Cisco Medical Grade Network 2.0Campus ArchitecturesErick OrtizHealthcare Systems Engineereriortiz@cisco.com
Cisco Medical-Grade Network GoalsResilient                  Protected                                   Responsive        ...
completeCisco Campus Architecture in Healthcare                                                                           ...
complete          Cisco MGN 2.0 Campus Design  Access                                                                     ...
MGN High Availability Campus Design                                                                                       ...
Supervisor Redundancy Is Provided byStateful Switch Over (SSO)                                                            ...
Healthcare Campus Challenges                                                                                      Core    ...
Virtual SwitchingSolving the same old                                                                        Coredesign pr...
Virtual SwitchVirtual Switching System 1440 (VSS)  Virtual Switching System consists of two Cisco Catalyst 6500  Series de...
complete VSS Enabled Healthcare Campus Design End-to-End VSS Design Option                         R     R                ...
Three Options for Multi-Chassis EtherChannel     Designs to Remove Spanning TreeVirtual Switching                     Virt...
Campus Design Option: VSSKey Benefits to Healthcare Providers Eliminates complexity of Spanning Tree Protocol and prevents...
Environmental ConsiderationsPower                        Cooling                                     Physical             ...
Biomedical DevicesConsiderations in Campus  Requirements    Traffic Flows Vary                                            ...
Biomedical Devices    Path Isolation Options         Generic Routing Encapsulation                                        ...
IEC 80001: Application of risk management forIT-networks incorporating medical devices     IEC-80001 is a voluntary intern...
Medical Grade Network    QoS Classifications                                 Per-HopApplication Class                     ...
complete      QoS Boundaries                                                         Untrusted                     Access ...
Campus Voice and CollaborationConsiderationsChallenges                                                                  Th...
complete    Campus Voice and    Collaboration Considerations         Power over Ethernet                                  ...
completeRapid Fault IsolationChallenges     Healthcare Networks are                                                       ...
Rapid Fault IsolationFault Identification and Isolation may be  achieved using a number of standard and  Cisco provided to...
Rapid Fault IsolationHardware Features Features incorporated in hardware (like TDR   line cards and power management) assi...
MGN 2.0 Campus Summary     Increasing usage of clinical and non-clinical     applications within Campus     Healthcare App...
Presentation_ID   © 2010 Cisco Systems, Inc. All rights reserved.   Cisco Confidential   25
Upcoming SlideShare
Loading in …5
×

Consideraciones de diseño de red de grado medico

1,362 views

Published on

Presentación del Healthcare Industry Day en México.
Consideraciones de diseño de red de grado médico.

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,362
On SlideShare
0
From Embeds
0
Number of Embeds
14
Actions
Shares
0
Downloads
57
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Consideraciones de diseño de red de grado medico

