Tennessee Oncology leverages Unity EdgeConnect for application-based network segmentation to secure patient information from LAN to WAN to LAN
Advancing treatments and cures for cancer is one of the great challenges of science today. One of the country’s leading and most influential physician groups participating in clinical trials and new treatments is Tennessee Oncology. Since 1976, this Nashville-based organization has delivered world-class cancer treatments to cancer patients through a network of 31 community-based clinics. Information technology plays a pivotal role in enabling the practice to deliver critical oncology services in this distributed approach. For David Stewart, Tennessee Oncology’s Chief Information Officer, this is a point of pride.
“We believe and practice the idea that ‘caring for cancer patients is a privilege,’ and we take it to heart,” says Stewart. “Knowing we contribute to extending life for cancer patients is great inspiration and motivation to come to work each day. It’s about giving Tennessee Oncology physicians and clinicians every advantage and tool, including electronic access to vital patient information, to deliver the highest quality of care for our patients.”
Cloud-based electronic medical records (EMR) simplify access to patient records, but can also present challenges for a large, multi-center practice like Tennessee Oncology. One of the most important challenges is securely segmenting and prioritizing network traffic destined for the EMR site from other internet traffic.
Tennessee Oncology's legacy branch infrastructure simply didn’t have the ability to identify and classify applications. Stewart and his team considered SD-WAN solutions from CloudGenix, Citrix, and Silver Peak. During testing, EdgeConnectTM stood out for its ability to segment traffic based on the application or web domain, as well as its advanced capabilities for improving network performance and availability while simplifying the WAN edge.
Robert Holloway, Infrastructure Manager with Tennessee Oncology, remarks, “What we appreciated most about EdgeConnect was the visibility it provided at the edge, with the control to segment application traffic to fit our business needs. It was easy and improved efficiency. We could also deploy EdgeConnect quickly with less complexity in the field.”
Brilliant Insight Puts Control in IT's hands
Tennessee Oncology has since deployed EdgeConnect in 13 clinics, adding one about every two weeks in a phased rollout to all 31 clinics. Most sites include one Metro Ethernet link and one Direct Internet Access (DIA) link, bonded to maximize bandwidth utilization and ensure continuous performance and availability for both the network and applications running on it. Tennessee Oncology also applies application-based traffic routing with QoS policies to optimize performance for applications such as the EMR, VoIP, drug ordering, and lab systems.
One of the biggest gains has been network visibility provided through Unity OrchestratorTM. Holloway notes, “What’s brilliant to me is the ability to have a single pane of glass to see all WAN activity. I can easily identify network issues, and then use that information to hold carriers accountable.”
Another major benefit has been seamless link failover, eliminating branch connectivity disruptions. Before EdgeConnect, failing over circuits required manual intervention and downtime, interrupting access to critical services like the EMR and VoIP system.
Stewart points out, “Our participation in a value-based reimbursement model has magnified our dependence on communications with patients. Timely responses can potentially prevent a trip to the hospital. EdgeConnect SD-WAN allows us to weather a link failure without interruption to these vital interactions.”
Moving Beyond Conventional WAN Architectures
The IT team foresees additional opportunities for leveraging EdgeConnect to eliminate separate firewalls at each clinic, currently used to segment internal traffic from the guest Wi-Fi.
Holloway says, “The advanced zone-based segmentation capabilities of EdgeConnect will enable us to centrally define LAN-to-LAN secure zones to isolate corporate network traffic from guest Wi-Fi traffic on both the LAN and WAN, allowing our clinics and our data center to securely exchange corporate information. With EdgeConnect we can move beyond a conventional router-and firewall-centric WAN architecture toward a centrally managed and fully integrated WAN edge.”
Stewart adds, “Silver Peak has been a great partner. They listen to us and respond with solutions that address our unique business requirements. We’ve had no issues with the solution. It works well.”
For more information on Silver Peak and our solutions, please visit: silver-peak.com
Customer
Tennessee Oncology is one of the nation’s largest, community-based cancer care practices and leading clinical trial networks in the U.S. Tennessee Oncology delivers all industry-leading adult cancer treatments and care using the expertise of clinical research on-site at more than 30 locations. Community-based care means cancer patients throughout the region served can access the most advanced care at a location close to home.
The advanced zone-based segmentation capabilities of EdgeConnect will enable us to centrally define LAN-to-LAN secure zones to isolate corporate network traffic from guest Wi-Fi traffic on both the LAN and WAN. With EdgeConnect we can move beyond a conventional router-and firewall-centric WAN architecture toward a centrally managed and fully integrated WAN edge.
— Robert Holloway, Infrastructure Manager, Tennessee Oncology
Challenge
Improve visibility and control at the WAN edge to segment traffic destined to a cloud-based EMR system from all other internet traffic, and eliminate disruptions to vital patient services due to link faults
Solution
Deploy Unity EdgeConnect SD-WAN appliances at 31 community-based clinics, bonding Metro Ethernet and DIA links, and applying application-based traffic routing with QoS policies
Results
- Gained visibility and control to filter traffic at the edge on an application-by-application basis
- Enabled full utilization of available bandwidth instead of paying for idle links
- Automated instantaneous link failover, eliminating connectivity failover delays of up to 3 minutes
- Accelerated detection of network issues through integrated, single-pane-of-glass administration
- Provided the foundation for consolidating multiple edge devices into a single integrated solution