CNAS Overview

CareGroup Network Architecture and Support Services

The CareGroup Network Architecture and Support (CNAS) group currently has responsibility for designing and maintaining over 300 subnets encompassing over 15,200 networked PCs and printers throughout CareGroup served by an installed basis of over 21,200 connections. 368 actively monitored routers and switches connect together 1,723 links over Ethernet, token-ring, frame-relay, and SONET to make this possible. We also monitor and service 12 private links to contracted health-care providers and billing agencies, as well as the CareGroup feed to the public Internet, the research vBNS network and Internet2.

In order to reduce costs associated with these services being implemented and monitored at all locations within CareGroup, we have put in place the following procedures:

1.We have a standardized hardware deployment level for all routers and switches. Monies spent in training and software monitoring are targeted to support these standards.

2. All network equipment deployed throughout CareGroup will be purchased centrally on a CareGroup PO and billed-back internally to an account line of the appropriate organizational unit.

3. Cisco SmartNet support is centralized to one CareGroup account and costs are billed back internally. This allows us a central inventory list to monitor and provides greater bargaining power in negotiating a CareGroup-wide support price.

4. We have dropped SmartNet support for the most commonly deployed cisco models and are storing spares locally to reduce costs.

5. All Verizon wide-area data services have been consolidated into one tracking source for CareGroup I.S. Billing will be done centrally to CareGroup by Verizon, and bill-backs attributed to internal cost accounts with itemized list of services provided by CareGroup I.S. to each local signatory.

6. Based on (3) and (5), CareGroup will provide organizational units budgetary information for FY planning based on normalized inventory of hardware and data-circuit deployment.

7. All projects within CareGroup organizational units that will touch the network should be brought the attention of Marty Botticelli. Those that involve BIDMC will be handed over to Karen Rapuano with estimates of the FTE time involved in such project support.

As a centralized network-monitoring entity, CNAS provides to the organizational units of CareGroup:

1. 7x24 monitoring on all network hardware and key I.S. servers. Outage escalation procedures will normally be to CSIS assigned-contacts via automatic alphanumeric paging unless otherwise specified. An after-hours Network OnCall pager is provided for emergencies (617.632.2337 pager ID 35070) with escalation to the CNAS Manager on 617.339.8666 (no pager ID needed). CSIS staff in conjunction with a local contact, if needed, will normally do OnSite visits.

2. Network segment monitoring and trending for loads and protocol usage. Segment history exists for over 15 months and can be forecast based on historical trending for up to 12 months in the future. We have a portal-based Web service allowing organizational units to monitor their own segments directly, if they wish, by browser.

3. One-stop service for adding new locations to the CareGroup network. From the standardized hardware list, CSIS contacts handle ordering and coordinate billing. Equipment is configured by CNAS to be within the CareGroup IP numbering plan and is enabled for centralized SNMP monitoring. Installation of the equipment will normally be by CSIS staff onsite working with a CNAS contact in the office. CSIS contacts will work with CNAS to expedite Verizon service provisioning and streamlined billing as described above.

4. Centralized trouble-shooting and escalation within Verizon for all wide-area data services. There is a scheduled weekly service meeting among CNAS, the head of our Verizon account team and the Manager of Verizon Data Services for New England to discuss service-related issues.

5. Standardized IP and IPX numbering schema within CareGroup. DHCP is used where possible; otherwise static IP's are assigned. Tracking of static IP's is done centrally but is delegated to an organizational unit if requested.

6. A desktop and network security scan will be performed on a monthly cycle covering all CareGroup entities. Such scans do not impact production but will highlight security hazards according to accepted best-practices: accounts with no passwords, NT workstations without patches, Web servers with loopholes etc. CSIS personnel will work with local support people at each organizational unit to prioritize the remediation of identified security hazards and assist in eliminating them. High-level summaries will be handed out at the monthly meeting of I.S. Directors of the organizational units.

7. Network consultation in assessing loads and impact of all new services rolled out throughout CareGroup.

8. Physical level assessments for existing or new sites in preparation for wiring/cable installations or placement of new hardware.

9. Scheduled outages of at least one week's notice to provide on-going firmware upgrades for equipment. Optimal outage times to be worked out in advance with the local organizational unit's I.S. Director.

10. Centralized support of CareGroup-wide Domain Name Services with localized support for DHCP when needed.

11. Central support in registration and implementation of new primary domains with our partnered registration authority. We currently host over 40 domains on our DNS system.

12. Load balancing support at the network level for key applications such as messaging or the PSN.

13. Remote Access/VPN plans and support.

14. Firewall Access issues out of and in to CareGroup.

Due to budget constraints on time and personnel, any service to remote sites not owned by CareGroup is limited. CNAS will work with contracted consultants or providers for these sites only to establish connectivity back to CareGroup. Similarly, support for data servers (their hardware or configuration) needs to be handled by local personnel. Exceptions to this policy are negotiated through individual site-specific service level agreements.

CNAS also provides a more granular level of support for BIDMC that includes the following:

1. Coordination with departments and foundations of BIDMC on Director-level approved projects that involved network build-outs or changes. All such projects must be funneled through Karen Rapuano for prioritization and support assessment.

2. Wiring and switch-insertions within BIDMC based on Remedy ticket orders.

3. Backup support for the BIDMC Support Center on networking issues or on triaging suspected network problems.

4. Support for the BIDMC Server Team and Mainframe Team in placing new servers or hosts on the BIDMC network within the Renaissance Park Data Center.