Improving network architecture to allow for Digital Transformation is becoming a top priority for business leaders. Rudolf Dück, CIO at UKSH, tells us how the healthcare and research institute put the digitalisation of healthcare and work processes at the heart of its project with Aruba to create a fully reliable network.
The University Hospital of Schleswig-Holstein (UKSH) is a healthcare and research institute with sites in Kiel and Lübeck. It is one of Europe’s largest medical centres and the only major tertiary care centre in Northern Germany.
Four years ago, the UKSH began centralising the services provided by 21 clinics at its Kiel site and 20 at its Lübeck site. Advances in digitisation were at the heart of the project to centralise the clinics. The goal was to take full advantage of the technological potential in order to be fit for future challenges. An important requirement was the provision of a fully available WLAN solution across all sites to replace the previously fragmented and unreliable network. The IT network infrastructure also needed to run in a stable and secure manner.
The twin cities remain one of the largest centres of medical care anywhere in Europe. Across medical research and healthcare, UKSH is home to 2,000 physicians, scientists and researchers, and 5,400 health staff in 80 clinics and institutes.
The current challenge for UKSH and the thing that will see it continue to grow is Digital Transformation.
Digital Transformation and a consistent network experience
In 2015, UKSH laid out a plan to centralise the services provided by 21 clinics at its Kiel site and 20 at its Lübeck site. Digitalisation of healthcare and work processes was at the heart of the project.
The goal was to take full advantage of the technological potential in order to be fit for future challenges. Rudolf Dück, CIO at UKSH, said: “We recognised the need for a singular, fully-available WLAN solution across all sites to replace the previously fragmented and unreliable network. Critically, the network infrastructure needed to be stable and secure.”
Linking diverse technologies to a single solution
UKSH wanted a network architecture that could adapt as things changed. Rudolf Dück said the emphasis was on openness and the ability to create and manage an ecosystem that may involve multiple partners.
Aruba’s partner, AirITSystems GmbH, was tasked with defining UKSH’s needs and compiling the components necessary for the solution.
Secure and automated dynamic access control
The centrepiece of the Aruba architecture is the ability to offer Colourless Ports and Dynamic Segmentation, as simple and secure ways to manage and role-based automate policy enforcement for the wired and wireless networks. The Colourless Port concept means that regardless of which type of device is connected to any switch, based on the identity and role of the device, ClearPass will download the appropriate role settings to the used port. It unifies and automates enforcement policies and can completely eliminate VLAN sprawl and complex and error-prone port-based configurations. This makes a huge impact for a network of the size of UKSH, comprising 1,600 Aruba 2930 Modular and Fixed form factor campus access switches and over 3,000 wireless access points.
While security policies are applied to and automated over all the ports and for both the wired and wireless network, Dynamic Segmentation or user-based tunnelling is currently applied to the smaller part of the network and in a number of the smaller buildings where the old cabling is now insufficient for allowing access to all the users. To solve this challenge, the team deployed individual Aruba 2930F switches and channelled their traffic to the Aruba Mobility Controllers. By establishing Dynamic Segmentation over these switches, each cable/port in such buildings was able to be securely scaled up to eight ports on each of the switches in this domain. In this sector, because all wired as well as wireless traffic is channelled through the Mobility Controllers, and a private tunnel is established between any wired or wireless device and the controller, all policies are managed via the controllers. Also, all wired devices have access to the same controller services as wireless ones connecting, including full Colourless Port capability.
For UKSH, the underlying advantage of Dynamic Segmentation was that through the use of the 2930F switches, the IT team avoided the need for additional cabling in older buildings by allowing a single cable/port to be expanded to multiple ports on the same switch, thus saving significant costs.
“The Aruba architecture was the obvious choice for us due to the way wired and wireless networks are unified, with the same levels of security, management, monitoring and automation,” said Marcus Will, CTO at UKSH Gesellschaft für IT Services mbH. “Dynamic Segmentation is a huge advantage, simplifying our network design, automating access controls and saving infrastructure complexities.”
