The University Hospital of Schleswig-Holstein (UKSH)

A modern network architecture enhancing efficiency of processes and improving to the quality of care

  • Customer Profile

    The University Hospital of Schleswig-Holstein (UKSH) is a healthcare and research institute with sites in Kiel and Lübeck. It is one of Europe’s largest medical centres and the only major tertiary care centre in Northern Germany.
    • Vertical: Healthcare
    • Location: Lübeck and Kiel, Germany
    • Customer size: 14,500 employees

    Use Case

    Four years ago, the UKSH began centralising the services provided by 21 clinics at its Kiel site and 20 at its Lübeck site. Advances in digitisation were at the heart of the project to centralise the clinics. The goal was to take full advantage of the technological potential in order to be fit for future challenges. An important requirement was the provision of a fully available WLAN solution across all sites to replace the previously fragmented and unreliable network. The IT network infrastructure also needed to run in a stable and secure manner.

    Requirements

    • Drive process efficiency across routine clinical work
    • Fully available wireless coverage across both Kiel and Lübeck campuses
    • Unified and consistent LAN and WLAN experience in all locations
    • Future-proof network architecture supporting ongoing digital healthcare transformation
    • Integrate the management of wired and wireless network clients

    Outcomes

    • Increased efficiency and quality of care
    • Improved use of hospital resources
    • Generating data to inform continued operational improvements
    • Optimised network architecture and associated savings and increased reliability
    • Reduced patient waiting times with dynamic scheduling and faster turnaround times
    • Strengthened data security with clearer, role-based access for all users and devices
    • Simplified network architecture, management, and access control
    • Created the freedom to work with third-party collaborators, through open architecture design
    There is a long history of healthcare excellence in the German cities of Lübeck and Kiel. The Faculty of Medicine at the University of Kiel was one of the founding faculties of the university in 1665. There has been a medical facility on the Lübeck campus since 1912.

    Things have moved on somewhat since, but the twin cities remain one of the largest centres of medical care anywhere in Europe. Across medical research and healthcare, the University Hospital of Schleswig-Holstein (UKSH) is home to 2,000 physicians, scientists and researchers, and 5,400 health staff in 80 clinics and institutes.

    In cooperation with the University of Kiel, the hospital is part of a government-funded Cluster of Excellence for Precision Medicine.

    UKSH has continued to thrive by never standing still. The current challenge, the thing that will see UKSH continue to grow, is digital transformation.

    Digital transformation and a consistent network experience

    In 2015, UKSH laid out a plan to centralise the services provided by 21 clinics at its Kiel site and 20 at its Lübeck site. Digitalisation of healthcare and work processes was at the heart of the project.

    With new buildings being built, and funds available for the renovation of older buildings, the goal was to take full advantage of the technological potential in order to be fit for future challenges, explains Rudolf Dück, CIO at UKSH:

    “We recognised the need for a singular, fully-available WLAN solution across all sites to replace the previously fragmented and unreliable network. Critically, the network infrastructure needed to be stable and secure.”

    Linking diverse technologies to a single solution

    With the future in mind, UKSH wanted a network architecture that could adapt as things changed. Rudolf Dück says the emphasis was on openness, and the ability to create and manage an ecosystem that may involve multiple partners.

    Aruba’s partner, AirITSystems GmbH, was tasked with defining UKSH’s needs and compiling the components necessary for the solution.

    “With a project this complex, it soon became clear we’d need to involve different partners for different elements,” says Rudolf Dück. “The challenge would be integrating these solutions into a single package.”

    UKSH in Lübeck and Kiel, Germany

    Secure and automated dynamic access control

    The centrepiece of the Aruba architecture is the ability to offer Colourless Ports and Dynamic Segmentation, as simple and secure ways to manage and role-based automate policy enforcement for the wired and wireless networks. The Colourless Port concept means that regardless of which type of device is connected to any switch, based on the identity and role of the device, ClearPass will download the appropriate role settings to the used port. It unifies and automates enforcement policies and can completely eliminate VLAN sprawl and complex and error-prone port-based configurations. This makes a huge impact for a network of the size of UKSH, comprising 1,600 Aruba 2930 Modular and Fixed form factor campus access switches and over 3,000 wireless access points.

