Managing API Contracts and OpenAPI Documents at Scale

Cisco DevNet presents at API Days Paris 2023

Year after year, this global event for API practitioners gets bigger. This year the event was held in the newly renovated CNIT Forest – a central and easy to join location in the Paris La Defense business area. Many of us were amazed by the number of talks and exhibitors showing their latest advances in API Design, API Management, and Event Driven Management gateways and the many discussions around OpenAPI, JSON-Schema, and GraphQL.

As a sponsor of API Days Paris, Cisco DevNet – Cisco’s developer program – offered a booth where we engage 100+ conversations with attendees and discussed how to build and publish robust APIs, sharing our experience driving API Quality and Security initiatives. (We also had the opportunity to meet and, for some of us, play chess with Laurent Fressinet, the two-time French Chess Champion, and ‘second assistant’ with opening preparation during Magnus Carlsen‘ World Chess Championship matches. But that’s a different story.)

The importance of API Contracts

DevNet offered 2 talks explaining the importance of API Contracts, how we are evaluating and scoring our APIs internally, and also the challenges that come with the lifecycle and management of OpenAPI documents (see resources below for recordings and slides).

We were able to show why and how a successful API-first strategy not only encourages consistent practices when designing, versioning, and documenting APIs, but also lets you look into testing and observing live traffic to ensure APIs behave as per their contract.

Schedule a live Panoptica demo

In this regard, we offered demonstrations of the latest version of Panoptica – Cisco Cloud Application Security solution – with a particular focus on API Security. If you are interested in this topic, we encourage you to schedule a live demo of Panoptica.

Source: cisco.com

Continue reading

The Next One Billion Lives

Cisco shared the news that we’ve achieved our ten-year goal to positively impact one billion lives through the Cisco Foundation, Social Impact grants, and Networking Academy – one year ahead of schedule.

As the leaders of these organizations, we’ve never been prouder of the extraordinary work of our teams and our global nonprofit partners, and the contributions of leaders and employees across our company in innovating to help solve the world’s greatest challenges.

Expanding our impact

Now, we’re exploring what’s next.  How will we continue to expand our approach – and accelerate our progress? What inspired, ambitious goals will we set? And how will we impact the next one billion lives?

These are questions worthy of the same thoughtful consideration, passion, and drive as the original ambitious goal.  Now that we’ve achieved it, we can stand on the shoulders of what we’ve learned along the way in connecting longstanding challenges with new possibilities to overcome them – pushing beyond limits – and deepening our understanding of how to create meaningful impact.

What we believed nine years ago continues to be Cisco’s guiding principle: Our ability to impact billions of lives lies in our ability to scale. We’re now expanding our areas of focus and aligning on impacting entire communities – and countries – through our Social Impact, Networking Academy, and Country Digital Acceleration programs. And we’re focusing on addressing the systemic causes of inequity and driving innovation to create lasting, generational change.

Anchoring the workforce of the future

Cisco’s Networking Academy, which now operates in 190 countries has trained more than 20.5 million students in networking and cybersecurity skills over the past 26 years.  In training thousands of learners every year, we not only empower individuals to start a rewarding new career, but also create millions of next-generation jobs and that will anchor the workforce of the future.  We know, however, that connecting the unconnected isn’t just a moral imperative; it’s economically prudent. According to a 2022 World Bank Report, raising internet connectivity to 75 percent of the population in all developing countries (from the current level of approximately 35 percent) would add up to US$2 trillion to their collective gross domestic product (GDP) and create more than 140 million jobs around the world.

By continuing to scale our impact, we’re changing the economic trajectory of communities around the world, increasing economic productivity, and fulfilling our purpose to power an inclusive future for all.

Scaling tech-enabled social impact solutions

Within our global Social Impact Grant programs, our focus on promising nonprofits and NGOs with tech-enabled solutions that we can scale is continuing to create lasting change across communities. When we bring the full measure of Cisco’s strengths to support our nonprofit partners in developing their solutions – and give them the time, space, and flexibility to test their ideas – the impact they create can be astonishing. Like the women of Living Goods, which combines game-changing technology, quality products, and vital health services to empower community health workers to deliver on-call care to their neighbors’ doorsteps. And they earn a livelihood while doing it.

