Cisco Medical-Grade Network Wireless Architectures for Healthcare

advertisement
Cisco Medical-Grade Network
Wireless Architectures for Healthcare
Collaboration and Security
Wireless networks deliver a wide range of benefits to a healthcare facility. They can connect mobile caregivers with their colleagues, make it easier for medical personnel to access
backend clinical systems, and enable a new set of patient and guest services. Wireless networks can also simplify the tracking of mobile equipment and personnel, and can even link
together the facility’s many clinical and robotic systems as well as its various biomedical devices. Cisco wireless technologies enable reliable, continuous communications throughout
the healthcare facility, while helping keep sensitive medical data private and secure.
Wireless
IP Phones
Given the highly mobile nature of healthcare providers, it is important
that they have an effective way to collaborate in real time while
protecting patient privacy and data security.
The Cisco® Medical-Grade Network (MGN) offers a robust, highly
secure platform for delivering higher-quality patient care throughout the continuum of care.
MultiMode
Phones
•Increased productivity through Cisco technology-enabled IP
phones, mobile phones, video, and presence capabilities
•Advanced network security that lets electronic protected health
information (ePHI) traverse the network safely, without loss of data
Laptops with
Voice Clients
Third-Party
Integration to RTLS
(Nurse Call, BioMed,
EMR)
Cisco Catalyst®
3750G Integrated
Wireless LAN
Controller
Smartphone with
WebEx Client
DNS
Guest Wireless Services
WCS
Hospitals must facilitate information sharing by providing
highly secure, wireless guest services for patients,
contractors, and guests.
Medical-Grade
Network
DMZ
Wireless
Management
PC—Browser
Based
•Ethernet-over-IP tunnels allow guest traffic to traverse
the campus network in a highly secure manner
LWAPP
CAPWAP
Tunnels
•Guest users can be authenticated against existing
authentication services
Cisco ISR
Wireless LAN
Controller Module
Medical-Grade
Network: Campus
•Minimizes IT staffing requirements through centralized
control
•Scales to support local or remote wireless LANs of any size
MSE
ACS
WCS
Remotely
Managed
H-REAP AP
Many healthcare organizations extend their reach with remote
locations. The connectivity between these remote locations and
the main campus needs to be secure and robust.
MGN 2.0
Campus
Cisco MGN 2.0 incorporates remote access architecture that
supports real-time reporting and a wireless intrusion prevention
system (IPS).
•Cisco OfficeExtend is a highly secure, simple, cost-effective
solution for remote site connectivity
EHR
VPN
•OfficeExtend provides guest wireless services and highly
secure connectivity to the hospital electronic health record
(EHR) system and other systems
Voice & QoS Enabled
Access Switches
•H-REAP access points deliver wireless services from a
centrally administered wireless LAN controller (WLC) or
wireless control system (WCS)
Guest User Login Page
Acceptable Use Policy
Voice over Wireless LAN (VoWLAN)
•Delivers comprehensive lifecycle management for the
Cisco Unified Wireless Network
•Improves IT efficiency through an intuitive GUI and
flexible ease of use
Wireless LAN
Controllers/Foreign
•Web portal for guest login page and Acceptable Use
Policy (AUP) help standardize security
The Cisco Wireless Control System (WCS):
Wireless Remote Access Connectivity
Cisco Catalyst
6500 Wireless
Services Module
(WiSM)
EoIP Tunnel
EoIP Tunnels
The Cisco MGN architecture supports highly secure
wireless guest services.
NAC
WEB
Anchor Controllers
N+1 Redundancy
The shielded rooms, different types of construction, and large,
dense equipment often found in the healthcare environment
can pose a challenge for wireless technology.
•Protects 802.11n performance by mitigating RF interference
with Cisco CleanAir technology
Wireless LAN
Controller (WLC)
Internet
Network Management
•Reduces operational costs with built-in tools, guides,
and templates
Wireless Architecture
•Highly secure collaboration capabilities and protection against
data loss to help satisfy regulatory and compliance requirements
•Pervasive device coverage throughout the healthcare facility
Cisco’s wireless networking products
have the exclusive endorsement of the
American Hospital Association (AHA).