    While security policies are applied to, and automated over all the ports and for both the wired and wireless network, Dynamic Segmentation or user-based tunnelling is currently applied to the smaller part of the network and in a number of the smaller buildings where the old cabling is now insufficient for allowing access to all the users. To solve this challenge, the team deployed individual Aruba 2930F switches and channelled their traffic to the Aruba Mobility Controllers. By establishing Dynamic Segmentation over these switches, each cable/port in such buildings was able to be securely scaled up to eight ports on each of the switches in this domain. In this sector, because all wired as well as wireless traffic is channelled through the Mobility Controllers, and a private tunnel is established between any wired or wireless device and the controller, all policies are managed via the controllers. Also, all wired devices have access to the same controller services as wireless ones connecting, including full Colourless Port capability.

    For UKSH, the underlying advantage of Dynamic Segmentation was that through the use of the 2930F switches, the IT team avoided the need for additional cabling in older buildings by allowing a single cable/port to be expanded to multiple ports on the same switch, thus saving significant costs.

    “The Aruba architecture was the obvious choice for us due to the way wired and wireless networks are unified, with the same levels of security, management, monitoring, and automation,” explains Marcus Will, CTO at UKSH Gesellschaft für IT Services mbH. “Dynamic Segmentation is a huge advantage, simplifying our network design, automating access controls, and saving infrastructure complexities.”

    The solution also includes AirWave network management and Aruba Mobility Master for coordinating all the controllers.

    “Also, having the right technology was crucial. We wanted the infrastructure to match the overall concept of a modern hospital building,” Marcus Will adds.

    UKSH in Lübeck and Kiel, Germany

    An ambitious schedule achieved with Zero Touch Provisioning

    UKSH set itself an ambitious schedule. It wanted 19,283 ports to be up and running in Kiel by June 2019. This was significantly enabled thanks to the Zero Touch Provisioning (ZTP) capability of the Aruba switches. This meant that no prior configuration or programming was required. Switches would simply be unpacked and connected into the network. This saved a lot of time and cost for UKSH and AirITSystems. The same applied to the Aruba access points which can be added onto the network and their configurations are automatically monitored and updated.

    “Zero Touch Provisioning allowed us to deploy semi-skilled electricians to install the switches on site. We then recorded the serial numbers with a manual scanner and used scripts to create, and then apply configurations,” explains Marcus Will.

    Avoiding the need for expensive new cable installations

    While the hospital’s work continued as normal, the existing data centre network infrastructure was migrated. AirITSystems also managed the integration of technologies supplied by three different partners into a single solution, including HYPROS, a location-based service already being trialled by UKSH.

    Today, the new buildings in Kiel and Lübeck are open, with work continuing on renovating older buildings. Where new cabling has proved too costly or time-consuming to install for temporary facilities, Marcus Will says the combination of Aruba switches, controllers and ClearPass have delivered a real advantage.

    “They composed a great solution and it fit into the overall design,” Marcus Will stresses. “With Zero Touch Provisioning, switches are easy to register on the system and, once plugged in, self-configure and are ready to go. They are ideal for multiplying the number of network ports available in areas of need for a fraction of the cost of new cables, thanks to the Aruba Dynamic Segmentation solution.”

    More energy to focus on optimisation and innovation

    The result is a network architecture that is flexible, open, scalable, and robust. UKSH has a single view of network health across its wired and wireless environments and can manage a broad range of users and usage. It means UKSH needs to spend less time on network management, Rudolf Dück explains, and has more energy to focus on optimisation and innovation.

    In effect the Aruba solution creates a single smart hospital across one region and multiple buildings:

    “For instance, Aruba access points allow for the use of Bluetooth tags, opening up a range of new applications using a real-time location system,” Rudolf Dück points out. “This makes it possible to detect a patient’s precise position in an emergency, ensuring that help arrives as soon and as effectively as possible.”

