Digital Strategy for Connected Health and Care - Part 2

Digital Strategy for Connected Health and CareCisco Network Architecture Blueprint (C-NAB) - Version 3

Part 2: Architectures for Digital Transformation

3 Part 2: Architectures for Digital Transformation 3

Foreword

The healthcare industry seems to be in a perpetual state of flux. Whether it is industry change or Government reforms, the last couple of decades have seen significant upheaval amongst healthcare systems and the way that services are delivered.

Today, in a world that is moving from the delivery of healthcare to integrated ‘health and care’, geographical and organisational boundaries are being challenged. In addition, dependency on partnering will become more critical, between providers, with commissioners and other partners such as social care, the third sector and the public themselves. All the time, while this shift is occurring, the backdrop of cost pressures and subsequent need for efficiencies remains a constant challenge.

Meanwhile, industries and countries across the world are moving towards digitisation. UK Government has itself embarked upon a digital strategy and the term ‘digital’ has become embedded across the public sector, the NHS included. For health and care organisations, the headline imperatives mentioned above, along with expanding and increasingly fluid boundaries, dictate the need for a range of digital capabilities.

At Cisco we recognise this digital vision and in July 2015 as part of our Country Digitisation Acceleration initiative, we announced a series of strategic commitments in the UK that will total $1Billion1. We believe that tighter alignment between business and technology, along with the ever improving capabilities offered by digital technologies present new opportunities for innovation and transformation of service delivery.

Our UK Healthcare team was established 17 years ago, and has a strong track record of issuing strategic guidance, most notably in December 2008 with the ‘Cisco Network Architecture Blueprint for NHS Trusts’. The blueprint advocated an architectural approach that directly links Information Technology (IT) investment with business and clinical priorities. It was first revised in 2011, and now we present the third edition which follows the very same principles, but responds to the needs of a modern ‘health and care’ system in a digital world.

We believe that following the guidance in this blueprint will inform your approach - from business planning through to technical delivery. Together we can deliver a digital strategy that truly underpins health and care transformation.

Terry Espiner – Client Director, UK Healthcare

1 Cisco Commits $1 Billion to Accelerate UK Digital Economic Growth - http://newsroom.cisco.com/press-release-content?articleId=1674284

4 Part 2: Architectures for Digital Transformation

Digital Strategy for Connected Health and Care

Contents

1. Introduction and Scope: Digital Technology as an Enabler ...................................6

1.1 The Scope and Purpose of the Blueprint .............................................6

2. Delivering Business Capability .....................................................................................7

2.1 A Summary of Business Requirements .................................................7

2.2 Business and Technical Capability Mapping .......................................8

2.3 Cisco’s Architectural Approach ..............................................................9

3. Delivering Technical Capability ..................................................................................11

3.1 The Emerging Technology Continuum ................................................11

3.2 Logical Architectures ..............................................................................13

4. Enterprise Networks .....................................................................................................15

4.1 The Transport Layer .................................................................................15

4.2 Mobility Services ......................................................................................21

4.3 End To End System Intelligence ...........................................................28

4.4 Network and Service Management .....................................................29

5. Data Centre and Virtualisation....................................................................................31

5.1 Converged and Hyper-Converged Infrastructure ............................31

5.2 Software Defined Networking ...............................................................36

5.3 Big Data ......................................................................................................37

5.4 Introducing Cloud Solutions ..................................................................38

5.5 Transforming Data Centres for Health and Care ..............................39

5.6 Building a Mode 2 (Agile) Cloud ...........................................................41

6. Security ............................................................................................................................43

6.1 Establishing Security Policy ...................................................................43

6.2 The Attack Continuum: Before, During and After .............................44

6.3 Before .........................................................................................................45

6.4 During..........................................................................................................47

6.5 After .............................................................................................................49

6.6 Security as a System ...............................................................................50



Contents

Important Notice

“The guidance provided in this report is of a generic nature and cannot be specific to your organisation or operations. Please contact your Cisco partner or Account Manager to discuss your specific requirements. The guidance is provided in good faith based upon reference materials sourced from the NHS, Department of Health and other health and care organisations up to the date of publication. Errors and omissions are excepted. No warranty is given or implied.”

© 2016 Cisco International Limited © 2016 Cisco Systems, Inc.

7. Collaboration .................................................................................................................. .51

7.1 Collaboration Platform Essentials ......................................................... .52

7.2 Call Control Environment ........................................................................ .53

7.3 Foundation Collaboration Applications ............................................... .54

7.4 Conferencing Services ............................................................................ .55

7.5 Collaboration Edge ................................................................................. .56

7.7 Mobility ...................................................................................................... .58

7.8 Service User and Public Contact .......................................................... .59

7.9 Application integration ............................................................................ .60

7.10 Delivery Models .................................................................................... .60

7.11 Interoperability ...................................................................................... .61

7.12 Reference Design .................................................................................. .62

8. Application Interoperability ......................................................................................... .63

9. The Built Environment .................................................................................................. .64

9.1 Sustainability and Energy Management .............................................. .64

10. Simplifying Software .................................................................................................. .66

11. Exploring New Delivery Models ............................................................................... .67

12. How Cisco Can Help .................................................................................................. .68



1 Introduction and Scope

1. Introduction and Scope: Digital Technology as an Enabler

The healthcare industry is ever changing. Worldwide, public and private sector healthcare organisations are working with partners to deliver integrated care, whilst at the same time giving patients greater choice of where they wish to be cared for. This shift towards ‘health and care’ means that established structure and processes will change as well, and digital technology must be seen as an enabler of that change.

Part one of this blueprint has discussed a range of business drivers for today’s health and care organisations. These drivers exist in three main areas:

• Operational excellence; • New models of care; • Building health and care communities.

In addition, we discussed digital strategy in a health and care context, and how such strategies can be developed using an architectural approach. Embarking on such a programme of work is a broad and complex undertaking, requiring stakeholder engagement, vision and operational knowledge.

When deployed strategically, digital technology is an enabler. It has the potential to allow organisations to collaborate – internally and externally; to connect people and ‘things’ regardless of geography; and to facilitate new ways of working that drive operational excellence and consequent efficiencies.

1.1 The Scope and Purpose of the Blueprint

This blueprint advocates that health and care organisations should adopt an architectural approach in the creation of their digital strategy. In simple terms this means that strategic technology investment planning begins with a comprehensive knowledge of the current and proposed future state of the organisation and the community in which it sits. The blueprint consists of two documents as follows:

Part 1: Landscape, Requirements and Digitisation (the companion document)

• Discusses the transition from healthcare to health and care; • Looks at the broader trends in health and care; • Describes how stronger business alignment is the key to successful technology adoption; • Advises on how to build a digital strategy; • Introduces enabling digital technologies.

Part 2: Architectures for Digital Transformation (this document)

• Details the architectural approach and provides a conceptual reference model that establishes the link between business and clinical priorities and the technology environment;

• Introduces logical architectures or ‘solution sets’ and shows how they help to address the business and clinical priorities;

• Provides reference technical architectures that may be used by IT professionals as a template for design in their own organisations – and with their health and care partners.

At its heart the blueprint establishes direct linkage between the business and clinical priorities, and the technology environment. The establishment of secure, robust and functional infrastructure is a platform for innovation.



2 Delivering Business Capability

2. Delivering Business Capability

Any strategic technology investment should be founded in the delivery of business capability. In some cases there will be a direct relationship such as investment in mobile devices to improve access to information. In other cases, the relationship may be more obscure such as investment in infrastructure. Regardless, each project should deliver a capability that supports the business.

When it comes to delivering a digital strategy, it is most important that all current and foreseeable business requirements are understood. This allows planners to take a much broader view, where for example an investment in a collaboration platform to help reduce length of stay, can also support improvements in the discharge and referral processes, bed management, Multi-Disciplinary Team working and many more.

In this section we determine a range of business requirements and demonstrate how to align these with the technology environment, helping to strengthen business cases for investment in technology.

2.1 A Summary of Business Requirements

Determining business requirements can be a complex task requiring the collation of multiple sources of information. These can range from Governmental, national, regional and local policies and business plans, through to interviewing of a wide range of stakeholders, both inside and outside an organisation.

Other considerations are the scope of ambition. For example, is the programme of work looking at a broad digital strategy for a health and care community covering multiple organisations, and crossing geographical boundaries? Or perhaps, it is more focused on a particular issue such as reducing length of stay.

At Cisco, we have worked with a number of NHS organisations, promoting stakeholder conversations to help build a business requirements definition. In order to demonstrate the level of knowledge required, we have listed some common themes.

Community and Mental Health

• Collaboration around the Care Programme Approach; • Support for early intervention initiatives; • Multi-site and multi-party clinical and leadership meetings; • Crisis line support; • Access to information and decision support for community teams; • Service user engagement; • Falls prevention and awareness; • Improved access for service users, e.g. Improving Access to Psychological Therapies (IAPT); • Release building costs – invest in shared community hubs.

Tertiary and Specialist Care

• Capacity management; • Improved referrals process; • Follow up care at a choice of the patient’s choosing; • Offer a presence and expertise in secondary care, i.e. franchise; • Develop patient communities; • Improving Quality of Life; • Improve workflow; • Business analytics and research; • Improve partnerships with Pharmaceutical organisations.




Secondary Care

• Introduce new systems of care; • Reduce length of stay; • Reduce numbers of unnecessary frail/elderly admissions; • Attract and retain talent; • Improve patient experience; • Automate processes; • Travel avoidance; • Establish high quality Multi-Disciplinary Team (MDT) working; • Operational efficiency – workflow, equipment availability etc.

In addition to the themes listed, there is of course an overarching drive towards integration and building communities of health and care. Hence, links to other agencies including Social Care will be ubiquitous, regardless of NHS organisation type. There will also be common themes that relate to all organisations such as financial sustainability, and many of the points covered will apply across different organisation types.

While the list is not intended to be exhaustive and it does not cover all aspects of health and care delivery, it serves as a representative sample of business concerns. Hence, it indicates the level at which planning should commence in the development of a digital strategy and subsequent IT programmes.

2.2 Business and Technical Capability Mapping

Having established the business requirements, attention must turn to the capabilities that are needed to support them. At this point it is important to consider re-use. In other words, if the intention is to deliver capability for one business use case, could it also be leveraged for others?

This approach demands a re-think of the way that digital technology is delivered. Rather than adopting a project-oriented approach of delivering a solution for a particular business requirement, the recommended alternative is to take a much broader view of all current and foreseeable objectives.

Figure 2.1 ‘Business to Technology Alignment’




Figure 2.1 shows a range of business use cases mapped to common technical capability. It demonstrates that projects should not be considered in isolation and that technology investments are often eminently re-usable.

The key to capability mapping is to understand areas of potential re-use and hence time and cost savings. For example, some organisations take a capital project-oriented approach, whereby improving the discharge and referral project might be a year 1 project. In year 2, funding for the modernisation of MDT facilities is approved. In some cases these projects will be considered in isolation, thereby missing the opportunity for re-use of investments made in the year 1 project. Hence, taking a more programmatic approach, considering all the projects together and establishing a range of capabilities that may be re-used is a much more cost-effective and efficient approach.

2.3 Cisco’s Architectural Approach

Cisco released the first version of this architectural blueprint in 2008 where we first revealed the Technical Reference Model (TRM) for NHS organisations. Using ideas sourced from well-known Enterprise Architecture frameworks such as TOGAF2 and Zachmann3, we presented a fairly simplistic reference model, but one that intuitively demonstrates the dependencies that business and clinical requirements place on digital technology. Eight years on, this third version of the blueprint reiterates the very same principles and presents an updated version of the TRM.

The TRM illustrates a conceptual architecture. Based on a set of contextual information, it offers a representation of an overall programme of work to implement the architecture including dependencies, with the prospect of prioritising individual projects to meet local business needs. It also provides a graphical representation of the available set of technology components and shows their inter-relation. In a series of layers, it clearly shows that the selection of products and solutions in the technology environment has a direct consequence on the capabilities that can be offered, which in turn support the business objectives.

Figure 2.2 ‘The Technical Reference Model’

A conceptual architecture can be used to gain agreement between internal authority stakeholders such as an Executive Board and to inform external stakeholders such as vendors and service providers. It can ensure that all parties are fully briefed and in agreement on the programme to be executed, secure in the knowledge that technology investment is tightly aligned to the aims of the business.

2 TOGAF (The Open Group Architecture Framework) - https://www.opengroup.org/togaf/3 Zachmann Framework for Enterprise Architecture - http://www.zachman.com/




The TRM allows users to quickly identify the dependencies in delivering any technology strategy and Cisco recommends the ‘Plan down, build up’ approach. With reference to the model in Figure 2.2 that means planning from the top downwards and then building in the upwards direction, hence establishing a robust functional platform, analogous to the foundations of a house. The key layers are:

• The Transport Layer providing the underlying wired and wireless IP infrastructure along with the key network services, such as security and Quality of Service (QoS), to create a converged IP infrastructure;

• The Core Services Layer providing intelligent network services, such as enhanced security or application acceleration, that are incremental to the transport layer, and deliver increased functionality;

• The ICT Services Layer incorporates embedded applications or service functions that reside within the network and support end-user functions, for example voice and video services;

• The Information and Software Applications Layer provides the end-user business and clinical applications that are directly available to users and considers the links to information repositories;

• The User or Service Contextual Layer that permits the architecture to represent the needs of a particular user or service.

Figure 2.3 ‘The Technical Reference Model in Detail’

Figure 2.3 shows the TRM populated with Cisco network, service and application offerings; however health and care organisations are encouraged to adapt the framework to suit their own environment.



3 Delivering Technical Capability

3. Delivering Technical Capability

In section 2.2, we discussed the alignment between business requirements and technical capability. The following sections of this document concentrate on provision of that technical capability. However, we must first consider emerging trends in the technology environment which will play a key role for health and care organisations in the future.

3.1 The Emerging Technology Continuum

Recent years have seen paradigm shifts in the way we consume technology. New smart apps have redefined the user experience, while a variety of Cloud4 models have impacted the Network Service Provider marketplace and opened up new consumption models. Looking forward, there are three significant technology trends that should become increasingly relevant for all organisations, health and care included.

3.1.1 The Internet of Everything

The Internet of Everything (IoE)5 is the networked connection of people, process, data and things. Every day, more and more things become connected to the Internet, enabling organisations to exploit a wealth of information. IoE includes three types of connections: machine-to-machine; person-to-machine; and person-to-person.

In the health and care sector, ‘things’ can be defined as alarms and sensors in the home, or medical devices and equipment in a hospital environment. When combined with the emergence of mobile health apps and wearable technologies, the availability of useful information grows exponentially. Subsequent benefits include:

• In-patient monitoring; • Independent living, chronic disease management and prevention; • Loss and theft prevention of assets; • Drug compliance;

Each of these use cases will provide either direct or indirect benefits to both clinical service delivery and operational efficiency. In addition, there may be further indirect benefits including travel avoidance, building management and fleet management, e.g. ambulances.

As we begin to connect the unconnected the opportunity for transformation grows, however security concerns are likely to increase, particularly around data privacy. Key to these concerns will be the approach taken by organisations holding private data. The NHS has a strong track record in protection of Personal Confidential Data (PCD). In future this will be increasingly important as citizens look for re-assurance that their data is safe. Robust data protection policies and effective communication to the public will be critical to maintain trust, and as things become connected, the network is the logical place to address security concerns.

4 Cisco Cloud Solutions – http://www.cisco.com/go/cloud5 Cisco Internet of Everything- http://www.cisco.com/go/ioe




Figure 3.1 ‘The Internet of Everything’

IoE should be central to every health and care organisation’s digital strategy and the following steps should be considered:

• Assess existing IoE capabilities; • Canvas business, clinical and IT staff to uncover opportunities for IoE; • Develop the IoE vision for the organisation – and across the health and care community as part of a

digital strategy.

