Case Studies Archive Search Case Studies

Integrated F5 Solution Supports Critical Applications, Enhances Patient Care

A healthcare organization’s small application management staff must ensure high availability and fast delivery of thousands of critical administrative and clinical applications.

To meet those goals, the organization uses an integrated solution built on a dynamic architecture that includes F5 BIG-IP Local Traffic Manager (LTM) and BIG-IP Application Policy Manager (APM), managed by F5 Enterprise Manager. The organization saves money and can offer stronger security for mobile users in the future with the use of BIG-IP Application Security Manager (ASM) and BIG-IP Global Traffic Manager (GTM). Ultimately, F5 dynamic data center services play a role in helping enhance patient care.

Business Challenges

The innovative healthcare organization annually treats millions of patients worldwide at its care centers located in the United States. The organization has 60,000 employees, including doctors, nurses, caregivers, research scientists, and administrative staff.

An IT team of just three people delivers and manages many of the thousands of critical healthcare applications for this large academic medical center. “We handle every kind of application, from hospital administrative functions such as patient registration and billing to critical applications used by cardiologists and radiologists,” said the Lead IT Systems Engineer. “There’s no part of the organization that we don’t serve.”

The organization has grown rapidly over the past few years, adding many new applications in the process. In fact, every day, the three-person IT staff must handle many requests for application changes. “In order to best support the patient care process, we have to be able to meet these requests as quickly as we can,” said the IT Systems Architect. However, the team needed to support this growth without increasing the size of its staff.

In addition to this challenge, the team must ensure high availability for these critical applications. “We have 325 virtual servers in this environment, with at least 2,000 applications behind them,” continued the Lead IT Systems Engineer. “The right technology is essential to guarantee availability.”

However, the organization’s Cisco Application Delivery Control devices did not offer the availability or flexibility the organization needed. “The hardware was nearing the end of its life cycle and was not as effective as it needed to be,” said the IT Systems Architect. “Maintenance was difficult, and there were performance issues, so it had become challenging for us to quickly respond to the many departments that needed application changes. Making a single change to an application took too much time. Because our ultimate goal is to not let our technology negatively affect patient care, we knew we had to find a new application delivery platform.”

The organization also wanted to find technology that would help meet increasing demands for remote capabilities from physicians and other mobile application users. “A growing number of hospital staff members have smartphones and other mobile devices, and they want to have mobile access to applications,” said the Lead IT Systems Engineer. “Our team faces the challenge of how to securely deliver those capabilities.”

“We can better support patient care because when individual IT teams, such as the team that handles radiology, request application changes, we’re turning those around faster Lead IT Systems Engineer

Solution

In late 2009, the organization began evaluating technologies from a variety of vendors, including F5 Networks.  After several months of exploration, the organization selected F5. “From an overall enterprise management perspective, F5 offered the strongest technology,” said the IT Systems Architect.

Because it wanted to ensure high availability, the organization first implemented seven pairs of F5 BIG-IP Local Traffic Manager (LTM) devices, which provide intelligent network traffic management and ensure high availability for the company’s 325 virtual servers. It uses the devices for health checks on its web servers, as well as routing web traffic based on specific network or server conditions. Over the past few years, the organization implemented two additional pairs of BIG-IP LTM devices, and plans to deploy a BIG-IP Global Traffic Manager (GTM) device. The BIG-IP GTM device will direct network users to the nearest or best-performing data center.

To simplify management, the organization also implemented F5 Enterprise Manager, a centralized device management appliance that offers easy management of multiple F5 devices such as BIG-IP LTM. With F5 Enterprise Manager, the organization’s application management staff has a single-pane comprehensive view of the entire application delivery infrastructure and can use tools to automate tasks and optimize performance. The organization also recently implemented a virtual Enterprise Manager.

While the organization was mainly focused on the traffic management and high availability capabilities of the F5 technologies, it also learned that it could offer enhanced security for doctors and other mobile users with the BIG-IP Application Security Manager (ASM) and BIG-IP Access Policy Manager (APM) add-on modules for BIG-IP LTM.