Medical-Grade
Network
WCS
Cisco Office Extended
AP Establishes
VPN tunnel
Automatically
Internet
Secure Datagram
Transport
Security VPN
5500
Wireless LAN
Controller
Regulatory Compliance
Floor 2 WLC
Integrating mobile devices with the appropriate clinical applications
can improve workflow and productivity. Using the Wi-Fi network for
on-campus calls reduces costs.
Healthcare providers are subject to a multitude of national,
state, and local regulations, and must ensure compliance
with all relevant regulations.
Cisco’s VoWLAN application delivers ubiquitous, robust coverage
and enables instant communications among mobile care providers.
The Cisco MGN 2.0 architecture facilitates compliance
in the following areas:
•Support for fast-optimized roaming of voice clients
•User authentication and granular access rights
•Real-time RF scanning and monitoring to minimize interference,
helping ensure high-quality voice communications
•Transmission and encryption
•Network security
Elevator WLC
•Management tools for monitoring roam time, jitter, and client
connectivity
•Remote access
•Wireless security
•Advanced quality of service (QoS), extended talk time and
battery life, and call-admission control
•A choice of client devices that interoperate in a highly secure
way with the Cisco Unified Wireless Network, tested through
the Cisco Compatible Extension program
www.cisco.com/go/mgnfoundation
www.cisco.com/go/designzone/healthcare
SSC
Floor 1 WLC
Location- and Context-Aware Services
Biomedical Devices
Clinical Systems
Assets and services need to be tracked effectively and efficiently.
These mission-critical devices require pervasive coverage
throughout the healthcare facility.
In order to maintain patient privacy and data security, ePHI
must be kept protected when transmitted over a network.
The Cisco MGN 2.0 architecture optimizes the core infrastructure
to facilitate highly secure interaction among various biomedical
devices.
The Cisco MGN 2.0 architecture enables the safe passage
of clinical data while in motion.
Cisco location services can locate medical devices, people,
and can provide appropriate clinical information based on the
location of the device.
•Room-level accuracy with access-point perimeters or exciters
for tracking assets
•Telemetry information such as temperature, humidity, motion,
pressure, etc.
EHR/Lab Systems
PCI
MGN
Regulatory
Compliance
EC95/46
•Antivirus and patch management
•Database security
Meaningful
Use
Red Flags
RF Spectrum Intelligence
RF analysis is critical to the effectiveness of wireless infrastructures in
all healthcare environments.
Cisco WLA
WLAN Controller
Smart Phones
/PDAs
Cisco
Access Points
The Cisco MGN 2.0 architecture can help with real-time spectrum analysis,
which can be performed pervasively across the entire healthcare enterprise.