3.1.2 Data and Analytics

As described above, IoE has the potential to capture significant amounts of valuable information. However, the value of data is perishable and the challenge is to harness that information – potentially from multiple sources – quickly determining business value.

Big Data6 is a term used to describe very large data sets which scale beyond the capabilities of traditional data processing. It is often associated with the three ‘v’s, namely velocity, volume and variety – which refer to the dimensions that must be considered. However, Big Data is just one example of the proliferation of data around us. Other sources include Cloud services, data warehouses, IoE devices and traditional enterprise applications.

Cisco Data Virtualisation7 is agile data integration software that makes it easy to access data, no matter where it resides. As this data is correlated, analytics platforms can overlay business intelligence solutions to provide insights such as historic trends and geographic coincidences. In addition, analysed data can provide more comprehensive information for clinical decision support, such that a treatment plan may be adjusted for better clinical outcomes.

Other use cases may include: health and social care integration; population health management; clinical trials; genomics; and an alternative approach to traditional data warehousing.

Data Virtualisation is covered in more detail in section 5.3.

6 Cisco Big Data Solutions - http://www.cisco.com/c/en/us/solutions/data-center-virtualization/big-data/index.html7 Cisco Data Virtualisation - http://www.cisco.com/web/services/enterprise-it-services/data-virtualization/index.html




3.1.3 Automation

The final emerging technology for consideration is programmability and automation. As the value of data is captured it informs decision-making processes, with the potential for those decisions to be invoked automatically throughout infrastructure and services.

There are already good examples of automated processes that we all access as consumers such as self-service ordering from Internet sites, where the delay between order and delivery can be a matter of minutes. Automation is now moving through infrastructure, the Cloud and the application layer as speed and agility become critical.

Most organisations will start at an infrastructure level, with an emphasis on DataCentre automation. Here, policy-based approaches can simplify management and enable a consistent provisioning and orchestration experience. Progression towards automation in the Cloud includes comprehensive Platform as a Service (PaaS), Software as a Service (SaaS) and Infrastructure as a Service (IaaS) solutions.

3.2 Logical Architectures

Having established the business case for strategic investment in digital technology, the next stage must be to consider how each solution set responds to the identified business needs.

At this stage, the emphasis is on defining the solution sets and their relationship to each other and this should also include consideration of the emerging technologies discussed earlier in this section. As shown in figure 3.2, Cisco’s solution sets are categorised into four sub-groups:

• Enterprise Networking; • DataCentre/ Virtualisation; • Security; • Collaboration.

Figure 3.2 ‘Identifying Solution Sets’




This logical view demonstrates the relationship between the sub-groups. It can be seen that the Enterprise Networks, Security and DataCentre/ Virtualisation architectures collectively form the Service Delivery Platform (SDP). The SDP provides a robust, feature-rich and highly secure platform, delivering the necessary capabilities for upper layer services, ensuring that overlaid solutions and applications can be deployed with confidence.

The Collaboration architecture sub-group provides the user facing capability including voice, video and collaboration tools that deliver business capability against many of the use cases cited earlier in section 2.

In the following sections, Cisco’s four logical architecture sub-groups are examined in more detail, including best practice reference diagrams that should aid health and care IT professionals as they plan for digital transformation.



4 Enterprise Networks

4. Enterprise Networks

Enterprise Networks is a term used to describe a collection of technologies that together offer a consistent and unified infrastructure platform. When considering the ‘Plan down, build up’ concept described earlier, Enterprise Networks is concerned with building the robust, secure and functional platform, upon which everything in the upper layers of the TRM sits. Hence, correct definition and deployment of underpinning infrastructure is critical in order to mitigate the risk of failure to business projects that are dependent on technology.

Enterprise Networks are built with infrastructure components such as routers, switches and wireless mobility products, and their associated capabilities.

4.1 The Transport Layer

Delivering digital strategy through technology must begin with the transport layer. It can be considered analogous to the roads in a public transport system: we use cars, lorries and buses as applications that are wholly dependent on the platform of roads with intelligent features such as traffic lights and prioritisation lanes.

In the same way, the transport layer provides the foundation of all connectivity. As more applications in the form of data, voice, collaboration and video are placed on infrastructure, its operation becomes increasingly critical in a health and care environment. Given these dependencies and the ubiquitous nature of infrastructure, care needs to be taken to ensure that it is appropriately designed and configured. It is therefore clear that the transport layer should be designed with all current and future priorities in mind, such that it can be designed and built once for re-use for as long as is reasonably foreseeable. The transport layer template should be:

• Flexible: to effectively support a wide range of services and devices; • Resilient: removing single points of failure, ensuring high availability; • Adaptable: allowing for inevitable changes in the investment lifetime; • Secure: providing appropriate data confidentiality, integrity and availability - meeting governance

standards; • Feature rich: where appropriate to support prioritisation and sensitive media; • Cost effective: measuring value rather than capital cost.

Depending on requirements a range of different technologies can be used to deliver such a platform. For large campus sites Ethernet is still the preferred technology for Local Area Networks (LANs)8, although wireless LAN technologies continue to gain significant traction. Ethernet provides a flexible platform supporting high bandwidth and functionality over both copper and fibre infrastructure and is also a key component of the Data Centre.

Wireless LAN enables true mobility in the campus with the added ability to offer pervasive access to the network, hence offering location independence. Contemporary handheld devices that are now commonplace in health and care environments, such as tablets or smart phones depend on wireless connectivity. Most importantly, LAN and wireless technologies should be delivered in a ‘unified’ manner to ensure a seamless user experience.

Between locations a broad range of Wide Area Network (WAN)9 technologies can be used, based on requirements, cost and availability. For fixed locations a variety of dedicated and shared business services can be used. For mobile users, the increasing ubiquity of the Internet coupled with Virtual Private Network (VPN) technologies has opened up new possibilities for mobile and remote working.

8 Cisco LAN Solutions - http://www.cisco.com/c/en/us/products/switches/index.html9 Cisco WAN Solutions – http://www.cisco.com/c/en/us/products/routers/index.html




4.1.1 Campus Networks

Network design is perhaps the most critical aspect of any campus infrastructure. Its role as the foundation for the technology environment means that poor design can have catastrophic implications for any organisation. It’s therefore most important that best practice network design principles are followed with a hierarchical model that supports optimal availability, scalability and management. Throughout the network, intelligent services provide support for the applications which in turn support the business.

This hierarchical design approach has a number of benefits for the designers and operators of the network. It enables a network to be deployed in a predictable manner, capacity planning to be undertaken, and the role of each network component to be defined and optimised. It also ensures consistent network performance, with all users and applications awarded a known level of service that can be verified and engineered as required. With appropriate tools and protocols in place, a hierarchical design also supports faster re-convergence in the event of topology changes.

The traditional three layer model is described below.

The Core Layer of the network is primarily concerned with interconnecting distribution switches and/or wiring closets as well as the application servers, either in a local or remote Data Centre. The core is aware of QoS markings, and honours security policies enabling or preventing communication as appropriate.

High availability is a key requirement of the core layer as failure can have significant impact on the wider network with subsequent business impacts. It is therefore essential that core layer is designed with appropriate resilience, normally achieved by providing multiple core switches working together. It is also recommended that edge devices are connected to multiple core switches to benefit from core layer resilience.

Co-location of core switches should be avoided where possible in order to minimise the risk of simultaneous failure due to issues in the operational environment, such as power, cooling or some other catastrophic event. Separating the core switches also forces fibre runs to be diversely routed, offering added protection against simultaneous cable failures due to accidental damage.

Today it is possible to treat core switches as a single distributed system using Multi-Chassis Etherchannel (MEC) offering the following benefits:

• Simplified configuration; • Increased capacity (all links forwarding); • Rapid failover and recovery (with no need for protocol tuning); • Limited impact failures – small re-convergence domain.

Normally such an approach is designed with a pair of core switches. Further increasing the number of switches has little benefit in terms of resilience but does increase the number of connections and complicates management. Solutions with more than two switches are therefore normally reserved for Data Centre environments where they are required to scale bandwidth.

When selecting core switching platforms from Cisco’s Catalyst10 portfolio it is important to consider scalability. In addition, attributes such as interface count, buffering capability and traffic flow reporting (e.g. Netflow11) should be taken into account.

10 Cisco Catalyst Switch Range - http://www.cisco.com/c/en/us/products/switches/index.html11 Cisco IOS Netflow – http://www.cisco.com/c/en/us/products/routers/index.html




The Distribution Layer aggregates nodes from the access layer, protecting the core from high-density peering. Additionally, the distribution layer creates a fault boundary providing a logical isolation point in the event of a failure originating in the access layer. Again, co-location should be avoided where possible, and the use of diverse fibre paths encouraged, mitigating failures in the operational environment.

Distribution switches are typically compact versions of core switches, providing a range of interfaces and software capabilities. However, the relatively small number of interfaces required on the distribution switch also allows semi modular or even fixed configuration switches to be used, offering flexible deployment options where space is limited.

Where possible, access switches should be dual homed to two distribution switches using MEC, these being in different physical locations. Distribution and core switches usually perform routing functions and features such as Equal Cost Multipath (ECMP) which can be used to ensure best use is made of multiple links between the distribution and core layers. It also supports fast, deterministic convergence in the event of a link or node failure.

The Access Layer is where users and end stations access the network and is therefore the optimal point at which to perform identification and set policy.

Access switches come in a range of form factors, including modular chassis’, stackables and fixed configuration switches. Co-located fixed form factor switches can provide administration challenges where each switch must be individually managed and must also have dedicated links to the core or distribution, thereby increasing interface and cabling requirements. To overcome these challenges, chassis or stackable switches can be deployed, allowing hundreds of interfaces to be managed as a single logical device.

Chassis based switches achieve this by supporting multiple line cards in a single unit, whilst stackable solutions support shared configuration and cross-stack management. This enables a flexible ‘pay as you grow’ deployment model ensuring optimum use of available rack space and budget.

In a model copied from Data Centre design, access layer switches can be considered as remote line cards of the core or distribution switches to which they are connected. This model reduces the number of management touch points while the features of the highly functional core devices are available at all edge interfaces.

As mentioned earlier, each edge network entity should be dual homed (to the core or distribution layer depending on design) and uplinks should be distributed across different switches in a stack, or uplink modules in a chassis. Where possible, co-located users or end stations should be served from different switches or line cards, thereby ensuring that any failure does not isolate a given area or department.

Redundant power supplies can be included for some switches, while others can be supported by external redundant power supply units. Some advanced stackable switches also allow power supplies to be shared for resilience.

Access switches can also provide inline power to connected end devices, typically wireless access points, and IP phones. The IEEE 802.3at standard supports up to 30 Watts per port, while Cisco’s Universal Power over Ethernet (UPoE) offers up to 60 Watts per port. This increase in power output has allowed new device types to be powered from the network.

Despite Gigabit speeds being commonplace in the access layer, this can still become a bottleneck in some cases. Emerging wireless technologies such as the ‘802.11ac wave 2’ standard allow a single Access Point to support over 1Gigabit Ethernet (GbE), hence potentially over subscribing the access switch bandwidth. It is therefore important to plan according and be aware of emerging technologies such as N-BaseT technology delivering speeds beyond 1GbE on existing Category 5e cables.




As mentioned previously, the access layer is the best place to invoke policy, for example:

• Limiting undesirable traffic; • Blocking spanning tree Protocol Data Units (PDUs); • Limiting excessive multicast (and broadcast) traffic; • Quality of Service policy; • Traffic capture for flow analysis and planning (Netflow).

Edge switches can also automatically adapt to network requirements. Protocols such as the Link Layer Discovery Protocol – Media Endpoint Discovery (LLDP-MED) and Cisco Discovery Protocol (CDP) allow a switch port to learn the type of device connected to it, and adapt accordingly. For example, voice virtual LAN (VLAN) and associated QoS markings are only configured if a phone is attached. These capabilities avoid the need for human intervention and ease the burden of configuration.

The access layer is also the logical place for device posturing. For example, does the connected device belong to the organisation, a partner, a visitor or is it a rogue? Does the device meet organisational policy, i.e. is the appropriate anti-virus software installed, and are its signatures up to date? The ability to implement this type of posturing can be administered using an external policy engine that can also be used to adapt network characteristics based on the identity of the user. As health and communities evolve and office space is shared between organisations, this feature will be increasingly relevant.

Discussions around IP addressing are out of scope for this document, however it is worth noting that the emergence of IoE will place added pressure on an already exhausted IPv4 address space. Cisco recommends that all organisations consider the implications of address exhaustion and hence plan for IPv6, a task that may become more important depending on succession plans for the national network, N3. Despite the fact that few health and care organisations have actively deployed IPv6, many operating systems enable it by default. This can create security vulnerabilities around the edge of the network, but modern edge switches have the ability to filter and control traffic such as rogue router announcements and fake DHCP replies.

4.1.2 Campus Design Templates

Whilst this document offers best practice advice, we fully appreciate that the reference designs may need to be adapted to take into account real world physical constraints such as cabling routes and constraints around equipment location. As such it is important to note that the templates offered below are not prescriptive, but we advise that modifications be minimised where possible and that the impacts of variation are carefully considered.

Figure 4.1 ‘Small/Medium Campus Care Environment’




An example of a hierarchical campus care network for small/ medium organisations is shown in Figure 4.1. Each of the wiring closets has two pairs of resilient links connected directly to the core switches in order to maximise redundancy, commonly referred to as a “collapsed core” design. The failure domain can be restricted to a single wiring closet minimising any wider network impacts and improving overall availability. The core provides onward connectivity to local and/or remote data sources. It is recommended that dedicated devices are used for WAN connectivity and Data Centre operations, allowing simplified core configuration and management.

Figure 4.2 ‘Large Campus Care Environment’

In some cases there may be a requirement for a more scalable design, and here the traditional three layer model with dedicated core, distribution and access layers is recommended, as shown in Figure 4.2.

The access switches are resiliently connected to the distribution layer where traffic is multiplexed onto a small number of links and forwarded to the core. This reduces the number of core interfaces required and the number of flows to be supported. In addition, the distribution layer provides a layer three fault boundary and can be used to offload first-hop redundancy features from the core. Distribution layers may also be used to overcome issues such as fibre exhaustion or as an intermediary layer where physical distance is an issue.

One issue that should be considered carefully is the ever increasing need for bandwidth. 10GbE is becoming increasingly popular, but in any upgrade programme, care should be taken regarding the capacity of existing cabling. In such cases the introduction of a distribution layer may ease concerns.




4.1.3 Wide Area Networks

Over the last 10 years, many NHS organisations have relied on the N3 national network service for their Wide Area Networking (WAN) needs. Others have used private Community of Interest Network (COIN) approaches and more recently some have joined Public Sector Networks (PSN). These managed service offerings have reduced demand for self-built WAN services other than through the provision of secure overlays. As discussed in section 11, the future is still uncertain. The N3 contract is nearing its end, and it remains to be seen if NHS organisations – along with other health and care partners – will have to pay more attention to WAN technologies and the capabilities they offer, whether self-provisioned or managed.

Basic Connectivity: Of most importance is the ability to correctly identify traffic in order to segregate and secure the transport layer appropriately. The traditional method is the use of IPSec tunnels that can be used to encrypt traffic between sites, securing communications by building a Virtual Private Network (VPN). The flexibility of this approach can be improved by incorporating Generic Routing Encapsulation (GRE) tunnels, allowing the transport of routing protocols providing resilience in the event of failure. This approach is a suitable method where a small number of sites need to be interconnected (see Figure 4.3).

As the number of sites increases, the number of IPSec tunnels increases accordingly. Each tunnel has to be configured individually, increasing the load on the router and of course creating a management overhead. Ideally all sites would be interconnected in a “full mesh” deployment, however in order to reduce the management overhead associated with the number of tunnels, it is common to deploy a “hub and spoke” design. Unfortunately, this has a loading implication on the hub router, and results in suboptimal traffic flows.