  1. 1. Cisco Medical Grade Network 2.0Campus ArchitecturesErick OrtizHealthcare Systems Engineereriortiz@cisco.com
  2. 2. Cisco Medical-Grade Network GoalsResilient Protected Responsive Interactive Fault-tolerant Security for Network adapts Facilitates and capable of patient privacy to change and Collaboration business and system business/ Enables continuity availability clinical needs application No single point Compliant with Has ability to access of failure regulatory incorporate Integrates data, requirements new Serves mission- voice, video technologies critical needs Protection and imaging against security breaches Cisco Medical-Grade Network 2.0 Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
  3. 3. completeCisco Campus Architecture in Healthcare Access Hierarchal designs TelePresence No single points of failure Smart Infusion Pump Portable Ultrasound North Access 1 Distribution Utilize in box Clinical Workstation redundancy NAM 802.11n AP Network Analysis Module NAC Server Core Optimize convergence 7925G South Access 1 Nx 10G Si Best practices must Point of Sale Device Si Si Si adapt to unique healthcare South Access 2 requirements CT / MR Si CoW Si Si Si North Access 2 802.11n AP Intrusion Prevention Wireless LAN System Controller(s) Medication RFID Administration Cart TAG Patient MonitorPresentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
  4. 4. complete Cisco MGN 2.0 Campus Design Access VSS Layer 3 Access stackable switchesDistribution Si Si Si Si VSS Distribution Core VSS/Hybrid Core Si SiDistribution Si Si Access Data Center 10Gbps Nexus WAN WAN Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
  5. 5. MGN High Availability Campus Design Redundant Eliminate all single Supervisor Layer 2 or points of failure Layer 3 Implement hierarchical designs Si Si Si Si Si Si Utilize redundant chassis or smart stackable switches Redundant Links Redundant switching and power fabrics Layer 3 Equal Redundant Cost Link’s Si Si Switches In the box and network redundant services Utilized IGP protocols that quickly detect faults and Si Si Si Si Si Si provide sub-second failover Data Center WAN InternetPresentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
  6. 6. Supervisor Redundancy Is Provided byStateful Switch Over (SSO) Active/Standby supervisors run in synchronized mode Depending on platform, line card and protocol this incurs from 0 to 3 seconds of outage Switch processors synchronize Layer 2 and Layer2 / Layer 3 FIB, QoS and ACL tables Line cards with DFC are populated with Layer 2 / Layer 3 routing information and ACL tables Line card protocol status is maintained during failover reducing impact and improving clinical accessPresentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
  7. 7. Healthcare Campus Challenges Core L2 Age Old Problem Si Si Remember old days of flexibility, add/move and mobility promise? Spanning VLAN solved that and created some more problems of VLAN 10 VLAN 10 VLAN 10 Stability VLAN 20 VLAN 20 VLAN 20 Response times Inefficient use of resources Looped Topology Managing end host behavior All VLANs spans All Access-switches Historically —A Compromise Core Do not span VLANs. L3 No Loops no underlying threat to the Si Si network Solution gave up critical need of not able to span VLANs. However, in many healthcare deployments, clinical and biomedical devices requires VLAN 10 VLAN 20 VLAN 30 vendor dedicated VLANs VLAN 110 VLAN 120 VLAN 130 Loop Free Topology VLAN = Subnet = Closet Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
  8. 8. Virtual SwitchingSolving the same old Coredesign problem and yetnot loose the benefitsof stability and mobilityVirtual Switchingallows elimination ofloops in the network,while allowing forspanning of VLANs VLAN 10 VLAN 10 VLAN 10 VLAN 20 VLAN 20 VLAN 20 VSS Enabled Loop Free Topology VLANs spans Access-switches Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
  9. 9. Virtual SwitchVirtual Switching System 1440 (VSS) Virtual Switching System consists of two Cisco Catalyst 6500 Series defined as members of the same virtual switch domain Single control plane with dual active forwarding planes Design to increase forwarding capacity while increasing availability by eliminating STP loops – a loop-free topology Reduced operational complexity by simplifying configuration Virtual Switch Domain Virtual Switch Link Si Si VSS —Single Switch 1 + Switch 2 = Logical SwitchPresentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
  10. 10. complete VSS Enabled Healthcare Campus Design End-to-End VSS Design Option R R R Si Si Si Si Si Si R R RSTP-based Redundant Topology Fully Redundant R = STP Blocked Link Virtual Switch Topology Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
