS assist in maintaining a consistently configured network.

9. Summary
The proposed coherent, layered, and integrated network solution presented in this document
based on the Cisco Medical Grade Network architecture meets the DCH requirements for high availability,
manageability, scalability, and security. The Cisco sole provider solution utilizing Cisco IOS, VSS core
and distribution switches, light wireless access points and wireless LAN controllers, integrated services
routers, IP telephony with Cisco Unified Communications Manager, IPv6 addressing, MPLS VPN
communications with remote branches, VPDN support for remote access and teleworkers, and integrated
security components will support secure, ubiquitous access for DCH staff, patients, and visitors to
facilitate improved patient care and services.
Operating costs will be reduced through the use of a single, integrated network. By utilizing a
modular, redundant, and highly flexible architecture with appropriate security appliances, and network
administration tools and software, the integrated network can be managed by current personnel. Through
the use of nMMf fiber and CAT 6A UTP, the network will remain highly scalable and be positioned for
transition to 10GbE at the desktop and 40/100G at the core for LAN services as those technologies
become more cost effective. The proposed plan supports not just the current needs for DCH, but is also
positioned to support growth and evolutionary requirements over the next 10 years.
References
4G Coverage. (nd). Sprint. Retrieved from
http://shop2.sprint.com/en/stores/popups/4G_coverage_popup.shtml
6.5.4. Assignments from LIRs/ISPs. (2011). ARIN. Retrieved from
https://www.arin.net/policy/nrpm.html#six54
10Gbase-T 10 Gigabit Ethernet. (2011). Retrieved from
http://www.zytrax.com/tech/layer_1/cables/tech_lan.htm#10g
Brown, K. (2011). LightCounting Forecasts over 300% CAGR for 10GBASE-T Port Shipments from 2009
through 2014. Lightcounting LLC. Retrieved from http://www.lightcounting.com/news1182011.cfm
Cat6, Enhanced Cat6(Cat6e) and Augmented Cat6(Cat6A) Bulk Cable. (nd). Broadband Utopia.
Retrieved from http://www.broadbandutopia.com/category6.html
Cisco Enhanced EtherSwitch Service Modules for Cisco 2900 and 3900 Series Routers. (nd). Cisco
Systems Inc. Retrieved from
http://www.cisco.com/en/US/prod/collateral/routers/ps10536/data_sheet_c78-
553980_ps10537_Products_Data_Sheet.html
Cisco Integrated Services Routers Generation 2. (2011, April). Cisco Systems Inc. Retrieved from
http://www.cisco.com/en/US/prod/collateral/modules/ps10598/ordering_guide_c07_557736_ps10536
_Products_Data_Sheet.html
Cisco Integrated Services Routers Generation 2 At a Glance. (2010). Cisco Systems Inc. Retrieved from
http://www.cisco.com/en/US/prod/collateral/routers/ps10538/aag_c45_556315.pdf
Chapter 4: Configuring Virtual Switching Systems. Cisco Systems. Retrieved from
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/vss.html?
referring_site=bodynav#wp1053927
Cisco Aironet 1140 Series Access Point. (nd). Cisco Systems. Retrieved from
http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps10092/datasheet_c78-502793.html
Cisco Aironet 3500 Series Access Point. (nd). Cisco Systems. Retrieved from
http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps10981/data_sheet_c78-594630.html
Cisco Catalyst 4500 Series Switches. (nd). Cisco Systems. Retrieved from
http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html
Cisco Catalyst 6500 Series: Optimized for Wiring Closet Deployments. (2008). Cisco Systems. Retrieved
from http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/aag_C45-422048_v1.pdf
Cisco Catalyst 6500 Virtual Switching System 1440: Cisco Catalyst 6500 Virtual Switching System
Deployment Best Practices. (2011, January 31). Cisco Systems. Retrieved from
http://www.cisco.com/en/US/products/ps9336/products_tech_note09186a0080a7c837.shtml
Cisco Collaborative Care – Language Interpretation Services Design and Implementation Guide OL-
14269-01. Cisco Systems. Retrieved from
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns165/c649/ccmigration_09186a00808863d0
.pdf
Cisco Enterprise Class Teleworker Solution. (nd). Retrieved from
http://www.cisco.com/en/US/technologies/tk583/tk372/technologies_white_paper0900aecd801dc5b2
_ps6660_Products_White_Paper.html
Cisco Medical Grade Network 2.0 – Security Architecture. (2010). Retrieved from
http://www.cisco.com/en/US/docs/solutions/Verticals/Healthcare/MGN_2.0.pdf
Cisco Unified MeetingPlace 8.0. (nd). Cisco Systems. Retrieved from
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps5664/ps5669/data_sheet_c78-
602803.html
COMP-Sec 4.1.1: Incident Response Procedure (2006). Tenet Healthcare Corporation. Retrieved from
http://www.tenethealth.com/About/Documents/Ethics%20and%20Compliance%20Policies/Patient%2
0Rights/COMP-Sec%204.1.1%20Incident%20Response%20Procedure.pdf
Congdon, H. V. (nd). Optical Fiber Networks: Industry Trends, Application Influences and New Options for
Networks. Retrieved from
http://www.fols.org/fols_library/presentations/documents/OpticalFiberNetworks.pdf
Croyer, S. (2011, August 8). Private correspondence August 8-12, 2011.