Figure 4.3 ‘Site to Site IPSec VPN’

Dynamic Multipoint VPN (DMVPN) is a technology designed to overcome the challenges highlighted above through the use of multipoint GRE (mGRE). With mGRE, routers dynamically create secure tunnels to any other location when required and tear them down when not needed. This approach allows a large, secure WAN to be deployed with optimal traffic flows, while minimising the management overhead and any implication on hardware resources.




Intelligent WAN (IWAN)12 allows multiple WAN links to be established from any location, whereas application optimisation ensures traffic prioritisation. Application Visibility and Control (AVC) allows applications to be identified; while Performance Routing (PfR) allows traffic to be optimally distributed across multiple links. DMVPN assures data privacy regardless of the underlying WAN transport.

IWAN ensures the best use of available WAN resources, and in some cases Internet access may be suitable as a transport medium. IWAN also enables the use of previously dormant backup links. This flexible offering enables the use of Internet bandwidth, whilst perhaps reserving main WAN connections for critical services – all determined through policy management.

Figure 4.4 ‘Intelligent WAN (IWAN)’

4.2 Mobility Services

Consumer appetite for information on the move has resulted in an explosion in the number of connected mobile devices. This trend has moved into the business world and health and care organisations have seen similar demands from their staff – as well as patients and visitors. In response, many have invested in wireless LAN infrastructure, facilitating secure access from multiple device types with incremental functionality, such as:

• Mobile access to clinical information; • Improved collaboration through the integration of Unified Communications and wireless; • Guest wireless access for patients and visitors; • Reciprocal wireless access between the NHS and other partners; • Location Services solutions:

ο Tracking and identifying the location of clinical equipment; ο Identifying the nearest required skill such as porter, nurse etc.; ο Temperature monitoring of clinical fridges; ο Patient safety; and staff safety (such as tracking lone workers); ο Tracking to support equipment maintenance.

12 Cisco Intelligent WAN (IWAN) - http://www.cisco.com/c/en/us/solutions/enterprise-networks/intelligent-wan/index.htm




In addition, the advent of IoE has seen a rapid increase in ‘things’ becoming connected. For example, wearable devices including smart watches, health and fitness trackers, health monitors and other “sensors” - have the ability to communicate using technologies such as wireless LAN and Bluetooth.

These trends have placed increasing dependence and demand on wireless infrastructure whether for application data, communications or simple Operating System updates. In order to respond, wireless capabilities have also improved rapidly, both in terms of performance and functionality. The IEEE 802.11ac standard represents a faster and more scalable generation of wireless access with Gigabit Ethernet support. It significantly improves the number of clients supported by an Access Point (AP), the client experience and the available bandwidth for a higher number of parallel video streams.

As the demand for bandwidth and capability increases it is critical to define the underlying wireless infrastructure correctly – and in accordance with the foreseeable objectives of the organisation.

4.2.1 Centralised Wireless LAN

Wireless LAN13 design has evolved over the last decade and in recent years the centralised approach has emerged as the most widely adopted design model in campus settings. The benefits of a centralised approach include:

• Simplified configuration and control using ‘Controllers’; • Simplified operational management by collapsing large numbers of managed AP’s into a single

managed system; • ‘Lightweight’ AP’s that can’t act independently of the Controller; • Centrally controlled security policies, QoS policies, Radio Frequency (RF) management and mobility

management.

Figure 4.5 ‘Wireless Overlay”

Figure 4.5 shows the components of a centralised wireless architecture overlaid on a campus infrastructure. The Wireless LAN Controller (WLC) may be either a standalone appliance or a module located in a network switch. APs connect to a Controller using the Control and Provisioning of Wireless Access Points Protocol (CAPWAP), having two primary functions:

13 Cisco Wireless LAN Solutions – http://www.cisco.com/go/wireless




• The control and management of APs; • The tunnelling of WLAN client traffic to the Controller when provisioned in centralised mode.

4.2.2 Converged Access

With an alternative approach known as Converged Access, the controller function is distributed to the edge of the network and is integrated into an edge switching platform supporting integrated wired and wireless functionality where the APs and CAPWAP tunnels are terminated directly on the switch.

Figure 4.6 ‘Converged Access’

As shown in Figure 4.6, this approach offers a range of benefits including:

• A high level of visibility; • Consistent policy across wired and wireless networks; • Improved performance addressing the demands of high wireless density, bandwidth hungry video

applications, and highly intensive smartphone applications.

4.2.3 Alternative Deployment Models

In addition to the centralised and converged approaches, Cisco also provides other deployment modes for wireless infrastructure to meet certain use cases.

Mobility Express14 is a deployment mode where no external Controllers are used. It supports up to 25 APs and 500 concurrent clients per Mobility Express instance and no license is required. Mobility Express brings several advantages including simplified AP image management; radio resource management; layer two mobility with key caching; and a web-based user interface with best practice settings enabled by default.

FlexConnect15 is a deployment model that supports wireless APs in a branch or remote site through a WAN link without the need for a controller at each site. APs in this deployment mode can switch client data traffic locally and perform client authentication locally if desired. Traffic can also be sent back to the centrally located wireless controller on a dynamic basis based on requirements.

14 Cisco Mobility Express - http://www.cisco.com/c/en/us/solutions/enterprise-networks/mobility-express/index.html15 Cisco FlexConnect - http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/configuration-guide/b_cg81/b_cg81_chapter_010010001.html#ID17




Cloud Wireless Networking (Meraki)16 provides a core management and monitoring system without having to dedicate resources to the task of maintaining the management system itself. Network-wide visibility and control is possible with no on-site controller hardware. An added benefit is that the dashboard is Cloud based, allowing access from anywhere worldwide. Due the its multi-tenant capabilities and simple management interface, it has been popular as a solution for small sites such as GP Surgeries. The Meraki solution consists of dedicated APs, switches and security solutions.

4.2.4 Location Services - Context Aware

An area of concern for health and care organisations today is the management of key assets. Using Radio Frequency Identification (RFID) tags, asset tracking solutions can be overlaid on wireless networks. This technology enables health and care organisations to reduce inefficiencies associated with equipment utilisation, patient care and safety, staff productivity and financial loss.

APs forward information to wireless LAN controllers regarding the detected signal strength of wireless LAN clients, asset tags, rogue APs or rogue clients. The collected signal strength information is then aggregated and then sent to the location engine. A location-enabled management platform provides the user interface. Figure 4.7 shows a location aware unified wireless network overlaying the campus network.

Figure 4.7 ‘Location Services Architecture’

Connected Mobile Experiences (CMX)17 offers the ability to locate clients, while also engaging them via a captive portal. The portal gives mobile users access to on site wireless LAN, while also providing context aware service for patients, staff and visitors. It supports location awareness so that people may be guided through an organisation with improved wayfinding information. Meanwhile, the rich analytical information that can be gleaned offers an insight into how people move around the organisation, hence ensuring the optimum use of space and better designed floorplans.

Healthcare Mobile Application Development: Building on the location services solutions described above, many organisations are looking to create, deploy and manage mobile experiences across multiple channels including captive portals, web-based and native mobile apps. Cisco’s Enterprise Mobility Services Platform (EMSP)18 uses context-aware data, such as location, and user profile information to deliver personalised experiences that engage people on their

16 Cisco Meraki - https://meraki.cisco.com/17 Cisco Connected Mobile Experiences (CMX) – http://www.cisco.com/go/cmx 18 Cisco Enterprise Mobility Services Platform (EMSP) – http://www.cisco.com/go/emsp




mobile devices. Hence, EMSP allows health and care organisations to build mobile applications that can assist in all types of patient and visitor flows using real-time data.

Wireless Beacons - Bluetooth Low Energy (BLE): The emergence of beacons for indoor location technology has created a lot of interest regarding potential use cases in health and care environments. Beacons (based on BLE) function as an indoor positioning system and allow organisations to proactively engage with users of smartphones and other devices. The sensors can be placed around an organisation and mobile devices can pick up the BLE signal and determine its proximity. This makes them particularly suitable for location and wayfinding services when combined with a suitable app, however they should not be seen as replacement technology for wireless LAN location services which has a much broader set of use cases. As a guide, wireless LAN provides employee and guest connectivity as well as general location services for use cases such as asset tracking – along with location analytics. Beacon technology should be considered when using apps to enhance the patient and visitor experience.

Cisco’s CleanAir19 functionality (see section 4.2.9) helps overcome challenges associated with Beacons including interference, overlap and rogue devices.

In a healthcare setting, BLE can also be used when paired with low energy devices, such as cardio monitors and temperature monitors supporting more accurate asset identification.

Hyperlocation is an ultraprecise location solution that combines wireless LAN and Bluetooth Low Energy (BLE) technologies to pinpoint beacons, assets and personal mobile devices. Cisco Hyperlocation20 can track a device with up to one metre accuracy and improve the speed of tracking.

4.2.5 Unified User, Access and Identity Management

Cisco Prime Infrastructure (PI)21 offers converged user access and identity management with complete visibility of endpoint connectivity, regardless of device, network or location. PI also provides monitoring of endpoint security policy through integration with Cisco Identity Services Engine (ISE)22.

ISE supports the provisioning of applications securely and reliably across wired, wireless and VPN environments. This helps to simplify operations and is particularly suitable where consumer devices are used in a workplace setting. ISE also helps to gather real-time contextual information from the network, users and devices and supports policy enforcement across the network infrastructure.

4.2.6 Guest Access Solutions

Health and care is an increasingly mobile workplace requiring ubiquitous network connectivity and access to critical business and clinical applications. Isolating part of the wireless infrastructure to offer Guest Access allows mobile caregivers, clinicians and consultants from partner organisations to gain connectivity to their ‘home’ organisation using VPN technology. Meanwhile Internet access for patients and visitors can also be securely provisioned.

Figure 4.8 shows a typical guest access deployment. Once the guest has a username and password and opens a browser, they enter credentials that are recognised by the wireless LAN controller and assigned to the ‘Guest’ VLAN. The guest traffic is encapsulated in a tunnel to the ‘anchor controller’ in the De-Militarised Zone (DMZ) and subsequently routed as appropriate but always separated from the organisation’s network. Once the guest user’s credentials expire, access to network resources is terminated.

19 Cisco CleanAir - http://www.cisco.com/c/en/us/solutions/enterprise-networks/cleanair-technology/index.html20 Cisco Hyperlocation - http://www.cisco.com/c/en/us/products/collateral/interfaces-modules/aironet-hyperlocation-module-advanced-security/datasheet-c78-734901.html21 Cisco Prime Infrastructure – http://www.cisco.com/c/en/us/products/cloud-systems-management/prime-infrastructure/index.html22 Cisco Identity Services Engine (ISE) – http://www.cisco.com/go/ise




Figure 4.8 ‘Guest Access Services’

ISE can also provide guest access provisioning and accounting. In certain deployment scenarios, there may be a need for a separate guest provisioning appliance to facilitate the creation of guest accounts, management of guest access policies, and reporting for guest network use.

Reciprocal Wireless Access offers secure roaming between trusted third-party networks. It enables secure tunnelling of information to an anchor controller in the user’s own organisation network. Sample use cases include a mobile NHS professional working at another NHS site, or perhaps roaming between the NHS, local authorities and universities. It is essential of course that all information governance considerations are taken into account along with central guidance. Cisco would be pleased to assist any organisation considering such a solution.

4.2.7 Voice over Wireless LAN

Section 7 discusses the collaboration architecture in detail, but it is important to consider how voice can be supported across wireless infrastructure. Voice over Wireless LAN (VoWLAN) supports a highly mobile workforce meeting the demands of a health and care environment. With careful planning it also offers a feature-rich alternative to traditional paging systems.

Note: When using Wireless LAN based solutions for Pager Replacement, full understanding of the 802.11 environment and its characteristics are essential. Robust back up policies/ systems are advised and should be considered.

High availability and quality are the main considerations of any VoWLAN deployment and a consistent, reliable service must be provisioned throughout the estate. Key considerations include:

• Bandwidth: the coding type (codec) used and the associated bandwidth demands; • Quality of Service (QoS): prioritisation of voice traffic to mitigate factors such as packet loss, jitter

and delay; • Roaming: fast roaming algorithms to enable smooth transition for Wireless LAN clients from one AP

to another.




4.2.8 Secure Wireless LAN

The wireless network should be treated as another access method adhering to the same principles as the wired network, hence requiring an understanding of the wireless network itself, what it will be used for and the level of access control required. The level of security offered will depend upon each organisation’s differing requirements but consideration should include:

• Authentication - using standards based or well-known protocols such as IEEE 802.1X, Extensible Authentication Protocol (EAP) and Remote Authentication Dial In User service (RADIUS);

• Encryption – using standards based solutions known as WiFi Protected Access (WPA2). At the time of writing the recommendation is to use Advanced Encryption Standard (AES) with WPA2.

The ever increasing use of mobile devices and hence, wireless networks in health and care settings has dictated a need for comprehensive wireless threat detection, mitigation and prevention. The Cisco Adaptive Wireless Intrusion Prevention System (IPS)23 employs network analysis and signature-based techniques to deliver protection against rogue APs and clients, network reconnaissance, eavesdropping, authentication and encryption cracking, man-in-the-middle attacks, wireless Denial of Service (DoS) attacks and Day Zero unknown attacks. The system also provides proactive threat prevention via automated wireless vulnerability and performance monitoring, which persistently scans the wireless network to mitigate issues before they arise.

4.2.9 Spectrum Intelligence

The earliest wireless networks were often designed as an added convenience with a best effort level of performance deemed acceptable. These networks have now matured to the point that they are deployed for many different applications in health and care. Today’s wireless networks are therefore expected to run with very high reliability and it’s no longer acceptable to have unexpected downtime due to interference. Cisco’s CleanAir solution addresses this challenge and has two principle components:

• Spectrum intelligence (SI) is data about Radio Frequency (RF) spectrum activity derived from advanced interference identification algorithms. Spectrum intelligence provides visibility into all the users of the shared spectrum;

• Spectrum management (SM) is the active use of spectrum intelligence data to improve performance. Information about the severity and duration of interference can be used to calculate its impact on the network and to troubleshoot problems.

CleanAir provides IT staff with access to rich spectrum information that is automatically gathered on every non-802.11 interference source and enables the network to address these issues automatically.

4.2.10 Air Time Fairness

Traditional, wired implementations of QoS regulate egress bandwidth. With wireless networking, the transmission medium is via radio waves that transmit data at varying rates and it therefore makes more sense to regulate the amount of airtime needed to transmit frames.

Air Time Fairness (ATF)24 is a form of wireless QoS that regulates downlink airtime where clients can be allocated some fixed percentage of the total bandwidth of the wireless network. The wireless controller is used to configure the feature and display results with the majority of the work involved for ATF takes place on the APs.

23 Cisco Adaptive Wireless IPS - http://www.cisco.com/c/en/us/products/wireless/adaptive-wireless-ips-software/index.html24 Cisco Air Time Fairness - http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/configuration-guide/b_cg81/b_cg81_chapter_010100100.pdf




Figure 4.9 ‘Cisco AirTime Fairness’

4.2.11 Small Cell Technology

A frequent challenge for hospital settings is the lack of suitable 3G and 4G mobile signal for patients, staff and visitors – a potentially serious problem when professionals are dependent on mobile phones as a primary mode of contact. Signal weakness or unavailability is very often due to construction techniques or simply the size of the building. These challenges have led many organisations to investigate the use of small cell technology25.