    The HYPROS location application is certified to work on the Aruba network. By tagging via Bluetooth to the Aruba access points and additional Bluetooth gateways, it monitors the movement of patients and clinicians throughout the site. The system can then identify bottlenecks, misalignments between actual and needed staffing, time and motion improvements, and patient and equipment scheduling. It creates a contextually adaptive ‘connected clinic’. In addition, the capability of asset tracking allows the application of resource-conserving just-in-time logistics.

    “We deliberately chose Aruba’s architecture because it offered unified security and management. This makes it easy to integrate with third-party network solutions,” explains Marcus Will.

    UKSH in Lübeck and Kiel, Germany

    Effective mobility for patients, doctors, and devices

    Mobile monitoring technology will play an increasingly important role across the hospital. From the clinical perspective, patients are free to move around the hospital campus while wearing network-connected Philips heart-rate monitors. From the logistics perspective, it is possible to monitor the transportation of medication that patients need to take at a specific time.

    If there is an issue, or a missed step in the process, the relevant clinician is automatically alerted. “We can react much earlier in the process and safeguard treatment,” explains Rudolf Dück.

    UKSH can also be smarter in the way it uses ‘fixed’ resources. The new building does not have transitional wards, meaning that beds need to be collected, cleaned, and made available on a just-in-time basis. This makes it crucial to know the exact time of patient discharge and patient admission.

    Bluetooth beacons enhanced based on Bluetooth beacons are guiding the service staff to bring the bed to the right ward at the right time, and to outline specific requirements, Rudolf Dück says. This minimises the risk that a bed will not be ready when new patients are admitted, preventing the need for beds in corridors without impacting on processes in A&E or outpatient departments.

    “We’re better able to map out the ideal patient care logistics,” he concludes.

    Driving operational efficiency

    Overall, the Aruba engagement drives operational efficiency. It helps to improve the quality of treatment by ensuring that patient-centred processes are more targeted and efficient. There is a more dynamic approach to appointment scheduling with wayfinding around the two campuses, meaning fewer patients are late for appointments. Both contribute towards shorter waiting times.

    There is also greater use of technology that patients will recognise out of a hospital setting.

    For example, says Rudolf Dück, LCD monitors allow patients to access the TV, internet, online news, and films from their beds. The screens also enable doctors to interact remotely with their patients and importantly, involve them more in their treatment. They can view patient files, access X-rays, and discuss treatment via the screen.

    Strengthening data security 

    As a hospital, holding huge amounts of sensitive personal data and a critical part of national infrastructure, UKSH must meet strict security criteria. Marcus Will says ClearPass is critical in providing a secure environment and protecting patient data.

    “ClearPass has more options for identifying and verifying connected network devices, irrespective of whether they are wired or wireless,” says Marcus Will. “The solution is significantly more extensive and takes our security to a whole new level, compared to our previous system.”

    The global overview facilitates a more proactive approach to network health and prevents hospital downtime, he continues: “The Wi-Fi network’s availability, even during updates, is a huge benefit.”

    UKSH in Lübeck and Kiel, Germany

    Preparing to take quality of treatment to a new level

    The Aruba architecture allows UKSH to look to the future with confidence, says Rudolf Dück. It allows for a huge increase in the number of connected devices, and the collection and sharing of meaningful medical data. Patient data is collected telemetrically, and vital signs are recorded and analysed in real-time.

    “This is set to improve our ability to identify the early signs of a medical crisis, such as a heart attack or stroke, and to inform the emergency team promptly.”

    Rudolf Dück points out that they are already carrying out pilots and research projects on this possible scenario. This would take the quality of healthcare to new heights and continue UKSH’s reputation for pioneering excellence.

    “We believe that with our new network architecture, we have a solution fit for the years ahead.”

    Compliance Note: The cooperation partners hereby declare that the present publication has no influence on procurement processes and pricing and that there are no expectations regarding this.