DCH Overview. (2011) Driscoll Children’s Hospital. Retrieved from
http://www.driscollchildrens.org/about_us/index.php?action=displaysection&section=dch_overview&s
ectionid=133
The DICOM Standard. (nd). Retrieved from http://www.cabiatl.com/mricro/dicom/index.html
Dragon Medical 10.1. (2011). Centaur Media. Retrieved from http://dragontranscription.com/dragon-
software/medical-version.html
Driscoll Children’s Hospital (DCH). (2011). Retrieved from http://www.driscollchildrens.org/
Driscoll Children’s Specialty Center – Harlingen. (2011). Driscoll Children’s Hospital. Retrieved from
http://www.driscollchildrens.org/about_us/index.php?action=displaysection&section=driscoll_children
_s_specialty_center_-_harlingen&sectionid=155
Driscoll Children’s Specialty Center – McAllen. (2011). Driscoll Children’s Hospital. Retrieved from
http://www.driscollchildrens.org/about_us/index.php?action=displaysection&section=
driscoll_children_s_medical_plaza_-_mcallen&sectionid=150
Driscoll Children’s Specialty Clinics. (nd). Retrieved from
http://www.pspaec.com/popups/Driscoll%20Childrens%20Specialty%20Clinics.html
Features of Features of InterMapper Network Monitoring, Mapping and Alerting Software (2011).
Dartware, LLC. Retrieved from http://www.intermapper.com/products/intermapper/features.aspx
Fee Schedule. (2011). ARIN. Retrieved from https://www.arin.net/fees/fee_schedule.html#end_users
FlexWAN Module for the Catalyst 6500 and Cisco 7600 Series. (nd). Cisco Systems, Inc. Retrieved from
http://www.cisco.com/en/US/prod/collateral/routers/ps368/product_data_sheet09186a00800923bf.ht
ml
Godinez, V. (2010, May 28). 4G and 3G bandwidth test results on EVO 4G in downtown Dallas. The
Dallas Morning News. Retrieved from http://techblog.dallasnews.com/archives/2010/05/4g-and-3g-
bandwidth-test-resul.html
Higgins, S., Mah, C., & Anderson, T. (2010, May 27). Cisco Medical-Grade Network (MGN) 2.0—Wireless
Architectures. Cisco Systems. Retrieved from
http://www.cisco.com/en/US/docs/solutions/Verticals/Healthcare/MGN_wireless_adg.html
Higgins, S., Mah, C., Anderson, T., Mehta, T., Parmenter, S., Zaldivar, N., Bell, J., Nejad, H., Nowell, C.,
Laundry, B., Brown, D. & Jones, P. (2011, March 31). Cisco Medical Grade Network (MGN) 2.0 –
Campus Architecture. Cisco. Retrieved from
http://www.cisco.com/en/US/docs/solutions/Verticals/Healthcare/MGN_Campus.pdf
Horan, B. (2011, August 8). Private correspondence August 8, 2011.
Horizon Medical Imaging. (2011). McKesson Corp. Retrieved from
http://www.mckesson.com/en_us/McKesson.com/For%2BHealthcare%2BProviders/Hospitals/Imagin
g%2Band%2BPACS/Horizon%2BMedical%2BImaging/Horizon%2BMedical%2BImaging.html
How to Subnet IPv6. (2009). Retrieved from http://www.clarksys.com/blog/2009/03/12/howto-subnet-
ipv6/
IEEE Launches 40 Gb/s Ethernet optical interface standard. (2011, April 12). Retrieved from
http://www.net-security.org/secworld.php?id=10878
Information Security and Privacy Policy. (2007). Central DuPage Hospital. Retrieved from
http://www.cdh.org/Information-Security-Privacy-Policy.aspx
IPv6Freelys IPv6 Addressing Scheme. (2009, March 9). Pittsburg State Universities. Retrieved from
http://inetpro.org/wiki/IPv6Freelys_IPv6_Addressing_Scheme
Jiang. S. & Shen, S. (2011, June 16) Secure DHCPv6 Using CGAs. IETF Trust. Retrieved from
http://tools.ietf.org/html/draft-ietf-dhc-secure-dhcpv6-03
Kish, P. (2010, February). Next generation Fiber arrives. CNS Magazine. Retrieved from
http://www.belden.com/pdfs/techpprs/cnsstandardsjanfeb2010.pdf
Maps & Locations. (2011) Driscoll Children’s Hospital. Retrieved from
http://www.drischollchildrens.org/about_us/index.php?action=displaysection&section=locations,_map
_and_directions&dsectionid=134
Medical Grade Network: Providing Foundational Architectures for Healthcare (nd). Cisco. Retrieved from
http://www.cisco.com/web/strategy/docs/healthcare/09CS2124-MGN.pdf
Medianet Branch Cisco ISR G2 QoS Design At-a-Glance. (2011). Cisco Systems Inc. Retrieved from
http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qosbranchisraag.html
Medianet Campus Cisco Catalyst 6500 QoS Design At-a-Glance. (2011). Retrieved from
http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampuscat6500aag.html
Migration to 40/100G in the Data Center with OM3 and OM4 Connectivity. (2010, Dec.). Corning Cable
Systems LLC. Retrieved from http://www.graybar.com/documents/corning-pretium-edge-white-paper
MPLS: Is it the future of communications for business? (2007). ShopForBandwidth. Retrieved from
http://www.shopforbandwidth.com/mpls-the-future-of-communication.php
Nadel, B. (2010, December 15). 3G vs 4G: Real-world speed tests. ComputerWorld. Retrieved from
http://www.computerworld.com/s/article/9201098/3G_vs._4G_Real_world_speed_tests?taxonomyId=
79&pageNumber=2
Network Allows Physicians to Reach Isolated Populations: Ontario Telemedicine Network provides expert
care for patients in remote locales. (2009, November 23). Cisco Systems. Retrieved from
http://www.cisco.com/warp/public/146/news_cisco/mobile/dlls/global/canada/news/2009/pr_11-
24.html
Overview of Medianet Architecture. (nd). Cisco Systems Inc. Retrieved from
http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/vrn.html
Personal Health Records and Portals. (2011). EPIC Systems Corporation. Retrieved from
http://www.epic.com/software-phr.php
Picture archiving and communications system (PACS) in Wikipedia. (2011, July 17). Retrieved July 22,
2011, from http://en.wikipedia.org/wiki/Picture_archiving_and_communication_system
Prysmian Cables & Systems. (nd). Fiber Optic Cable Service Life. Retrieved from
http://www.gatelsupply.com/index.cfm/feature/226/fiber-cable-service-life----prysmian-cable.cfm
Smith, W. (2011, August). TelecoSultions. Private electronic correspondence, August 8-12, 2011.
Splunk Enterprise Security Suite v1.1.2. (2011). Splunk, Inc. Retrieved from
http://www.splunkbase.com/apps/All/4.x/Suite/app:Splunk+Enterprise+Security+Suite
Stong-Micas, J. L. (2004). Plenum vs. Non-plenum. Electrical Contractor. Retrieved from
http://www.ecmag.com/?fa=article&articleID=5854
Switches. (nd). Cisco Systems. Retrieved from
http://www.cisco.com/en/US/products/hw/switches/index.html
Teare, D. (2004). Campus Design Methodology in CCDA Self-Study: Designing for Cisco Internetwork
Solutions (DESGN) 640-861. Cisco Press. Retrieved from
http://www.ciscopress.com/articles/article.asp?p=102304
Teare, D. (2008). Authorized self study guide: Designing for Cisco Internetwork Solutions (DESGN). (2nd
Ed.). Cisco Systems, Inc. Cisco Press. Indianapolis, IN. ISBN: 9781580752729.
Typical MPLS Carrier Solutions. (2010). A2000 Network Solutions, Inc. Retrieved from
http://failoverswitch.com/mlps.htm
Unified Communications Endpoints. (nd). Cisco Systems Inc. Retrieved from
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/8x/endpnts.html
US News. (2010, July). Driscoll Children’s Hospital. Retrieved from http://health.usnews.com/best-
hospitals/driscoll-children%27s-hospital-6740737/details
Vaughan-Nichols, S. J. (2011, April 14). It’s Official: Asia just ran out of IPv4 addresses. ZDNET.
Retrieved from http://www.zdnet.com/blog/networking/its-official-asias-just-run-out-of-ipv4-
addresses/948
Whitman, M. E., & Mattord, H. J. (2010). Management of information security (3rd ed.). Boston: Cengage
Learning. ISBN: 9781435488847.
Wireless Internet Guide. (2011). Grand Ronde Hospital. Retrieved from
http://www.grh.org/patwireless.html
Yang, F. (2011, February 24th). CommScope Speaks On 40/100GbE And Data Center Network At
Ethernet Technology Summit. http://commscopeblogs.com/2011/02/24/commscope-speaks-on-
40100gbe-and-data-center-network-at-ethernet-technology-summit/
Kathleen Jungck u10a1: Network Security Design TS5325
September 16, 2011 Driscoll Children’s Hospital 60
Appendix A: DCH Information Security Management Policy 1
Sponsor: Chief Information Officer Date of Last Revision: 09/14/2011