Cisco 3700 APs support the attachment of a small cell module, effectively extending the reach of the mobile network inside the building. There are three technology components in the Cisco small cell solution:

• The radio engineering in each Cisco Universal Small Cell (USC) AP has local self-optimising network capability. This allows each AP to discover its neighbours and respond in real time to radio conditions;

• It can take advantage of existing power, real estate and backhaul provided through the enterprise wireless LAN infrastructure;

• Cisco small cells are activated with the specific configuration of the organisation’s selected mobile operator.

4.3 End To End System Intelligence

The approach to end to end system configuration has matured over time. From the command line method of individual device configuration to network management systems, the ease of use and capability has improved as vendor solutions have developed. Other improvements have been seen in the area of policy management. For example, it is possible to use IEEE 802.1x to provide per-user or per-group identification. This dynamic approach ensures the device configuration and access control meets the pre-determined policy for the connected user or device, hence reducing the management overhead and ensuring consistency.

25 Cisco Universal Small Cell Solution - http://www.cisco.com/c/en/us/solutions/service-provider/small-cell-solutions/index.html




TrustSec26: A similar method is used to for security configuration end to end using TrustSec. In this model the user is identified by a Security Group Tag (SGT). Appropriate access controls for that user are defined for a SGT rather than the traditional, more manual process of configuring VLAN information, IP addressing and Access Control Lists (ACLs), hence dramatically simplifying configuration. TrustSec is explained in more detail in section 6.3.

Software Defined Networking (SDN): The concept of SDN emerged in the Data Centre where established orchestration tools respond to service need. Today there are also examples of SDN principles being used in campus networks. For example, in wireless networking, the very size of a typical hospital estate makes autonomous configuration of each AP impractical and controllers are used to configure individual APs based on user requirements and prevailing conditions (RFID environment) without intervention.

More general models are now being developed for the LAN and WAN with an emphasis on end to end service delivery. For example, SDN tools can be used to implement policy, configuring the appropriate network settings end to end. Not only does this reduce configuration errors and inconsistencies, the speed of deployment is also significantly improved from perhaps days or weeks to minutes.

Another example might be an IP video platform request for bandwidth between systems to support an MDT meeting. The request is made via an open Application Programmable Interface (API) to a SDN controller which instructs the network to provide resources for the call, which are then released when the call is over. The key is having a controller which has the ability to manage configuration changes to network elements such as ACLs and QoS policy, complementing traditional network management platforms.

The SDN APIs provided may also allow customisation by partner applications to allow for specific deployment needs. Other uses include support for:

• Orchestration tools in the Data Centre to co-ordinate application deployment from the server through the network to the end user;

• Reconfiguration of the network to support disaster recovery solutions; • The network to dynamically react to security threats detected by 3rd party applications, to prevent

spread and reinfection of malware.

SDN in the Data Centre is discussed in greater detail in section 5.2.

4.4 Network and Service Management

In health and care, the importance placed on the availability of information is clear and the performance of the underlying infrastructure and the applications which use it should be considered critical. Traditional approaches to Network Management have centred on the Simple Network Management Protocol (SNMP). Whilst SNMP is very good at reporting basic statistics around device availability and performance, there are other considerations.

Technologies such as Netflow and Network Based Application Recognition (NBAR) focus on traffic flows within the network. By exporting this data from switches and routers to a Network Management application, administrators gain visibility into the applications in use on their network. By understanding traffic flows and patterns on the network, fine tuning can be performed and future upgrades are better informed.

26 Cisco TrustSec - http://www.cisco.com/c/en/us/solutions/enterprise-networks/trustsec/index.html




4.4.1 Cisco Prime Infrastructure

The foundation of every network infrastructure is composed of LAN, WAN and wireless domains. Visibility and control of the infrastructure are essential to ensure proper operation of the network as it evolves. Cisco Prime Infrastructure (PI) simplifies the management of wired and wireless networks from the branch office to the Data Centre. It offers simplification and automation of configuration tasks, while also taking advantage of network intelligence. During the deployment phase, it helps reduce manual effort as well as the risk of misconfiguration. In operational mode, future configuration changes can be written, tested and approved in a lab environment before being made available in the form of templates to be deployed across the production environment. Adopting PI for management offers:

• Improved operational efficiencies: Reduce network errors, expedite troubleshooting and improve the delivery of services;

• Reduced operating expenses: Speed deployments and reduce training requirements with easy-to-use tools;

• Lower capital expenditures: Optimise network investments through converged management and integration.



5 Data Centre and Virtualisation

5. Data Centre and Virtualisation

It’s perhaps true that since the last version of this blueprint was produced, the biggest technological advances have been made in the Data Centre. That time has also seen changing attitudes and adapted processes in pursuit of agility and flexibility when provisioning business services. Cisco’s response to these transitions is a technical blueprint known as Fast IT27, as shown in Figure 5.1. It enables Data Centre infrastructure to be adaptable, fast and secure through the use of automation and orchestration elements. It also unifies compute, storage, networking, virtualisation and management solutions into a single infrastructure that:

• Reduces complexity and operational costs; • Create capabilities and services that add real value to the business, while protecting investments; • Respond to threats intelligently and dynamically.

Figure 5.1 ‘Cisco Fast IT Reference Model’

Fast IT equips health and care organisations to exploit emerging technology trends such as IoE, Big Data, Mobile/Cloud-aware Applications and Cloud consumption models.

5.1 Converged and Hyper-Converged Infrastructure

Over the last few years, major Data Centre vendors have started to offer converged compute, network, storage and virtualisation stacks. This converged infrastructure approach has proved popular in the NHS where predominantly small IT teams are challenged to deliver tested, validated and integrated solutions in a timely manner. The benefits of converged infrastructure include speed of deployment, a simplified support model and validated solutions. Over time, technology matures and the approach has been extended to hyper-converged infrastructure. This supports further consolidation using an intelligent software layer to provision clustered pools of local disks and delivering tighter integration with virtual machine managers and stack elements. A range of storage solutions can be integrated depending on the size of the organisation or site. In addition, a single management platform supports provisioning of virtual workloads across sites of all sizes.

27 Cisco Fast IT - http://www.cisco.com/c/en/us/solutions/executive-perspectives/fast_it.html




Converged and hyper-converged infrastructures follow the same design principles, providing simplicity, speed and scale with an aim of lowering total cost of ownership. In this sub-section, we examine the component parts.

5.1.1 Compute

When considering compute platforms, there are three key areas to consider:

Manageability: managing server infrastructure, either in blade or rack-mount form factors comes with responsibility for managing compatibility. It should also offer insightful view of the current operational metrics of key components, ability to pin point component errors and replace as needed. In addition, a comprehensive API is necessary in order to simplify automation and orchestration functions northbound.

Statelessness: the ability to abstract traditionally hardware tied identifications. This supports the flexibility to move server role/function from one physical server to another without constraints on chassis or hardware.

Unified Fabric: I/O consolidation is essential to reduce cost by eliminating the need for multiple sets of adapters, cables and switches for LANs and Storage Area Networks (SANs).

Cisco’s Unified Computing System (UCS)28 shown in Figure 5.2 leverages this approach to bring greater value and total cost of ownership above and beyond traditional server infrastructure. UCS is a multi-chassis next-generation platform that unites compute, network, storage access and virtualisation into a single management domain.

Figure 5.2 ‘Cisco Unified Computing System’

5.1.2 Storage

Traditional storage approaches using spinning disks have decreased in popularity in recent years. With increasingly intensive I/O application uptakes, flash based storage arrays have become more popular and more affordable. More recently, hybrid storage arrays have emerged, combining flash memory with hard drive based arrays to meet storage capacity requirements.

28 Cisco Unified Computing System – http://www.cisco.com/go/ucs




Meanwhile object-based storage solutions have also emerged for requirements that break traditional storage architectures. Unlike traditional storage protocols which only retrieve attributes and properties of a file as metadata, object storage allows new and expandable metadata to be tied to a file, which as a pair is referred to as an object.

Object storage is built with common x86 hardware optimised for dense local disk storage. A software layer then creates a distributed cluster of servers to present an object storage platform. This approach provides scalable data capacity, redundancy, web accessibility and geographic distribution of storage. Typical applications are:

• File storage; • Gene Sequences; • Video and images; • Log files; • Web content; • Large data sets.

Figure 5.3 illustrates the high-level architecture of an object-based storage solution.

Figure 5.3 ‘Object Based Storage’

5.1.3 Network Infrastructure

The Data Centre switching core is responsible for providing communication between the Data Centre elements and onward communication to end users. This role is critical, requiring a resilient solution, usually provided by a pair of chassis’ or fixed configuration switches working in an active/active mode. Core switches must support a number of high speed interfaces to support large traffic demands.

Cisco’s family of Nexus29 switches share a common operating system known as NX-OS to simplify operation and have a number of innovative features to optimise Data Centre networking. One example is the emergence of virtualisation technology that demands resilient layer two networking. Virtual PortChannel (vPC) allows links connected to two different Nexus switches to appear as a single PortChannel. This in turn supports MEC in a highly resilient layer two configuration without the complexity and limitations of spanning tree. Advanced core switches also support Virtual

29 Cisco Nexus Switches - http://www.cisco.com/go/nexus




Private LAN Service (VPLS), Overlay Transport Virtualisation (OTV) or enhanced Virtual Extensible LAN (VxLAN) to extend the layer two domain, supporting Data Centre operations across multiple sites.

Cisco’s Nexus 7000 platform can also be segmented using Virtual Device Contexts (VDC) allowing a pair of core switches to be securely used for different purposes such as Data Centre core, demilitarised zone (DMZ) switching, campus core or as an extranet switch, hence simplifying and optimising management and costs.

Figure 5.4 ‘Data Centre Switching’

For small Data Centres it may be possible to connect all servers directly to the core switches. However, there are limitations due to interface counts and the physical distribution of servers, often necessitating long cable runs. Therefore an aggregation layer is often deployed closer to the servers, hence reducing cabling and concentrating the traffic to a smaller number of higher speed interfaces. The aggregation layer should also support MEC to provide resilience for each individual server.

In environments where fibre channel is deployed aggregation switches can also provide converged access. This combines storage traffic, using Fibre Channel over Ethernet (FCoE), with data traffic into a single cable drop to the server, mitigating the need for investment in dedicated fibre channel switching. This results in simplified deployment and reduced cost.

Aggregation switch interfaces can be distributed using Fabric Extenders (FEXs)30 that act as remote line cards to the upstream switches. This approach offers significant operational benefits, allowing the cabling efficiency of top of rack (TOR) designs to be combined with the configuration efficiency of end of row (EOR) designs. Servers are connected to the nearest FEX (minimising cable distances), which are configured and managed by the aggregation switches reducing the number of management points. FEXs are available as a range of compact rack mount units with a wide range interfaces, including legacy support. They are also available in blade server form factors allowing the Nexus switching capabilities to be embedded in server infrastructure.

The capabilities of the Nexus switches can be further extended into virtual environments using the Nexus1000v switch. This supports management between virtual machines (VMs), extending network and security policy into the server environment with a familiar feature set and management interface. This virtual switch solution allows close interworking between the network and the server infrastructure, where network policies can be associated to VMs and follow them if they are moved around the compute infrastructure.

30 Fabric Extender Technology - http://www.cisco.com/c/en/us/solutions/data-center-virtualization/fabric-extender-technology-fex-technology/index.html




Whilst the Nexus portfolio supports the demands of current server infrastructure, it has also been designed with emerging Data Centre trends in mind - discussed hereafter.

5.1.4 Emerging Data Centre Networking Models

Data Centre network infrastructure design principles have remained unchanged for several years but a number of technological trends have resulted in changing traffic patterns and new workload types forcing a re-think. For example, traffic between virtual machines flows East-to-West as opposed to traditional service requests and delivery which runs North-to-South. In health and care, the balance is shifting where East-to-West traffic is becoming predominant.

Figure 5.5 ‘Spine/Leaf Architecture’

The change in traffic patterns is demanding a new approach to Data Centre network architecture, optimising traffic paths, while providing scalability and predictable performance measurements. The recommended architecture for these applications is known as Spine/Leaf, shown in Figure 5.5. The Leaf is effectively a group of switches that form the access layer with attached nodes. The Leaf switches are fully meshed at Layer 3 to the Spine switches and fabric backbone, with Leaf to Leaf connectivity generally prohibited. Benefits include:

• High speed backbone - minimum 10GbE, with 40GbE more common; • Better load sharing using Equal Cost Multi-Path Routing (ECMP) with all ports forwarding; • Deterministic latency: a node is always 2 hops away from a remote node (attached to different Leaf); • Easy to scale out – add more Leaf switches for node expansion and more Spines for fabric

bandwidth growth.




5.2 Software Defined Networking

The last few years have seen a significant amount of hype regarding Software Defined Networking (SDN) and the ability to ease Data Centre complexity. Initial approaches involved the use of a software-based virtual overlay, sitting on top of physical infrastructure and using controllers to automate provisioning. However, as the overlay and physical infrastructure are not integrated, this approach may solve some challenges but introduces others:

• No integration between virtual and physical environments; • Restricts traffic visibility; • Requires dedicated gateways between virtual and physical devices, resulting in two disparate

networks and separate management. Cisco’s approach offers tight integration between physical and virtual elements and simplifies operations through application based policy. Application Centric Infrastructure (ACI)31 allows application requirements to dictate network deployments and operation. In effect, ACI frees the application so it isn’t bound by network complexity. IT professionals are able to identify an application’s key requirements and capture them in policy. This policy is then used to instruct the network fabric to provision the required network services for that application.

Figure 5.6 illustrates the policy driven method for application delivery and the telemetry insights gained from an integrated fabric. ACI works by decoupling the logical identity of the network from the physical infrastructure through an integrated overlay. This transforms the network fabric into a pool of shared resources that can be provisioned and re-coupled dynamically, based on application needs. With ACI, policy defines the state of the fabric and automates its provisioning, enabling agile IT that is more responsive to the needs of the business.

Figure 5.6 ‘Application Centric Infrastructure’

31 Cisco Application Centric Infrastructure – http://www.cisco.com/go/aci




ACI is built on 3 key pillars:

Application Policy Infrastructure Controller (APIC): The APIC provides centralised access to all fabric information, optimises the application lifecycle for scale and performance, and supports flexible application provisioning.

ACI Fabric: Built using Cisco Nexus 9000 series switches, the ACI fabric is an efficient, highly scalable Spine/Leaf network architecture that optimises application performance and availability with full visibility into virtual and physical workloads. ACI also incorporates a hypervisor-resident virtual switch called the Application Virtual Switch (AVS) providing consistency in features, management, and control through the APIC. AVS allows for intelligent policy enforcement and optimal traffic steering for virtual applications.

Partner Ecosystem: ACI is designed as an open architecture. Cisco is developing a technology ecosystem that allows customers to use existing investments with ACI in areas such as: orchestration, automation and management; monitoring and diagnostics; storage and virtualisation; and security and compliance.

5.3 Big Data

Section 3.1.2 introduced Big Data and its application in health and care environments. As with traditional Relational Database Management Systems (RDBMS) and new Cloud data model platforms, the challenge with Big Data, is how to extract insightful information for Business Intelligence purposes. The challenges include data consolidation; quick response time; and coping with increases in data volume.

Data consolidation is a particular concern; that is the need to gather and correlate disparate sources of information. The traditional approach is to establish a data warehouse where data is often replicated and updated at regular intervals. As health and care communities evolve, data consolidation efforts will expand and issues such as ownership of data may become problematic – particularly across the health and Social Care boundary as well as with other agencies. One way of addressing these problems is through the use of data virtualisation.

Figure 5.7 ‘Cisco Data Virtualisation’




Cisco Data Virtualisation is agile data integration software that makes it easy to access appropriate data, no matter where it resides. An integrated data platform lets users query all types of data from sources across the network as if it were in a single location. Benefits of Cisco Data Virtualisation include:

• An alternative approach to traditional and costly data warehousing; • Real-time access to information; • Data isn’t ‘moved’, hence addressing ownership concerns; • Rapid addition of new data sources.

