Securing Healthcare Information with Virtual Desktops · Securing Healthcare Information with...
Transcript of Securing Healthcare Information with Virtual Desktops · Securing Healthcare Information with...
Securing Healthcare Information
with Virtual Desktops
Aivars Apsite
Technology Strategist
Metro Health
What do we use at Metro Health
How do we secure it at Metro Health
What are the benefits to Metro Health
Plan the Next Steps
Agenda
VDI overview
Access your desktop from any device
Wireless WOW
Thin Client
Laptop
Remote Physicians Office
Nurses Station Desktop
Tablets / iPad / Mobile Devices
Remote Access from home
Jan
2007
Oct
2007Feb
2010
MetroAnywhere
Development
Begins
MetroAnywhere
Go Live when
Metro Health
Moves into its
New hospital
MetroAnywhere
With TCX
Video playback
USB support
v1 v2Feb
2011v3
Oct
2011
Cisco
VXI
Purchase
MetroView
MetroAnywhere
VMware View
V4.6
v4Dec
2012
MetroView
VMware View
V5.1
1100 PCs
900 Wyse Thins1400 PCs
1100 Wyse Thins
300 Wyse Laptops
1320 PCs
1800 Cisco Zeros
310 Wyse Laptops
$1,610/client
$1,140/client
$588/client
Desktop Virtualization Timeline
Broker -
Vmware View2000
Zero/thin
Clients
Internet
Various
Endpoints
3000
Pooled
VDI XP
Sessions
1200
Thick XP
Clients
Metro
Cisco IP
Network
10Gb core
100MB to floors
Plazas:
100Mb
10Mb
VMWare ESX
Servers
- Physicians
- Home
- Travel
UserUser
User Windows
2003/2008 Servers
Unix Servers
SANPrinters
Metro Health Topology
Cisco 2211
Wyse x90
HP 8200s – 8300s
HP 4200s, 3035s. 4345s
300+Tb
HP P9500/ NetApp FAS2240
(55) ESX hosts
(38) servers
(410~) servers
• (32) Cisco B250 M2 Servers
• Dual Intel X5680 Processors (3.3Ghz,
6 cores)
• 192GB RAM
• (4) Cisco B200 Management Servers
(Dual X5670s, 24GB RAM)
• (2) Netapp FAS3240 Storage System
(64TB raw/50 TB useable)
• (4) Nexus 5010 Switches with (4) 10Gb
uplink connections to core network.
VDI “in a box”
3000
Pooled
Users
Pod A Pod B
What do we use at Metro Health
How do we secure it at Metro Health
What are the benefits to Metro Health
Plan the Next Steps
Agenda
• Reconnect to active desktop in 10 seconds or less
• To a FULL Windows desktop
• Access to ALL opened applications simultaneously
Secure Roaming with Fast Reconnects
The full Windows OS is running
- Security patches applied
- Antivirus is up to date
- OS is locked down to users
- All centrally managed
- Timeout scripts enabled
- At logoff, all sessions recloned
- Meets compliance standards
- Quick reconnects
All PHI* in our Data Centers
Encryption
in flight
Levels of security
AD login
AD permissions
Application
Encryption at rest
is possible
NOTICE – the PHI* data is not
stored on the local desktop
* Patient Health Information
• Only one image to manage –View session
• Zero client “imaging” process takes less than 5 minutes
• No driver management on Cisco VXCs
• Enhanced USB support in View 5.1
• 60+ applications converted to SSO
Zero Clients and Imprivata Single Sign On
3200+ End Points
PCoIP remote access provides our users a
simple, secure remote connection and
authentication to their desktops outside of
the firewall.
Remote Access
What do we use at Metro Health
How do we secure it at Metro Health
What are the benefits to Metro Health
Plan the Next Steps
Agenda
What do we use at Metro Health
How do we secure it at Metro Health
What are the benefits to Metro Health
Plan the Next Steps
Agenda
Lessons Learned
Not enough Imprivata user licenses – some users could not log in
No SSPW option from zero clients. Set up a generic user with access to SSPW page.
Zero clients do not come with a connection bar. Limited functionality
Added RocketDock to provide some functionality
Big Concern – if we loose our connection servers, no brokering to View sessions
Possibly looking at developing a Teradici RDSH solution for DR purposes
• An alternative broker for zero clients
• Imprivata Epic connector to Exam Rooms
• Imprivata “walk away” locking
• SSPW native access from Zero Client
Next Steps
Questions?