Kern Medical is a leading California Central Valley healthcare organization, with a modern 222-bed hospital and a comprehensive offering of primary care and specialty clinics. As the area’s only trauma center and teaching hospital, Kern Medical’s services are unequaled in the region. VectorUSA has been working with Kern for several years on several network infrastructure projects. Recently, we were retained by Kern Medical to assess their data center challenges and needs. From our initial analysis, Kern Medical data center architecture was outdated from a topology standpoint. There were no capabilities to perform active/active or hot-standby data center failover, where this should be a mandatory item in an environment as critical as this healthcare facility.
The environment has been re-architected to a stretched data center VXLAN BGP EVPN architecture with the Cisco Nexus 9K data center switching platform, combining a total throughput speed of 80GbE between the core and distribution layer. Kern Medical now benefits from having a fabric topology where resources can be highly available distributed between to active/active data centers. Kern now has the capability of having stretched VLANs between locations provides seamless mobility for all users and applications.
After implementing VXLAN with fabric anycast gateways, Kern has maximized their investment by enabling all leaf switches to be active routing instances rather than a single core with the previous legacy FHRP architecture where only one core switch was active at a time.
Other benefits include a complete network security traffic segmentation with active/active Palo Alto firewalls. The user environment has been isolated from the server environment by placing the Palo Altos as a routed hop between network segments in both VXLAN enabled data centers. This allows Kern Medical IT to place security policies for intra-zone traffic policing, fortifying the network security of their data center infrastructure. In addition, Kern now has complete visibility from a user to server traffic standpoint with stateful firewall inspection and IPS on the Palo Alto firewall layer. Failover of traffic between data centers is now possible and provides high availability requirements that a healthcare facility needs. The simplified architecture also provides template-driven configuration changes across data centers.