Figure 5.7 illustrates how the Cisco Data Virtualisation solution brings data together from multiple systems, locations and sources.

5.4 Introducing Cloud Solutions

In recent years, the emergence of Cloud computing has introduced new consumption models offering customers the benefits of flexibility and agility. There are different approaches to consider and Cloud solutions can be placed in to three categories:

• Private Cloud – dedicated infrastructure for one or more organisations in a community. These are typically built on traditional Data Centre infrastructure and use automation software to improve operations;

• Public Cloud – these are hosted by Service Providers, either for the general public or specifically for a set of customers;

• Hybrid Cloud – these are a composition of more than one type of Cloud using the best of each as required.

Private Clouds may offer the same levels of agility and self-service as Public Clouds but are typically defined for one or more organisations within a community. As such they might be a key consideration for the developing health and care communities in England, as well as Scottish and Welsh Health Boards. They provide the ability to manage the Data Centre from a central location and present a simple self-service catalogue.

5.4.1 BiModal IT

Different applications demand different infrastructure models and it is important to recognise that agile is not always the best approach. Many applications remain best suited to a more stable environment and this is likely to be the case for many years to come. It is therefore best to consider two modes of operation, commonly known as BiModal IT32:

Mode 1 (Stability) – represents the part of the organisation that prioritises predictability. It relates to business critical and/or traditional applications and emphasises safety and stability. High availability is implemented through infrastructure (for example, site failover and disaster recovery). It’s suited to applications that undergo few changes.

Mode 2 (Agility) – represents the part of the organisation that prioritises agility and speed. It relates to applications that are built for the Cloud. Resilience is built in to the software and no assumptions are made about the underlying infrastructure. Applications built this way are often moved, changed and deleted.

Typically, public Cloud services do not offer the resiliency or service level agreements (SLAs) that private Clouds offer and are thus best suited to mode 2 applications.

Though moving at different speeds, every organisation is on a path to an agile environment. It is important that during this transformative period due consideration is given to application types and their requirements of infrastructure.

32 Gartner Bimodal IT – http://www.gartner.com/it-glossary/bimodal




5.4.2 The InterCloud

Just as the Internet saw the interconnection of disparate networks, the InterCloud33 is a term used to describe the interconnection of different Clouds. This enables an organisation to more easily move workloads and extend their existing Data Centre on demand. For example, employing a hybrid Cloud model would allow a Data Centre administrator to burst out to a Cloud provider if sudden capacity was needed or in the event of a failure. Having a common set of protocols and connections to providers in the form of the InterCloud eases this task. This enables a business to manage all of its Clouds (both public and private) seamlessly with policies defining how they are consumed.

InterCloud Fabric builds the security infrastructure and an encrypted extension between Clouds, enabling layer two connectivity even out to the public Cloud. It also enables seamless migration, automatically re-packaging applications for the target Cloud provider and local hypervisor software. For example, a virtual machine can be moved from the local Data Centre to a public Cloud provider with a single click.

Figure 5.8 ‘Cisco InterCloud’

5.4.3 Cloud Consumption Services

For an optimised hybrid Cloud approach, Cisco offers a Cloud Consumption Service, which examines the activity of any organisation and builds a baseline. Included in the report is visibility of the Cloud providers being used, a risk report to understand any anomalies or potential compliance breeches and a comparison measure against similar organisations.

This approach can often uncover the fact that more Cloud services are being used than have been authorised by IT. This information can be used to deliver Cloud related cost savings, whilst improving security and lowering compliance risks.

5.5 Transforming Data Centres for Health and Care

Version 2 of this blueprint, released in 2011, introduced concepts around the converged Data Centre with topic areas such as Unified Fabric and Unified Computing. These approaches are now well established across health and care, and the next stage in Data Centre evolution is concerned with openness, programmability and automation and the tighter bond between hardware and software. These attributes are critical for a private Cloud that can service one or more organisations from a central location.

33 Cisco InterCloud – http://www.cisco.com/go/intercloud




5.5.1 Beyond the Converged Data Centre

The ability to respond quickly to events by scaling services up and down according to demand is critical to both operational efficiency and delivering cost savings. Hence, automation is a key requirement across compute, network and storage layers, and in both physical and virtual environments. For example:

• End users are able to order applications in a self-service manner and take delivery within minutes; • Application developers can commission infrastructure resources to develop, test and deploy

applications; • IT staff can deliver application workloads on-demand in an automated and repeatable manner,

eliminating manual provisioning or de-provisioning of resources.

The benefits of automation may be best described using an example. When considering the deployment of a web server the following tasks must be carried out:

• Deploy a virtual machine or physical host; • Configure the software; • Create load balancer and firewall rules; • Configure a network interface and access control lists.

Each of these tasks may involve a different team or area of expertise and therefore may be implemented differently with varying configurations adding security risks and delaying time to deployment. The result is heavy workload and a long mean time to delivery for applications and services.

Cisco UCS Director34 integrates with each element of the Data Centre and provides complete automation. UCS Director keeps track of assets and can rollback tasks automatically. It also gives an operations team an enhanced role in defining policies and services determining the resources, permissions and business requirements of the underlying infrastructure. Taking the earlier example of deploying a web server, policies might state:

1. It must be firewalled and allow only ports 80 and 443;2. It should be placed on the appropriate VLAN infrastructure;3. Load balancing should be configured;4. It should run the following OS;5. It should sit on a silver storage tier;

In step 1 above an automation tool would create the associated rules in the firewall. In effect, the automation tool translates the policy to the underlying configuration. This abstraction between policies and underlying configuration helps with consistency and security.

5.5.2 Self-Service IT

Where the automated Data Centre is intended to perform as a private Cloud, the final consideration is access for users. Whether it’s IT staff, developers, or users, a catalogue can be used to track entitlements and provide a one-stop portal to IT, as well as keeping track of billing. Cisco’s Prime Service Catalogue35 provides full self-service IT with native integration with UCS Director for automation and out of the box tasks to get up and running.

A sample use case for automated private Cloud is desktop virtualisation. These solutions often have a requirement to track usage, work on high quality storage and be rapidly provisioned. By combining virtual desktop with self-service IT the business can keep track of utilisation, monitor budgets and more easily deliver the service to new users.

34 Cisco UCS Director - http://www.cisco.com/c/en/us/products/servers-unified-computing/ucs-director/index.html 35 Cisco Prime Service Catalogue - http://www.cisco.com/c/en/us/products/cloud-systems-management/prime-service-catalog/index.html




Figure 5.9 ‘Prime Service Catalogue’

5.6 Building a Mode 2 (Agile) Cloud

A unique feature of a Mode 2 Cloud is that the user carrying out the majority of configuration tasks is not an administrator, but a developer. With a need for maximum agility, developers are able to layer tools to work rapidly. As shown in Figure 5.10, the underlying infrastructure is completely abstracted and instead presented as a pool of resources. These resources are accessed through APIs.

Figure 5.10 ‘Mode 2 (Agile) Cloud’




The success of public Cloud providers is due to the ease of use and developer-friendly tools available. Applications can be instantiated in seconds using dedicated tools or even application code. This approach usually starts off being cost-effective at small scale, but can become significantly more expensive as the system grows.

Public Cloud can also bring other challenges. Developers and power users may choose the path of least resistance and access public Cloud resources without authorisation (sometimes known as shadow IT) opening up the risk of compliance breaches. In addition, moving applications and data back from the public Cloud to on premise can be difficult due to the inherent lock-in resulting from platform-dependent APIs.

One way of overcoming these problems is to locally build a Mode 2 agile Cloud. OpenStack®36 was developed to provide the same interface, applications and compatibility as public Cloud. Its aim is to build an agile, developer friendly Cloud for private Data Centres. It uses open source software and includes APIs for developers to seamlessly move from the public Cloud.

5.6.1 Cisco Metapod

The Cisco Metapod37 solution was developed to simplify the deployment of an OpenStack® solution – effectively a Mode 2 Cloud solution built on premise. The result is a full Infrastructure as a Service (IaaS) offering built for developers and modern applications.

Figure 5.11 ‘Cisco Metapod’

As the system is kept on-site, data need never leave the health and care organisation and allows the best of both worlds in a hybrid Cloud model – agility for users and simplified operations for IT. It also gives compelling total cost of ownership.

Note: As with all outsourced solutions (including Cloud) that involve data storage and external administration, it is important to understand the models employed and any information governance implications. We recommend consulting your Cisco account team to match the best solution to your business needs and NHS Information Governance requirements.

36 OpenStack® - https://www.openstack.org/37 Cisco Metapod – http://www.cisco.com/go/metapod



6 Security

6. Security

The world of information security is increasingly challenging. The last few years have seen an unprecedented number of organisations reporting a breach with major losses of personal data, intellectual property and other sensitive information assets. These breaches are not confined to large organisations or specific market segments.

The threat landscape has also been transformed with hacking becoming industrialised. It is organised, well-funded, targeted and the perpetrators are highly motivated. As our modern networks grow in complexity and interconnect an ever increasing array of devices, they are becoming of more interest to attackers looking to exploit any vulnerability.

With these two trends in mind it is clear that traditional approaches to security are failing. Of course there is no ‘silver bullet’ when it comes to improving the situation. Instead it requires the development of a comprehensive security strategy that is properly funded and supported by senior management.

There is also need for a change in mind set. Historically, much of the investment and focus on security has centred on the deployment of defensive technologies. In the event of a breach it is easy to respond to management questions of “How do we stop that happening to us?” by simply investing in a point product and returning back to business as usual. Often there is little consideration of how this product fits in to the overall security strategy. An alternative mind set should be adopted, asking “How do I ensure that in the event of a breach I am able to detect and recover in the shortest possible time?” Such an approach informs where investments should be made and breaks the cycle of “patch and carry on”.

The increasing use of the word ‘cyber’ in relation to security, has created a perception that all attacks are now highly sophisticated intelligence agencies using so called day-zero vulnerabilities to penetrate our systems. The realities though are not quite as glamorous. The 2015 Verizon Data Breach Report38 captures this perfectly where they found that over 99% of exploited vulnerabilities resulting in a breach were over a year old. Patch management is still a very important, if somewhat mundane piece of the security puzzle, and emphasises the need to ensure that the basics are not overlooked.

Across health and care, security inhabits an unusual space. On one hand there is a significant and explicit focus on the protection of PCD with robust policies and governance in place, but wider elements of information security can be easily overlooked or underfunded. Furthermore, the borders of health and care networks are becoming less rigid, interconnecting with a diverse set of stakeholders including the prison service, local government, education and research establishments and pharmacy suppliers. This merging of security domains exposes an ever growing attack surface which is increasingly difficult to protect.

However, in recent months there have been signs of a renewed emphasis on security. The notable introduction of the Health and Social Care Information Centre’s (HSCIC’s) ‘CareCERT’39 service is a firm indicator that the subject isvery much top of mind.

6.1 Establishing Security Policy

Effective information security must start with policy. While security is often consigned to technology decision makers, it is critical to begin by considering the needs of the business and how security solutions can support those needs. This linkage should be made clear within the security policy, and requires senior stakeholder support.

As we have discussed, health and care organisations are targets and breaches of security can have significant financial, reputational and even legal impacts, especially where personal data is involved. These are Executive Board level issues but ones that are not always clearly understood. This can in part be a result of a lack of clear articulation of risk and impact in a language that senior executive teams understand. Security is rife with its own, very technically oriented language; phishing, malware, day-zero, Trojan horse and Advanced Persistent Threats (APT) are all terms that are often clearly understood by the technical teams but are meaningless in the context of describing tangible business risk. It’s

38 Verizon Data Breach Report - http://www.verizonenterprise.com/uk/DBIR/2015/39 HSCIC CareCERT- http://www.hscic.gov.uk/carecert



6 Security

therefore critical that security is positioned in the context of genuine business impact. It is only then that risk can be adequately evaluated and informed decisions be made.

This business-led approach also has a major benefit in being able to provide clear justification for investment in security controls that are sometimes lacking. Investment in security is often seen to hinder the business, when in fact a proactive approach can demonstrate that security is an enabler, allowing the organisation to streamline operations and workflow by taking advantage of an array of new technology advancements with confidence.

To summarise, when developing a security strategy the following considerations should be made:

• Establish Executive level sponsorship/ ownership and make security a Board level issue; • Consider business impact risk; • Be aware of third party relationships; • Adopt a programmatic strategy – rather than being project-oriented; • Consider people, process, technology and ‘things’; • Establish security as an enabler – allowing the exploitation of new, agile technologies; • Risk management – proportional investment.

6.2 The Attack Continuum: Before, During and After

Given changing business models, the dynamic threat landscape, and the security talent shortage, an organisation’s approach to reducing the time from breach to recovery needs to be pervasive, integrated, continuous and open. This model needs to be threat-centric, focused on the threats themselves versus just policy or controls. It must provide broad coverage across all potential attack vectors, rapidly adjust to and learn from new attack methods, and implement that intelligence back into the infrastructure after each attack. The approach should be the development and implementation of measures across the extended network – before, during and after an attack.

Figure 6.1 ‘The Threat-Centric Security Model’

Today, the majority of security investments are made in the ‘before’ phase. This over emphasis on defence is based on an out-dated philosophy that simply building a bigger wall will keep attackers out. Today’s health and care networks are far too complex and interconnected to be truly defended effectively and so whilst appropriate focus should be given to defensive solutions, a more effective strategy is to balance investments across the three phases. Another way to consider this would be: ‘if you knew you were going to be compromised, would you do security differently?’



6 Security

6.3 Before

Modern health and care environments are faced with the threat of attackers that will often have more information about the infrastructure than the defender charged with its protection. Add to this the fact that the attacker only has to find a single weakness that has been overlooked and the odds are not in the defender’s favour. While defensive solutions provide a key role in reducing the attack surface, it is essential that to be truly effective, defensive controls must deliver two critical components; context and visibility.

Context is about providing a more enriched set of information. In the networking world we are comfortable with the notion of IP address or Domain Name Service (DNS) names but these provide little value when security policy is to be enforced, or an incident investigated. Augmenting this basic data with greater context is essential to ensure that the most critical assets are identified, so that in the event of an attack, a responder may quickly triage and prioritise the highest impact threats. Context also provides for more informed policy decision-making, for example across multiple distinct health and care user communities. Furthermore, with the explosion in the use of mobile devices, as well as the increasing number of ‘things’ that require connection, networks must be able to respond dynamically, enforcing different policies based on user and device context.

Figure 6.2 ‘Cisco Trusted Security (TrustSec)’

Cisco TrustSec (see Figure 6.2) delivers this capability through the use of Security Group Tags (SGTs). A SGT is an additional header which is applied to traffic as it flows across the network and is assigned to a device as it joins the network. Assignment can be made statically or dynamically, whereby the tag is allocated based on factors such as device type, device posture status or user identity. Once assigned, policy can then be enforced using the content of the tag.

This results in a far simpler approach to enforcing network segmentation and access control. For example, a specific tag could be dynamically assigned to all traffic associated with clinical users. Furthermore, a second tag could be associated with those systems that only clinical users should access. A simple policy could then be enforced that permits source traffic with clinical user tag destined for systems with the clinical systems tag. Applying these tags and policies in this fashion means that the administrator no longer has to be concerned with IP addresses and VLANs and instead polices can be implemented at a much more abstract level.



6 Security

Virtual Private Networks (VPNs) also exist in the ‘before’ phase of the attack continuum, maintaining data confidentiality and integrity whilst it traverses less trusted network infrastructure. Remote access VPNs are now commonplace supporting the flexible working practices needed for delivering modern health and care services.