Cisco was an early supporter of Living Goods’ work to leverage technology to deliver healthcare products and services at scale, in a cost-effective manner.  We were proud to partner with them to help them reach their goal of providing quality healthcare to more than 25 million people via 34,000 digitally empowered community health workers by 2021.

Sharing what we’ve learned on the journey to one billion lives

As we contemplate our next inspired goal, we’re committed to sharing more about what we’ve learned in positively impacting one billion lives and to understanding more about the challenges faced by communities around the world.  The most important words of Cisco’s purpose statement – to power an inclusive future for all may be the final two.

Source: cisco.com

Continue reading

Cisco and Nutanix Team Up in Response to Customer Demand: Another Win for Customer-Centric Innovation

In the ever-evolving landscape of IT, organizations continually seek solutions that simplify complexity, break down silos, and enhance agility. At Cisco, we’re continually tuned into the demands and requirements of our customer base, and it’s this laser focus that has led to our most recent collaborative venture. We are thrilled to announce our new integration with Nutanix, a leader in enterprise cloud computing solutions.

Listening to You: Our Driving Force

Time and time again, our commitment to delivering top-notch, efficient solutions is fueled by the needs and feedback of our customers. You spoke, and we listened. The partnership with Nutanix is a direct reflection of this two-way dialogue, a testament to our commitment to not just hear, but actively listen and respond to what you are saying.

Bridging the Gap with ACI VMM Integration

One of the key facets of this collaboration is the integration of Cisco’s Application Centric Infrastructure (ACI) Virtual Machine Manager (VMM) with Nutanix. This marriage of technologies effectively bridges domain silos between the network and server teams. Network configurations and server deployments, historically segmented tasks, can now be coordinated more efficiently, fostering a more agile and responsive infrastructure. This integration is designed to simplify operational complexities, promoting a more streamlined and efficient operational workflow.

Cisco ACI: Beyond Traditional Networking

Before we jump into the integration, let’s re-familiarize ourselves with Cisco ACI:

◉ APIC (Application Policy Infrastructure Controller): It’s not just a management tool; think of it as the brain behind the orchestration of network policies.

◉ Spine and Leaf Architecture: This ensures a swift and efficient flow of data, connecting all aspects of the data center seamlessly.

◉ Policies: The linchpin of ACI, these pre-defined functionalities ensure the network is adaptive and responsive to specific needs.

Why Nutanix?

Nutanix is a frontrunner when it comes to hyperconverged infrastructure, bringing together compute, storage, and virtualization under one roof. Their solution, which focuses on simplicity and scalability, offers an ideal playground for ACI’s capabilities. Integrating with Nutanix’s VMM functions ensures that ACI’s policy-driven approach aligns perfectly with the agility and dynamism of virtualized workloads.

The Power of Integration

Holistic Visibility: ACI’s already granular insight extends into Nutanix environments. Network administrators can track activities from the physical infrastructure up to individual VMs in the Nutanix cluster.

Elastic Networking: As virtual machines and workloads shift within the Nutanix ecosystem, ACI adapts, ensuring network policies remain consistent and effective.

Enhanced Security Posture: ACI’s renowned micro-segmentation, when combined with Nutanix’s security features, offers a formidable defense against malicious activities and breaches.

Unified Management: With APIC interfacing directly with Nutanix’s Prism management, it consolidates the administrative experience, simplifying operations.

Getting Started with ACI and Nutanix

Integration at a glance:

• Kickstart with a robust ACI environment and an operational Nutanix cluster.
• Through APIC, navigate to VM Networking, and add a VMM domain specific to Nutanix.
• Detail out the Nutanix cluster specifications and correlate with ACI’s bridge domain.
• Watch as ACI seamlessly integrates its policies with Nutanix, creating a cohesive networking environment.

Joint Commitment to Customer Success

Both Cisco and Nutanix are firmly committed to jointly supporting our customers. Our shared goal is to deliver the best infrastructure automation experience possible. By harmonizing the strengths of ACI’s policy-driven architecture with Nutanix’s prowess in hyperconverged infrastructure, we aim to offer a solution that epitomizes efficiency, simplicity, and most importantly, customer satisfaction.