I. PURPOSE:
This policy identifies information security requirements for the processing, storage, and handling of
information at Driscoll Children’s Hospital (DCH). Objectives of this policy are to ensure that information
related to patient treatment, payment, or health care operations is protected in accordance with the DCH
Privacy Practices policy and business needs.
DCH will audit automated information and voice systems and adherence to privacy practices on a
periodic basis to ensure compliance with this policy. Information systems users should be aware that
there is no expectation of personal privacy while using DCH information systems and resources and that
data can be viewed, audited, or removed at any time by the organization.
Violation of this policy may result in a denial of access to DCH information systems and disciplinary
actions may be considered up to and including termination of employment or the relationship with DCH.
In the event that potentially illegal activities are conducted using DCH information resources, the
organization will work with the appropriate law enforcement agencies to investigate and prosecute the
activity in question.
Scope: DCH protects patients' rights to privacy and confidentiality in accordance with the DCH Privacy
Practices Policy limits access to patient Protected Health Information (PHI) for legitimate reasons
regarding patient care, operations, payment, and compliance. This policy applies to all health system
member organizations and includes, but is not limited to employees (full-time, part-time, temporary,
reserve, and in-house registry), medical staff, vendors, consultants, contract workers, patients, students,
interns, visitors, volunteers and employee family members. An Acknowledgement Statement will be
signed by all personnel prior to gaining access to information managed by DCH. This policy also applies
to all equipment that is owned, leased, or maintained by the organization, including equipment that is
located in an individual's home, equipment provided by DCH to facilitate patient home visits, and
equipment located on DCH premises that is used within the scope of the organization's business
processes in all formats and media, including electronic, magnetic, paper, or other.
Information systems and other computing devices include all components connected or related to the
DCH computer network and telecommunications environment, including, but not limited to, Internet,
intranet, remote access, e-mail, workstations, Personal Digital Assistants (PDA), removable storage
media, telephones, electronic biomedical devices, and other related computing equipment.
II. POLICY STATEMENT
Access controls will be established for all information systems and facilities in accordance with the HIPAA
Security Rule. The types of controls may vary but must, at a minimum, be consistent with this policy and
include a means to identify, authenticate, authorize, and provide accountability for the user in a roles
based manner. Access controls will be established commensurate to the sensitivity of the information
processed or stored by the system. User accounts on information systems are restricted to the assigned
user and must be authorized by the user's immediate supervisor. Sharing of assigned account privileges
and access controls (e.g., passwords, tokens, and badges) is not permitted, and further designations and
repercussions will be communicated in the DCH Password policy. . Access to any DCH information
system may be modified or revoked at any time by the organization.
The need-to-know principle will be applied in granting information access and systems authorization. This
principle requires that information only be provided to individuals that require the information to carry out
their duties. Users may not attempt to gain excessive privileges in an unauthorized manner beyond what
they are assigned. Such unauthorized use is subject to disciplinary action pursuant to the Acceptable
Use policy.
Personal computing devices that have been used to store and process protected health information (PHI)
must be sanitized according to the DCH Decommissioning and Relocation policy when no longer used or
when the user's employment or medical staff privileges at DCH ends. Further, upon termination of
employment or medical staff privileges, all PHI will be returned to the organization and no copies will be
retained. All materials that contain PHI created on behalf of DCH remain the property of the organization.
1
(“Information Security”, 2007)
Media storage that is no longer required for use and that has been used to record sensitive or protected
health information must be destroyed according to the DCH Media Disposal policy using approved
destruction methods. Under no circumstances are media, whether paper, electronic, or other, that may
have possibly contained PHI to be disposed of in an insecure method. Failure to follow proper
procedures may result in disciplinary actions up to and including termination.
In general, e-mail communications between a provider or physician and their patients or patient parent or
guardian is permitted if it is mutually agreed upon with the patient affected pursuant to the DCH Electronic
Communications Policy. Pursuant to the Children’s Online Privacy Protection Act, patients under 13
years of age must have the consent of a parent or guardian to receive directed e-mail communications. It
is the responsibility of the individual to use professional judgment in assuring that such transmissions are
authorized, and that communications are directed to the appropriate family member for younger patients.
Physicians may also receive e-mail distribution of patient-related reports containing PHI only after
authorization by the Medical Staff Office and validation of active e-mail accounts.
DCH has put in place policies regarding access to medical records by staff and employees and has
carefully outlined the circumstances under which a patient's PHI may be released to parties outside the
hospital or physician practice in the DCH Privacy Practices policy. Please refer to the Privacy Practices
Policy in situations where there is need to disclose or request PHI from another organization.
III. CONTACT INFORMATION
Spanish language versions of this policy as well as the DCH Privacy Practices policy are available upon
request. If you have questions regarding this policy or require additional information regarding
Information Security or Privacy at DCH, please contact the individuals as follows:
Kellie Barnett, Chief Privacy and Compliance Officer, (361)694-4035; or
Rebecca Brown, Chief Information Officer, (361)694-4319
Appendix B: DCH Network Access Control Policy 2