Figure 6.3 ‘Secure Mobile Working’

The importance of these VPNs will increase as the delivery of care continues to move closer to - and in - the patient’s home. As they do so, transparency and ease of use become essential. Remote access VPNs can often be cumbersome for staff to use, requiring user action to initiate the connection followed with a challenge using multiple factors of authentication. At best this wastes time and interrupts clinical workflow but at worst the poor user experience can lead staff to deviate from good security practice, choosing not to connect via the VPN and therefore bypassing centrally deployed Internet security controls. By doing so, client devices are exposed to much greater risk from malware infection as policy controls are no longer enforced.

The Cisco AnyConnect40 software VPN client allows mobile workers to gain secure access via a cellular network (3G/4G) or Wireless LAN where it is available. A policy engine such as Cisco ISE can be used to configure appropriate levels of access, based on the access method and location. When combined with an Enterprise Mobility Manager (EMM), capabilities such as remote wipe can be offered in the eventuality of device loss or theft.

Home users may connect in a similar way. However, for users with a regular need for homeworking dedicated equipment such as a home router may be installed providing secure access to the central site. In this case the router is managed by the IT department and can be configured to allow differentiated access based on user credentials, and prioritise work based applications.

VPNs are also central to the evolution of wide area network connectivity. For example, the NHS currently relies extensively on private connectivity such as N3 or regional COINs to communicate between sites and nationally hosted services. However, there are a number of trends that are challenging this traditional delivery model:

• Increasing use of Internet-based services driving the need for more localised Internet break out; • Reduction in cost/ increase in quality of direct Internet access services.

40 Cisco AnyConnect – http://www.cisco.com/go/anyconnect



6 Security

Both of these trends are driving a shift towards a hybrid WAN approach, utilising both private WAN and Internet-based connectivity for reduced cost and increased flexibility. Combined with intelligent path control and secure IPsec VPN, a hybrid-WAN is able to dynamically route traffic based on application, endpoint and network conditions to deliver the best-quality experience. (Cisco’s solution for hybrid WAN is known as IWAN, and was discussed in section 4.1.2).

6.4 During

Many security solutions deployed today operate at a point in time, that is to say they monitor for an attack at a given moment and if the something malicious is observed, the attack is blocked. However, a modern attack is rarely characterised by a single point in time, rather it is often a blended series of events, sometimes occurring over a very protracted time period. Furthermore, where organisations have focussed on perimeter security, once an attack has penetrated this hard ‘shell’, it can traverse the interior of the network at will and such lateral movement will typically go undetected.

Addressing these challenges requires a different approach to the deployment of security from being point-based to one that is much more pervasive. Network flow analysis relies upon flow data records that are generated by general networking devices such as routers and switches.

At its most basic, a flow record aims to capture metadata relating to the conversations that occur on the network. Much like a telephone bill identifies the calling and called parties as well as the direction of the call, a flow record will capture source and destination IP addresses, protocol and port information as well as volume of data transferred. Cisco’s Netflow has been used by network administrators to provide more general operational information for capacity planning, traffic accounting and usage-based billing, but it is also a very powerful tool in the security context.

Figure 6.4 ‘Network as a Sensor’’

In the security context, Netflow data is coupled with a network behaviour analytics tool, an application that analyses the flow data to identify a range of potentially malicious behaviours.

One example might be data exfiltration, whereby network flow data could easily identify a pattern of disproportionate volume of traffic flowing out of the network versus that which is flowing in. This type of behaviour wouldn’t trigger an Intrusion Protection or Intrusion Detection (IPS/IDS) signature, and, assuming the flows were permitted, a firewall would also do little to flag this potential issue. Using behaviour analytics, this and many other kinds of suspect network activity can be readily identified.



6 Security

In section 6.3 above, the importance of context was highlighted, coupling context with behaviour analytics provides an even greater level of visibility. For example, the additional contextual data may identify a flow source as being a medical device and the destination being located outside of the UK (through IP geolocation). This sort of behaviour is unlikely to be normal and immediate remedial action can be taken to block access, with investigation using historical flow data.

Enabling Netflow data collection at the network infrastructure level is rarely an expensive task with most modern network routers and switches having inbuilt capabilities. When deploying Netflow the flow records can be generated in two modes;

• Sampled – A flow record is generated for a portion of the flows e.g. 1:100 flows; • Unsampled – A flow record is generated for every IP flow.

For network security purposes, the use of unsampled Netflow is critical since the loss of even a single flow could mask malicious activity. Sampled Netflow, which has a lower performance impact, is ideal for non-security applications such as traffic performance analysis.

Figure 6.5 – Cisco Network as an Enforcer (NaaE)

Given the speed at which malware can propagate, the time taken to investigate an incident can be enough to allow malware to spread widely. Automation is therefore critical to responsiveness. Policy based enforcement can be deployed which combines the capabilities of Netflow with SGT. Using this approach, the SGT assigned to a given endpoint can be modified based on the traffic it generates.

For example, an endpoint could be assigned the ‘clinical’ tag but, if this device then starts displaying malicious behaviour identified by Netflow, a dynamic re-authorisation can be triggered and the SGT changed to a ‘quarantine’ tag. Pre-deployed enforcement policies in the network would be configured such that traffic marked with the ‘quarantine’ tag is prevented from accessing sensitive systems. With this automated approach, the network is now able to both identify and dynamically contain new threats, therefore reducing the risk of wider impact. This approach is known as the ‘Network as an Enforcer (NaaE)’ as shown in Figure 6.5.



6 Security

6.5 After

Retrospective security is a big challenge for any organisation and one that is rarely implemented. The approach focusses on the difficult task of identifying new malware at a fixed point-in-time. Most malware inspection systems operate by scanning suspect files as they enter the network and make a singular decision at that point in time; i.e. malware or not malware. If it is the former then the file is blocked, but if it is the latter then the file is passed on to its ultimate destination, and this is the crux of the problem. With the millions of new malware samples identified each and every day, the ability for this approach to identify malware with complete accuracy is impossible.

Figure 6.6 ‘Advanced Malware Protection’’

Cisco’s Advanced Malware Protection (AMP)41 solution shown in Figure 6.6 aims to address these challenges and can be deployed at a wide variety of locations in the network, including traditional gateway devices (firewall, email and web content inspection devices) as well as on user endpoints by introducing a number of important capabilities:

• Continuous monitoring and analysis of all activity, searching for any indications of malicious behavior; • Where a file was previously identified as “good” but through continued inspection is subsequently

found to be “bad”, administrators are provided with immediate visibility into where the malware originated, which systems were affected, and what the malware is doing;

• Constant feedback of threat intelligence to a ‘Big Data’ cloud platform to improve accuracy of initial file designation.

It is through the addition of these important capabilities that Cisco’s AMP solution can help health and care organisations to not only improve the identification of malware as it comes in to the network, but also gain a clearer understanding of how malware has spread across the environment, enabling much more rapid containment and remediation.

41 Cisco Advanced Malware Protection (AMP) – http://www.cisco.com/go/amp



6 Security

6.6 Security as a System

As already stressed, to be most effective IT security must be considered as a whole, rather than as a discrete set of point technologies. That is to say that security must be considered as a system, providing protection across all aspects of the IT estate and delivering that protection in a tightly integrated fashion. This means that security technologies should be flexible enough to support the needs of the modern IT estate, allowing for physical on premise, virtual or cloud based delivery options.

Furthermore, with a systematic approach, the technical security controls should not operate in isolation to one another as this leads to increased cost and complexity and at the same time can leave the environment exposed. To address this, Cisco has developed the Platform Exchange Grid (pxGrid)42, a common set of APIs that enables devices to bi-directionally share security and other IT related contextual information. As described in section 6.4, elements of security automation are becoming increasingly critical to help defend against the constant rise in malware and pxGrid is used to integrate the Stealthwatch43 behaviour analytics tool with Cisco ISE to dynamically respond to new threats.

Of course, no single vendor can deliver all the technical components of a security solution and pxGrid isn’t constrained to Cisco components. It is open to 3rd party vendors, a number of whom have developed solutions that support pxGrid integration44.

42 Cisco pxGrid - https://developer.cisco.com/site/pxgrid/discover/overview/ 43 Cisco Stealthwatch - https://www.lancope.com/partners/cisco-lancope-partnership44 Cisco pXGrid Partners - http://www.cisco.com/c/en/us/products/security/partner-ecosystem.html



7 Collaboration

7. Collaboration

It is easy to overlook the extent to which collaboration is changing the way we work. Increasingly, health and care professionals bring their mobile phones and tablets to work, and expect to be as connected and productive on the road or at home as in the workplace. They want to meet face-to-face with patients, colleagues, suppliers and as teams without leaving their desks. It’s convenient, saves time, travel and carbon - and current technology can deliver a high quality and fulfilling experience.

The right collaboration technology can have a dramatic impact on operational excellence and service delivery with improved productivity and teamwork, simplified decision making, better patient relationships and more efficient use of resources. A modern collaboration toolkit can also help to attract and retain talent. Having grown up with smart devices and electronic tools, the incoming workforce will expect to have the same capabilities in the workplace.

Figure 7.1 ‘Cisco Collaboration Architecture’

Of course not all benefits are cash saving but the delivery of health and care has priorities that extend beyond money alone. Some of these include;

• Care at a location of the patient’s choosing; • Improved patient care pathway – resulting in efficient use of resources and increased patient safety; • Improved availability of staff, services and resources; • Reduced time to decision; • Better use of resources.

Virtual teams have existed both within the NHS and with its partners for some time, with MDTs being the standard template for success. As better defined health and care communities evolve, there will be an increasing need for communications and collaboration amongst teams.

In this section we will discuss how Cisco’s collaboration architecture shown in Figure 7.1 helps to deliver efficiency and agility - and the evolution to health and care communities.



7 Collaboration

7.1 Collaboration Platform Essentials

When comparing a collaboration environment to traditional telephony solutions, the IP network can be considered the switching matrix and critical to its operation. It is therefore a fundamental requirement that the network is designed and constructed with high availability, security and performance in mind. Design considerations include:

• Overall availability - telephony systems often quote five nines (99.999%) as the expected uptime (not including scheduled downtime);

• Network link redundancy - automatic service restoration within a second is highly desirable ensuring that calls in progress remain intact;

• Device redundancy - single or multiple depending on organisational service level requirements; • Power - key components should be protected by Uninterruptible Power Supplies (UPS), Redundant

Power Supplies (RPS) and/or generators; • Latency/Jitter - end to end latency should be less than 150mS with jitter reduced to an absolute

minimum; • Security - physical and network based, including denial of service; • Application prioritisation – QoS tools ensure that the most essential applications are prioritised over

less critical ones; • Bandwidth - adequate bandwidth should be available at all times including during partial network

failures; • Service Provider – e.g. Public Switched Telephone Network (PSTN), provider WAN. Ensuring remote

site survivability.

Within the IP network certain services are pre-requisites. Services such as Dynamic Host Configuration Protocol (DHCP - for automated IP address allocation), DNS and Trivial File Transfer Protocol (TFTP - for download of device configuration and firmware) can be combined to enable zero touch deployment of telephony handsets.

Power over Ethernet (PoE) is often considered to be an essential network service whereby the handset or terminal derives its power from the Ethernet switch that it is connected to. Without this method of powering the telephony devices, an external power supply (or power injector) is required.

Whilst these requirements are extensive they should be put in perspective. Most of the considerations listed will be similar for other clinical and business critical applications. From an architectural perspective, this is reflected with re-usable intelligent services.

Quality of Service (QoS) – A thorough description is outside of the scope of this document, however features needed in underpinning infrastructure include traffic prioritisation and the avoidance of loss, delay and jitter. Using an analogy to compare the application traffic on a network to traffic on a motorway helps to understand the basic challenges more easily.

By default any vehicle can use any lane and therefore in times of congestion all traffic will be affected equally with associated consequences. If however one lane (an express lane) is reserved for important vehicles only and congestion occurs, only low priority vehicles will be affected allowing the important ones to pass freely. Similarly in the network the ‘express lane’ is used to protect sensitive traffic such as Voice over IP which has very tight constraints with respect to delays and dropped packets.

In practice, networks are designed to have several different ‘lanes’ of traffic with different attributes tailored to the different application demands, thereby creating a comprehensive prioritisation model.

Call Admission Control (CAC) - is used to ensure that the ‘express lane’ does not become oversubscribed and congested. For example, each time a new voice call needs to be established, a request must be made to ensure that the ‘express lane’ has the required capacity. If not then the call may be refused or maybe re-routed. Call admission control mechanisms fall into one of two main categories:



7 Collaboration

• Topology-unaware CAC — based on a static configuration within the call processing agent; • Topology-aware CAC — based on communication between the call processing agent and the

network about the available resources.

Topology-unaware CAC is the simplest to deploy and supports most customer requirements. For example, in a distributed environment, after assigning all the devices located at each branch office to the corresponding site entity, the administrator usually configures a maximum number of calls (i.e. bandwidth) to be allowed in or out of that site. Each time a new call is requested, the call processing agent checks the sites to which the originating and terminating endpoints belong, and verifies whether there are available resources to place the call. If the check succeeds, the call is established and the counters for both sites are decremented. If the check fails, the call processing agent can decide how to handle the call based on a pre-configured policy. For example, it could send a network-busy signal to the caller device, or it could attempt to re-route the call over a PSTN connection.

Topology-aware CAC is defined as; any mechanism aimed at limiting the number of simultaneous calls across networks that can be applied to any network topology and can dynamically adjust to topology changes. The Resource Reservation Protocol (RSVP) is the first significant industry-standard signalling protocol that enables an application to reserve bandwidth dynamically across an IP network.

Translation Services - During call setup, end-points often negotiate what speed, compression and codec to be used during the call. Translation services exist to ensure that end-points without common sets can communicate. For example, transcoding allows endpoints to communicate even if they are using different standards-based codecs (G.711, G729 etc.) and similar principles exist for speed, protocols and other attributes.

7.2 Call Control Environment

Call control is the core element for any communications deployment. It provides endpoint registration, call processing and call admission control. Call control design considerations include the enterprise dial plan, endpoint addressing scheme, calling party presentation, call admission control, codec selection, PSTN connectivity and general trunking requirements.

Figure 7.2 ‘Call Control Environment’



7 Collaboration

Cisco Unified Communications Manager (CUCM)45 is a highly available common call control platform. This provides consistent services for all devices and communication types as well as maintaining a uniform dial plan and a consistent feature set across the enterprise.

Whilst all of the features of a traditional, centralised Private Branch Exchange (PBX) are retained in a CUCM environment, they are distributed to take advantage of the strengths of IP:

• Endpoints can be truly location independent, and easily moved around an organisation without reconfiguration;

• An organisation can have a single point of administration for their entire collaboration environment, whilst retaining the benefits of local call processing for sites that require it;

• Only call setup and signalling data is sent to the central call control platform, so a video call between two endpoints at a branch site remains local, saving bandwidth and increasing scalability;

• Trunk Connections no longer have to be co-resident with the call processor, which increases flexibility, scalability and resiliency.

7.3 Foundation Collaboration Applications

7.3.1 Instant Messaging & Presence

Presence is the ability to establish the ‘availability’ of a person or resource at any given time and builds upon Instant Messenger (IM) technology where it is possible to create ‘buddy lists’ and check availability in real time. Additional information on someone’s availability can be provided including their location or perhaps clarifying why they are ‘Busy’, as well as information automatically derived from an electronic diary, telephone system or PC location. In health and care, this technology has significant potential to address challenges faced by healthcare professionals on a daily basis including:

• Locating and communicating with individuals by name;

• Locating and communicating with individuals by role and proximity;

• Locating and communicating with individuals by skill and proximity;

• Locating essential equipment by availability and proximity.

Confederation between presence aware systems allows users to broaden their view outside of a single system. These systems can exchange status information, ideally using standard protocols allowing a user in one organisation to see the availability of individuals in another. The users are able to communicate using IM and then seamlessly escalate into a voice, video and collaboration session.