  11. 11. Three Options for Multi-Chassis EtherChannel Designs to Remove Spanning TreeVirtual Switching Virtual Port Channel Stackwise+ System Single control plane Separate control plane controlled by Master Single control plane Separate management Switch plane with VPC state Single management synchronization (CFS) Master switch controls plane etherchannel Redundant supervisors per Redundant master Single supervisor per chassis with hitless SSO switches per stack chassis Manual port sync config Automatic port config (DataCenterNetworkMgr) sync (single control Automatic port config plane) sync (single control Local SVI HSRP/PIM plane) forwarding enhancements Stack appears as a to act as active-active pair single router, no need for FHRP Single L3 domain (single SVI) no need for FHRP SW1 VPC FT-Link SW2 VPC peer-link Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
  12. 12. Campus Design Option: VSSKey Benefits to Healthcare Providers Eliminates complexity of Spanning Tree Protocol and prevents potential for loops in network. Faster failover by eliminating need for gateway redundancy protocols (HSRP, VRRP, GLBP) Simplified network management (less links/configuration, fewer operational points) Conserves bandwidth (no unicast flooding, MEC optimizes number of hops Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
  13. 13. Environmental ConsiderationsPower Cooling Physical Monitoring Separate grid based Examine BTU Security Use 802.11 based power feeds generation thermal & humidity compared to HVAC Monitor and maintain monitoring Building based access to IT systems Backup Generator infrastructure Implement smart Power Redundant HVAC building technologies chillers on separate Log access to key (Cisco Connected Localized UPS Power distribution areas power Real Estate) for especially for PoE Utilize video power and cooling deployments Consider rRack surveillance monitoring design for front to Redundant Power back vs side to side Take precautions to Track battery health Supplies airflow prevent for localized UPS unauthorized access devices and prevent data Utilize under floor loss water detectors Cisco Medical-Grade Network 2.0 Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
  14. 14. Biomedical DevicesConsiderations in Campus Requirements Traffic Flows Vary Patient Patient Monitors Monitors Provides real time Patient monitors: Small (300 monitoring of vital signs byte), but frequent (4x/sec) broadcasts, multicasts or unicast (blood pressure, oximetry (vendor-specific) etc) on continuous basis. IV pumps: Formulary and May connect to central firmware updates are usually station small and not a daily occurrence Biomedical devices often Infusion (IV) Pumps communicate back to central IV monitoring station Pumps Administers medication to patients and requires SLA Requirements formulary and drug library updates on an intermittent Prevent < 50ms jitter basis. Maintain < 20ms connectivity loss from patient monitor to central Portable Radiology Radiology station Devices Devices Connects to the RIS and Unique Layer 2 and PACS system. Layer 3 requirements Many vendors require separate parallel Layer 2 VLANs Layer 3 and multicast functionality may be limited Path Isolation may be required Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
  15. 15. Biomedical Devices Path Isolation Options Generic Routing Encapsulation VLAN10 (GRE) Tunneling SSID Vendor A Central VLAN10 Station Create Closed User Groups Virtual Routing and Forwarding (VRF-lite) Si Lightweight Campus Si Network Path Isolation Single routing device Options SSID Vendor B VLAN30 Multiprotocol Label Switching (MPLS) VLAN30 Cisco Catalyst 6500 Overlay Transport Virtualization Vendor B (OTV) Central Station Emerging Technology in Data CenterFor More Information:http://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
  16. 16. IEC 80001: Application of risk management forIT-networks incorporating medical devices IEC-80001 is a voluntary international standard, dealing with risk management Medical IT-Network of IT networks incorporating medical Planning and devices Operation Provides framework for the “Application Biomedical of risk management for General purpose Devices IT-networks incorporating medical devices” IT Infrastructure Vendor Three “Key Properties”—Safety, Effectiveness, Data and System Security Biomedical Device Four supplementary documents or Vendor Technical Reports (TR’s) in development: Wireless Guidance Responsible Organization Healthcare Delivery Organization (HDO) (HDO) Step-by-Step guide Security Guidance IEC-80001-1 HDO Implementation GuidancePresentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
  17. 17. Medical Grade Network QoS Classifications Per-HopApplication Class Queuing and Dropping Medical Applications BehaviorNetwork Control CS6 BW QueueVoIP Telephony EF Priority Queue (PQ) Constant Bit Rate Biomed FeedsBroadcast Video CS5 (Optional) PQRealtime Interactive CS4 (Optional) PQ Cisco Healthcare, Telepresence Cisco Unified PersonalMultimedia Confrencing AF4 BW Queue + DSCP WRED CommunicatorMultimedia Streaming AF3 BW Queue + DSCP WRED *Biomedical Telemetry SteamingCall-Signaling CS3 BW QueueOps/Admin/Mgmt (OAM) CS2 BW Queue *Biomedical Devices, CriticalTransactional Data AF2 BW Queue + DSCP WRED Apps, WebExBulk Data AF1 BW Queue + DSCP WRED PACS, Large File Apps Back Office, Archiving, PatientBest Effort DF Default Queue + RED RecordsScavenger CS1 Min BW Queue (Deferential) Guest Traffic Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