In Conclusion

The integration of Cisco’s ACI with Nutanix marks a pivotal moment in data center networking. It signifies a future where the physical and virtual, the network and the application, are in perfect harmony. For enterprises looking for agility, security, and simplicity, this integration opens up new vistas of possibilities.

Source: cisco.com

Continue reading

Why CISOs and CIOs Should Work Together More Closely

Although there are overlaps in the goals and responsibilities of the CIO and the CISO, there are also challenges that get in the way of a more cohesive relationship, including reporting lines, organizational structures, budgets, and risk appetites.

If they don’t overcome these challenges, they’ll stall the technology from achieving its full potential, silos will persist, and the rifts will widen.

What’s the aim? Unite these two executive leaders under a common purpose. A panel of CIOs and CISOs identified some of the shifts that can get these two roles working better—together.

Shift #1: Identify the overlaps.

CIOs and CISOs have different jobs to do.

◉ The CISO is the cybersecurity leader who leverages compliance and regulations to protect information and stop data leakages.

◉ The CIO is the enabler of business growth and innovation who makes sure that the organization is getting the most out of the information at hand.

The overlap is their perspective on the “information” part of “information technology.” Specifically, how the CISO’s technical and cybersecurity responsibilities juxtapose the CIO’s growth mindset.

Conflict emerges when CIOs and CISOs look at the IT risks and opportunities as separate responsibilities. This doesn’t make sense to Brian Brackenborough, CISO at Channel 4, who says it is inefficient to separate the many responsibilities that CIOs and CISOs carry.

He said there is no need for separate IT teams to focus on fixing devices while another focuses on networks. Instead, there should be one team managing it across the board.

Shift #2: Overcome the tension in your reporting lines.

Consider both viewpoints of CISOs and CIOs, which is to understand the origins of tension between the roles. Some of this friction can be attributed to reporting structures: when the CISO reports directly to the CIO there is typically less friction, but with more CISOs reporting directly to the CEO with a seat at the board room table, this dynamic changes. The choice of reporting structure could be down to strategic priorities flexing between regulation and innovation phases of the business cycle.

Organizations can choose to approach this dynamic duo differently. Johnson Matthey’s CIO, Aidan Hancock, says the CISO has always reported to him, but that reporting lines can grow and spread out. His focus is making sure the CISO is fully on board with the rest of his IT leadership team.

Equality in reporting lines will be a dead end if CIOs and CISOs don’t share responsibility for risk. That’s not to say they must have identical perspectives—each leads the organization from a different vantage point—but they do need to understand and align.

Shift #3: Align on risk.

Doug Drinkwater, Director of Strategy at HotTopics, suggests that historically, the CISO will be the one to “take the hit” when it comes to risk.

At the top of any organization, the CIO and CISO must be united and share the responsibility for leading risk. Hancock’s main concern is a CISO with an independent reporting line owning risk while “the CIO delivers most of the actions that meet that risk.” His solution to this is for the leaders to find a common purpose.

Shift #4: Work together for a shared purpose.

Anuj Tewari, CISO at TMF Group, looks at collaboration between CIOs and CISOs as a key success factor. The moment they stop working together, everything becomes a challenge. The greater the disconnect, the less optimistic the partnership can be.

The budget exercise was one example where Tewari said he saw CIOs and CISOs work hand in hand. In the end, he maintains that collaboration is about creating a road map to ensure that CISOs and CIOs can secure the data and overall “crown jewel” for the organization. That means consciously overriding our human instinct to stick with our “people.”

For Brackenborough, transparency between the two roles is foundational. He gave the example of the traditional CIO and CISO conferences. An information security conference is full of CISOs and information security professionals. Brackenborough suggests they swap. This way, technology leaders will know what’s happening in each other’s camps and help the CISO and CIO overcome the feeling that they’re talking different languages.

Understanding the overlap in the roles and becoming intentional about reporting lines while aligning on risk and purpose can bring IT organizations closer together. This is ideal because technology is starting to do the same.

