Why use smart network management

Increasing demand and complexity 

Health organisations are increasingly reliant on digital services and data to support healthcare delivery, building and facilities management, administration, patient services, research, and a range of other applications (Figure 2 provides some examples of common digital services supported by health networks).

These digital services support a complex range of users, client devices, and use cases. The network cannot treat all connections equally. Instead, it must ensure that each device and application receive an appropriate level of service and that access to services and data is controlled to manage increasing cyber security and data protection threats.

Figure 2: Examples of digital services commonly supported by health networks.

Network use cases vary significantly and have the potential to conflict. High priority, life-critical applications, need guaranteed network availability and to ensure that performance is not degraded by lower priority (and potentially high bandwidth) applications such as patients accessing streaming media. Some applications, such as PACS, consume very large amounts of bandwidth, while other applications, such as asset tracking, can have a very large number of connected devices with each generating very little data.

Users can access digital services using multiple devices. They are increasingly seeking mobility, meaning these devices are laptops, tablet devices, and smartphones, including personal devices. The network needs to determine the type of device being used and potentially its location and apply appropriate network and application access controls.

Multiple users may access a single device, such as devices located in wards and other shared areas. Again, appropriate network and application access needs to be applied based on who is using a device.

Figure 3: Examples of demand and complexity impacting the management of health networks

These challenges are not new. Historically, increasing network demand has been addressed by providing more capacity: increasing network ports and wireless access points, and increasing access and core bandwidth. Quality of service, virtual local area networks (VLANs), 802.1x and other controls have been used for many years to identify users and offer differentiated levels of network service and access. 

In the past, these upgrades and controls have been completed manually by network teams. These teams are then also responsible for monitoring and managing the network and for responding to network incidents. However, the large and increasing number and the variety of network connected devices and the range of applications and services they access make this traditional manual approach to network provisioning, monitoring and management increasingly time-consuming and complex (Figure 3). Budget pressures mean that seeking additional network team resources to address this increasing manual workload is usually not an option. 

Smart Network Management functionality uses a range of visualisation tools, automation and artificial intelligence (AI) to help reduce this burden, simplify network management, keep networks available and secure, and ensure network users get the access and level of service they require. A later section of this report provides case studies of health organisations already using this functionality to manage complex IT infrastructures.

Figure 4 provides a high-level view of the development of network management functionality. Historically, management used manual processes and offered limited insights into network use and performance. Developments introduced a range of tools providing management and insight over elements of the network, and application level monitoring provided visibility of the end-user experience. However, these tools were often standalone, and so provided a siloed view. Smart network management is the third step shown in Figure 4, bringing together the management tools to provide more complete visibility and control over network and application performance. Although automation is also included, at this point, the use of, and trust in, AI and machine learning is still developing and so is shown as the basis of the next development of Smart Network Management functionality.

Figure 4 :  Development of network management

Delivering differentiated network access and performance

Smart Network Management functionality can help identify and deliver the appropriate level of network service and access a connected client should receive. These client devices are increasingly mobile, with reliable and high-quality wireless coverage being required throughout buildings.

Policy for network access and level of service can be defined based on factors such as role, device type, posture, user group, and location. This allows, for example, high-priority applications, such as electronic patient records, to be prioritised over patients’ streaming media. 

Device access can be restricted, for example, with internet of things (IoT) devices only being able to connect to their associated application or guest/patient access restricted to Internet access and with limited bandwidth.

Again, these controls are not new. However, Smart Network Management tools reduce the overhead associated with applying the controls, allowing policy to be defined once and be applied automatically as devices connect to the network, rather than requiring manual configuration of the client or network. 

Machine learning is used by some manufacturers to support this functionality, using characteristics such as MAC address, application access, and traffic patterns to identify and classify devices and apply appropriate policies. Services are available that apply this machine learning to data lakes obtained from a large customer base and across a range of locations, offering near real-time information on device identification, classification, as well as any associated threats.  

