Created on 17.7.2007
The Sussex Health Informatics Service (HIS) provide IM&T services to 11 NHS trusts including GP’s across Sussex.
The Sussex HIS is working towards centralisation of IT services for its customer organisations. This requires a unified approach to networking, security and nationalised application delivery to increase the effectiveness of technology use to ultimately increase the level of patient care across Sussex.
Part of this forward-thinking ethos is a Community of Interest Network (COIN): providing a Gigabit speed WAN linking core node sites that in turn connect to over 270 NHS sites in Sussex. The COIN is being used to move all sites to a common network service which includes a global single Microsoft Active Directory instance and the potential to eventually deliver Telephony across the IP network. This de-localisation of network services brought about a hurdle that the Sussex HIS had to overcome.
Microsoft Active Directory (AD) is the distributed directory service and the information hub of Microsoft Windows Server 2003 and 2000 Server operating systems. AD provides critical services such as Windows logon, and also supports a wide range of directory services that support Microsoft applications. Two critical elements of Network Identity Infrastructure (NII) that Active Directory relies on are Domain Name Service (DNS) and Dynamic Host Configuration Protocol (DHCP). DNS and DHCP services are provided as part of Microsoft Active Directory and are often deployed on Microsoft Domain Controllers along with other services, such as print and file sharing. Loss of these services results in loss of Microsoft application services (e.g. Windows Domain Logon, Exchange, file & print sharing) and also impacts all non-Microsoft (e.g. Unix) applications that utilize DNS services. As a result, the security and availability of these services is especially critical.
Many of the 270+ sites across Sussex were still running MS NT4 Domain Controllers which provide the DNS and DHCP network identity services. The challenge was migrating all the sites with localised network identity services without network downtime, addressing conflicts and creating a single IP address management structure. Some of the networks were segmented and others were completely flat.
Mark Walker, Infrastructure Consultant for the Sussex HIS team needed to solve the problem and found Khipu Network’s approach to the problem to be innovative:
“Khipu Networks suggested the use of Infoblox IB1550 network identity appliances so that the Sussex HIS could provide unification of DNS, DHCP, IP Address Management and other services such as Network Time. The Infoblox appliances provided a migration path but also provided these network identity services on a high availability platform. We had previously found that DNS and DHCP services were a source of network downtime and we found that the Infoblox appliances could deliver these further enhancing our vision and requirements for the COIN.”
The Infoblox appliances are certified and recommended by Microsoft as a Certified Microsoft Partner.
Infoblox’s Network Identity Appliances are purpose built to provide non-stop availability of standards-based, Microsoft-compatible DNS and DHCP services. The appliances are based on the security-hardened Infoblox NIOS™ operating system, which allows no root access and presents no unnecessary open ports, and the DNS protocol implementation utilizes the latest BIND version and is resilient against cache poisoning and other attacks. Infoblox appliances are easy to install and manage and can load updated software with a single click, and provide extensive built-in support for high-availability, delegated management, logging and auditing. Collections of Infoblox appliances can be easily linked into robust ID grids that extend these capabilities, along with real-time data updates, across a distributed enterprise. These features, combined with trans¬parent integration with Microsoft Active Directory make Infoblox appliances an excellent choice for offloading DNS and DHCP services from Domain Controllers.
The Sussex HIS team’s alternative was to continue using the Microsoft Platform for Network Identity Services. Mark Walker asked Khipu Networks to investigate the two options for him:
“We worked with Khipu Networks in a design workshop where our Microsoft, Infrastructure and Security team discussed the minimum and ideal requirements for Network Services and we enlisted the Khipu Networks team to provide information for our business case from two angles; technology and the investment required. We were impressed by their understanding of our requirements and the output of Khipu Networks’ consultancy team. The Infoblox solution would provide us with a more effective, available, secure and resilient solution whilst decreasing the administration required so it was an easy choice to make.”
The Sussex HIS deployed the eight IB1550 units within three consecutive days without any interruption to their networks. They are now able to migrate sites onto their centralised network services as and when they require.
The Infoblox solution positively impacted the successful ‘go-live’ with the COIN and is a solid platform for Network Identity Services.
About Infoblox - www.infoblox.com
Infoblox is the leading developer of network identity appliances that connect applications to the network infrastructure. These appliances provide secure, simple, and reliable delivery of network identity information via core network protocols, including DNS, DHCP, RADIUS, and LDAP. Infoblox’s products cut network costs and complexity by delivering services that are easy to operate and manage, highly secure, and more reliable than traditional approaches. The Infoblox family of network identity appliances provides an integrated, scalable, and cost-effective platform for managing network identity data across the enterprise.
About Khipu Networks Limited
Khipu Networks are a UK based advanced systems integrator, focusing on supplying innovative secure compliant infrastructure solutions across the public and private sector. The company is a leading adopter of new and best in breed technology, expert technical staff ensure that customers get the solutions they need, when they want them and how they need them. The ethos is to ensure that the customer has the edge on the security and compliance of their network and not the attacker. Hampshire based Khipu Networks Ltd are the security division of the White Clarke Group of companies.
For further information, please contact Khipu:
- T: 01252 773184
- Register Your Interest and one of our consultants will contact you. Click Here