The convergence of technology and people

The industry is moving forward and the convergence of networking and security is giving organizations the technology to scale. This shift allows organizations to better support demand, fulfill performance requirements, and allow for deployment of new services, all while securely connecting hyper-distributed teams, places, and things.

Think about security, incident response, and detection paired with the alignment of goals, objectives, and priorities. Modern tools break down the silos between the CISO and CIO so that convergence can take place.

Resultingly, teams can start working together to push forward. CIOs and CISOs get a holistic view of what is going on in the organization they’re leading. With the right tools for the job and doing business with security in mind, there’s a lot of potential to be unlocked.

CIOs and CISOs must clarify roles, responsibilities, and reporting structures. By aligning on risk and purpose they can organize their teams to work better—together.

Source: cisco.com

Continue reading

Simplifying IT for Better Experiences

IT leaders face the challenge of managing a growing set of often disparate technologies and successfully delivering them to a wide audience of end users who demand simple experiences. However, today’s technology landscape is complex and fragmented.

Simplifying IT requires us to rethink our processes and what we mean by “experience.”

Unified experiences show us what’s possible when technologies, applications, and networks all work as one. Simplifying the end-to-end journey, which includes back-end systems and end-user experiences, comes with challenges, risks, and opportunities.

With insights from a panel of cross-sector IT leaders, we can examine what we’re simplifying and how that leads to superior experiences.

Simplify the back end

Whether driven by internal or external forces, innovation typically results in more systems and greater complexity. A closer look often reveals a patchwork of new and legacy systems that are burning through budgets, confusing customers, and squeezing profits.

A big part of this complexity stems from backward compatibility with legacy systems. It’s not so much a matter of redundant old systems taking up valuable resources, but rather maximizing value and operations efficiency across both old and new systems. This challenge lies at the heart of simplifying IT.

Graeme Howard, former CTO and CIO of Covea Insurance, points to legacy systems as a challenge for his organization’s digital transformation. “We built out a huge number of new platforms and new functionality, but we also had many legacy platforms that were far too expensive to change.”

In the process of driving customer experience, hyper-personalization, and data enrichment, legacy systems can pose a significant obstacle. Graeme encourages leaders to persevere and push through such challenges.

Focus on first impressions, Graeme argues. If it’s difficult for a customer or internal user to log onto a system or buy a product, that could mean losing customers and business.

Simplify for the customer

Simplifying IT for better experiences isn’t just about hiding the complexities of our processes from the customer. It’s also about including customers in the design of those experiences. Whether starting from scratch or taking on a complex project of integrating new and legacy systems, IT can no longer dictate to the user.

Instead of relying on customers to create their own demand for our products and services, Archana Jain, CTO at Zurich Insurance Group, understands simplifying IT as the opportunity to reach insurance customers with products and services, when and how they need them. Alongside traditional methods of insurance, she poses a simple question to get her industry thinking: “Can we offer [customers] insurance when they need it, as opposed to having something static forever and forever?”

For example, if a customer wants to go on holiday, instead of a lengthy process of booking travel insurance for flights, hotels, and car rentals, Jain suggests simplifying that experience through a partner so the customer can buy insurance with one click. That thinking conceptualizes travel insurance within the customer’s travel-planning journey, not as a stand-alone task. It’s a win for everyone.

Simplify to better manage risk

As IT leaders, we can be nimble in how we lead digital transformation. For superior experiences, how we responsibly simplify IT must extend to how we manage risk. Change for the sake of change, or moving too fast for stakeholders to keep up, can expose organizations to unnecessary risk.

Technologists leading successful IT simplification strategies can balance business value, business case, and legacy systems. Joanna Pamphilis, UniCredit’s Senior Vice President and CDIO, is one such leader. She believes organizations should be practical about the need to eliminate legacy systems, and deliver value while leading responsible change.

Jain at Zurich Insurance Group says operational alerts are a great example of how technology that is designed to improve a process can, ultimately, complicate it. How often do we hear stories of overburdened IT operations teams with piles of server, network, device, and security alerts (among others) with no way of sorting the high priorities from the quick fixes from the FYIs? But technology is also the answer to simplifying that same operation without completely unravelling the infrastructure.

