HIPAA-compliant network solution for nonprofit with 36 branches and 850 employees
Remote management capabilities of cloud-based platform greatly reduce on site visits
Layer 7 client fingerprinting and traffic analytics help shape access policies
Talbert House is a community-wide nonprofit network of services, with a focus on prevention, assessment, treatment and reintegration. Services are provided at multiple sites throughout Greater Cincinnati for children, adults and families. Founded in 1965, Talbert House served almost 29,000 children, adolescents, and adults in FY 2013 in over 36 programs in Brown, Butler, Clermont, Hamilton, and Warren counties in Ohio and Kenton County in Kentucky. The services are offered to a broad-based population with the agency’s mission in mind: to improve social behavior and enhance personal recovery and growth.
Brad Gray, the network administrator for Talbert House, stresses the importance of a reliable and easy-to-manage network for the expanding organization. As a nonprofit with a community focus, the primary objective is to create a dependable service for the individuals and families in the agency’s care. “When I talk about our network’s end users, I am referring to the clients that we work for every day,” Gray explained. “We are very customer-service oriented.”
These clients use both wired and wireless Talbert House kiosks and tablets to fill out personal information, and often need to use their own devices on the organization’s network as well. Meanwhile, Talbert House’s 850 employees require fast and dependable Internet in the office, and secure VPN access when working from remote locations. In order to provide end clients with the best overall experience, reliable web access and network management across all Talbert House properties is mission critical.
When Gray first joined Talbert House, the organization hosted a variety of networking equipment from several different service providers. There was no way to centrally manage network devices or settings across all the branches. “Managing the network took up a lot of valuable time,” Gray reflected. Whether an entire branch or just one piece of networking equipment needed attention, “we would have to drive out to that location, connect to the device in question, make the change, and then drive back.” Talbert House also had unsustainable levels of broadcast traffic, resulting from the lack of control measures. When the entire network went down due to a broadcast storm, the team decided that it was time to upgrade the Talbert House network.
Upon researching various solutions, the remote management capabilities, scalability, and MDM that Cisco Meraki offered stood out against the competition. “The cloud availability was the big thing,” Gray said. “It’s very nice to be able to centrally manage the network from anywhere.” As an organization that works closely with Electronic Medical Records and confidential patient information, HIPAA compliant network security was also a huge draw to the Cisco Meraki solution. After trialing the Cisco Meraki MX90 security appliance, MS42P switch, and a handful of 802.11n wireless access points, Gray and the Talbert House team were ready to launch a full Cisco Meraki deployment across all service locations.
It’s hard to be responsible for 36 different sites, but with Meraki, you can see all your sites in one convenient location. Brad Gray, Network Administrator
Gray worked with Netech, a trusted technology partner, on the initial network design and deployment. “It was absolutely the best experience,” he said, also noting how easy and fast the initial set-up turned out to be with Cisco Meraki. For example, all devices are plug and play as well as self-provisioning, automatically pulling configuration and policies from the cloud. “I get a new device, input the serial or order number in my dashboard, and the device automatically grabs its configuration. Then I send it out to a location and the staff there can just plug it in. There’s no two or three day hold up.”
Now, Gray remotely manages all of the networks within the Talbert House organization, straight from the browser-based dashboard. “It’s hard to be responsible for 36 different sites,” Gray said, “but with Meraki, you can see all your sites in one convenient location.” Email alerts automatically go out if any device goes offline, enabling administrators to instantly know of any network outages. “The first thing I do every morning when I wake up is check my Cisco Meraki app on my phone. I look at my devices in dashboard, and know that if it’s green, it’s good. If it’s yellow, there’s something up. If it’s red, it’s time to do something. I always know what I’m getting into.” When there is a problem, he noted it can usually be fixed via the dashboard, reducing on-site visits.
Currently, at least one Cisco Meraki MS42P switch is installed at every Talbert House location. The industry’s first cloud managed switch, the Cisco Meraki MS combines the benefits of cloud-based centralized management with a powerful, reliable access platform. Most Talbert House properties access the Internet through an IP telephone service, with clients wired into and drawing power from the MS switch ports.
For wireless access, over sixty MR16 wireless APs have been installed in a handful of Talbert House branches, with plans for wireless at each location in the coming months. In the administrative office, a 40,000 square foot, four-story structure with many active devices, there is now WiFi capable of comfortably supporting the high-density environment – a first for the organization. Meanwhile, at some transitional housing locations, Talbert House has set up a separate guest SSID with a billing plan, charging users for controlled access to the network.
Cisco Meraki MX Security Appliances are used by Talbert House for both network security and branch connectivity. The MX80 acts as a comprehensive security device, providing the network with custom firewall rules and VLAN routing. At some locations, the MX90 serves as an interface for the Cisco Meraki teleworker gateway, the Z1, to connect back into the organization. The Z1’s Layer 3 firewall, ports for wired devices, and USB port for 3G/4G connectivity have been very helpful for Talbert House employees. “We have some team members who live in rural areas, who were previously unable to work productively from home,” Gray said. “The Z1 allows them to access high speed, secure Internet, even during bad weather.”
With Layer 7 application analysis and client fingerprinting network-wide, Talbert House now has access to network diagnostics like never before. Gray values being able to see how much bandwidth each property is using, what kind of data is passing through the network at any time, and details of individual client activity.
“We can see if individual client traffic is work related, or if it’s something we should create traffic shaping rules for or block altogether,” he explained. “We can blacklist devices for inappropriate use, and create a custom splash page for these users that directs them to our IT department.” This unprecedented visibility has led to the creation of several group policies, with varying levels of permissions and bandwidth limits. In addition, Gray has used tagging features within the dashboard to customize network settings for each property on an as-needed basis.
Talbert House now has greater control over facility-owned laptops and mobile devices, thanks to Systems Manager, the Cisco Meraki MDM solution. “We can lock down devices to prevent clients from accessing records other than their own, push software and other packages out to enrolled devices, and utilize the geofencing feature to notify administrators if a device is removed from a certain area,” he said.
Many of the Talbert House facilities operate 24 hours a day, offering critical services that require around-the-clock network access and management. With Cisco Meraki, Gray has noticed considerable improvement in the reliability of the network. “The uptime of our entire network has risen to above 99%,” Gray said. “Unless we shut it down, it’s up and running.”