Delivering Secure,

Point-of-Care

Access - Anytime,

Anywhere

HIMSS Webinar

© 2014 Teradici Corporation.

> Introduction

> VMware® Point of Care™ Solution

> PCoIP® Zero Clients Secure End Points

> North Kansas City Hospital Solution

> Questions and Answers

Agenda

© 2014 Teradici Corporation. 3

Today’s Webinar Participants

Tisa Murdock

Director End User Computing

Solutions VMware

Ziad Lammam

Director Product

Management, Teradici

Geoff Schillare

Manager Information Technology

North Kansas City Hospital

© 2014 Teradici Corporation.

> #HealthcareVDI

> #HIMSS14

> #PCoIP

> #VMware

> #Imprivata

> @VMware

> @Imprivata

> @NKCHospital

> @Teradici

4

Hashtags & Handles For Social Sharing

© 2014 Teradici Corporation.

Tisa Murdock, Director End User Computing Solutions VMware

5

VMware AlwaysOnPoint of Care™ SolutionTisa Murdock, Director, EUC HC Solutions

Healthcare Transformation

Device Proliferation, Consolidation, Remote Access, OS

Migration - Continue to Accelerate Change

Caregivers Work Differently with High Expectations

OS ACCESS

DEVICES APPS

Transition to a New Clinical Computing Era Has Begun

Access

• Technology should be invisible

• No Tolerance for Downtime

Apps and Data

• New web-based and

SaaS apps

• Secure Collaboration

Devices

• Multiple Devices, Zero Clients,

Thin Clients, Mac, PC…

• I want to use an iPad! What is

next?

Business and Technology Transformation are Connected

Healthcare TomorrowHealthcare Today

Legacy HIS Apps New HIS Apps SaaS Apps/Svcs

Analytics

Industry & Infrastructure Transformation

Data/Application Transformation

Consumption & Delivery Transformation

1980-?

Healthcare IT’s Journey to Connected Care

2010 2013-Beyond

Complex & Brittle

Client/Server App Silos

Healthcare Infrastructure Technology

Hybrid Legacy/SaaS

Any Device

Secure Collaboration

Connected

Care

Healthcare must be able to adopt the cloud

in a non-disruptive and evolutionary way

Cloud Based Clinical Desktop

Adoption

Empower with AlwaysOn, Anywhere Access

Fast, Secure Access to Patient Data

Native Experience From Any Device

Enterprise Apps

SaaS Apps

3D Apps A New Clinical Desktop

Transform: Simplify

desktops, diverse apps

and data into

centralized services

Deliver: Empower

clinicians with flexible

access across devices,

locations and connectivity

Next Generation Workspace

Broker: Manage & Secure

centrally and broker services

to your workforce by policy

Access depending on

device, location or group

Connected Clinicians

VMware Horizon Suite - Integrated Workspace

My Apps, My Desktop, My Files

Must Haves for Point of Care Solution

Availability

Paperless demands continuous service

“Care Contract” now includes IT

Downtime – Planned or unplanned not acceptable

Mobility

Workspace must roam – on or off premise

Device agnostic

Quality of life /faster decisions

Security

Generic or auto-log-in, shared passwords are not

compliant

Patient care trumps all …

Must be lightweight yet strong

First Step – Deliver Clinical Workspaces as Managed Service

Persona

Applications

Operating System

Centralize

Management

Data, Desktops,

Applications

Display to

Any Device

A Managed Service Model

With VMware Horizon View

All Apps Available from Single Workspace

The Clinician Login Experience with SSO

Steps

1. Sign in to desktop

2. Wait for Windows

3. Authenticate to Virtual Desktop

4. Select Application

5. Authenticate

6. Treat Patient

Tap Card

5 -7 Second Reconnect Time

from Terminal to Terminal*

*Forward Advantage Independent 3rd party testing – August 2011

VMware AlwaysOn™ Point of Care Solution

http://www.vmware.com/files/pdf/solutions/VMware-AlwaysOn-Solution-Datasheet.pdf

Tested / Validated

Multi – Path

Constant Replication

End to End

Redundancy

Stateless Desktop

User

authenticates

and connects

to Site A

Site A Fails

Users' View

Session

Drops/Fails

User re-

authenticates

User is

automatically

connected to

Site B

Infrastructure

Security

Single Sign On

Broad Eco-system of Partners

Zero Clients

Resources

TCO/ROI Calculators and Assessment tools

– http://roitco.vmware.com/vmw/

More information on VMware AlwaysOnPoint of Care Solution

• http://www.vmware.com/solutions/industry/healthcare/point-of-care.html

• Booth #2535 at HIMSS 2014

Follow us on Twitter, Blogs, and Facebook

@ VMwareHIT

http://blogs.vmware.com/healthcare/

http://www.facebook.com/vmwarehit

Thank You

Transforming the Cost, Quality and Delivery of Patient Care

© 2014 Teradici Corporation.