According to Jain, Zurich Insurance Group’s IT operations team were handling thousands of alerts designed to pick up events like server issues. Ironically, the technology deployed to manage risk created the risk of not having the human resources to investigate every alert—and the risk of an unreliable user experience. To solve this challenge, Zurich now uses artificial intelligence (AI) to filter out the unnecessary alerts so their IT operations team can better focus on actionable items.

Consolidating customer, employee, and other types of data is a critical step in becoming proactive about risk and the customer experience, according to Ronald Martey, CISO at GCB Bank. He wants leaders to investigate different elements and systems, and ask, “What kind of data can I move onto the cloud that will not impact privacy and security regulations?”

Simplify for the future

From pioneering digitalization to pivoting to hybrid work, every era of digital transformation has been about optimizing organizations’ need to serve customers and grow businesses efficiently, reliably, and safely.

The process of simplifying IT requires us to assess our entire business, from customer interactions to back-end systems, and the role of data. It’s about rethinking our traditional methods and modernizing them, without the rush to rip out and replace everything.

The era of simplifying IT will test you, just like every era before it did, but the ultimate reward of a more simplified IT infrastructure is unified experiences that connect your customers and teams through technologies, applications, and networks that all work as one.

Source: cisco.com

Continue reading

Secure Workload and Secure Firewall: The recipe for a robust zero trust cybersecurity strategy

You hear a lot about zero trust microsegmentation these days and rightly so. It has matured into a proven security best-practice to effectively prevent unauthorized lateral movement across network resources. It involves dividing your network into isolated segments, or “microsegments,” where each segment has its own set of security policies and controls. In this way, even if a breach occurs or a potential threat gains access to a resource, the blast radius is contained.

And like many security practices, there are different ways to achieve the objective, and typically much of it depends on the unique customer environment. For microsegmentation, the key is to have a trusted partner that not only provides a robust security solution but gives you the flexibility to adapt to your needs instead of forcing a “one size fits all” approach.

Now, there are broadly two different approaches you can take to achieve your microsegmentation objectives:

◉ A host-based enforcement approach where the policies are enforced on the workload itself. This can be done by installing an agent on the workload or by leveraging APIs in public cloud.

◉ A network-based enforcement approach where the policies are enforced on a network device like an east-west network firewall or a switch.

While a host-based enforcement approach is immensely powerful because it provides access to rich telemetry in terms of processes, packages, and CVEs running on the workloads, it may not always be a pragmatic approach for a myriad of reasons. These reasons can range from application team perceptions, network security team preferences, or simply the need for a different approach to achieve buy-in across the organization.

Long story short, to make microsegmentation practical and achievable, it’s clear that a dynamic duo of host and network-based security is key to a robust and resilient zero trust cybersecurity strategy. Earlier this year, Cisco completed the native integration between Cisco Secure Workload and Cisco Secure Firewall delivering on this principle and providing customers with unmatched flexibility as well as defense in depth. Let’s take a deeper look at what this integration enables our customers to achieve and some of the use cases.

Use case #1: Network visibility via an east-west network firewall

The journey to microsegmentation starts with visibility. This is a perfect opportunity for me to insert the cliché here – “What you can’t see, you can’t protect.” In the context of microsegmentation, flow visibility provides the foundation for building a blueprint of how applications communicate with each other, as well as users and devices – both within and outside the datacenter.

The integration between Secure Workload and Secure Firewall enables the ingestion of NSEL flow records to provide network flow visibility, as shown in Figure 1. You can further enrich this network flow data by bringing in context in the form of labels and tags from external systems like CMDB, IPAM, identity sources, etc. This contextually enriched data set allows you to quickly identify the communication patterns and any indicators of compromise across your application landscape, enabling you to immediately improve your security posture.

Figure 1: Secure Workload ingests NSEL flow records from Secure Firewall

Use case #2: Microsegmentation using the east-west network firewall

The integration of Secure Firewall and Secure Workload provides two powerful complimentary methods to discover, compile, and enforce zero trust microsegmentation policies. The ability to use a host-based, network-based, or mix of the two methods gives you the flexibility to deploy in the manner that best suits your business needs and team roles (Figure 2).

