We're getting a consultant to redesign our hospital campus network but I guess it wouldn't hurt to get a second opinions, as it's the consulting company's opinion anyway what we're getting from them :)
We have a single hospital campus area, all the buildings in a somewhat small area. In total 400 access switches. Currently we have a 'legacy design' with routing switches with L3 interfaces and everyone can basically access every other segment. We have firewalls on the DC border.
We'd like to segment different use cases with firewall/something from each other (for example not let office workers access medical devices directly..), how would you do it in this kind of a network?
Couple things I can think of is stretch the different access VLANs to our DC FW and then do the filtering there. Or do VRFs in distribution switches and then terminate the VRFs on the DC firewall, one interface per VRF. Other than that the usual recommendations would nowadays probably be something like ACI (and terminate the ACI 'segment' on the DC firewall?) or some other kind of VXLAN deployment?
Currently we have some chained access switches but I think we could do the basic access - distribution - core layers too. Our two small DCs are in the campus buildings.
Thanks!
No comments:
Post a Comment