Cisco Medical-Grade Network

Providing Foundational Architectures for Healthcare

Cisco Medical-Grade Network Cisco Smart+Connected Health Solution Portfolios
The Cisco Medical-Grade Network (MGN) provides the network foundation
®

and architectures that enable advanced clinical applications and biomedical

devices to operate in a protected, interactive, resilient, and responsive
environment. These characteristics are detailed within the MGN Cisco Connected Imaging Solutions
architecture, which is based on the best practices of a robust healthcare Solutions that optimize imaging workflow and image access
environment.

Cisco’s Medical-Grade Network provides an end-to-end framework for Cisco Care-at-a-Distance Solutions
the healthcare industry and allows integration and interoperability at each Solutions that offer face-to-face communication unbounded by
functional area to optimize interactions among healthcare participants,
processes, applications, and hardware components. This includes areas
distance, physical location, or setting
such as Acute Care campus networks, ambulatory clinics, remote clinicians,
and data centers. Cisco Clinical Workflow Solutions
Within the Cisco MGN, diverse business and clinical communications are Solutions that streamline workflows and improve communication
facilitated and integrated throughout the continuum of care. The Cisco among clinicians
MGN supports:

• Communication needs for clinicians, patients, administrators, Cisco Healthcare Technology Foundations
and partners End-to-end healthcare IT infrastructure solutions that provide
• Healthcare regulatory requirements for patient privacy and data security the technology foundations to enable security, reliability, and
• Healthcare’s unique information, technology, bandwidth, and integration regulatory compliance
challenges
• Anytime, anywhere information capture and access for wired and wireless
applications and devices Cisco Smart Healthcare Facility Solutions
• Converged data, voice, and video networks enhancing patient care Services that enable hospitals to reduce the capital and
and collaboration operating expenses of healthcare facilities
• Identity- and policy-based security from inside the network to beyond
organizational walls
• Transfer and storage of large amounts of data created by healthcare www.cisco.com/go/mgnfoundation
applications
www.cisco.com/go/mgnfdz

Resilient Protected Interactive Responsive

Single points of failure are eliminated and rapid convergence architectures and technologies In order to secure Protected Health Information (PHI) and other patient confidential information, Through the use of Cisco technologies, clinicians, physicians, payers, and patients are able to The network needs the flexibility to quickly respond to changing demands. These demands
are used throughout the network. Advanced technologies are used to maximize uptime for the Cisco Security Framework provides an industry-proven architecture. This provides the interact with the healthcare network. Utilizing wired and wireless technologies, the Internet, and range from regulatory requirements and security to new clinical systems and devices. The Cisco
mission-critical applications such as Electronic Health Records (EHRs), Picture Archiving and foundation for meeting global healthcare security specification such as HIPAA, PCI, PIPEDA, remote access solutions, authorized individuals are able to access critical clinical information. MGN is elastic in its ability to respond to the needs for increased bandwidth, quality of service,
Communications Systems (PACS), and biomedical devices. 95/46/EC, HITRUST, and Red Flags Rule. Patients are able to interact with their care providers, resulting in an enhanced patient care model. security, and regulatory compliance.