I. PURPOSE:
This policy identifies access control requirements for Driscoll Children’s Hospital Network (DCH) and
information systems.
Scope: This policy applies to all health system member organizations and includes, but is not limited to
employees (full-time, part-time, temporary, reserve, and in-house registry), medical staff, vendors,
consultants, contract workers, patients, students, interns, visitors, volunteers and employee family
members as well as visitors and guests of DCH facilities who wish to access DCH information system or
telecommunications network.
All DCH network infrastructure, systems, and components shall be responsibly protected from
unauthorized physical or logical access according to industry best practices. This shall apply to both
wired and wireless network access, biomedical devices, security monitoring, and VoIP or other
telecommunications components. Appropriate authentication methods shall be employed to limit access
to authorized users. Roles based authorization will be employed in order to limit user access on a need
to know basis, where information is limited to only what is needed to perform their job and provide
adequate patient care. Patients and other guest access will be limited appropriately and assigned a
priority lower that critical network, patient care, and infrastructure service.
At any alternative work sites, which may include staff home offices, physician practice offices, or patient
homes, precautions must be taken to protect DCH information, hardware, and software from theft,
damage, and misuse. Information must be protected in a manner commensurate with its sensitivity, value,
and criticality in accordance with the DCH Privacy Practices Policy. When accessing the organization's
network from a remote site, or when using mobile devices (such as a PDA or laptop), the user assumes
responsibility for the security of the information that is stored and processed by the device. Personal
computing equipment may be used to connect to the DCH network only for the conduct of business and
operations from a remote site, such as a home office. Personal computers must, at a minimum, have the
most current Cisco Security Agent software installed and utilize a secure VPN connection to the DCH
network. Personal computing equipment that is not compliant will be limited to guest authorization.
Limited guest access to the DCH network is permitted after acceptance of the DCH Acceptable Use
policy. Any attempt to exceed assigned authorization levels will be considered a violation of this policy.
Violations may result in disciplinary action, up to and including termination, or criminal charges.
Spanish language versions of this policy are available upon request. If you have questions regarding this
policy or require additional information regarding Network Access Control at DCH, please contact the
individuals as follows:
Peter Crawford, Network Administrator, (361)694-4315; or
2
(“Information Security”, 2007)
Appendix C: DCH Acceptable Use of Network Policy 3