  18. 18. complete QoS Boundaries Untrusted Access Distribution Core Endpoints Summary of trust, marking, policing and queuing boundaries Correct Trust and Markings at Access Trusted Endpoints Interswitch links in Campus will trust DSCP markings Perform Policing and Untrusted Endpoint Port Conditionally-Trusted Endpoint Queuing where QoS: Port QoS: No Trust Conditional-Trust with Trust-DSCP appropriate Conditionally [Optional Ingress Marking/ [Optional Ingress Marking/ Policing] Trusted Policing] 1P3QyT Queuing Endpoints 1P3QyT Queuing Switch-to-Switch/Router Port QoS: Trusted Endpoint Port QoS: Trust DSCP Trust-DSCP 1P3QyT or 1P7QyT Queuing [Optional Ingress Marking/ Policing] 1P3QyT QueuingFor More Information:http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
  19. 19. Campus Voice and CollaborationConsiderationsChallenges The Connected Health Community In Order to Provide Optimal Patient Care, Collaboration Among Caregivers is Essential Due to the Critical Nature of the Collaboration both the Campus Infrastructure and the Collaboration Systems Must be Constantly Available The Diversity of Caregivers Requires that a Wide Range of both Wired and Wireless Endpoints Must Be SupportedPresentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
  20. 20. complete Campus Voice and Collaboration Considerations Power over Ethernet PoE Devices Switches End Points Voice over WLAN VoWLAN QoS Multicast Unified Communication IP Phone Portfolio UC Manager Resiliency Security Session Manager Edition SRSTFor More Information:http://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
  21. 21. completeRapid Fault IsolationChallenges Healthcare Networks are Access Critical to Patient Care TelePresence Network Failure Could Smart Portable Critically Impact Patient Care Infusion Pump Ultrasound North Access 1 Distribution The Network Should Be Clinical Workstation 802.11n Designed for Maximum Up AP NA M Network NAC Server Core Time, but Even the Best 7925G South Access 1 Analysis Module Design Can’t Guarantee 100% Nx 10G Point of Sale Si Device Si Si Uptime Si South Access 2 Provisions Should Be Made CT / MR So That When a Fault Occurs, Si Si It Can Be Isolated and CoW 802.11n AP North Access 2 Si Si Corrected in Minimal Time Intrusion Wireless LAN Prevention Medication RFID Controller(s) System Administration Cart TAG Patient MonitorPresentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
  22. 22. Rapid Fault IsolationFault Identification and Isolation may be achieved using a number of standard and Cisco provided tools First Failure Analysis Monitoring applications like Syslog, SNMP, Netflow and XML can identify persistent Network Problems Cisco.com Tools A number of tools are available on Cisco.com that identify know problems and notify customers of critical issues, Smart Call Home assist in the interpretation of error outputs and messages, and automatically notify TAC when a problem occurs 14 12 IOS Tools 10 load [%] 8 Features are built into IOS to both proactively manage issues 6 (like EMM and MLS Rate Limit) and to assist in isolating 4 problems (like SPAN, RSPAN and ERSPAN) 2 0 Cisco Remote Management Services 1 4 7 10 13 16 19 22 25 28 31 34 37 40 43 46 49 52 samples Cisco Data Center Remote Management Services provide Netflow Results comprehensive monitoring and management of your data center infrastructure 24 hours a day, 365 days a year Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
  23. 23. Rapid Fault IsolationHardware Features Features incorporated in hardware (like TDR line cards and power management) assist in isolating problems and optimizing system performance Features like Core Dump, SEA, and OBFL provide information for troubleshooting and failure analysisCisco Advanced Services AS offers a range of services that enhance network performance and minimize down time ranging from Bug Scrub to Code Recommendations to Network Analysis and Optimization to Remotely Managing the Network. Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
  24. 24. MGN 2.0 Campus Summary Increasing usage of clinical and non-clinical applications within Campus Healthcare Applications Requirements High Availability Supports Medical Devices and Mission Critical Clinical Applications Change Management Enhance patient experience Cisco Medical Grade Network 2.0 - Campus architectures outlines best practices to build a resilient, protected, interactive, responsive network.Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
  25. 25. Presentation_ID © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25

×