    Read more

    The Aruba architecture was the obvious choice for us due to the way wired and wireless networks are unified, with the same levels of security, management, and automation. Dynamic Segmentation is a huge advantage, simplifying our network design, automating access controls, and saving infrastructure complexities.
    Marcus Will, CTO at UKSH Gesellschaft für IT Services mbH
  • Customer Profile

    The University Hospital of Schleswig-Holstein (UKSH) is a healthcare and research institute with sites in Kiel and Lübeck. It is one of Europe’s largest medical centres and the only major tertiary care centre in Northern Germany.
    • Vertical: Healthcare
    • Location: Lübeck and Kiel, Germany
    • Customer size: 14,500 employees

    Use Case

    Four years ago, the UKSH began centralising the services provided by 21 clinics at its Kiel site and 20 at its Lübeck site. Advances in digitisation were at the heart of the project to centralise the clinics. The goal was to take full advantage of the technological potential in order to be fit for future challenges. An important requirement was the provision of a fully available WLAN solution across all sites to replace the previously fragmented and unreliable network. The IT network infrastructure also needed to run in a stable and secure manner.

    Requirements

    • Drive process efficiency across routine clinical work
    • Fully available wireless coverage across both Kiel and Lübeck campuses
    • Unified and consistent LAN and WLAN experience in all locations
    • Future-proof network architecture supporting ongoing digital healthcare transformation
    • Integrate the management of wired and wireless network clients

    Outcomes

    • Increased efficiency and quality of care
    • Improved use of hospital resources
    • Generating data to inform continued operational improvements
    • Optimised network architecture and associated savings and increased reliability
    • Reduced patient waiting times with dynamic scheduling and faster turnaround times
    • Strengthened data security with clearer, role-based access for all users and devices
    • Simplified network architecture, management, and access control
    • Created the freedom to work with third-party collaborators, through open architecture design
    There is a long history of healthcare excellence in the German cities of Lübeck and Kiel. The Faculty of Medicine at the University of Kiel was one of the founding faculties of the university in 1665. There has been a medical facility on the Lübeck campus since 1912.

    Things have moved on somewhat since, but the twin cities remain one of the largest centres of medical care anywhere in Europe. Across medical research and healthcare, the University Hospital of Schleswig-Holstein (UKSH) is home to 2,000 physicians, scientists and researchers, and 5,400 health staff in 80 clinics and institutes.

    In cooperation with the University of Kiel, the hospital is part of a government-funded Cluster of Excellence for Precision Medicine.

    UKSH has continued to thrive by never standing still. The current challenge, the thing that will see UKSH continue to grow, is digital transformation.

    Digital transformation and a consistent network experience

    In 2015, UKSH laid out a plan to centralise the services provided by 21 clinics at its Kiel site and 20 at its Lübeck site. Digitalisation of healthcare and work processes was at the heart of the project.

    With new buildings being built, and funds available for the renovation of older buildings, the goal was to take full advantage of the technological potential in order to be fit for future challenges, explains Rudolf Dück, CIO at UKSH:

    “We recognised the need for a singular, fully-available WLAN solution across all sites to replace the previously fragmented and unreliable network. Critically, the network infrastructure needed to be stable and secure.”

    Linking diverse technologies to a single solution

    With the future in mind, UKSH wanted a network architecture that could adapt as things changed. Rudolf Dück says the emphasis was on openness, and the ability to create and manage an ecosystem that may involve multiple partners.

    Aruba’s partner, AirITSystems GmbH, was tasked with defining UKSH’s needs and compiling the components necessary for the solution.

    “With a project this complex, it soon became clear we’d need to involve different partners for different elements,” says Rudolf Dück. “The challenge would be integrating these solutions into a single package.”

    UKSH in Lübeck and Kiel, Germany

    Secure and automated dynamic access control

    The centrepiece of the Aruba architecture is the ability to offer Colourless Ports and Dynamic Segmentation, as simple and secure ways to manage and role-based automate policy enforcement for the wired and wireless networks. The Colourless Port concept means that regardless of which type of device is connected to any switch, based on the identity and role of the device, ClearPass will download the appropriate role settings to the used port. It unifies and automates enforcement policies and can completely eliminate VLAN sprawl and complex and error-prone port-based configurations. This makes a huge impact for a network of the size of UKSH, comprising 1,600 Aruba 2930 Modular and Fixed form factor campus access switches and over 3,000 wireless access points.

