Cisco Cisco ASA 5580 Adaptive Security Appliance Guía De Información
Craig McVeigh
Senior Network Consultant
Oxford University Hospitals NHS Trust
Senior Network Consultant
Oxford University Hospitals NHS Trust
Customer Case Study
Solution
OUH started reviewing the offers from a range of IT security vendors. The selection
process saw Cisco rapidly emerge as a frontrunner. “Cisco was the most competitive,
owing to its ability to combine web filtering and firewall functions on one cost-effective
platform,” says Craig McVeigh, senior network consultant at OUH.
process saw Cisco rapidly emerge as a frontrunner. “Cisco was the most competitive,
owing to its ability to combine web filtering and firewall functions on one cost-effective
platform,” says Craig McVeigh, senior network consultant at OUH.
In addition, Cisco security products were able to handle EIGRP, enabling the hospital
to split different types of traffic and optimize routing to keep its N3 connections free.
Finally, the Cisco products were a familiar technology since OUH was already using
Cisco ASA 5520 and 5505 Adaptive Security Appliances for its VPNs and inter-
departmental firewalling.
to split different types of traffic and optimize routing to keep its N3 connections free.
Finally, the Cisco products were a familiar technology since OUH was already using
Cisco ASA 5520 and 5505 Adaptive Security Appliances for its VPNs and inter-
departmental firewalling.
OUH began replacing its external firewalls and URL filtering devices with five Cisco
ASA 5555-X Series Next-Generation Firewalls. Configured as Layer 3 devices rather
than inline firewalls, these were equipped with ASA CX modules for web filtering and
administered via a Cisco Security Manager system.
ASA 5555-X Series Next-Generation Firewalls. Configured as Layer 3 devices rather
than inline firewalls, these were equipped with ASA CX modules for web filtering and
administered via a Cisco Security Manager system.
“In implementing the new firewalls, we started with the N3 links,” says McVeigh.
“Cisco Security Manager helped tremendously. We found it a lot quicker than
expected, migrating our biggest firewall with no downtime in five days, whereas we’d
thought it would take 15.”
“Cisco Security Manager helped tremendously. We found it a lot quicker than
expected, migrating our biggest firewall with no downtime in five days, whereas we’d
thought it would take 15.”
In addition to these security technologies, OUH employees use Cisco AnyConnect®
VPN Clients for secure networking. The hospital also maintains two Cisco ASA 5555-X
Series Next-Generation Firewalls, without CX modules, for site-to-site connections
with other trusts, and a number of Cisco ASA 5520 and 5510 Adaptive Security
Appliances for other VPNs.
VPN Clients for secure networking. The hospital also maintains two Cisco ASA 5555-X
Series Next-Generation Firewalls, without CX modules, for site-to-site connections
with other trusts, and a number of Cisco ASA 5520 and 5510 Adaptive Security
Appliances for other VPNs.
Results
“In the last five years there’s been a massive increase in our need to liaise with
other NHS trusts without compromising security,” McVeigh says. OUH is now able
to advance this goal and improve patient outcomes and lower costs.
other NHS trusts without compromising security,” McVeigh says. OUH is now able
to advance this goal and improve patient outcomes and lower costs.
For example, having better secure connectivity with other clinics and hospitals means
patients do not need to always travel to an OUH center for diagnosis or treatment. This
capability saves travel time and money, besides speeding recovery and helping reduce
patient stress levels and carbon footprint.
patients do not need to always travel to an OUH center for diagnosis or treatment. This
capability saves travel time and money, besides speeding recovery and helping reduce
patient stress levels and carbon footprint.
Being able to separate Internet access from the N3 links has helped OUH improve
the speed of the latter 16-fold, from around 50Mbps to 800Mbps. The delivery
of N3-based medical applications has improved accordingly. Furthermore, OUH
handles traffic for the other NHS trusts in Oxfordshire, representing around 30,000
endpoints in total. General practitioners using the service have reported a 75 percent
improvement in Internet performance.
the speed of the latter 16-fold, from around 50Mbps to 800Mbps. The delivery
of N3-based medical applications has improved accordingly. Furthermore, OUH
handles traffic for the other NHS trusts in Oxfordshire, representing around 30,000
endpoints in total. General practitioners using the service have reported a 75 percent
improvement in Internet performance.
The Cisco Next-Generation Firewalls allow OUH to grant access to different
applications based on Active Directory profiles, something it had not been able to do
before. Thus, for example, people using OUH laptops can be granted full access to
hospital networks, whereas those using personal or mobile devices have seen their
usage capped.
applications based on Active Directory profiles, something it had not been able to do
before. Thus, for example, people using OUH laptops can be granted full access to
hospital networks, whereas those using personal or mobile devices have seen their
usage capped.
This feature has been welcomed by the trust. When the firewalls were swapped out,
OUH also upgraded its Internet link from 100Mbps to 1Gbps, raising concerns that
extra bandwidth could lead to increased use of social media and other non-core
applications. “In the event,” says McVeigh, “we used the CX modules to rate-limit
social media down to about 30Mbps, therefore protecting our core infrastructure for
NHS use.”
OUH also upgraded its Internet link from 100Mbps to 1Gbps, raising concerns that
extra bandwidth could lead to increased use of social media and other non-core
applications. “In the event,” says McVeigh, “we used the CX modules to rate-limit
social media down to about 30Mbps, therefore protecting our core infrastructure for
NHS use.”
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
EDCS-1425603
Page 2 of 3