- In working with some of the largest healthcare organizations in the world, there has been a common theme when conversations around healthcare data centers come about. Specifically, many organizations are now asking: Just how agile is my data center and all of the components within? What if I need to extend my platform into the cloud?
Most of all, healthcare administrators are looking for way to increase data center agility to make migrations and cloud extensions much easier.
However, today’s data center is a lot more complex and a lot more important.
The reality is that each healthcare data center maintains unique components and resources. These resources are delivered to a wide array of users, sometimes spanning the globe. In working with data center migration projects, there have been some specific steps that healthcare organizations can take to make the whole process easier.
In my experience, exporting policies and logical controls (processes built into the data center layer), have shown to be the most challenging to work with. Specifically, replicating those policies between other data center, and even cloud components.
With that in mind, let’s look at a few ways where healthcare administrators can make data center migrations a bit easier. To do so, we’ll examine your virtual environment, your most critical policies (those around security), and some overall best practices for healthcare data center migration and policy management.
Managing Policy Distribution and Migration in a Healthcare Virtual Ecosystem
Here’s the best part about working with a heavily virtualized infrastructure, it’s a lot easier to migrate. But what if your primary data center is running VMware and your secondary one is based on KVM or Hyper-V? Now what?
The other challenge is that you may also have firewalls, load-balancers, and other controllers as virtual appliances. Virtual machines can be converted from one virtual platform to another. The issue is around these other virtual appliances.
To combat these challenges – there are few things administrators can do:
- For all virtual machines, appliances, and services: This one is easy. You should always create snapshots and data backups for any workload or appliance running on your hypervisor.
- For traditional VMs (Windows, Linux-based): Analyze a migration plan that either involves rebuilding the VM and reattaching the storage repository – or, allows you to copy the VM, as-is, to the new location.
- For virtual appliances (firewalls, load-balancers, virtual services, containers): You can create a configuration file or dump with all of the policies, settings, and other critical data points relating to the virtual appliance. In many cases, there are tools that can help with this type of visibility and configuration management. You need to make sure all settings are captured. This is especially important if you’re migrating from an older appliance to a new one. Keep in mind – doing this in parallel, while each appliances is running in different locations, allows you to analyze settings and ensures that you didn’t miss a setting.
Managing Critical Policies – Network and Security
This one is always a bit trickier to work with. Basically, your network and security architecture is like the central nervous system of your healthcare data center.
You have two different data center points and both might be running completely different infrastructure. Let’s assume your primary data center has Cisco Nexus networking gear. At that same data center you also have Cisco ASA security appliances.
Now, let’s assume that you just acquired a new clinic. However, that clinic already has a data center running Juniper SRX devices and maybe a Palo Alto virtual security appliance. Pretty heterogeneous, right?
Even if your environment doesn’t have that many devices, migrating policies can be a challenge. So, let’s look at some ways we can improve network and security policy migration:
- For security devices and appliances: Analyzing your policies will actually look pretty similar whether you’re running a virtual or physical security appliance. If you have a one-to-one device migration on the same family of appliances, simply doing a configuration migration might be the easiest way to go. In fact, there are likely some great native tools which can help you in the process. However, if you’re working with a more heterogeneous platform, visibility into everything is critical. Skip the manual process and work with tools which can help you see the big picture. This is especially important when working with compliance-bound workloads. Granular visibility into all policies and settings will help you migrate access controls, specific security settings, VPN rules, application access, and much more.
- For network devices: You will absolutely need to know and understand all network routes, policies, and settings when creating a migration plan. If you’re expanding your platform, working with Global Server Load Balancing features helps balance connections coming into a respective data center. But how do you control network policies in general? What if they’re all different brands? First of all, you must document each core networking component. Secondly, utilizing a tool which can granularly help you create a powerful network map and diagram is essential as well. The idea is to generate an interactive topology map of all network firewalls and routers, subnets and zones, and deliver instant visibility around security policies as well as network traffic. Are there unknown network closets? Are there hidden policies or devices? Today, network and security appliances work hand-in-hand to optimize and secure the delivery of critical data components. Because of this, it’s critical to work with tools that give you visibility into all critical aspects of your network and security architecture.
As more organizations look to cloud computing or colocations as options to expand their environment, questions around migration will always arise. The reality is that migrating a data center is easier now than it was just a few years ago. New monitoring, aggregation, and even control platforms exist to create direct visibility into security policy architecture, network flow, and user application access. Furthermore, there is direct tie-in with critical virtual components.
Expanding or migrating your data center is a great way to increase agility and the capacity of your infrastructure. Always remember to take the full aspect of the data center into consideration. This means thinking of the impact around the end-user as well.
Keep an eye on performance during the migration and ensure that no security policies are overlooked. As mentioned earlier, the best way to do this is through a parallel deployment methodology. Not only does this allow your administrators time to adapt to the newly migrated or expanded data center, it allows your entire business model to adapt as well.