SD-WAN - Leading a Wave of Network Innovation for Healthcare Organizations

Kristan Kline, Global Network , Strategy and Operations Leader, Kaiser PermanenteAn IT executive and thought leader with more than twenty five years of diverse IT experience and a record of delivering increased business efficiency and value through strategic deployment of technology.

Kaiser Permanente’s journey into Software Defined Wide Area Networking(SD-WAN) started a few years ago to further improve our network resiliency and availability. With eight regions across the country that cover 12.2 million members, 689 medical offices, 39 hospitals, and several modes of remote care delivery, a well connected network is vital to our enterprise. If the WAN were to be degraded or go down, our clinical workflows would be negatively impacted. We would not be able to access electronic medical records(EMRs), pharmacy orders, and a multitude of other critical applications. At many of our facilities, especially inrural areas, there may only bea single network provider’s central office, wiring center, or physical network entry into our buildings. Even though we utilized dual circuits in those facilities, failures at any of the single points would have taken both circuits down and imposed a negative effect on the site’s care delivery capability. Trying to use traditional routers with diverse transport types (e.g. MPLS, Internet, cellular) on the same equipment is very complicated and not scalable. We had to find a better way.

SD-WAN demonstrated itself to be the best approach for us to improve our network resiliency because of twokey features: software defined overlay technology and network transport flexibility. We could use any network transport type as the underlay and drive the solution from a centralized policy management platform. SD-WAN provides real-time telemetry on all the available links to automatically select and switch to the best performing one. Gone are the days of manual route fail overs and hold down timers to switch traffic between links. The software now automatically and reliably shifts traffic as needed without impacting active sessions. Additionally, SD-WAN architecture is scalable and can be right-sized to work at our smallest clinics all the way up to our largest
hospitals. And finally, we can continue to add different transport types like fixed wireless 5G when they become available .Kaiser Permanente selected an SD-WAN technology that quickly proved itself as the right solution to further improve our technology resiliency.

SD-WAN provides real-time telemetry on all the available links to automatically select and switch to the best performing one

Enabling Additional Value - Security and Cloud Enablement
Besides the advances in resiliency and availability, SD-WAN uses an overlay network based on IPSec encryption to provide greater intransit protection across all transport types. It also offers the ability to segment traffic virtually within those encrypted overlays. These two capabilities together provide multitenancy services that Kaiser Permanente needs to differentiate traffic types across our network. We can, as needed, define a virtual network to provide segmentation and deploy it as a new policy. Kaiser Permanente will be leveraging this capability to provide services to our new Kaiser Permanente School of Medicine as well as traffic separation for the many developing IoT deployments.

As with most healthcare organizations, Kaiser Permanente utilizes multiple cloud services (e.g. Private, Hybrid, Public) and cloud providers as an integral part of its infrastructure. Our core network leverages performance hubs at co-location sites where our backbone network and security infrastructures are placed. SD-WAN is a vital part of this performance hub architecture and provides a direct connect from the edge sites to the required destinations in the core or the cloud. Also, at our edge sites through SD-WAN, we aredeploying the capability to directly and efficiently offload certain traffic types securely to the Internet. As Kaiser Permanente continues to take advantage of cloud computing technology,our SD-WAN solution is positioned to ensure the right network connectivity
and security.

Looking to the Future Virtualization
Virtualization, or the abstraction of software from the underlying hardware resources, is now making its way into the network just as it did with servers several years ago. Buying separate dedicated appliances for routing, security, and network edge services is rapidly becoming obsolete. SD-WAN can be purchased as a software instance and put on our choice of general compute platforms. These platforms, if sized properly, can host several different software instances simultaneously like network, firewall,WAN optimization, and many others in an overall capability called Network Functions Virtualization(NFV). Leveraging SD-WAN and the solution’s policy management.