Ziad Lammam, Director of Product ManagementTeradici

22

© 2014 Teradici Corporation.

Teradici PCoIP Provides the Richest, Most Secure Remote Desktop Experience

Over any network

…to any device

23

© 2014 Teradici Corporation.

PCoIP Essential Features and Benefits

24

Provides a rich

user experienceHost Rendering1

Optimized bandwidth

and image quality

Optimized

Multi-codec2Automatically

delivers best possible

user experience

under changing

network conditions

Dynamic Network

Adaptation 3Data stays secure

Only Encrypted

Pixels are

Transmitted4

Features Benefits

© 2014 Teradici Corporation.

> Conform to corporate security mandates

> Maintain control over sensitive user data

> Endpoint management

• Security updates

• Anti-virus

• OS patches

> Ensure uncompromised

user experience

What Challenges Does the Administrator Face?

Maximize your

desktop virtualization

strategy with PCoIP

Zero Clients

© 2014 Teradici Corporation. 26

Zero Client Benefits

Features Benefits

Powerful hardware

decode1 • Teradici TERA

processor for PCoIP

Multiple form factors2 • Available from 50+ vendors

Zero maintenance3 • No OS, browser or drivers

• No codecs, patches

or viruses

Ultra secure4• No local storage,

just a 5MB firmware

• No attack surface, no

application data, just pixels

1MZEROCLIENTSHAVE ALREADY SHIPPED

to enterprises worldwide

© 2014 Teradici Corporation.

> No local storage

> Only hardware decode for encrypted PCoIP data

Centrally managed persistent data

Highest Level of Securityand Ease of Management

27

Persistent application data

locked down in VDI server

Encrypted PCoIP pixels are sent

No application data is ever

delivered to PCoIP Zero Client

© 2014 Teradici Corporation.

> Best VDI client on the market for security-critical deployments

> No Windows/Linux OS and no hard drive

A Comprehensive Suite of Security Features

SECURITY FEATURE SECURITY BENEFIT

No Windows/Linux OS No viruses or spyware, no patches, no maintenance

No persistent user data No local storage to lock up at night

No application data sent over network Only fully AES-encrypted pixels are sent over the network

SIPR hardware token support Supports secure SIPR authentication mandated by DoD

802.1x network authentication Allows network devices to be authenticated before use

Fiber support (100BASE-FX) Fiber option to further secure endpoints on network

IPv6 Ready Ready for government mandates for IPv6 deployments

Support for CAC/PIV smart cards Supports a variety of CAC/PIV smart cards required by

federal and government agencies

28

© 2014 Teradici Corporation.

> Streamlines Workflow

> Strong Authentication

> Ease of management and rich user experience

Single Sign-On (SSO) with Imprivata

Security with Rapid Access

29

• Care Providers

• IT Department

• Clinical LeadershipNO CLICK ACCESS

Manual entry of

USERNAMES and

PASSWORDS are

replaced with our

Just TAP YOUR BADGE

and our authentication and

single sign-on does the rest.

EVERYONE

BENEFITS!

Imprivata enhances care delivery by providing FAST, SECURE ACCESS to patient information

© 2014 Teradici Corporation.

Wide Industry Adoption of PCoIP Technology

3

HEALTHCARESecure patient data in the data center, provide flexible access

throughout facility, provide high-resolution lossless viewing

capability for medical images

EDUCATIONEngage students with rich secure computing experiences

Focus on teaching not troubleshooting, simple to deploy and

manage.

GOVERNMENTSecure sensitive information, provide secure remote access

and peripheral (USB) authorization

FINANCIAL SERVICESEliminate the heat and noise of multiple workstations, provide

immediate moves, adds, changes

MEDIA AND ENTERTAINMENTPrevent loss of intellectual property, eliminate heat and noise

at the desk, and support off-shore contract workers

MANUFACTURINGCentralize large proprietary CAD data files, eliminate heat

and noise at workstations, provide third party suppliers

secure remote access

© 2014 Teradici Corporation.