I. PURPOSE:
This policy specifies acceptable use of Driscoll Children’s Hospital (DCH) network and information
systems.
Scope: This policy applies to all users of DCH networks.
It is prohibited to intentionally use DCH information systems for activities that are considered illegal,
obscene, defamatory, or which are intended to harass or intimidate another person. In respect of the
youth of DCH patient population, on-line access to, storage of, or viewing of pornography via DCH or
personal equipment or DCH networks is strictly prohibited. Violation of this provision will result in
immediate termination of employment or interaction with DCH and forfeiture of guest access privileges
and removal from DCH premises.
Use of DCH information systems and networks to damage or impair the operations of other systems of
any type, regardless of whether at a DCH facility, or some other entity, is strictly prohibited. Also, at no
time will DCH information systems be used to support a personal business or some other activity for
personal gain.
Unauthorized duplication of copyrighted material including, but not limited to, digitization and distribution
of photographs from magazines, books or other copyrighted sources, copyrighted music, and the
installation of any copyrighted software for which DCH or the end user does not have an active license, is
strictly prohibited.
II. GUEST ACCESS
DCH offers free wireless high speed access to patients and visitors, at the user’s own risk, upon
agreement with the DCH Guest Acceptable use policy. While DCH makes a reasonable attempt to offer
secure wireless access, security is not guaranteed. DCH assumes no responsibility, and shall not be
liable for any loss of data, damages, or viruses that may infect guest user’s computer equipment or other
property on account of access to, use of, or browsing in any website, or downloading of any materials.
For our patients and visitors under 13 years of age, signed parent or guardian consent is required for
network access in accordance with the Children’s Online Privacy Protection Act.
DCH uses web filtering software to protect our patients, guests, and employees from objectionable or
inappropriate content. Patient access is made available based on age, with access based on the ESRB
game rating guidelines with access levels available for young children, teens, and adults. Access levels
may be revised based on parent or guardian consent. While a best effort is made, final oversight of
patient and visitor network access remains the responsibility of a parent or guardian.
policy or require additional information regarding Acceptable Network Use at DCH, please contact the
individuals as follows:
Peter Crawford, Network Administrator, (361)694-4315; or
3
(“Wireless Internet”, 2011)
Appendix D: DCH Information Security Incident Response Policy 4