Figure 5: Examples of factors determining the level of network service and access offered to a device.

The level of network service and access offered to clients can be granular, based on a combination of factors (Figure 5). This access often uses a zero-trust security approach (examined further in a later section), only providing access to the data and services required by a client:

• Application: Client access can be restricted to defined applications and services
• Business priority/Safety critical: High-priority or safety-critical applications and services can be prioritised to ensure a high level of application performance and availability
• User: Authenticated users, partner organisations, guests, patients, and untrusted devices can be provided with different levels of access
• Client device: Different access can be provided for NHS provided clients, connected devices such as MRI scanners, IoT devices, staff personal devices, and untrusted devices
• Location: Different access can be provided to devices in different buildings or within different parts of a building
• Time of day: Access and level of service can be varied throughout the day, for example, allowing greater bandwidth to patient streaming when clinical demand reduces, such as after outpatient clinic operating hours

Smart Network Management tools can monitor application and network performance to ensure that the defined level of network access and service is being provided.

Network management systems and application performance monitoring tools can currently be used to manage the user experience. Smart Network Management brings this functionality into a monitoring and management solution, providing a ‘single pane of glass’ view of live and historical performance and service levels.

End-to-end user experience can be monitored by examining network traffic, using software agents on client devices, or hardware sensors (example in Figure 6) that generate synthetic user traffic.

Figure 6: HPE Aruba User Experience Insight Sensor. Source: Aruba Networks.

Application performance issues and opportunities to optimise performance can be quickly identified and notified to the appropriate support team. As detail of application performance and issues is presented in a summarised and user-friendly manner, it is not necessary to have IT skills and knowledge to use the system. This means access can be provided to teams responsible for applications, such as the patient management system, allowing them to view performance, and potentially identify and resolve issues without the need to involve IT, for example where the solution highlights poor performance is due to issues with a cloud provider. The Milton Keynes case study detailed later provides an example of a trust using this approach.

The Smart Network Management functionality can also provide the support team with suggested steps to address the issue, allowing faster remediation (See Figure 7). This reduces the time taken to identify and resolve issues, improving network and application availability. Again, AI can play a role in identifying issues and suggested remediation, with vendors applying machine learning to data lakes containing network control and performance data from across their customer base.

Figure 7: Cisco catalyst centre, Application usage. Source: Cisco. 

At present, many Smart Network Management tools offer the capability to suggest remediation steps, with network teams being required to review and accept these changes before they are applied to the network. There is potential for Smart Network Management to go further, using AI to identify issues and automatically apply steps to address them.  However, there is understandable hesitation to offer or use this functionality as it requires a significant level of trust in the decisions and changes being made using AI. There is potential for significant risk to health service delivery if inappropriate network changes are applied in an uncontrolled or unsupervised manner.

Figure 8: ExtremeCloud IQ Network Management Platform. Source: Netagen 

Smart Network Management tools present monitoring data to network teams as a ‘single pane of glass’ view of network and application use and performance (examples in Figure 8 and Figure 9). The capability of this monitoring varies between vendors but typically offers data on utilisation of the network, including wired, wireless, third-party networks, and increasingly, extending to cloud infrastructure and services. Network traffic can be further examined, drilling down to obtain data on the applications being used and associated client devices and users. 

Figure 9: HPEAruba Networking Central. Source: Aruba Networks

Smart Network Management tools can reduce the time and effort network teams spend on network management and administration, with some vendors quoting operational savings of between 20 – 50%. 

Smart Network Management tools can identify client devices as they connect to the network and automatically apply appropriate policy, this can include the use of machine learning to automatically identify devices based on fingerprinting using MAC address, application use, or traffic patterns. This can reduce or eliminate effort associated with connecting a client device and can use dynamic network controls in place of previous manual configuration of VLANs and quality of service (QoS), for example. This automation, in addition to reducing network team workload, also helps reduce the risk of incorrect manual provisioning of devices and associated performance and security risks.