Cisco Jabber46 is an example of an IM and Presence client supported on multiple platforms.

45 Cisco Unified Communications Manager – http://www.cisco.com/go/cucm46 Cisco Jabber – http://www.cisco.com/go/jabber



7 Collaboration

7.3.2 Unified Messaging

There are many different ways to communicate using messaging systems including email, voicemail, fax and Short Message Service (SMS). However these systems often exist in silos resulting in the user having to interrogate each one individually.

Unified Messaging (UM) combines messaging silos enabling the user to access all of their messages from a device or application of their choice. This could include phones, tablets or a range of applications including email clients and IM and Presence clients. UM allows users to set-up rules or policies to automatically handle messages and take actions based on chosen criteria. The user receives the messages in a format appropriate to their current device or application. Once read, the message is marked and is reflected as such across all devices. Messages can be replied to, forwarded or deleted as desired, regardless of the original medium. Cisco supports Unified Messaging in the Unity Connection47 platform.

Integrated Messaging involves the user having a separate email mailbox and voicemail mailbox. The user interrogates email and voicemail systems from their email client resulting in both message types being readable in a single desktop application. Not all UM features are available to the user due to the separate message systems, however the benefits are less impact on e-mail servers and simpler integration. Unity Connection can deliver an integrated messaging solution.

7.3.3 Attendant Console

An Attendant Console brings together information from Active Directory, IM and CUCM to give switchboard operators an easy to use tool to quickly and efficiently distribute inbound calls to the most appropriate person. This service may be provided by a small number of operators answering inbound calls for a department or surgery, but can equally scale to handle multiple inbound call queues for a large organisation based over several locations. Call queues can be assigned a priority to ensure calls are answered in the correct order, for example a switchboard may choose to prioritise crash calls over external calls over internal calls.

A speech recognition based automated attendant system can be integrated with the organisation’s directory. This enables any caller (internal or external) to request connection to any employee based on name, job role, department, location or a combination thereof.

7.4 Conferencing Services

The NHS and its partners have been leveraging Video Conferencing technology for many years, most notably for MDT Meetings. Whilst this has been very effective in reducing travel time for clinicians, many of these implementations have not been without their challenges, requiring dedicated rooms, expensive integration works and specialist maintenance. These impacts on scalability, have led to “collaboration silos” - where video units are only able to communicate with a small group of other endpoints.

The many use cases for conferencing in health and care include:

• Travel Reduction - Regular or unscheduled business meetings at any level of an organisation typically involve people relocating themselves for attendance in person. Through the use of video and collaboration technologies the amount of travel required can be minimised, which can reduce both cost and environmental impact;

• MDT meetings are commonplace across the NHS, whether in Cancer Care organisations, or other clinical specialities. Conferencing solutions are a key tool for MDTs, enabling the sharing of expertise and reduced time spent travelling to meetings – increasing productivity, saving costs and improving outcomes. Video is already extensively used in these environments but often the technology is ageing with a low quality experience and little integration with other information tools;

47 Cisco Unity Connection - http://www.cisco.com/c/en/us/products/unified-communications/unity-connection/index.html



7 Collaboration

• Prison Healthcare - Traditionally patients have been securely escorted from prison to a healthcare provider for clinical assessment, diagnosis and treatment of their condition at significant cost and risk.

• Care Homes - Referrals from Care and Residential Homes can cause a significant degree of stress for patients. This can be mitigated with remote care solutions supporting high quality video calls;

• Medical Education - Video solutions deployed into lecture theatres, seminar rooms, clinical simulation centres and operating theatres enable new ways of learning for health and care professionals;

• TeleHealth and TeleCare – patients can live independently whilst pressure is released from overburdened healthcare facilities. Many programmes and pilots are in existence across the country and video technology plays a significant role in many of them.

Each use case will determine the endpoints used, but by consolidating voice and video onto a single call control platform, video becomes as simple as making a telephone call. Furthermore, the reach of video can be expanded to include all devices from the smartphone to an immersive room system.

7.4.1 Extending the Life and Value of Video

With the benefits of video technology well understood, it’s also worth considering how the lifetime and value of video can be extended. Video doesn’t only improve the live meeting experience it also provides a simple, effective way to engage people after the event as well. The value of video is best understood by considering three different stages:

• Capture video content using any device, including smartphones, tablets, and desktops as well as Cisco TelePresence48 systems and other equipment;

• Transform the video content for live streaming and optimised viewing on different devices, from mobile devices and PCs to large, high-definition displays in conference rooms or lecture halls;

• Share the video content with people anywhere in the world, in real time or on demand.

There are many varied applications for this technology where:

• Executives can deliver a real-time update to all employees, and make it available as video-on-demand for those who miss the live event;

• Team members can record a Cisco TelePresence meeting to share later with people who cannot attend;

• Trainers or teaching staff can create videos to supplement or replace in-person training for staff or patients and hence build up a library of valuable content;

• Video can be relayed direct to a Post Graduate Medical School.

It’s therefore important that a comprehensive video strategy includes not only live, transactional uses of video, but also how content can be recorded, delivered and archived for future use.

7.5 Collaboration Edge

There is a wide-ranging need for collaboration across health and care communities. By leveraging N3 and the Internet, realisation of these goals has increased significantly over the past few years and connectivity has become a fundamental requirement for conducting day-to-day activities.

Cisco Collaboration Edge49 enables health and care organisations to build multi-service solutions offering connectivity to outside users through highly secure, encrypted firewall traversal and connectivity to the PSTN. It supports a variety of use cases:

• Mobile and teleworker collaboration: Jabber users can collaborate on any supported device with no VPN client required;

48 Cisco Telepresence – http://www.cisco.com/go/telepresence49 Cisco Collaboration Edge - http://www.cisco.com/c/en/us/solutions/collaboration/collaboration-edge-architecture/index.html



7 Collaboration

• Business-to-business and business-to-consumer collaboration: Revolutionise interactions with other partner organisations and service users through browser and mobile-based collaboration;

• PSTN and IP based PSTN connectivity: Communicate with anyone using service provider time-division multiplexing (TDM) or Session Initiation Protocol (SIP) trunking;

• Intra-enterprise connectivity: Help users on legacy PBXs, IP PBXs, and third-party devices to collaborate;

• Cloud Fusion50: Connect to the cloud for benefits such as Cisco WebEx and Cisco TelePresence technologies together.

Figure 7.4 ‘Cisco Collaboration Edge’

With Collaboration Edge any device on CUCM can be reached over the Internet by dialling the assigned alphanumeric SIP Uniform Resource Indicator (URI), or the required directory number (DN) using <DN>@domain. For example, a Cisco Jabber user might have a SIP URI set to [email protected] and an extension number of 1234. If someone dials [email protected] or [email protected] from an external location on the Internet, Alice would receive the call on her Cisco Jabber client and all devices that share the same number. This means that standards based video can be rapidly rolled out to users within an organisation by simply building on the existing IP telephony platform.

Where partner organisations do not have standards based video available, it is still possible to offer a video solution using Cisco Jabber Guest51 allowing video calls to be made into an organisation using a Smartphone or Web Browser. This video call can be integrated into the organisation’s website, and does not require the caller to sign up or log in. The service could then be extended to support patients with a link embedded in an email, valid only for the duration of the appointment. When the patient clicks the link the video call is started from within the browser, with no additional log in required. Signed certificates ensure the organisation has complete control of call encryption.

7.6 Enhanced Collaboration Services

Poor user experience can quickly determine the success or failure of any technology. For example, users will quickly lose attention in a web conference where the user cannot clearly see or hear what is being discussed, or is unable to read a shared document. This leads to a loss of productivity in the short term, but even worse may be a complete loss of faith in the technology which is hard to restore.

50 Cisco Cloud Fusion - http://www.cisco.com/c/en/us/solutions/collaboration/cloud-collaboration/index.html51 Cisco Jabber Guest - http://www.cisco.com/c/en/us/products/unified-communications/jabber-guest/index.html



7 Collaboration

This is one reason why consumer-grade, or pure Internet-based, approaches are not sufficiently robust for enterprise-class collaboration. The public Internet is notoriously unpredictable and difficult to control. Traffic congestion, lost packets, dropped connections and security holes are commonplace. A best-effort service may be acceptable for casual conversation but can’t offer the predictability, security or quality of experience required in health and care.

7.6.1 Collaborative Virtual Meetings

Collaborative meeting tools such as Cisco Webex combine multiple access methods and media sharing into a single system. This single system offers users the ability to join from the device of their choice, in the location of their choice, using their method of choice. A single meeting might include:

• A group of Oncology staff in a traditional Cisco TelePresence (or video conferencing) room; • A similar group from a neighbouring Trust using a non-Cisco, standards based TelePresence

system; • A specialist in a consulting room on a desk based TelePresence unit; • A nurse from home on a PC or tablet device using web-based technology; • A social worker using a third party client on their PC in a council building.

The experience for all these participants should be uniformly rich and easy to use. Video quality should be High Definition (HD) to ensure that individuals are recognisable and that their expressions and moods can be understood by all. Audio quality should be rich enough for all to understand complex language without repetition or error. It should be possible for any participant to share digital content and for it to be viewed clearly by all other participants regardless of their connection method or device.

7.6.2 Enterprise Messaging

Traditional messaging tools such as email can be inflexible and cluttered leading to some instances where teams resort to consumer grade messaging tools. While these tools might enable communication, they lack the basic enterprise pre-requisites such as reliability and security.

Enterprise Messaging is a new category of communication that meets the needs of highly mobile, dynamic virtual teams that might exist across organisational boundaries. Security is obviously a key cornerstone of any such system and the expectation is that integration with the organisation’s Active Directory system is standard, ensuring integrated sign-on authentication and simple directory look-ups. Support of end-to-end content encryption, and in-transit and media encryption is also required to ensure user confidence that conversations are only shared with team members.

Cisco Spark52 is an Enterprise Messaging application designed to empower virtual teams to work together regardless of location and device. Teams are organised in Rooms with secure, persistent communication that allows new members to quickly get up to speed on the project or conversation. Content can easily be shared including documents, pictures or videos along with the ability to escalate into a high definition video enabled collaboration session for important discussions to take place in real-time.

7.7 Mobility

The transition from the corporate desktop to a mobile, social, visual and virtual workspace is having a profound effect on the way we work. This presents new challenges in supporting mobile workers and ensuring they’re always available and productive. The mobile worker needs access to all the communication and collaboration tools they have at their desk and this demands that solutions are device and Operating System agnostic. As such it becomes increasingly important that feature parity and a familiar user experience is offered across all device types – and locations – to ease user understanding and adoption. The collaboration experience should therefore be seamless as the user transitions from desk to meeting room and mobile with the following considerations:

52 Cisco Spark - http://www.webex.com/ciscospark/



7 Collaboration

• User availability based on true availability not just based on what devices they’re using or their location;

• Telephone or video calls delivered to all user devices, in-call features (such as call hold or transfer) available on all devices and the ability to move active calls between devices;

• Telephony features such as hunt groups available across all devices; • Access to virtual meeting tools without feature loss across all devices; • Synchronised message conversations and message state (read/unread) across all devices.

Users should also expect the collaboration system to optimise their experience based on their use of a smartphone, or their proximity to a high quality video based system. Examples here might include:

• Integrated user experience between a smartphone and a deskphone. A user might dial a number from their smartphone using their deskphone. Alternatively, having taken a call on a smartphone, utilise the superior audio qualities of the deskphone;

• Telepresence content delivery to a smartphone or tablet device. When in a TelePresence call any content shared will be delivered wirelessly to a user’s mobile device for local viewing;

• Highest quality device selection. Where appropriate, any user receiving a video call whilst in close proximity to a high quality TelePresence unit will automatically use that device without the user logging in or personalising the unit.

Delivering a quality mobile user experience begins with the transport layer. Connectivity must be easy, support seamless roaming and ensuring traffic is prioritised or optimised based on policy. Thereafter a rich, consistent communications and collaboration service should be offered with 3rd party integration – all secured end-to-end.

7.8 Service User and Public Contact

Whilst the technology at the heart of the modern day contact centre has been around for some time it is only recently that health and care organisations have really started to implement a true omni-channel contact centre53 strategy ensuring citizens and patients can communicate in the format suits them (social, email, web chat, video etc.) and in a format that reduces the effort required by both the caller and the call handlers within the contact centre itself.

Figure 7.5 ‘Omni Channel Customer Collaboration’

53 Cisco Contact Centre Solutions - http://www.cisco.com/c/en/us/products/customer-collaboration/product-listing.html#ContactCenterSolutions



7 Collaboration

Reducing the effort required by those needing to make contact reduces operational costs, increases the efficiency of the contact centre and the call handlers, and provides an enhanced service.

Cisco’s Contact Centre54 technology is highly flexible, facilitates the management of the full omnichannel experience and is open to integration with third parties. This includes offering Cisco approved complementary solutions via our authorised Solution+ partner network such as report analytics, work force management and voice and video call recording partners.

7.9 Application integration

The value of collaboration tools can be increased by integrating with, or embedding them into, other applications including patient management systems, imaging systems and patient portals. Sample workflows include:

• Patient contact – when a patient rings the GP surgery their phone number is recognised and their record is brought to the receptionist’s attention, without the need for a manual search.

• Care team contact – a nurse viewing a patient record may see a list of care team professionals responsible for the patient. Alongside the names, it is possible to present real-time availability along with a contact card. This allows a simple click to start a communication without the need to know the care team member’s number, email or IM address.

• Chronic Care Portal – a patient using an NHS provided, web based care portal might want to speak to a member of their care team. They can request a video consultation and then attend within a standard internet browser. No other application is required and as the call is standards based, it can be answered on any compliant video device.

• Automatic collaboration assisted calls – a doctor makes a telephone call to a patient to discuss a condition or results. Because the doctor is logged onto their PC and the patient is using a smartphone, a collaboration session is automatically established so that when the doctor needs to share some reference material with the patient, it can be as simple as a single mouse click.

Application integration can be achieved using a number of methods but is easiest when open standards are adhered to or APIs are published. When published in respect of the communications systems, middleware may be required to enable integration between APIs.

Cisco DevNet55 is a resource to help customers and partners gain information around Cisco APIs and our development tools and other resources such as events and discussion forums.

7.10 Delivery Models

The traditional model of building, owning and maintaining everything on premise provides a certain level of security and assurance based on the ability to control the environment. However, challenges include system updates for new features and bug fixes as well as scaling the system to meet the growth demanded by the users at a pace that will largely be unpredictable.

Cloud based solutions provided by service providers release health and care organisations to focus on their key business goals and consume the service in a way that best suits. The cost model is often on a pay-on-demand basis and therefore doesn’t involve any large up-front costs. Volume discount is common so that as the system scales to meet user demands, the price per user decreases making it a more attractive proposition. Scalability and ongoing maintenance is simply a part of the SLA (Service Level Agreement) and is therefore inclusive within the service costs.

Sometimes within a total solution set it makes sense to combine both On-Premise and Cloud based offerings to create a Hybrid solution. Cisco calls this Cloud Fusion. In Acute Trusts for example it’s common to see the telephony platform delivered on-premise due to its importance in running the hospital whilst the collaboration conferencing services are hosted in the cloud to meet the variable demands and feature support.

54 Cisco Contact Centre Solutions - http://www.cisco.com/c/en/us/products/customer-collaboration/unified-contact-center-enterprise/index.html55 Cisco DevNet - https://developer.cisco.com



7 Collaboration

7.11 Interoperability

We believe Cisco’s open architecture supports all relevant industry-standard protocols, codecs and interfaces. We also believe that it currently allows for the widest compatibility with existing estate, while featuring state-of-the-art innovations that add significant value.

Broad Codec Support - Cisco supports multiple media-compression standards and codecs as built-in features rather than as add-on modules. Automatic transcoding and rate-matching capabilities help ensure the high quality presentation for the device or application.