I. PURPOSE
This purpose of this policy is to provide an organized approach for responding to information security
incidents. A structured approach is necessary to adequately respond to information security incidents,
quickly return operations and systems to a normal state, and prevent recurrences.
Scope: This policy applies to Driscoll Children’s Hospital (DCH) network and systems operations,
information assets, and users.
II. PLAN
Information security incidents include a wide variety of employee errors, systems failures, or internal and
external malfeasance. The first step in incident response is to determine whether an event can be
classified as an incident, then to prioritize the severity of the incident, and gauge an appropriate
response. The goal of incident response shall be to quarantine infected systems, gather information
about the incident, including evidence if necessary, and then to restore systems operations as quickly as
possible. After systems have been restored, root cause can be analyzed to avoid or prevent future
occurrences. Remediation methods shall depend on the scope, seriousness, priority, and remediation
options.
The Chief Information Officer (CIO) and designated reports shall be responsible for developing and
documenting appropriate systems and non-systems incident response procedures in accordance with this
policy. The CIO is also responsible for the formation, training, and support of a qualified incident
response team or teams.
III. QUALIFYING EVENTS
Events that qualify as information security incidents include a wide variety of illicit or careless actions such
as:
1. System Incidents that involve and attack or an occurrence on an actively operational computer
system including:
a) Unauthorized Access to a DCH Information Asset (such as PHI).
b) Malicious code (e.g., virus, trojan horse, etc.) interferes with a system’s operation.
c) A system weakness allows unauthorized access to system administrative functions
d) A UserID is employed to gain unauthorized access to password files, protected or restricted
data, licensed or restricted applications, software, and/or application code
e) Loss or theft of a user’s laptop or desktop computer
f) Misuse of information assets.
2. Non-system Incidents that do not involve actively operating computer systems but expose
confidential, proprietary, or PHI information including
a) Physical facility access in which information assets are compromised through unauthorized
access to areas such as computer rooms, medical records storage areas, or nursing units.
b) Physical access in which information assets are compromised through unauthorized access to
documents or information assets that contain DCH CONFIDENTIAL, PROPRIETARY, or PHI
information.
c) Equipment control failure where information is compromised due to improper procedures, such
as a hard disk removed from service and surrendered to an outside agency without the
content being properly removed.
d) Medical Control: Information asset media is stolen, destroyed, accessed or otherwise exposed
to unauthorized actions.
e) Physical Safeguards: Occurrences involving natural disasters or environmental hazards that
expose information assets to unauthorized access.
4
(“COMP-Sec 4.1.1”, 2006)
IV. MINIMUM REQUIRED RESPONSE

