Providing managed services for more than 400 clients worldwide—primarily large hospital systems—Cerner needed to minimize the risk of downtime and ensure that a potential outage for one client would not affect all clients. Using a completely virtualized traffic management solution from F5, Cerner is able to segment risk on a per-client, per-tenant basis and streamline operations for faster deployments and more efficient use of resources.
Cerner orporation is a leading provider of healthcare information technology for hospitals and medical facilities around the world. The company helps organizations improve the quality of care with its broad range of clinical and financial solutions and services, including its flagship Millennium application suite.
While some clients choose to run the Millennium suite on site in their own data centers, more than 400 hospital systems have taken advantage of Cerner’s growing managed services offering. Cerner, which hosts the complete Millenniumenvironment in its world-class data centers, customizes, scales, maintains, and supports unique implementations for each of these clients, whose users access the solution over secure connections via Citrix XenApp.
Because of the mission-critical nature of the services it provides, Cerner needed to ensure its systems were always highly available. The company had been using pairs of Cisco ACE load balancers to improve availability across systems that served multiple clients. When Cisco announced its intention to discontinue the ACE load balancers, Cerner realized it would need a replacement solution.
In addition, as the volume of its managed services increased, Cerner’s networking team recognized that a hardware failure, software bug, or even a change in one client’s configuration could potentially have an impact on many clients and, thus, on Cerner’s ability to meet its service level agreements (SLAs).
“There is always some risk of human error with maintenance and provisioning activities,” explained Brett Jones, Director, Infrastructure Architecture Technology at Cerner. “We wanted to find a solution that would reduce the risk down to the individual hospital system level as opposed to something broader in scope.”
In addition to minimizing risk of downtime, the Technology Services team wanted to improve efficiency and reduce the amount of time and resources needed to manage the infrastructure. Each of Cerner’s clients has unique requirements, and configuring changes and updates to meet these needs required considerable manual intervention on the part of Cerner’s network engineers.
When Cerner decided to transition from the Cisco ACE devices, it evaluated application delivery controllers from several vendors, including Citrix. “F5 came out in the lead with the intelligent traffic management capabilities its BIG-IP Local Traffic Manager provides,” says Charlie Wehner, Sr. Network Architect at Cerner.
As the F5 team learned more about Cerner’s existing virtualized server infrastructure and the importance of mitigating broad-based risk, they realized a fully virtualized traffic management solution could provide significant advantages for Cerner over a traditional hardware-based solution.
“We weighed all of the benefits of a hardware solution versus virtual editions and determined that the ability to easily isolate and manage each client’s environment was our highest priority,” says Wehner.
Cerner provides each client a high availability pair of BIG-IP Local Traffic Manager (LTM) Virtual Edition (VE) instances and an additional instance for testing, all of which run on existing VMware ESX servers. In total, this high-density, multi-tenant deployment includes more than 900 BIG-IP LTM VE instances. The virtualized environment not only narrows the scope of risk to individual clients, it provides greater agility than a hardware-based solution and simplifies the infrastructure from an operational and management perspective.
iRules, F5’s unique scripting language, was also a factor in Cerner’s choice of vendors. iRules gives Cerner needed flexibility to customize configurations for clients and avoid rewriting application code.
With a fully virtualized traffic management solution in place, Cerner has been able to ensure maximum availability by achieving fault isolation. The solution also helps Cerner improve operational efficiency and use its resources more effectively.
By providing pairs of BIG-IP LTM VE instances for each of its clients, Cerner is able to segment individual client environments. Using this high-density, multi-tenant deployment model, each client’s traffic is completely isolated from other network traffic. As a result, outages that might result from configuration changes or errors in one client’s environment have no impact on the others. This minimizes Cerner’s risk of missing SLAs.
“Consistently delivering on our clients’ service availability targets is foundational to our business,” Jones says. “Reducing our risk profile is important to our overall SLA delivery, and the F5 virtual solution enables us to do that.”
The virtualized infrastructure has had a profound impact on the time and resources it takes the IT team to provision services for new clients. “We worked with F5 Professional Services to validate our design decisions and help us prebuild a lot of VEs to establish the underlying infrastructure,” says Wehner. “They helped us create a reusable configuration template that would streamline our provisioning process and serve us well long-term. Today, we can spin up a pair of BIG-IP LTM Virtual Edition instances with all of the configuration parameters we need in just 20 minute
The Cerner team has found that F5’s GUI-driven interface for BIG-IP LTM VE is far easier to use than the previous solution. “The Cisco ACE environment was very command line-driven, so you had to have a fair understanding of the internals of the switch to make any kind of a change,” says Wehner. “With F5’s GUI menu system, configuration and changes are very straightforward.” This makes it possible to delegate routine tasks, such as standardized virtual server provisioning, that previously required the skills of a network engineer to perform.
In addition, the F5 solution enables the Technology Services team to define role profiles, designating who can perform which tasks. “We can give some people read-only permission while we give others operator or administrator permission,” says Wehner. This enables Cerner to free up network engineers for more demanding tasks while ensuring that others are limited to activities that are appropriate to their role.
For many of its clients, Cerner not only hosts the Millennium suite but also provides comprehensive managed IT services. Consequently, the Technology Services team often inherits many existing third-party or home-grown applications that it must then incorporate into the overall infrastructure. In these cases, Cerner has found iRules to be helpful in reducing deployment time and resources. “Before we had the flexibility that iRules provides, our support groups had to write custom code to work around some of these issues,” Wehner said. “iRules saves us a lot of extra work and helps us reduce the time to deploy.”