    While security policies are applied to, and automated over all the ports and for both the wired and wireless network, Dynamic Segmentation or user-based tunnelling is currently applied to the smaller part of the network and in a number of the smaller buildings where the old cabling is now insufficient for allowing access to all the users. To solve this challenge, the team deployed individual Aruba 2930F switches and channelled their traffic to the Aruba Mobility Controllers. By establishing Dynamic Segmentation over these switches, each cable/port in such buildings was able to be securely scaled up to eight ports on each of the switches in this domain. In this sector, because all wired as well as wireless traffic is channelled through the Mobility Controllers, and a private tunnel is established between any wired or wireless device and the controller, all policies are managed via the controllers. Also, all wired devices have access to the same controller services as wireless ones connecting, including full Colourless Port capability.

    For UKSH, the underlying advantage of Dynamic Segmentation was that through the use of the 2930F switches, the IT team avoided the need for additional cabling in older buildings by allowing a single cable/port to be expanded to multiple ports on the same switch, thus saving significant costs.

    “The Aruba architecture was the obvious choice for us due to the way wired and wireless networks are unified, with the same levels of security, management, monitoring, and automation,” explains Marcus Will, CTO at UKSH Gesellschaft für IT Services mbH. “Dynamic Segmentation is a huge advantage, simplifying our network design, automating access controls, and saving infrastructure complexities.”

    The solution also includes AirWave network management and Aruba Mobility Master for coordinating all the controllers.

    “Also, having the right technology was crucial. We wanted the infrastructure to match the overall concept of a modern hospital building,” Marcus Will adds.

    UKSH in Lübeck and Kiel, Germany

    An ambitious schedule achieved with Zero Touch Provisioning

    UKSH set itself an ambitious schedule. It wanted 19,283 ports to be up and running in Kiel by June 2019. This was significantly enabled thanks to the Zero Touch Provisioning (ZTP) capability of the Aruba switches. This meant that no prior configuration or programming was required. Switches would simply be unpacked and connected into the network. This saved a lot of time and cost for UKSH and AirITSystems. The same applied to the Aruba access points which can be added onto the network and their configurations are automatically monitored and updated.

    “Zero Touch Provisioning allowed us to deploy semi-skilled electricians to install the switches on site. We then recorded the serial numbers with a manual scanner and used scripts to create, and then apply configurations,” explains Marcus Will.

    Avoiding the need for expensive new cable installations

    While the hospital’s work continued as normal, the existing data centre network infrastructure was migrated. AirITSystems also managed the integration of technologies supplied by three different partners into a single solution, including HYPROS, a location-based service already being trialled by UKSH.

    Today, the new buildings in Kiel and Lübeck are open, with work continuing on renovating older buildings. Where new cabling has proved too costly or time-consuming to install for temporary facilities, Marcus Will says the combination of Aruba switches, controllers and ClearPass have delivered a real advantage.

    “They composed a great solution and it fit into the overall design,” Marcus Will stresses. “With Zero Touch Provisioning, switches are easy to register on the system and, once plugged in, self-configure and are ready to go. They are ideal for multiplying the number of network ports available in areas of need for a fraction of the cost of new cables, thanks to the Aruba Dynamic Segmentation solution.”

    More energy to focus on optimisation and innovation

    The result is a network architecture that is flexible, open, scalable, and robust. UKSH has a single view of network health across its wired and wireless environments and can manage a broad range of users and usage. It means UKSH needs to spend less time on network management, Rudolf Dück explains, and has more energy to focus on optimisation and innovation.

    In effect the Aruba solution creates a single smart hospital across one region and multiple buildings:

    “For instance, Aruba access points allow for the use of Bluetooth tags, opening up a range of new applications using a real-time location system,” Rudolf Dück points out. “This makes it possible to detect a patient’s precise position in an emergency, ensuring that help arrives as soon and as effectively as possible.”