And regardless of the approach or mix, the integration enables you to seamlessly leverage the full capabilities of Secure Workload including:

• Policy discovery and analysis: Automatically discover policies that are tailored to your environment by analyzing flow data ingested from the Secure Firewall protecting east-west workload communications.
• Policy enforcement: Onboard multiple east-west firewalls to automate and enforce microsegmentation policies on a specific firewall or set of firewalls through Secure Workload.
• Policy compliance monitoring: The network flow information, when compared against a baseline policy, provides a deep view into how your applications are behaving and complying against policies over time. 

Figure 2: Host-based and network-based approach with Secure Workload

Use case #3: Defense in depth with virtual patching via north-south network firewall

This use case demonstrates how the integration delivers defense in depth and ultimately better security outcomes. In today’s rapidly evolving digital landscape, applications play a vital role in every aspect of our lives. However, with the increased reliance on software, cyber threats have also become more sophisticated and pervasive. Traditional patching methods, although effective, may not always be feasible due to operational constraints and the risk of downtime. When a zero-day vulnerability is discovered, there are a few different scenarios that play out. Consider two common scenarios: 1) A newly discovered CVE poses an immediate risk and in this case the fix or the patch is not available and 2) The CVE is not highly critical so it’s not worth patching it outside the usual patch window because of the production or business impact. In both cases, one must accept the interim risk and either wait for the patch to be available or for the patch window schedule.

Virtual patching, a form of compensating control, is a security practice that allows you to mitigate this risk by applying an interim protection or a “virtual” fix to known vulnerabilities in the software until it has been patched or updated. Virtual patching is typically done by leveraging the Intrusion Prevention System (IPS) of Cisco Secure Firewall. The key capability, fostered by the seamless integration, is Secure Workload’s ability to share CVE information with Secure Firewall, thereby activating the relevant IPS policies for those CVEs. Let’s take a look at how (Figure 3):

• The Secure Workload agents installed on the application workloads will gather telemetry about the software packages and CVEs present on the application workloads.
• A workload-CVE mapping data is then published to Secure Firewall Management Center. You can choose the exact set of CVEs you want to publish. For example, you can choose to only publish CVEs that are exploitable over network as an attack vector and has CVSS score of 10. This would allow you to control any potential performance impact on your IPS.
• Finally, the Secure Firewall Management Center then runs the ‘firepower recommendations’ tool to fine tune and enable the exact set of signatures that are needed to provide protection against the CVEs that were found on your workloads. Once the new signature set is crafted, it can be deployed to the north-south perimeter Secure Firewall.

Figure 3: Virtual patching with Secure Workload and Secure Firewall

Flexibility and defense in depth is the key to a resilient zero trust microsegmentation strategy

With Secure Workload and Secure Firewall, you can achieve a zero-trust security model by combining a host-based and network-based enforcement approach. In addition, with the virtual patching ability, you get another layer of defense that allows you to maintain the integrity and availability of your applications without sacrificing security. As the cyber threat landscape continues to evolve, harmony between different security solutions is undoubtedly the key to delivering more effective solutions that protect valuable digital assets.

Source: cisco.com

Continue reading

The Technology That’s Remaking OU Health into a Top-Tier Medical Center

I hold daily status meetings with various groups within our technology team, and the questions almost always drifts to: “What’s today’s challenge?”  Sometimes that challenge might be, “We can’t print at one of our ambulatory care facilities,” or “Today, we can’t send diagnostic images to our remote Radiologists.” The meeting helps us to focus our attention, and as the CTO of OU Health in Oklahoma City, my job is to eliminate the issues that crop up on those meetings and work to minimize or eliminate these issues repeating in the future.

To do so, we needed to tackle the root of the problem. This, along with our desire to replace our electronic health record and revenue cycle system, contributed to OU Health’s decision to completely overhaul our IT infrastructure in support of our long-term organizational needs.

OU Health strives to bring innovation to our patients. As an academic health system, we operate one of 71 National Cancer Institute-designated cancer centers in the country, Oklahoma’s only Level I trauma center and the state’s highest level NICU, offering high-quality patient care and running clinical trials leading to exciting new treatments. More than solving our daily headaches, our IT overhaul will fundamentally transform how we manage our infrastructure and administer the enterprise and clinical systems we use to support our healthcare professionals and patients.

