The Wireless I.V.

By Gerry Blackwell

September 01, 2004

Sharp Healthcare went looking for an updated wireless solution to provide monitoring and central management an found what they needed in Aruba.

Four years ago, when Sharp HealthCare installed Cisco wireless LANs in its seven San Diego area hospitals it was a Wi-Fi pioneer. Today, with Wi-Fi increasingly a mission-critical resource in the company, Sharp is moving on to the leading edge again, installing a next-generation Wi-Fi WLAN based on equipment from Aruba Wireless Networks.

It first installed the WLANs to support an electronic bedside medical charting application. Nurses enter patient chart information in a spreadsheet-like application on PCs mounted on carts, which they wheel from room to room and bed to bed.

Now scores of doctors and other medical professionals also use the WLANs to access the Sharp network with their Wi-Fi-enabled PDAs and laptops. More and more are requesting access all the time.

The Aruba solution features a central wireless switch or controller at the company's data center, which includes a built-in firewall and intrusion detection features. The controller can manage access points remotely and monitor and track clients. In Sharp's case, network management data travels over the company's dedicated fiber backbone which links hospitals and data center.

The Aruba access points are "thinAPs" -- meaning much of the critical software functions reside on the switch rather than the AP. The APs also work as network sensors, able to capture data packets on nearby segments of the network and send them back to the controller.

Sharp also this year completed deploying 200 Wi-Fi-based "wireless pumps" -- intravenous (I.V.) infusion units from Alaris Medical Systems that connect to a central server over the WLAN and allow doctors and nurses to remotely monitor delivery of medications.

The new initiatives lay the groundwork for a future in which wireless will be even more vital than it is today, says Gary Jenkins, the company's senior network engineer.

"It seems that every new application we want to put into the hospitals anymore is wireless," Jenkins says. "So we're really trying to beef up the infrastructure to support what's coming rather than building it larger for what we need now."

One new application will let doctors access patient medical records online over the WLAN as they do their rounds. Another will see pharmacy department employees using tablet PCs to track and monitor meds.

More and more medical professionals in the company carry Wi-Fi-enabled PDAs and laptops, and given that virtually every new laptop sold, and many new PDAs too, have Wi-Fi built in, demand for wireless access will only grow, Jenkins says.

"Originally four years ago we didn't need to have every nook and cranny covered for wireless," he says. "Now we're trying to prepare for a time when we do -- and it's coming pretty soon."

The immediate impetus for upgrading the wireless infrastructure had to do with the already high cost of managing existing WLANs and the increasingly high cost of ownership going forward. Sharp was looking for a more centralized approach to network management.

With about 200 access points spread around its seven hospitals and several clinics, performing a security or other upgrade to AP firmware, which involved physically visiting each site, could be a significant undertaking.

The seven Sharp hospitals are spread out around the San Diego region. The two furthest separated are 100 miles apart, each a 30-minute or longer drive from the company's central data center where Jenkins and other IT staff work.

Also, if management called Jenkins' office and reported a problem with a network, he had to get in his car and drive to the site to troubleshoot. He only received two or three such calls a year and the problems never turned out to be network related, but Jenkins still had to go.

"It's not such a good thing when you're sitting in an intensive care unit, troubleshooting a network problem," he adds. "You really don't want to be sitting next to patients, disturbing them. These people are very sick."

When Sharp started looking at next-generation wireless solutions, it was actually looking for three things -- centralized network management and security, remote packet sensing and the ability to force guests using wired Ethernet outlets in conference rooms to authenticate themselves on the network.

The Aruba solution was the only one that answered all three needs and it did it for about the same price as any one of the separate solutions the company considered. Jenkins also liked the fact that it used just two different devices -- the central controller and the dual-function AP/sensors.

"At the time, in January or February [2004], when we were looking at finding another solution, Cisco didn't have its [centralized management] product announced," Jenkins points out.

The thin-access point architecture was another strong plus in favor of Aruba. It means eventually Jenkins won't have to visit each site to do AP firmware upgrades. He'll only have to make software changes at the central controller. "That's going to make it a lot easier," he says.

The full benefit won't kick in, however, until Sharp replaces all its Cisco APs with Aruba units, and there is currently no time table for doing that. "The Cisco APs are perfectly good," Jenkins points out. "We're not going to throw them out."

In the meantime, he is installing Aruba AP/sensors in locations such as intensive care and emergency departments. This is both to provide additional coverage and also so that Sharp can take advantage now of the remote monitoring and troubleshooting capabilities of the Aruba solution.

The sensors can capture packets moving between non-Aruba APs and send them to the controller for analysis, and the controller can monitor the Cisco APs -- though it can't perform remote software updates and other management functions.

The centralized security features were another reason Sharp chose Aruba. In the past, it would have no idea if someone was trying to hack into the network to stage a denial of service attack, or if employees were installing rogue access points.

While the Aruba switch doesn't manage client devices, other than to control the authentication process, it can monitor and track them, mapping where a particular client has been in the network at different times and locating a client at any point in time.

This is useful for a number of reasons, says Jeanette Lee, a senior systems engineer with Aruba. Sharp can analyze data about where users are using the network, or trying to use it, to figure out where it needs to expand coverage or increase capacity.

The ability to triangulate the location of an individual client could be useful in a number of situations, Lee says -- for example, if a worm-infected device was trying to spread its infection over the WLAN. "If you've got a couple of hundred users, finding one when they're all mobile is very difficult without these features," she notes.

Although the Aruba solution does not offer full-blown asset tracking functionality, the ability to triangulate a client could also help Sharp locate a misplaced wireless IV unit, Lee suggests.

The IV units are not quite as scary as they might at first sound. It's not as if a computer system controls how much medicine a patient gets via the WLAN. Nurses still calibrate the IV units in the old way, but the wireless pumps transmit data about how they are calibrated and how much they dispense to a central server for analysis and tracking.

Previous generations of the devices had to be taken to a computer lab, first to be programmed with the profile for a particular hospital and later to have the data stored in it downloaded to a server. Now the devices automatically send data over the WLAN.

This eliminates down time for the IV units and saves IT staff time. It also enables real-time monitoring by medical personnel and some logical checking functions -- for example, it can set off an alarm at a data center console if a nurse enters obviously incorrect calibration information.

The devices work on any Wi-Fi LAN, Lee says, but the Aruba network controller does allow Sharp to prioritize packets to and from the IV units.

Sharp HealthCare is like a lot of enterprise Wi-Fi users. As demand for Wi-Fi services increases, and more and more mission-critical -- and in Sharp's case, medically caritical -- applications run over the WLAN, tighter management and security is crucial so total cost of ownership starts to become a big issue.

Aruba is by no means the only vendor with a solution, but given the acute security and cost concerns in the health care industry, the fact that a successful and forward thinking company like Sharp is using Aruba is certainly a recommendation.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.