Minimum steps required for investigation and remediation of any suspected information security incident
shall include:
1. Activate incident response team.
2. Notify appropriate parties including facility manager, DCH CIO, and DCH Privacy Compliance
Officer (PCO). It is responsibility of the CIO and PCO to notify any third parties.
3. Document activities and observations including dates, times, people, locations, conversations,
meetings, research, and other investigative activities as well as response, recovery, and follow-up
activities.
4. Collect data
a) System snapshot that provides a baseline comparison allowing identification of continuing
changes.
b) Backups of the online storage media relevant to the system.
c) Collection and protection of applicable audit trails or system logs.
d) Exception reports generated from detailed system logs.
e) System monitoring reports.
f) Documentation of the affected system and its connectivity.
g) Gather evidence is a crime is suspected, including ensuring chain of custody. It is the CIO’s
responsibility to work with legal counsel to determine whether to refer the incident to legal
authorities.
5. Analyze the data and situation to determine the type, severity, scope and impact of the incident,
including the number of sites and systems involved, data classification involved, method of
intrusion, and an estimate of time and resources required. If necessary, and the CIO so declares,
transition to the disaster response team.
6. Establish priorities.
7. Contain/resolve the incident to prevent further damage, destruction of evidence, exposure of
information, or the use of DCH systems to attach other systems.
8. Resume normal operation (whether a system or operating process), including validation of
restored systems.
9. Perform post-incident activities including documentation, reporting, and activities to improve
systems and processes and to prevent future incidents
IV. CONTACT INFORMATION
policy or require additional information regarding Information Security Incident Response at DCH, please
contact the individuals as follows:
Kellie Barnett, Chief Privacy and Compliance Officer, (361)694-4035; or
Kathleen Jungck u10a1: Network Security Design TS5325
September 16, 2011 Driscoll Children’s Hospital 66
Appendix E: DCH IP Telephony Components
Voice
Trunk PSTN
Edge
SSRT
Voice
Cisco Unified Cisco Cisco Trunk SSRT
Communications Unity IP Cisco
IP
Manager IVR Meetingplace MPLS
VSS 1440 w/ FlexWAN VPN CME
Server Farm IPS, WAE, FISM, (IP) IP

