Liverpool Women’s Hospital and nearby Alder Hey Children’s Hospital have combined their IT resources in a shared hosted private cloud to maximise the benefits of a virtualised data centre without having to build it themselves.
In the first phase of the project, the Women’s Hospital virtualised its own data centre using VMWare. Then Women's Hospital and the 98-year-old Alder Hey signed an agreement with Virgin Media to build and host a shared private cloud.
“I don’t feel in the NHS we are in the business of building data centres, so it is a lot easier to use somebody else’s investment so long as it hits the criteria for security and protection,” says Dr Zafar Chaudry, chief information officer at Liverpool Women’s Hospital NHS Foundation Trust, who believes staff productivity has already increased two-fold.
“We are moving all our applications, clinical and non-clinical in the cloud to achieve at least 95% virtualisation,” he says. The goal is to test out all of the new technologies before the hospital embarks on a three-year rebuild of its property. That way there will be no change management for users after the rebuild.
The entire hospital staff will have remote access to the applications portal and one hundred community-based workers have remote access through their laptops and 3G devices to live clinical applications, primarily Meditech.
Securing access to apps in the hosted private cloud
When it comes to providing access to crucial applications in the cloud, security is always an issue, so the hospitals have revamped their networks and laptop strategies accordingly.
The hospitals moved from Nortel to Juniper for LAN switching, core switching, firewalls and remote access. The LAN is comprised of Juniper Networks’ EX Series Ethernet Switches with Virtual Chassis technology, which enables up to 10 EX4200 Ethernet switches to interconnect and operate as a single system. For security, they've gone with the Juniper Networks SSG 550M Secure Services Gateways, which handles more than 1Gbps of firewall traffic; the Network and Security Manager (NSM), which will control all aspects of routing, switching, firewall/VPN; and IDP Series intrusion detection appliances.
Chaudry took a belt-and-braces approach to securing clinical data on laptops: “The laptops are encrypted but what we did in addition was to make sure that the operating system was a cut-down version of Windows, so they don’t even have the functionality to open up the calculator or the notepad or any way they could copy and paste or try to save to their desktop. That is all locked down.”
Users have an Active Directory account so they can receive authentication and access to the right parts of an application based on user name and password, a process which leaves an audit trail.
There is also remote access to the digital images on the NHS’s Picture Archiving and Communications System (PACS) system through a token-based methodology. Staff must dial in and enter the code on the token then the image is displayed from the web viewer component of the PACS system.
Overcoming data centre network bandwidth issues for the cloud
Early trials of the implementation flagged up a bandwidth issue for connections into the data centre.
“The biggest problem with remote access is how much bandwidth you are providing into your data centre and then back out. What we have done for remote access solutions is dedicated a 10Mbit pipe, which eliminates any problems in terms of speed and accessibility up to a certain number of users. We have estimated that we would not have more than 500 concurrent users at any time,” says Chaudry.
Originally Chaudry started with 1Mbit and then quickly realised that the download and upload speed didn’t work on an ADSL connection: “It has to be an SDSL type of connection where [there is] a solid downstream and upstream. On ADSL the upstream is really slow,” he says.
The next step for the hospitals is to virtualise the desktop completely using VMWare, enabling a ‘moving desktop' for Accident and Emergency workers.
“It is a fast paced environment and clinical staff need to move from PC to PC, so we are implementing a PC that moves with you and we are also piloting facial recognition single sign-on with Imprivata, which logs you on and then logs you off when you walk away.,” says Chaudry.