A complete revamp of a health system’s IT infrastructure is a daunting task. To use a well-worn cliché, it is like trying to work on the engine of a moving train. The process has taken dedication and careful planning, the work of my team and the support of technology partners like Cisco to put together and roll out a solution across OU Health’s sites.

A Fresh Start, a Greenfield Network, and Some Limitations

I have had the privilege of working in healthcare IT for over 13 years. My previous experience includes serving as the VP of Technology Architecture at Cablevision for seven years and two years at Discovery as the SVP of Enterprise Architecture, where I gained a wealth of knowledge in telecommunications and entertainment. Following a six-month sabbatical, I had the opportunity to return to my previous role, but I decided to use my expertise to assist others in a much more impactful way. Watching my wife struggling for years with her organization’s IT as a family practice provider and educator made me realize the difficulties that arise when dealing with healthcare IT systems. Thanks to a friend I had worked with earlier in my career, I joined a healthcare consulting company launching my career in healthcare IT to help physicians and patients achieve the best possible outcomes in medical care.

OU Health officially launched in July 2021, following a historic merger that combined the University of Oklahoma College of Medicine faculty practice and OU Medicine, Inc. (sole member, University Hospitals Trust) to create OU Health — Oklahoma’s first fully integrated academic health system. The merger aligned the OU Health clinical enterprise with national best practices across the healthcare industry and enabled the hospitals and clinics to become one unified and cohesive organization.

Since my arrival at OU Health in March of 2022, I have worked closely with our IT leadership team on the Epic migration project. This initiative moved OU Health to a new EHR system. To achieve this, we deployed a greenfield solution, which involved setting up new networks, systems, data centers and applications, while keeping our legacy systems running.

Unfortunately, our environment was not in the best shape. It featured outdated equipment, overlapping solutions, outdated code, unpatched equipment, and more, which caused numerous challenges. Our network was also very slow, which meant that it took 15 to 30 minutes for a radiologist to download X-rays and CAT scans at our remote locations.

This hindered workflows and caused frustration among our clinicians and hospital staff. They had to call us whenever something went wrong, and we had no way to proactively monitor and restore our systems. When a link went down, we didn’t know how to repair it. It was clear that an overhaul was necessary to ensure that our healthcare professionals could focus on caring for their patients and not worry about technical issues.

We Wanted Redundancy, Resilience, and Performance—That Meant Cisco

Healthcare organizations are somewhat conservative when procuring IT. We don’t look for the newest solution, nor do we look at the cheapest. We don’t cut costs because patients’ lives are at stake. Instead, we look at the most advanced tried and true systems. We take this approach when selecting lab equipment, imaging and diagnostic systems, surgical supplies, and more.

At OU Health, we have a long-standing relationship with Cisco, and our lead engineer holds CCIE Enterprise Infrastructure certification. Our internal project manager also brings decades of experience in managing large-scale Cisco deployments. We all know that Cisco can deliver highly performant, redundant and resilient infrastructure. However, my job requires me to be objective, so I attend events like Gartner Summits and the annual HIMSS Global Health Conference & Exhibition to see what’s out there. I have an excellent grasp of the technology landscape, and I’ve yet to find a partner that can deliver on its promises like Cisco.

Hospitals are 24/7 institutions, and hospital infrastructure must fully support a never-down scenario.

When we created the specifications for our new environment, we looked at three things: high redundancy, high resilience, and high performance. OU Health, like most healthcare organizations, runs 24 hours a day, seven days a week, and our infrastructure must fully support a never-down scenario. When it came time to build our new environment, we didn’t ask, “Why Cisco?” The real question was, “Why not Cisco?”

Redefining Our Network with Software-Defined Networking

When it came time to pitch our new infrastructure, the team worked with Cisco’s network architects, external partners, and our internal lead architects. We put together a funding request and presented it to our board. We expected our executives to approve less than what our budgeted request was, but instead we were given the green light to build everything we had asked for – a state-of-the-art network and system environment that would put OU Health on the map as a top-tier medical center.