Acute Care Campus Environment Data Center Cisco Data Center Solutions Ambulatory Care Ambulatory Care
Cisco data center solutions provide the connectivity to physical and virtualized data center resources Ambulatory Care facilities include doctors’ offices and large specialty
including EHR and PACS servers, blade servers, virtualized machines, and SAN/NAS environments. clinics. In smaller facilities a single Integrated Services Router can
Protected Access Layer Distribution/Aggregation Layer Core The infrastructure supporting these services includes application servers, storage media, routers, provide all of the network services. The Cisco Medical-Grade Network
Secure and Automated Device Access The access layer provides the intelligent demarcation The distribution layer acts as a services and control The campus core is the network infrastructure that provides access switches, load balancers, and application acceleration devices. will provide comparable services to those provided in a larger facility.
Biomedical and IT devices are dynamically between the network infrastructure and the computing boundary between the access layer and the network to network communication services and resources to end users Core
identified and the network automatically devices. It provides a security, QoS, and policy trust bound- core. It protects the core from high-density peering and and devices spread over a single geographic location. Its architec-
provisioned for the proper medical network. ary and is a key element in enabling multiple services. provides policy services for traffic flows within the access- tural design promotes non-blocking, rapid convergence, and ultra Resilient
Unauthorized devices are denied access and distribution block. high non-stop availability. Resilient Portable
Survivable Remote Site Telephony (SRST) provides local telephony
Ultrasound Clinical
are reported back to a central management The distribution layer uses Layer 3 switching for its The core is the cornerstone of the entire campus network, providing The data center is designed for high resiliency through use of redundant pairs of switches and Workstation services in the event that connectivity to the centralized Cisco Unified
7925G
system. connectivity to the core of the network and either Layer 2 connectivity between end users and data. modules. Single points of failure are eliminated for software and hardware within the data center. Computing System fails.
Aggregation
Cisco Network Admission Control (NAC) or Layer 3 services for its connectivity to the access layer. Interactive Responsive
performs posture assessment and checks Access Network services contained within the distribution layer ACE Voice, Video, Data Servers TelePresence /
Cisco WAAS
HealthPresence
PC and workstation antivirus and software include wireless LAN controllers, network analysis, network Voice, video, and data communication servers provide the unified communications platform to enable Cisco WAAS minimizes IP protocol overhead, optimizes specific
patch levels. access controllers, and intrusion prevention appliances. clinical staff, IT users, patients, and partners to communicate more effectively. Network Analysis
ACE XML applications, and provides data compression over WAN links from the
Signature- and behavior-based antivirus solu- Gateway
Application servers host EHRs, PACS, medical device information, and clinical applications. Module clinic to the main acute care facility.
tions protect desktop and clinical workstations IP Phone
against day-zero attacks and data loss. Services Block Responsive Video Management
Interactive
Access Cisco Unified Computing System Cisco TelePresence and Cisco HealthPresence Solutions
and Storage System
Interactive TelePresence / 1G
Fiber
Channel
Cisco TelePresence and Cisco HealthPresence™ solutions allow real-time
Smart Infusion Portable Ultrasound HealthPresence The Cisco UCS platform unites compute, network, storage access and virtualization into a cohesive
Wireless/Unified Communications Pump
Distribution/Aggregation Unified
meetings between patients and doctors at different locations. The Cisco
Fabric system to reduce total cost of ownership and increase business agility. Communication
The Cisco Medical-Grade Network optimizes North Access 1 Web/Email
Manager Express HealthPresence solution captures patient physiological information and
the infrastructure to support wireless devices Multi-Node Campus Core CUCM Presence Unity Security
VMware ESX servers virtualize healthcare applications and server storage/networking. This increases
Network Analysis Server VMail Appliance
transmits the data instantaneously for immediate physician review. This
and unified communications applications. Module hardware utilization, provides more efficient use of processing, and lowers total cost of ownership. User PC with
Desktop UC Client technology is ideal for telemedicine based applications.
Wireless access is available to clinicians, Nx 10G The modular switching platform provides 10 Gigabit Ethernet and unified fabric in the data center,
Clinical
NAC Server
vCenter ESX Servers
Interactive
physicians, contractors, and patients/visitors Workstation delivering scalable, continuous operation and transport flexibility.
802.11n AP NAC
Manager
NAC
Profiler
CS-MARS ACS WLC/MSE
UCS
ISR/ISR G2 with Cisco ISR and ISR G2
through Cisco’s industry-leading, highly secure Protected Integrated Firewall,
Cisco Integrated Services Routers (ISR) and ISR Generation 2 (ISR G2)
802.11 AP and WAE
wireless architectures. South Access 1 Nx Unified Fabric Compliance, Collection, and Correlation provide a high-performance extension of the hospital’s data, video,
10G 10G
Clinicians utilize Cisco Unified Communications Nx 10G Nx Cisco Secure Access Control Server (ACS), an industry-leading AAA platform, also supports RADIUS, IP Video collaboration, and telephony environment from the hospital to the clinic,
MDS MDS
and Cisco TelePresence for consults, screen 7925G EHR PACS Medical Device NAC, and directory services enabling healthcare facilities compliance with regulatory requirements. Camera’s
allowing caregivers the same experience in the clinic as the hospital.
Central Server
sharing, and online collaboration to increase Infrastructure-based network telemetry, AAA firewall, and IPS event data is centrally collected and
Nurse Station 10G Protected
productivity and help reduce errors. 10G correlated for threat identification and mitigation.
10G Point of Sale Endpoint Security
Responsive
N