> PCoIP Healthcare Solutions

> What is a PCoIP Zero Client

> Using Imprivata Single Sign On with PCoIP Zero Clients

> Follow Us on Twitter, Facebook, and Linkedin

Resources

© 2014 Teradici Corporation.

Geoff Schillare, Manager of Information Technology North Kansas City Hospital

North Kansas City Hospital:• Independently owned acute-care facility with 451 licensed beds

and six centers of excellence in cardiac care, cancer care, women’s health, orthopedics, emergency services and minimally invasive surgery.

• Achieved national recognition, most recently in the US News & World Report’s 2013-14 ranking of the best hospitals in the metro area, a prestigious list showcasing only 15 percent of the nation’s approximately 4,800 hospitals.– NKCH was #3 out of 52 in the KC Metro area

• Located 7 minutes from downtown Kansas City, MO• 72-acre campus consisting of six main buildings• Opened for business March 30, 1958 as an 80-bed facility• 2900 employees, 600 physicians and ancillary professionals• Two wholly owned subsidiaries: NorthCare Hospice and Meritas

Health Corporation

34

North Kansas City Hospital IT is composed of:54 personnel divided into four main departments/components: • Infrastructure/Communications/Help Desk• Applications• Project Management Office• Security

• 903 (16.7 avg) years of IT experience with an average tenure of nearly 11 years at NKCH

Overall IT Support Footprint:24/7 support to over 4000 users3500 computing devices300 different clinical and enterprise applications to include multiple EMRs (Acute/Emergency, Ambulatory, Home Health, Hospice)• Cerner Millennium is hosted remotely and supported by IT and Clinical Informatics450 virtual servers, 200 physical servers spread among two data centers80 Network Infrastructure devices in 48 Telecommunications Rooms/Closets

35

Business and Technology drivers for VDI at NKCH:

– Increasing clinician flexibility/mobility/productivity• No more device-centric computing

– Improving user experience • Uniform, consistent, and streamlined experience with virtual desktops and tap-in,

tap-out access

– Optimizing point-of-care compute device type according to usage• 95% Task Workers accessing the same applications mostly delivered by web or

Citrix

– Decreasing cost while increasing useful life of endpoint hardware• Zero Clients less than Desktops, three vs. five/six year lifetime

– Decreasing desktop provisioning, support and management costs• Centralized management of images vs. individually imaged/configured endpoints;

every day is a new day/new VM, fewer components to break

– Accommodating requests for diverse client endpoints• Laptops, Tablets, Mobile Phones

– Increasing endpoint security (ePHI)• Sensitive data contained in data center vs. on endpoint

36

History of Desktop Virtualization at NKCH

– Spring 2008: NKCH Systems Engineers started using VMware VDM 2.0.

– Fall, Winter 2008: Preliminary research, testing environment evaluation and use case validation. Wyse V10L thin client hardware running XP-Embedded with the VDM Client installed.

– Summer 2009: VMworld conference announcement that VMware View 4.0 would feature a software implementation of PCoIP accelerated preliminary project planning.

– Winter 2009/2010: Official production pilot with View 4 and software-based PCoIP deploying 10 Wyse Thin Clients on nursing unit, then rolling out 10 per month for a few months at a time.

– Summer 2011: Technology advances involving Teradici PCoIP and Imprivata OneSign integration increased conceptual project planning.

– March 2012: Main project initiation– Aug & Sep 2012: Deployed 650 PCoIP Zero Clients in six weeks– Feb 2014: Currently have 800 Zero Clients deployed with another 150

or so devices accessing VDI via the View Client

37

Computing Device Endpoint Before/After VDI Implementation

– Before:

• 450 Wyse Thin Client X90L Laptops

– Management of a thin client with a Windows Embedded OS caused issues, constant viruses, etc.