Dual-Protocol Support - Cisco offers a dual-protocol presence platform. It incorporates both SIP/SIMPLE and Extensible Messaging and Presence Protocol (XMPP), allowing users to see aggregated availability information across endpoints. This results in Cisco presence solutions being interoperable with other presence systems such as Microsoft Skype for Business (formerly known as Lync), IBM Lotus Sametime and Google Talk. Third-party XMPP clients can register directly to the server.

Signalling Support - Signalling protocols enable interactive sessions such as Instant Messaging conversations or telephony/video calls to be established between endpoints. Cisco supports many different standards-based signalling protocols and interoperability between those protocols.

Endpoint Support – Where third party endpoints are used to support migration projects or customer specific requirements, Cisco provides support for both certified and open standards-based SIP endpoints.

Microsoft Interoperability: Cisco addresses the need to interoperate with Microsoft Office suite, including Microsoft Skype for Business (SFB) Client, with support for the following scenarios:

• Jabber Client services access throughout the Microsoft Office Suite - ensuring that MS Office users can view other users’ presence availability and initiate communications within their Cisco Jabber client;

• SFB call interoperability – enabling Cisco registered, standards-based video endpoints to communicate with SFB clients supporting HD video and the ability for either party to share content within the call;

• SFB Conferencing interoperability – enabling SFB clients to join TelePresence conferences alongside other SFB clients and standards-based video endpoints, helping to enable all participants to enjoy the same high quality experience. Any member of the conference can share content for others to view. The interoperability gateway helps to ensure the correct formatting for each participant;

• Instant Messaging interoperability and federation – is supported for both inter & intra domain federation scenarios using either SIP/SIMPLE or XMPP protocols with Microsoft SFB systems;

• CUCILYNC (Cisco Unified Communications Integration for Microsoft LYNC [now SFB]) - Extends the presence and IM capabilities of SFB by providing access to a broad set of Cisco Unified Communications capabilities, including softphone, standards-based HD video, unified messaging, audio and video conferencing, desk-phone control and phone presence;

• NHSMail2 Interoperability – At the time of this document release NHSMail2 mail services were being launched. It is understood that the solution will be built on a Microsoft Exchange based architecture, therefore our Microsoft interoperability solutions should be considered. Please consult your account team for the latest information.

Note: the interoperability statements described above are presented as correct at the time of writing.

Microsoft, Office, Exchange, Lync and Skype for Business (SFB) are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

IBM and Lotus Sametime are either registered trademarks or trademarks of International Business Machines Corporation in the United States and/or other countries.

Google and Google Talk are either registered trademarks or trademarks of Google Inc. in the United States and/or other countries.



7 Collaboration

7.12 Reference Design

This chapter has demonstrated the increasing breadth of collaboration solutions and their associated capabilities. There is a multitude of health and care use cases that can be transformed by the use of collaboration tools and further information can be found in our publication ‘Digital Technology at the Heart of the NHS’56. Our belief is that good planning can reveal benefits to operational efficiency and service delivery through the deployment of a single collaboration platform – one that can be re-exploited as business need arises.

Figure 7.6 ‘Cisco Collaboration Overlay’

Figure 7.6 shows a collaboration overlay in a campus environment. It demonstrates the underlying dependency on infrastructure and the functionality that must be provisioned. The diagram also shows the positioning of key components and flexible deployment options whether Cloud provided or on premise.

56 ‘Digital Technology at the Heart of the NHS’ – http://www.cisco.com/uk/healthcare



8 Application Interoperability

8. Application Interoperability

Perhaps the biggest occupier of time for IT leaders in healthcare is interoperability between applications. Most patient information is stored in disparate systems across the health and care community and many of these systems do not interoperate. As a result any practitioner may have difficulty obtaining complete information about a patient. Or, a practitioner may repeat tests and procedures because he or she does not have prior information about the patient. In addition to these quality challenges, are those posed by manual paperwork processes, which are expensive to both patients and practitioners. Creating interoperability among healthcare systems to seamlessly and easily exchange information in near real time is therefore critical to making meaningful improvements in healthcare delivery.

In recent years a new model for interoperability has emerged and is gaining in popularity. A record of care is created based on a patient-centric rather than an application-centric view. In this way, healthcare information can be “pushed” to virtually any device, anytime, anywhere over a secure and flexible network in much the same way as information is pushed to consumers online. Each of these levels requires secure connectivity and standards-based data access. This type of operating model enables practitioners to access all relevant information to make the best decisions related to their patients’ care.

Cisco’s Medical Data Exchange Solution (MDES)57 enables healthcare providers to use the network as a platform to view, access or record patient data. It provides network-based services, extracting relevant data from disparate systems; translating information into a common, usable format; and delivering the right data at the right time to the right users.

Cisco MDES is based on the internationally recognised Integrating the Healthcare Enterprise (IHE)58 framework, which utilises clinical data, imaging and medication standards, removing the boundaries of interoperability among key stakeholders within the healthcare ecosystem. MDES verifies and validates the identity of patients for whom data is being exchanged. Furthermore, the solution can present information through a web-based portal, providing services for viewing, accessing, or transacting services to align with patients’ needs.

Figure 8.1 ‘Cisco Medical Data Exchange Solution

The solution is appliance based and can run on either a module inside a router, or for larger environments Cisco UCS may be used for greater scalability. This approach allows MDES environments to scale from very small deployments to much larger hierarchical models that can expand to regional, national and international levels.

57 Cisco MDES – http://www.cisco.com/go/mdes58 Integrating the Healthcare Enterprise – http://www.ihe.net



9 The Built Environment

9. The Built Environment

The last few years have seen many estates rationalisation programmes across the UK Public Sector. These have been enabled primarily by the adoption of new models of care, and in some cases agile working strategies. However, sometimes things do not go as planned and despite the reduction in floor space, staff may continue to work in traditional ways hence exacerbating the problem.

It’s therefore important to consider the implications of estates planning from a perspective of cultural change and working practices (i.e. process). The community hub programmes that are becoming popular in distributed healthcare (e.g. in Community and Mental Health organisations) are good examples where collaboration and mobility technologies can be used to support agile working. This might include ‘hot desking’ approaches and ensuring that telephony and associated tools offer a consistent look and feel, regardless of location. However, measures should be put in place to support staff as they embrace new working practices and technology.

Further to this, facilities management has become the next phase of convergence. For example, the network connection of building management systems has enabled estates managers to control the built environment from a central location and rapidly invoke policy changes. Meanwhile, physical security systems such as access control and surveillance are also being connected to the IP network allowing centralised monitoring and more agile response systems.

Future developments will see the convergence of building systems themselves, including lighting with centralised control and the ability to change lighting patterns according to the use case – of great potential value in health and care.

Cisco offers a range of Connected Safety and Security59 solutions including physical access control and IP video surveillance, with a specific focus on healthcare organisations60. 9.1 Sustainability and Energy Management

Over recent years sustainability has perhaps taken a back seat to global financial challenges. However, the Carbon Reduction Committment (CRC) and the need to report on sustainability as part of the annual NHS financial reporting process, have led to increasing focus on the environmental impact that organisations have. Happily, a strategy to improve sustainability often results in incremental financial savings as well.

IT as an Energy Consumer: Continuing research and development has seen product efficiency improve dramatically. Enhancements such as improved power supply efficiency and “idle slot power optimisation” (where unused elements of the infrastructure are automatically powered down until required) ensures that each component of the infrastructure is optimised for energy savings.

There are also some specific areas worthy of mention such as the Data Centre, traditionally a significant consumer of energy. For example the consolidation of traffic onto a single infrastructure reduces the total number of interfaces and hence equipment, while higher performance interfaces have been introduced, but with a lower power requirement. As well as a reduced Data Centre footprint, design principles such as front to back airflow improve efficiencies, the collective effect being a reduced need for cooling.

Saving Time, Cost and Carbon: One of the areas that technology can positively impact on sustainability is the reduction of wasted time, cost and carbon associated with travel. NHS and Social Care organisations have very mobile workers such as Community Teams and Outreach services, while inter-organisation business meetings and MDT meetings are becoming more common.

Video and collaboration solutions provide an ideal platform to enable health and care professionals to work across boundaries or distance. With an underpinning and feature rich infrastructure supporting business class video, coupled with collaboration platforms such as Cisco’s Webex61, NHS organisations can reduce the need to travel for face to face meetings.

59 Cisco Connected Safety and Security - http://www.cisco.com/c/en/us/products/physical-security/product-listing.html60 Cisco Video Surveillance for Hospitals - http://www.cisco.com/web/solutions/healthcaresecurity/healthcare_physical_security.html61 Cisco Webex – http://www.cisco.com/go/webex



9 The Built Environment

Managing Power with Cisco Energy Management Suite62: Cisco Energy Management Suite is a network based intelligent power management solution that is able to give specific recommendations for optimising energy usage. It has active power management capabilities to help reduce overall energy costs, with tools available to calculate return on investment (ROI), identify best practices for energy management and to run reports.

The solution is policy driven, defined to control which devices are powered and when. For example, some network attached devices could be powered off completely in office spaces with no user impact, while the same solution can power other devices continually as dictated by operational need.

The added benefit of this suite is that it is completely “agentless” meaning there are no requirements for a software agent on the endpoints. There are no hardware meters and there are no network changes required thus making it an easy to deploy, non-disruptive and powerful tool.

Figure 9.1 ‘Cisco Energy Management’

The suite includes specific components for the Data Centre and Distributed Offices. There is also a subscription based optimisation offering, while the solution may also be delivered ‘as a Service’ from the Cloud.

62 Cisco Energy Management Suite - http://www.cisco.com/c/en/us/products/switches/energy-management-technology/index.html



10 Simplifying Software

10. Simplifying Software

A common challenge for IT staff is understanding the variety of software options associated with numerous products in any given solution. Cisco has responded to this challenge by introducing a new software licensing offer known as ‘Cisco One’63.

The objective is to make the purchasing of software a simple task across Data Centre and Enterprise Networks. Where IT staff would traditionally need to determine the appropriate software configuration for the features required, ‘Cisco One’ allows the purchase of a single software product. It also offers a range of complementary software licences for purchased hardware, hence simplifying both purchasing and upgrade processes.

Another key benefit is investment protection as the licences are portable to the next generation of applicable devices.

The ‘Cisco One’ offers include:

• Cisco One for Data Centre: helps to improve visibility across physical and virtual networks with portable workloads. Deploy new services with converged compute, storage and networking.

• Cisco One for WAN: helps to improve application performance across the WAN and supports automated deployment. There are also options to extend in to the collaboration domain across the WAN.

• Cisco One for Access: supports the management of the switching infrastructure as a single component. This includes campus and branch office switches as well as Wireless Access Points, Identity Services Engine, Mobility Services Engine and Prime Infrastructure.

• Cisco One Advanced Security: includes a robust set of threat-centric capabilities and simplified management.

The combination of simplified software licensing and cross-platform support improves response times in terms of business and clinical need – as well as improving operational efficiency of digital technology.

63 Cisco One - http://www.cisco.com/c/en/us/products/software/one-software/index.html



11 Exploring New Delivery Models

11. Exploring New Delivery Models

One of today’s principal concerns for NHS IT leaders in England is succession planning beyond the contract end date of N3, the current national network. Perhaps undervalued, N3 has offered robust national infrastructure with a range of overlaid value-added services including voice and video. In addition, many NHS organisations are part of Community of Interest Networks (CoINs), either associated with N3 or otherwise.

Looking forward, much will depend on the outcome of the Health and Social Care Network (HSCN) programme, however it is anticipated that a single monolithic network environment is unlikely to be repeated. Hence, every English NHS organisation should be embarking on an options appraisal for succession to ensure business continuity.

National approaches such as the Scottish WAN (SWAN) and the Welsh Public Sector Broadband Aggregation (PSBA) programmes are contracted for some years to come; however it is of course prudent to be mindful of the global trends towards health and Social Care integration and new service delivery models, hence understanding what implications that may have on local, regional and national infrastructure.

One option is a move towards the building of health and care communities, mapping against the devolution and integration programmes in England – and of course already in existence with the Health Boards of Scotland and Wales. We recommend IT stakeholders reference the ‘Whole System Approach’ logical view in section 4 of the accompanying Business Document of this blueprint. The implications of such an approach would lead to hosted or shared services for economies of scale and a much more collaborative environment for health and care organisations.

Options to self-build such solutions are always possible with the right skills available and adequate support arrangements in place. However, Public Sector organisations in general are becoming more accepting of Cloud provided services where performance and security concerns have been addressed. That said there are still many valid questions to be considered or to be asked of suppliers, including:

• Suitability for each use case; • Storage arrangements including lifecycle management; • Management models; • Retention and deletion; • Secure access from anywhere, any device; • Information Governance; • Citizen and patient sentiment.

This is not an exhaustive list but should serve as a starting point in such discussions.

Most users of Cloud services are likely to embark on some kind of hybrid arrangement. Cisco’s InterCloud fabric means that providers can now offer highly secure hybrid Clouds that extend the customer DataCentre out into the public Cloud. This includes on demand capability with consistent network and security policy.

Again, organisations must decide which services they will retain on premise – for example, some may consider using the Cloud for non-clinical purposes initially while building confidence, both for themselves and the public at large.Each organisation and indeed community must make their own informed choice based on local and regional need, as well as local supplier capabilities. At Cisco, we would be very happy to work with customers in assessing their options.



11 How Cisco Can Help

12. How Cisco Can Help

Cisco is one of the largest global suppliers of information technology products and services. It has been repeatedly recognised for its substantial annual investment in acquisitions and research and development.

We have been at the forefront of technology innovation for many years. Our technology powers the Internet and, we believe it can “change the way we work, live, play and learn”. We have deployed an extensive range of digital services that demonstrates this.

At the heart of our success has been the business exploitation of interoperable Internet Protocol (IP) technologies by organisations of all shapes and sizes. We invest heavily each year in the development of standards, and in interoperability testing, to ensure that technology can continue to be built with the function, features and performance demanded by new generations of users.

Cisco has a dedicated team supporting our UK health and care customers. They offer a comprehensive set of industry knowledge, and are able to position Cisco’s extensive portfolio of products and services to best meet customer needs.

If you would like to further a discussion regarding digital strategy and its application in a health and care setting, please refer to Appendix A to find your nearest Cisco representative.



Appendix A Contacts

Mike Badham UK Healthcare Solutions Architect 020 8824 4138

Terry Espiner UK Healthcare Client Director 0161 249 5793

Will Owen UK Healthcare South – Regional Manager 020 8824 8305

John Shaw Scotland 01698 73 1305

David Park North West 0161 249 5747

John Conlon North East 0161 249 5737

Andy Green East Midlands 020 8824 8420

Gary Eke West Midlands & Wales 0161 249 5716

Gary Luttman South East and East 020 8824 0346

Terry Robinson London 020 8824 8063

Andrew Walker London 020 8824 6655

Graham Small South West & South Central 020 8824 0296

Alexandra Staneva Central Accounts 020 8824 4702

Web: http://www.cisco.com/uk/healthcareLinkedIn: https://www.linkedin.com/groups/7451637E-mail: [email protected]

UK Healthcare Primary Contacts (January 2016)

Americas HeadquartersCisco Systems Inc.San Jose, CA

Asia Pacific HeadquartersCisco Systems (USA) Pte. Ltd.Singapore

Europe HeadquartersCisco Systems InternationalThe Netherlands

Cisco has more than 200 offices worldwide. Addresses, phone numbers and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks go to this URL: www.cisco.com/go/trademarks. Thirs party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco public.

Cisco Network Architecture Blueprint (C-NAB)Version 3

Scan for the online version of this document(and it’s companion document: Landscape, Requirements and Digitisation)

Documents

Digital Strategy for Connected Health and Care - Part 2