Network traffic can be monitored, with new application traffic flows being identified and highlighted to network staff. Applications can be automatically classified, with the Smart Network Management solution providing suggested QoS classifications and uploading the necessary configuration changes to switches.

The monitoring of network and application performance across all connected devices and networks simplifies network management. Faults and performance issues are notified to network teams, providing details of the users, devices and applications impacted. In some cases, issues can be automatically raised as a support ticket in the Service Management platform. Smart Network Management tools can highlight the network element(s), services, or applications causing the issue and suggest steps to remediate it, reducing the time and effort required to triage the issue and identify a suitable fix.

The simplified view Smart Network Management tools provide of application performance and network issues means that they can be used without the need for specialist IT skills and knowledge. As detailed previously, this means that teams responsible for applications can be provided with access to allow them to monitor performance and respond to issues without the involvement of IT resource. 

Smart Network Management tools can provide details of network issues with a location context. For example, highlighting if performance issues are being experienced in certain buildings or areas, or in the handoff between specific APs, allowing potential wireless performance or capacity issues to be identified and addressed.

Smart Network Management can also reduce the time and effort network teams need to spend on network installation and configuration. Zero-touch installation is available, with automatic configuration of new network devices. Network device upgrades can also be completed remotely and with zero downtime.

Applications such as asset tracking and support for wireless telephone handsets - Voice over Internet Protocol (VoIP) or IP telephony - are increasingly being used in health settings. A high density of wireless access points is required to support these applications. There is a degree of network support effort and complexity associated with the installation of these APs to ensure they offer the required level of service. Smart Network Management tools can help address this, automatically configuring radio channels, monitoring the level of service provided to the applications, highlighting locations with issues, including issues with the handoff between APs, and suggesting suitable remediation. 

Where network upgrades are required, Smart Network Management tools can assist, offering network models and 'digital twins' to design and test upgrades. This can include radio planning (Figure 10), which can use building plans to simulate the impact of introducing new access points. This potentially reduces the time and effort associated with physical Wi-Fi coverage surveys, with coverage being checked only in the areas where modelling results highlight potential problems.

Figure 10: Cisco AP Virtual Reality Planning Tool. Source: Cisco

Network access control functionality has been available for many years. Smart Network Management extends this capability, using a unified approach and automation and AI to apply granular and dynamic control of network access.

Smart Network Management tools can apply role-based network and application access controls based on a range of factors, as detailed in previous sections. 

Devices are only provided with access to the required network services, applications and data. This allows the network to securely connect trusted NHS devices, staff bring your own device (BYOD), users from partner organisations, guests, patients and IoT applications, such as building management and asset tracking devices. 

This network segmentation reduces the risk associated with cyber attacks, limiting the access available to a compromised device, minimising malware propagation, and detecting, identifying and isolating compromised clients. A lessons-learned report produced by NHS England following the WannaCry attack highlighted how trusts were seeking to implement network segmentation to improve cyber security.

This network access control often uses a zero-trust security approach, treating all client devices as untrustworthy by default. Clients and users are authenticated and potentially posture checked prior to providing access to the network. Network access can be restricted only to the required applications and services. 

Devices can be automatically identified, and appropriate access policy applied, reducing the need for manual configuration and the associated risk of errors. 

Controls can include location-based access to restrict certain devices, users, or application access to defined locations (example of live client tracking in Figure 11). For example, only allowing access to sensitive data or applications to users in specific buildings, or barring access when in public areas.

Figure 11: Cisco Spaces. Real time tracking of client devices and space utilisation. Source: Cisco.

Smart Network Management tools can use AI to monitor network and application traffic to identify and isolate cyber threats. This can include identifying, locating, and isolating rogue client or network devices, such as access points, switches, or connections to other networks. This functionality can also be used to highlight unauthorised or ‘shadow IT’ applications to IT support and cyber security staff.

Machine learning can be used to identify and share details of cyber threats between organisations and automatically apply measures to mitigate them, reducing the time to respond to emerging threats.