– Preferred Wyse ThinOS

• 200 HP Compaq dc5800, Pro 6000, 8200 Elite Desktop Workstations

– After:

• 650 Samsung NC190-1 PCoIP Zero Clients

38

Primary hardware• Servers: Five HP ProLiant BL460c Gen8 Blade Servers

– Two Intel Xeon E5-2670 8 core processors and 192GB of RAM each– Housed in HP c7000 BladeSystem enclosures split between two data centers– Supported by redundant HP VirtualConnect Flex-10 Ethernet modules connected to our

routed core and 8Gb FC modules connected to Cisco 9148 Multilayer Fabric Switches– Virtual Desktop Consolidation Ratio = 150 VMs/host– Five large main pools for clinicians and physicians, 10 smaller specialized pools for certain

departments

• Storage: Two EMC VNX2 5600 Storage Arrays– VDI Storage Pool consists of the following:

• 5 – 100 GB SAS Flash Disks in a RAID5 (4+1) Configuration• 20 – 15K 600 GB SAS Disks in a RAID5 (4+1) Configuration

– Automatic Storage Tiering is enabled between the two types of media – Average 880 IOPS per server for a total of 4300 IOPS

• Endpoint: Samsung NC190-1 and NC191-T, Dell Wyse P25 PCoIP Zero Clients– Samsung: 19” All-in-One integrated display powered by the Teradici Tera1100 (NC190-1)

and Tera2321 (NC191-T) processors– Dell: Small Form Factor P25 zero client only (no monitor) powered by the Teradici Tera2321

processor

• Access: RFIdeas pcProx HID USB Proximity Card Reader– No drivers required– Also use ExpressCard Proximity Card Readers for laptops

39

Primary software• Imprivata OneSign

– Main modules used: • SSO• AM • VDA• SS/PW

• Teradici PCoIP Management Console• Cerner Instant Access• VMware Horizon View• VMware vSphere• VMware vCenter Server• VMware ThinApp• Loadbalancer.org Load Balancer Virtual Appliance• Mission-critical applications accessible in production on virtual machines include:

multiple Electronic Medical Records, Picture Archiving and Communications System (PACS), clinical reference tools.

Guest operating system:• Windows 7 Professional

40

41

NKCH Virtual Desktops

Existing PCs/Laptops

NKCH LDAP

NKCH LDAP

Loadbalancer(vdm.nkch.org)

External Access

PC or Mac

Mobile Device (iOS/Android)

Cerner RHO

Zero Clients

Imprivata/SSO

View Manager 5.2

vdmcm01vdmrep02

vdmrep03vdmsec02

VDI Login Metrics, Benchmarks and Best Practices:

• Initial login of the day: 60-70 seconds, each subsequent login 5-7 seconds from badging in to working Cerner Millennium PowerChart.

• Prior to SSO/VDI/Zero Client/Instant Access implementation users had to login to the OS and multiple applications each time, taking up to 30 seconds per instance.

– 40 login instance comparison:• Pre-implementation: 20 minutes spent logging in over a typical day• Post-implementation: 4-6 minutes spent logging in over a typical day

• Benchmarks– Initial benchmarks haven’t changed much since system installation, haven’t

added any new servers, have added new/faster storage and additional virtual desktops.

• Clinician Best Practices guide– Optimal clinician workflows, tips, and standard operating procedures.

42

Measuring ROI for the NKCH VDI solution

• Higher CAPEX, Lower OPEX = Lower overall TCO over lifetime– Endpoint hardware and software costs are slightly lower than the desktop

model, but Server, Storage, and Network capital expenses are much higher.

• Some measurable specifics regarding the overall TCO:– Initial procurement cost

• Endpoint Hardware + Software cost over six year lifetime slightly better than Desktop PCs.

– Deployment Cost • For our standard NKCH task worker deploying a Zero Client takes 1/5 the time to

deploy; 20 min for Zero Client, one hour for fully configured desktop.

– Desktop Support Cost • 3 Desktop tickets to every 1 zero client ticket; averaged twice as many minutes per

desktop ticket (six months prior vs. six months after VDI deployment comparison).

– Power Consumption Cost • Zero Client: 36 Watts, vs Desktop + Monitor: 32+29=61 Watts; 40% power

consumption decrease over the 650 project-delivered and now current 800 endpoints.

– Tier II vs. Tier I Workload Distribution• Additional Server, SAN and Network administration but far less desktop support

43

Questions?

44

© 2014 Teradici Corporation.

Continue to Discuss and Share

@Teradici

facebook.com/teradici

linkedin.com/company/teradici

© 2014 Teradici Corporation.

www.teradici.com

46