VPN/IPSec IP
(has Voice Routing Capability)
ISR G2
SSRT (Voice
Enabled)
IP IP McAllen
CME
ISR G2
Corpus Christi (Voice
IP IP
Main Campus Enabled)
Harlingen
IP IP
DCH Network Design TS5325

Driscoll Childrens Hospital Network Desi

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Driscoll Childrens Hospital Network Desi

Загружено:

Авторское право:

Доступные форматы

1

u10a2: Network Design

Driscoll Children’s Hospital (DCH)

September 16, 2011

TS5325 Network Analysis

Instructor: Dr. Steve Klingaman

List of Figures ................................................................................................................................... 4

7.3. System Management .................................................................................................... 44

Figure 1. Campus Map.................................................................................................................. 20

Figure 2. IPv6 Address Format ...................................................................................................... 35

Figure 3. DCH IPv6 Address Scheme ........................................................................................... 36

Figure 4. Major UWN Component Configuration ........................................................................... 42

Table 1. Initial Requirements ......................................................................................................... 10

Table 2. Missing Information .......................................................................................................... 11

Table 3. Cisco SONA Modules for Driscoll Children’s Hospital .................................................... 13

Table 4. Transmission Media Characteristics ................................................................................ 19

Table 5. Core Switch Ports ............................................................................................................ 21

Table 6. VSS Core Switch Configuration ....................................................................................... 21

Table 7. Port Module Configuration for Distribution VSS............................................................... 22

Table 8. Distribution Layer Port Counts ......................................................................................... 23

Table 9. Access Layer Switch Configuration ................................................................................. 24

Table 10. Access Layer Port Counts ............................................................................................. 26

Table 11. Edge Switch/Router Configuration ................................................................................. 29

Table 12. ISR G2 Configuration ..................................................................................................... 30

Table 14. Monthly Solution Pricing for 3 yr contract ...................................................................... 32

Table 15. Proposed DCH IPv6 Address Aggregation .................................................................... 36

Table 16. Telephone Endpoint Count ............................................................................................ 37

Table 17. Peak Load Rates ........................................................................................................... 39

Table 18. Access Port and WLC Counts and Location.................................................................. 46

Driscoll Children’s Hospital Network Design

distributed client base, and to consult with general practice pediatricians.

priority on high availability, robustness, scalability, manageability, and mobility.

1.1. Customer Priorities

of their primary patient population.

section 1.2, and summarized in Table 2.

1.2. Missing Information

Missing Information Comments and Assumptions

2.1. Medical Grade Network

an upgrade to the WAN links to support performance.

1. Enterprise Campus 2. Enterprise Edge

redundancy (Higgins, Mah & Anderson, 2011):

switches, especially towards the core of the network.

2. Redundant supervisor, fan, and power modules in access layer devices

3. Redundant power and fan in core and distribution devices

(Higgins, Mah, Anderson & et al, 2011).

system network and event management.

more detail within section 8.

medical devices from other network traffic.

mobility, telemedicine, and 1GbE to the desktop.

2.3.2.Server Farm / Data Center

communications servers, and application acceleration.

customer requirements, including:

for wireless or VPN access

2. Web Applications Firewall

3. Host IPS on database servers and critical file servers

identification and mitigation.

5. Web Security Appliance (WSA)

6. Email Security Appliance (ESA)

7. WAAS to improve performance and security of critical applications.

8. WLC/MSE for centralized wireless LAN control

and maintain security by supporting non-disruptive removal of application servers for

Medical Grade Network 2.0 – Security”, nd).

2.3.3.Edge (Remote Access & VPN, Internet, & WAN/MAN)

Teleworker module as well as a tertiary backup for the campus.