•Cisco CleanAir technology provides real-time spectrum intelligence as a
standalone tool or as an access-point feature
•The Cisco Wireless Control System allows real-time reporting of RF conditions
•Rapid response to sources of interference provides higher levels of availability
and performance
•Medical devices should use an 802.1X EAP type for
authentication and WPA2 for encryption of ePHI
•O ffers guidelines for supporting special wireless considerations
in the areas of medical device traffic flows (unicast, multicast,
broadcast)
•Ecosystem of partners offering increased choice and delivery
of customized healthcare solutions
LAN/WAN
Network
•Pervasive coverage to support varied wireless client
RF characteristics
•Supports various authentication and encryption methods, including
WPA, WPA2, and 802.1X
•An open API for integration with third-party tracking and
medical applications such as sensor technologies, inventory
management, and bed management
WoWs
•WPA, WPA2, or 802.1X support for authentication/encryption
of workstations on wheels (WoWs) and wireless tablets
Si
•Supports the most typical implementations used by manufacturers
of medical devices, including Layer 2 isolated, Layer 3 routed, and
hybrid Layer 2/3
Pharmacy
Systems
HIPAA
•Access-point-based solutions:
General Computing
Devices
Tablets
– Automatically optimize the wireless LAN by avoiding interference and
resuming client activity on another channel
– Perform remote troubleshooting for fast problem resolution and less downtime
– Detect non-Wi-Fi security threats and resolve issues in real time
– Set and enforce policy with intelligent identification of wireless devices
1250
1240
3500e
1260
Access Points
•Reliable and predictable
WLAN coverage
•Internal or external antennas for
demanding RF environments
Inernal Antenna
Surface Mount
•Data rates of up to 600 Mbps
1130
1140
3500i
•Integrated spectrum intelligence with
Cisco CleanAir (Cisco 3500 Series)
Wireless LAN Controller
5508-12, 25, 50, 100, 250 (LICENSE-BASED)
5508-12
Performance & Scale
External Antenna
Ruggedized
Product Overviews
5508-25
5508-50
4402-12, 25, 50
5508-100
•Offers a flexible, scalable wireless platform
that provides mission-critical wireless
network performance and availability
5508-250
4404-100
WiSM-300
•Scales from a few to thousands of access
points to meet healthcare requirements
3750G-25, 50
Management
Planning
•Comprehensive wireless network visibility
Reporting
Deployment
•Pervasive spectrum intelligence dashboard
with Cisco CleanAir heat maps
•Facilitates wireless guest services
2106, 12, 25
•Includes RF spectrum intelligence with
Cisco CleanAir
WLCME-6, 8, 12, 25
1
11n
11n + CleanAir
6
12
Encryption
Troubleshooting
25
50
Logging
Reporting
•WCS provides troubleshooting, reporting,
and trend analysis in one complete platform
Monitoring
100
AP Density
250 300
Wirelss IDS
Location-Based Services
•Authentication performed by Cisco
Secure Access Control Server (ACS)
•Logging and reporting with Cisco WCS
•Cisco Mobility Services Engine provides
location-based services and supports
an open API for third-party integration
•Adaptive wireless IPS from
Cisco Unified Mobility products
•RFID tags enable asset tracking and
inventory control
•Encryption using Cisco Wireless
LAN Controller and access points
•Temperature tags are available for local
regulatory compliance
•Location-based services integrate with
physical surveillance video security systems
Rouge
n
Detection
H-REAP
11abg
Identity
Cisco
TrustSec
Security Components
•Location data available on Cisco desktop
phones and wireless VoIP phones
500
Resilient
Protected
Interactive
Responsive
Wireless networks in the acute-care and in-patient environments must be resilient enough to support flexible,
highly available access to care providers.
Access to any clinical system involves the transmission of electronic Protected Health Information (ePHI).
Controlling access and preventing unauthorized access to ePHI is a key requirement of every clinical network,
regardless of its geography.
Cisco’s MGN architecture offers a complete set of wireless technologies and products to help the
care provider improve the quality of care—at the point of care. The same wireless architecture can
support both patient and guest access, for a greater variety of communication channels. The resulting
flexible, rich interactions are valuable to both patients and care providers alike.
Cisco’s MGN approach includes a set of architectures and products that let the network adapt to shifting
demands and environmental transitions. Using advanced technologies, such as Auto RF and Event-Driven
Radio Resource Management (EDRRM), Cisco Unified Mobility overcomes the RF challenges present in
most healthcare environments and can dynamically react to changing requirements without network
redesign or manual interaction.
The Cisco MGN wireless architecture gives clinicians, patients, biomedical devices, and vendors access
to the critical systems and services needed within the healthcare environment.
Cisco’s wireless networks provide a number of high-availability features with the intelligence to detect
and isolate failures, whether they are hardware-based or RF-spectrum-based.
Cisco is a leader in providing comprehensive, end-to-end security products and architectures that address
privacy and regulatory compliance.
Cisco Unified Mobility products and the MGN 2.0 architecture provide a rich set of security services to enable
highly secure, seamless access for authorized individuals only.
Download