Healthcare Application Service Provider (ASP) Cerner enhances availability, decreases complexity, and simplifies troubleshooting with Cisco Routed Access solution.
Business Challenge
As an application service provider (ASP), the CernerWorks division of Cerner Corporation provides a complete set of clinical and practice management solutions to 125 remote healthcare provider
networks with approximately 49,000 contracted users and growing. These customers evaluate their WAN-based, subscription service based on the availability and stability of applications on the network. Cerner tracks the monthly minutes of downtime, and if the number exceeds what is stipulated in service-level agreements (SLAs), the company incurs financial penalties.
"Our business is driving us towards zero downtime," says Brett Jones, Senior Manager of Network Services for Cerner. Jones set out to deploy a network upgrade that would reduce the frequency of downtime due to both scheduled maintenance and unforeseen problems, while increasing the stability and manageability of the network. Other requirements for the new design included the ability to firewall and apply security to the right places within the network and to protect patient information in transit between the customer and the Cerner data center. More efficient load balancing and scalability were also important features.
Jones and his colleagues in Network Services worked with Cisco® to redesign the access and aggregation layers of their network, standardizing on the Cisco Catalyst® 6500 Series switch and using Layer 3 Routed Access features. In an innovative Cisco Try and Buy Program, Cerner was not invoiced for the new equipment for 80 days, during which they could evaluate it and, if not satisfied, return it at no charge.
Network Solution
Cerner's data center in Lee's Summit, Missouri, has Cisco Catalyst 6500 Series switches in the core and distribution layers. In January 2006, Cerner replaced their existing access switches with Cisco Catalyst 6500 Series switches and the Cisco Content Services Module (CSM-S) for load balancing. The SPA-IPSEC-SSC400-a module integrated into the Catalyst 6500 chassis-also added IPSec encryption for traffic traveling across wide area circuits between the remote customer sites and the CernerWorks data center. The requirement for encryption is driven by the Health Insurance Portability and Accountability Act (HIPAA) which requires Cerner to protect patient health information in transit and will prepare Cerner for it's pursuit of ISO17799 certification.
Cerner also replaced the existing routers in its WAN aggregation layer with Cisco Catalyst 6500 Series switches. This has provided redundant links to two different carriers, each of which terminates local and long distance service into the two Cisco Catalyst 6509 WAN switches. If one of those carriers goes down, Cerner customers are automatically switched over to the other carrier.
Redundant devices are installed at all network layers to maximize uptime. Failover capabilities extend to dual redundant supervisor engines and redundant power sources within each device. This redundancy also enables Cerner administrators to implement hardware and software upgrades and fixes in one device while the other one remains online.
Benefits of Routed Access
By installing Cisco Catalyst 6500 Series switches in the access layer, Cerner is now able to move Layer 3 routing intelligence to the access layer. With Cisco Routed Access, a single set of network protocols are used in both the core and access layers, greatly reducing complexity for troubleshooting network issues and standardizing configurations.
In the past, Layer 2 protocols were used in routers and switches in the access. But with the growth of real-time applications such as Citrix on-demand access, networks require faster recovery times that older protocols such as Spanning Tree cannot provide. Cerner now uses the Enhanced Interior Gateway Routing Protocol (EIGRP) in Cisco IOS® Software, which enables a network to recover from failure in a fast, deterministic way. The protocol can identify the source and cause of network failure and reroute traffic within 200 milliseconds, and administrators no longer have to troubleshoot multiple protocols or devices.
"With Routed Access, the changes that we make to the network are much more transparent to users," says Mark Lucas, a senior architect at Cerner. "For example, we have recently installed some security features at critical points in the network to inspect what is coming through. In the previous Layer 2 environment, where each router was dual-homed, one link carried traffic while the other was left for backup. We would have had to take down a link or configure Spanning Tree Protocol to do the install. Now we can work on the switch using one link while the other link carries the traffic."
Business Results
The new Routed Access design has helped Cerner enhance network uptime and raise their customer SLAs to a higher level. This approach also affords Cerner with the opportunity to offer service level guarantees in a tiered fashion, making remote hosting a viable option to a broader client base.
"We can say without exception that we are very pleased with the outcome of our newest data center design," says Jones. "The biggest benefit is being able to maintain the environment with minimal impact to the production network. What in the past would be a complicated and time-intensive maintenance event is now handled simply without impact to the customer experience."
"In the old topology, we had lots of neighbors peered with each other," says Mark Lucas. "We do not have that anymore. It is simpler, more redundant, and more reliable, with fewer devices."
Next Steps
Cerner is building another data center on its Kansas City campus that will provide disaster recovery and potentially share the traffic load with the Lee's Summit data center. The Lee's Summit network design is also the model for new data centers being planned and deployed at Cerner locations worldwide to keep up with growing customer demand.
"The CernerWorks application suite is quite complicated and is a challenge for hospitals and clinics to run on their own," says Jones. "As long as we can do it better, through a dependable network connection that our customers do not have to think twice about, we will continue to see our business grow."
For More Information
To learn more about Cisco routed access and other resilient services to the network edge, go to http://www.cisco.com/en/US/netsol/ns340/ns394/ns147/ns17/networking_solutions_package.html
For another case study featuring Cisco routed access, go to http://www.cisco.com/en/US/netsol/ns340/ns394/ns147/ns17/networking_solutions_customer_profile0900aecd80459891.html