I work for a healthcare organization that is mainly primary care and ancillaries (Lab/Radiology/Sleep etc). The company is expanding very rapidly but still builds the network the same way they did when it was a couple of locations. We are now pushing 2k employees and 100 locations. Most of the locations only have 10-15 people in them. The hardware at most of the small sites consists of a Sonicwall TZ-300, netgear switches, Meraki access points, with dual internet connections and a VPN back to headquarters and a backup VPN to a second "hub" site (the second site they connect to depends on their location). Most applications we use are cloud based and the internal network is mainly used for Radiology as well as Authentication/GP/Patching/Security services. The core of the network consists of ~10 bigger sites, most of which have some radiology/lab (high bandwidth) applications using larger Sonicwall appliances (I think they are 2600 and 3600 series).These hubs are primarily connected via MetroE to each other. Active directory and radius for WIFI exists at these location for all other sites. There is not a lot of traffic between sites outside of the hubs (spokes) other than what is going to another hub.
With the current setup, the remote sites only have connectivity to a couple of subnets at ~2 hub sites that their VPNs terminate to. All of the routing is done via static routes in the Sonicwalls and there are no other routers in the network for the most part. Adding a route into the network is painful. I am looking for advice on the technology we should be evaluating for the network going forward.
I have a couple of thoughts about how we could design the network move forward but I am very open to other thoughts: 1. Implement a dynamic routing protocol at the hub sites (OSPF?) and change the "interesting traffic" for the remote site VPNs to be 192.168.0.0/16, 10.0.0.0/8 etc so that they route all non-internet, not directly connected traffic back to the hubs when they don't know how to get there. 2. Implement a dynamic routing protocol everywhere with the same as above. 3. Dynamic routing at the core and a technology like DMVPN or similar to dynamically create VPN connections and route traffic.
Networking is not my primary function and has not been my career focus since I was a network engineer 15+ years ago. I am trying to help out the network/systems team right now as they are down a manager and network engineer and are left with primarily systems admins with limited network knowledge.
From my interaction with the CIO (I have to say Hi Jeff! since I am sure you will find this) the business needs as I understand them are: 1. A network that can heal itself with minimal impact to end users, We put in redundant connections to the internet and redundant VPNs to cover for MetroE issues but managing the failover has been an issue. 2. Sites to communicate with each other without having to make massive configuration changes, applications and systems that are accessible no matter where you are. 3. A design that is easy to implement, duplicate and scale. We are growing very fast and have nearly doubled in size in the last year or two and, from what I hear, plans are to do the same in the next year or two. 4. Since most sites are small, budget is a large factor in the technology we choose. Preferably we would accomplish this with the hardware we currently own but if not possible, we need to keep the costs down.
No comments:
Post a Comment