The solution also includes AirWave network management and Aruba Mobility Master for coordinating all the controllers.
An ambitious schedule achieved with Zero Touch Provisioning
UKSH set itself an ambitious schedule – it wanted 19,283 ports to be up and running in Kiel by June 2019. This was significantly enabled thanks to the Zero Touch Provisioning (ZTP) capability of the Aruba switches. This meant that no prior configuration or programming was required. Switches would simply be unpacked and connected into the network. This saved a lot of time and cost for UKSH and AirITSystems. The same applied to the Aruba access points which can be added onto the network and their configurations are automatically monitored and updated.
“Zero Touch Provisioning allowed us to deploy semi-skilled electricians to install the switches on site. We then recorded the serial numbers with a manual scanner and used scripts to create, and then apply configurations,” said Will.
Avoiding the need for expensive new cable installations
While the hospital’s work continued as normal, the existing data centre network infrastructure was migrated. AirITSystems also managed the integration of technologies supplied by three different partners into a single solution, including HYPROS, a location-based service already being trialled by UKSH.
Today, the new buildings in Kiel and Lübeck are open, with work continuing on renovating older buildings. Where new cabling has proved too costly or time-consuming to install for temporary facilities, Will says the combination of Aruba switches, controllers and ClearPass have delivered a real advantage.
More energy to focus on optimisation and innovation
The result is a network architecture that is flexible, open, scalable and robust. UKSH has a single view of network health across its wired and wireless environments and can manage a broad range of users and usage. It means UKSH needs to spend less time on network management, said Dück, and has more energy to focus on optimisation and innovation.
In effect, the Aruba solution creates a single smart hospital across one region and multiple buildings. “For instance, Aruba access points allow for the use of Bluetooth tags, opening up a range of new applications using a real-time location system,” said Dück. “This makes it possible to detect a patient’s precise position in an emergency, ensuring that help arrives as soon and as effectively as possible.”
The HYPROS location application is certified to work on the Aruba network. By tagging via Bluetooth to the Aruba access points and additional Bluetooth gateways, it monitors the movement of patients and clinicians throughout the site. The system can then identify bottlenecks, misalignments between actual and needed staffing, time and motion improvements, and patient and equipment scheduling. It creates a contextually adaptive ‘connected clinic’. In addition, the capability of asset tracking allows the application of resource-conserving just-in-time logistics.
Effective mobility for patients, doctors and devices
Mobile monitoring technology will play an increasingly important role across the hospital. From the clinical perspective, patients are free to move around the hospital campus while wearing network-connected Philips heart-rate monitors. From the logistics perspective, it is possible to monitor the transportation of medication that patients need to take at a specific time.
If there is an issue, or a missed step in the process, the relevant clinician is automatically alerted. “We can react much earlier in the process and safeguard treatment,” said Dück.
UKSH can also be smarter in the way it uses ‘fixed’ resources. The new building does not have transitional wards, meaning that beds need to be collected, cleaned and made available on a just-in-time basis. This makes it crucial to know the exact time of patient discharge and patient admission.
“We’re better able to map out the ideal patient care logistics,” Dück said.
Driving operational efficiency
Overall, the Aruba engagement drives operational efficiency. It helps to improve the quality of treatment by ensuring that patient-centred processes are more targeted and efficient. There is a more dynamic approach to appointment scheduling with wayfinding around the two campuses, meaning fewer patients are late for appointments. Both contribute towards shorter waiting times.
There is also greater use of technology that patients will recognise out of a hospital setting.
Strengthening data security
As a hospital, holding huge amounts of sensitive personal data and a critical part of national infrastructure, UKSH must meet strict security criteria. Will says ClearPass is critical in providing a secure environment and protecting patient data.
“ClearPass has more options for identifying and verifying connected network devices, irrespective of whether they are wired or wireless,” said Will. “The solution is significantly more extensive and takes our security to a whole new level, compared to our previous system.”
“We believe that with our new network architecture, we have a solution fit for the years ahead,” said Dück.