    The HYPROS location application is certified to work on the Aruba network. By tagging via Bluetooth to the Aruba access points and additional Bluetooth gateways, it monitors the movement of patients and clinicians throughout the site. The system can then identify bottlenecks, misalignments between actual and needed staffing, time and motion improvements, and patient and equipment scheduling. It creates a contextually adaptive ‘connected clinic’. In addition, the capability of asset tracking allows the application of resource-conserving just-in-time logistics.

    “We deliberately chose Aruba’s architecture because it offered unified security and management. This makes it easy to integrate with third-party network solutions,” explains Marcus Will.

    UKSH in Lübeck and Kiel, Germany

    Effective mobility for patients, doctors, and devices

    Mobile monitoring technology will play an increasingly important role across the hospital. From the clinical perspective, patients are free to move around the hospital campus while wearing network-connected Philips heart-rate monitors. From the logistics perspective, it is possible to monitor the transportation of medication that patients need to take at a specific time.

    If there is an issue, or a missed step in the process, the relevant clinician is automatically alerted. “We can react much earlier in the process and safeguard treatment,” explains Rudolf Dück.

    UKSH can also be smarter in the way it uses ‘fixed’ resources. The new building does not have transitional wards, meaning that beds need to be collected, cleaned, and made available on a just-in-time basis. This makes it crucial to know the exact time of patient discharge and patient admission.

    Bluetooth beacons enhanced based on Bluetooth beacons are guiding the service staff to bring the bed to the right ward at the right time, and to outline specific requirements, Rudolf Dück says. This minimises the risk that a bed will not be ready when new patients are admitted, preventing the need for beds in corridors without impacting on processes in A&E or outpatient departments.

    “We’re better able to map out the ideal patient care logistics,” he concludes.

    Driving operational efficiency

    Overall, the Aruba engagement drives operational efficiency. It helps to improve the quality of treatment by ensuring that patient-centred processes are more targeted and efficient. There is a more dynamic approach to appointment scheduling with wayfinding around the two campuses, meaning fewer patients are late for appointments. Both contribute towards shorter waiting times.

    There is also greater use of technology that patients will recognise out of a hospital setting.

    For example, says Rudolf Dück, LCD monitors allow patients to access the TV, internet, online news, and films from their beds. The screens also enable doctors to interact remotely with their patients and importantly, involve them more in their treatment. They can view patient files, access X-rays, and discuss treatment via the screen.

    Strengthening data security 

    As a hospital, holding huge amounts of sensitive personal data and a critical part of national infrastructure, UKSH must meet strict security criteria. Marcus Will says ClearPass is critical in providing a secure environment and protecting patient data.

    “ClearPass has more options for identifying and verifying connected network devices, irrespective of whether they are wired or wireless,” says Marcus Will. “The solution is significantly more extensive and takes our security to a whole new level, compared to our previous system.”

    The global overview facilitates a more proactive approach to network health and prevents hospital downtime, he continues: “The Wi-Fi network’s availability, even during updates, is a huge benefit.”

    UKSH in Lübeck and Kiel, Germany

    Preparing to take quality of treatment to a new level

    The Aruba architecture allows UKSH to look to the future with confidence, says Rudolf Dück. It allows for a huge increase in the number of connected devices, and the collection and sharing of meaningful medical data. Patient data is collected telemetrically, and vital signs are recorded and analysed in real-time.

    “This is set to improve our ability to identify the early signs of a medical crisis, such as a heart attack or stroke, and to inform the emergency team promptly.”

    Rudolf Dück points out that they are already carrying out pilots and research projects on this possible scenario. This would take the quality of healthcare to new heights and continue UKSH’s reputation for pioneering excellence.

    “We believe that with our new network architecture, we have a solution fit for the years ahead.”

    Compliance Note: The cooperation partners hereby declare that the present publication has no influence on procurement processes and pricing and that there are no expectations regarding this.

    The Aruba architecture was the obvious choice for us due to the way wired and wireless networks are unified, with the same levels of security, management, and automation. Dynamic Segmentation is a huge advantage, simplifying our network design, automating access controls, and saving infrastructure complexities.
    Marcus Will, CTO at UKSH Gesellschaft für IT Services mbH