Device EHR Application Signature- and behavior-based antivirus solutions protect desktop and
x

South Access 2
10

Quality of Service Point of Sale Device

clinical workstations against day-zero attacks and data loss.
G

High-priority applications such as voice, patient CT/MR

monitoring, and various biomedical devices
are given high-priority QoS classification and
treatment throughout the network.
WAN Edge
802.11n AP
North Access 2
Protected
Secure WAN and Remote Connectivity
Remote Physicians, Payers,
Pharmacy, Backup Data Center,
Remote Clinician Remote Clinician
Cart on Wheels Wireless LAN Intrusion Prevention
WAE IPS Edge firewalls and IPS/IDS are used to meet specific regula- Cloud Computing The Medical-Grade Network provides the clinician’s home or small office with the same core
(COW) Controller(s) System Resilient Private Wan Edge tory requirements such as HIPAA, Payment Card Industry network services that are provided in larger facilities.
Medical
Admin Cart RFID Tag
High Availability Data Security Standards (PCI DDS), and HITRUST. Firewalls
Redundancy protocols (HSRP, GLBP, VRRP) and redundant uplinks provide high provide granular access control and connectivity to branch
Responsive availability and resiliency within the network. Ether Channel and/or VSS switching physician offices, practices, payers, and disaster recovery
ISR/ISR G2 with Interactive
Path Isolation fabric can be replaced or upgraded without interruption of service. Interior Gateway Intregrated Firewall data centers. Remote physicians use authenticated and Private
Patient Monitor IP Phone Cisco Virtual Office
Network virtualization through VRF, VSS, Protocol (IGP) helps ensure the highest level of resiliency during times of network encrypted access methods such as Secure Sockets Layer
convergence. Internet Wan Edge (SSL) and IP Security (IPSec) VPN. Cisco Virtual Office provides a simple, secure extension of the hospital’s data, video,
and security contexts supports the ability WAN Distribution collaboration, and telephony services to the clinician’s home or small office.
Interactive to isolate critical medical devices from Continuous Uptime Responsive
general-purpose clinical applications. Wide Area Application Services (WAAS) Public Interactive
Location-Based Services Continuous uptime features include In-Service Software Upgrade (ISSU), Non Stop Router with
IPS Unified Communications Endpoints
Resilient Forwarding (NSF), and Stateful Switch Over (SSO). These features reduce network WAE Firewall Cisco Wide Area Application Engines (WAEs) reduce the
RFID tags and location-based services allow healthcare VPN Tunnel Cisco Unified Communications phones and desktop clients provide an extension of the
High Availability downtime by allowing software upgrades to be performed while routers are active. WAN bandwidth of PACS imaging viewing, retrieval, and
providers to use the network to locate staff, patients, and ISR/ISR G2 healthcare organization’s Unified Communications infrastructure, allowing remote workers to
critical assets. In addition, biomedical teams are able The Cisco Network Analysis Module Redundant Power and Switching Fabric storage functions. WAAS uses optimized caching, transport
WAN Edge flow optimization (TFO), and compression to reduce traffic
with Integrated
Physician PC with
interface and collaborate as though they were onsite.
to monitor environmental temperatures in medication helps improve uptime by providing critical Cisco Catalyst® 6500 and 4500 Series Switches and Cisco stackable switches Firewall and
The WAN edge aggregates WAN links, which connect geographically distant bandwidth across WANs. 802.11 AP Desktop UC Client Protected
refrigerators. troubleshooting and monitoring resources have both redundant power as well as multiple redundant switching fabrics, clinics, ambulatory facilities, remote clinicians, payers, and backup data centers VPN Technologies
to the network engineering team, resulting increasing availability to Power over Ethernet (PoE), PoE Plus, and non-PoE devices. to the central data center. The WAN can be either privately owned by the facility
Resilient IP Phone
in shorter troubleshooting cycles. Enhanced Availability and Resiliency VPN technologies provide enterprise-ready encryption to remote clinicians. The Cisco Secure
or provided by a public service provider. Desktop VPN prevents protected health information from being cached locally on the remote
Hardened devices add high-availability, dual-homed links to
help ensure optimal service and network availability. device.