We built our new network on Cisco technology. Its core layer is Cisco ACI (Application Centric Infrastructure), a software-defined networking solution, to help segment our network. We built redundant high-speed links throughout our Wide Area Network (WAN) and multiple paths connecting our core network to our hospitals, clinics, and ambulatory systems. Then we have multiple routers to handle our software-defined network and segmentation. If a router or segment fails, we divert traffic to an alternative path.

We use Cisco ACI to route traffic to specific destinations within our network. A great example is lab results. Our lab equipment doesn’t communicate with the outside world, but our technicians must send results to our EMR. So, we’ve segmented the network to transfer results only to specific servers that then upload them to our records systems.

Patient health includes their healthcare data, and we prioritize the security around our patients’ protected health information (PHI). We used ACI to create a firewalled zone for PHI and other sensitive data per HIPAA regulations. Users can only access that environment if they’re performing a transaction requiring that information.

We also use Cisco UCS servers for scalable efficiency and agility, Cisco Identity Services Engine (ISE) for endpoint management, and we go end-to-end on Cisco wireless solutions, consisting of Cisco Catalyst 9130AX and 9166 access points and 9800-80 controllers. In addition, we adopted Cisco VDI to integrate some of our legacy systems (running on ancient machines) into our new infrastructure. Virtualizing these allows us to keep them running until we’re able to replace the systems without disrupting care.

Migrating Our Data Centers to Ensure IT Transparency

Our three new data centers carry the load of our new network. Two of our data centers are active/active and mirror each other, splitting our workloads in two and with each facility running at 50% capacity. Our third data center is for disaster recovery (DR) and has redundant links to all our hospitals, clinics, and ambulatory systems. Should the unthinkable happen and our primary data centers fail, the third data center will ensure we remain operational.

One of our biggest challenges and opportunities was migrating our systems and infrastructure to new, more sustainable data centers. Instead of building our own on-prem data centers, we decided to partner with a top-tier co-location facility who could host our data centers and lower our footprint dramatically. We partnered with TierPoint, and were one of the first clients at their new facility built with efficiency in mind. They architected the power, cooling, HVAC, and building materials to reduce their carbon footprint. We benefit from robust redundancy and backup features, and the energy-efficient technology helps lower our operating expenses while protecting the environment. Moving our data center off-prem was one of our best business and tech decisions.

On June 3, 2023, OU Health went live with Epic and our new infrastructure. We had already moved to our new primary network in March 2023, but this was the final test. We are already reaping the rewards of our new Cisco infrastructure. We’re no longer fielding complaints about slow Wi-Fi speeds, connection failures, network segment outages and VPN issues. OU Health can access what they need quickly, getting patients what they need faster. I look forward to sitting down with our care teams to find ways to expand, innovate and build on our new platform.

Cisco Is Helping OU Health Elevate Our Organization

Before long, my IT team will be able to leverage our new Cisco network to enable and execute OU Health’s business vision. We can integrate new departments, locations, and facilities into our network faster because we anticipated the need to build more WAN connections and have a comprehensive map of both current and future state. In the past, every network addition was a one-off event. But now, we can expand our platform as needed to add powerful new applications like data analytics and population health management (PHM) tools to aggregate patient information across multiple systems and technologies. Now that we have rolled out Epic, we have a solid foundation to help us push the envelope of quality patient care and cutting-edge research.

The best minds gravitate to organizations that let them add value by supporting a business vision instead of fixing things.

Our new Cisco infrastructure is a valuable retention and recruitment tool. Clinicians and researchers also want to work in high-tech environments. They would prefer user-friendly systems over struggling with electronic forms, drowning in endless emails, or waiting hours for medical images, test results, and trial and patient data. When they have the most efficient tools and IT works flawlessly, they can focus on their patients and research.

OU Health is on a mission to elevate and transform our organization into a top-tier academic health system. Our leadership sees technology as key to delivering on our vision and business strategy. We are expanding our services and research initiatives and will continue to innovate in diabetes and cancer care, pediatrics, and geriatrics. We want to make a difference in Oklahoma and beyond by bringing the best medical care to the populations we serve.

Source: cisco.com

Continue reading