BIG-IP ASM is a flexible web application firewall, while BIG-IP APM helps the organization apply specific access policies to control different users across the organization. The organization has already used BIG-IP APM to secure some employee applications for external access, and it plans to take advantage of BIG-IP ASM in the future.

The organization is also using the F5 iRules feature in BIG-IP LTM, a control language designed to configure devices for optimum web security by adapting HTTP header variables and enforcing IP-level restrictions.

Benefits

The organization uses BIG-IP LTM and BIG-IP APM, along with Enterprise Manager, to consolidate application management and deliver highly-available administrative and clinical applications faster than before. It also uses fewer resources while continuing to add new applications, and expects to provide enhanced security for mobile users in the future. Overall, the solution provides strong support to all areas of the organization, enhancing patient care.

Helps deliver critical applications faster

With its integrated F5 environment, the organization’s IT employees now have unified application management, which gives them the ability to deliver critical applications faster than before. “With BIG-IP LTM, BIG-IP APM, and Enterprise Manager, we are now able to implement major changes to thousands of applications from a single device, while making those changes transparent to end users,” said the Lead IT Systems Engineer. “We can make changes in a much more flexible way, in a timeline that wouldn’t have been possible before.”

As a result, application owners throughout the organization can institute application changes faster, which was not always possible using previous technology. The Lead IT Systems Engineer continued, “We can better support patient care because when individual IT teams, such as the team that handles radiology, request application changes, we’re turning those around faster.

That means they can better help doctors comply with regulatory obligations in a timely manner.”         

The new solution also gives the organization better control of the applications it manages, through features such as iRules.  “One of our public-facing websites was reporting a security vulnerability because the HTTP header for the server was being exposed,” said the IT Systems Architect.  “Rather than waiting for the specific department’s web administrators to fix it, we put an iRule in and it took care of the problem in only a few minutes.”

Offers high availability and strong performance

BIG-IP LTM and BIG-IP APM, managed with Enterprise Manager, give the organization high availability and strong performance for its network.

“We use BIG-IP LTM, BIG-IP APM, and Enterprise Manager to intelligently control thousands of critical applications,” said the IT Systems Architect. “With our F5 deployment model, we can point our device anywhere on the network and balance the load. These devices give us the optimization capabilities and other enhancements we need to offer highly-available, efficient applications to end users. We have a lot of confidence about using F5 technology to support all of the applications in use at our organization, from purchasing to payroll to the operating room.”

Saves money

The organization also saves money by using its integrated F5 solution. “We have more flexibility now, and have many savings across the enterprise because we’ve implemented F5 technology,” said the IT Systems Architect.  “For example, the organization has grown tremendously in the past few years, and we’ve supported twice as many new applications while not having to increase   the size of our IT staff.”

Currently, the F5 platform at the organization is servicing 31 million client requests per day and handling 9 TB of throughput. “And that continues to grow daily,” said the IT Systems Architect.

“But we’re still able to manage that growth very efficiently with the staff we have here. That would have been very difficult on the old platform.”

Offers solid security for remote users

In the future, the organization will be prepared to offer enhanced security for doctors and others who want to access healthcare applications from mobile devices.

“The BIG-IP APM and BIG-IP ASM modules in BIG-IP LTM will definitely give us secure authentication and enhanced application firewall functionality, which will increase our ability to lock down applications for mobile users,” said the IT Systems Architect.  “That will allow us to expose more of our application suite remotely. We couldn’t even consider that in our previous environment, so this will only help us further improve patient care as more and more users request mobile access.”

Enhances patient care

Because the organization has an agile solution that provides high availability, flexibility, and security for every area of the organization, patient care is being enhanced.

“Our infrastructure, including the F5 dynamic data center technology, is ultimately touching every single area of our organization,” said the Lead IT Systems Engineer. “Whether someone is on an operating table or looking at a scan in a radiologist’s office, it’s all being affected by our F5 solution. Even though we may not literally be on the front lines of clinical care, we are helping support it by making a difference for our caregivers.”