Kaiser Permanente’s journey into Software Defined-Wide Area Networking (SD-WAN) started a few years ago to further improve our network resiliency and availability. With eight regions across the country that cover 12.2 million members, 689 medical offices, 39 hospitals, and several modes of remote care delivery, awell-connected network is vital to our enterprise. If the WAN were to be degraded or go down, our clinical workflows would be negatively impacted. We would not be able to access electronic medical records (EMRs), pharmacy orders, and a multitude of other critical applications. At many of our facilities, especially in rural areas, there may only be a single network provider’s central office, wiring center, or physical network entry into our buildings. Even though we utilized dual circuits in those facilities, failures at any of the single points would have taken both circuits down and imposed a negative effect on the site’s care delivery capability. Trying to use traditional routers with diverse transport types (e.g. MPLS, Internet, cellular) on the same equipment is very complicated and not scalable. We had to find a better way.
SD-WAN demonstrated itself to be the best approach for us to improve our network resiliency because of two key features: software defined overlay technology and network transport flexibility. We could use any network transport type as the underlay and drive the solution from a centralized policy management platform. SD-WAN provides real-time telemetry on all the available links to automatically select and switch to the best performing one. Gone are the days of manual route failovers and hold-down timers to switch traffic between links. The software now automatically and reliably shifts traffic as needed without impacting active sessions. Additionally, SD-WAN architecture is scalable and can be right-sized to work at our smallest clinics all the way up to our largest hospitals. And finally, we can continue to add different transport types like fixed wireless 5G when they become available. Kaiser Permanente selected an SD-WAN technology that quickly proved itself as the right solution to further improve our technology resiliency.
Enabling Additional Value – Security and Cloud Enablement
Besides the advances in resiliency and availability, SD-WAN uses an overlay network based on IPSec encryption to provide greater in-transit protection across all transport types. It also offers the ability to segment traffic virtually within those encrypted overlays. These two capabilities together provide multi-tenancy services that Kaiser Permanente needs to differentiate traffic types across our network. We can, as needed, define a virtual network to provide segmentation and deploy it as a new policy. Kaiser Permanente will be leveraging this capability to provide services to our new Kaiser Permanente School of Medicine as well as traffic separation for the many developing IoT deployments.
"SD-WAN provides real-time telemetry on all the available links to automatically select and switch to the best performing one"
As with most healthcare organizations, Kaiser Permanente utilizes multiple cloud services (e.g. Private, Hybrid, Public) and cloud providers as an integral part of its infrastructure. Our core network leverages performance hubs at co-location sites where our backbone network and security infrastructures are placed. SD-WAN is a vital part of this performance hub architecture and provides a direct connect from the edge sites to the required destinations in the core or the cloud. Also, at our edge sites through SD-WAN, we are deploying the capability to directly and efficiently offload certain traffic types securely to the Internet. As Kaiser Permanente continues to take advantage of cloud computing technology, our SD-WAN solution is positioned to ensure the right network connectivity and security.
Looking to the Future - Virtualization
Virtualization, or the abstraction of software from the underlying hardware resources, is now making its way into the network just as it did with servers several years ago. Buying separate dedicated appliances for routing, security, and network edge services is rapidly becoming obsolete. SD-WAN can be purchased as a software instance and put on our choice of general compute platforms. These platforms, if sized properly, can host several different software instances simultaneously like network, firewall, WAN optimization, and many others in an overall capability called Network Functions Virtualization (NFV). Leveraging SD-WAN and the solution’s policy management capabilities allows these functions to be properly and automatically provisioned, as well as service-chained together in a complete edge solution. Kaiser Permanente’s next wave of network innovation will leverage virtualization and NFV as part of its future architecture.
Kaiser Permanente’s selection and implementation of SD-WAN infrastructure has enabled us to improve our network service delivery and simplify our environment. We look forward to leveraging the current and future benefits of SD-WAN to help us deliver on our mission to provide high-quality, affordable health care to our members and the communities we serve.