Smart Network Management can also help NHS organisations with sustainability goals and to reach net zero.

The network monitoring outlined in previous sections can be used to reduce the power consumption of the network infrastructure. This can be achieved by switching off network switches, ports, and access points, or moving them into a power saving configuration during periods of low/no network activity. 

As an example (other manufacturers offer similar functionality), Cisco APs contain several radio modules. When all are operational, an AP can typically draw 30-40 Watts.  Smart Network Management can be used to instruct the AP to power down most of the radios at quiet times of the day or when only a limited number of clients are connected. This can reduce power consumption to around 7 Watts. Examples of the power consumption of AP models by wireless standards are displayed in the Cisco report. 

An AP can be powered down completely to save further power; however, putting an AP into a low-power state rather than powering it down has a number of advantages. The AP remains active and able to support a small number of clients, for example, continuing to support IoT devices that operate 24x7, or location tracking. The AP can be configured to revert to full operation if the number of connected clients reaches a defined threshold – this process is faster than bringing an AP into operation following a full power down.

Powering APs down completely may be suitable for locations that are not used (and do not contain equipment or systems that require monitoring) at known times. For example, this may be suitable for some primary care locations that do not operate 24x7.

Aruba offers a similar low-power configuration. Their APs can be put into a low-power mode during defined times. The AP remains powered up, but the radios are powered down. The AP activates the radios regularly to check for clients requiring a connection. This configuration can be used in dense wireless environments, with a proportion of APs being configured for low power configuration, meaning that full coverage remains available, but capacity is reduced.

Figure 12: Example cost savings from implementing API power saving agrrangements for a hypothetical trust. Source FarrPoint.

Potential cost savings from putting access into low power configuration.

Increasing reliance on wireless networks means that it is unlikely that Health organisations will be able to put all their APs into a low-power mode or switch them off completely. However, high electricity costs mean that even putting a proportion of APs into a lower power mode could deliver tangible cost savings (Example scenario shown in Figure 12).

Smart Network Management also provides zero touch setup of new network devices which can potentially help reduce the need for travel for network teams and associated carbon emissions.

Smart Network Management inventory tools mean that NHS organisations have accurate details on the infrastructure they currently operate, its operating system and support status. The ability to use models and digital twins to test network designs helps ensure that NHS organisations make the best use of, and obtain full value from, the equipment they have already invested in, and minimises the need for additional equipment and the associated environmental impact and power requirements.

Smart Network Management can provide commercial benefits to NHS organisations. 

In many cases (as described further in the implementation section), NHS organisations already have access to many Smart Network Management features as part of their existing network licenses. Feedback from equipment vendors suggests that some organisations have not fully implemented and exploited this functionality. Given this, implementing or extending the use of Smart Network Management functionality helps ensure that NHS organisations obtain full value from their existing infrastructure investments.

Smart Network Management systems simplify the operation of multiple virtual networks over a single shared infrastructure. In some cases health organisations operate multiple networks, for example, separate networks for clinicians, patients, and building management systems. The automated network and client configuration and security provided by Smart Network Management tools makes it simpler to consolidate services onto a single infrastructure, with associated cost savings and support efficiencies.

Smart Network Management tools can also provide efficiencies in how network team resource is used. The ability of these tools to complete analysis of network and performance issues, and to provide suggested remediation, potentially means that a larger proportion of network incidents can be resolved by first and second line support staff. Similarly, automation within the Smart Management solutions can remove or simplify tasks that previously needed to be completed by senior network staff. For example, the ability to automatically recognise and classify applications and configure appropriate quality of service on switches.

The previous section outlined how Smart Network Management can reduce the power consumption of the network infrastructure, as well as offering environmental benefits which also reduces the NHS organisations’ power and cooling costs. 

There are similar cost saving benefits associated with the ability to use digital twins and planning tools to minimise the amount of equipment required to offer services and reduce travel costs where zero-touch setup of new devices can be used.