Baptist Memorial Health Care Partners With Infoblox to Optimize Network Performance and Security
“We maintain multiple vendor relationships… We see our Infoblox account team as a partner, not just a vendor. Long after we implement anything new from Infoblox, the account team is still in touch… And when we are looking to build out new capabilities, the Infoblox team gets directly involved in design, building, problem solving, tech support, escalation, sizing—all of it. When you buy Infoblox, you get a strategy partner.” — Jared Baker, Virtualization / Datacenter Engineer, Team Coordination, Baptist Memorial Health Care
Summary – A Legacy of Excellence in Health Care and Medical Services
For over 100 years, Baptist Memorial Health Care has served communities in the U.S. Mid-South region, offering safe, integrated, patient-focused medical care. Headquartered in Memphis, Baptist Memorial maintains 17 hospital locations across Tennessee, Arkansas and Mississippi, with dozens of clinics and specialty centers throughout those three states. With more than 3,100 physician providers practicing in 34 specialties, Baptist has a well-earned reputation for healthcare innovation and excellence. The organization’s leadership emphasizes core values of compassionate care and service, teamwork, respect for the individual and the value of diversity.
Baptist Health maintains a state-of-the-art digital infrastructure to support its award-winning hospitals, with dedicated onsite data centers at each facility connected back to the main data center in the Memphis headquarters. Jared Baker is the virtualization / datacenter engineer responsible for keeping this infrastructure running at peak performance 24×7. In his telling, issues around IP address management (IPAM) and core DNS performance were areas that needed attention in recent years—issues that he was able to rectify through the organization’s partnership with Infoblox.
Customer: Baptist Memorial Health Care
Industry: Healthcare/Medicine
Location: Memphis, Tennessee
Initiatives: Modernize network architecture with advanced IPAM and DNS, Strengthen security posture, Continue optimizing existing Infoblox investment
Outcomes: Fully optimized DDI network operations, Excellent visibility into network operations via Grid interface, Strengthened cybersecurity capabilities across the 17-hospital system
The Challenge—Slow IP Lookup, Slow DNS Creation
“IP lookup for creating new DNS entries was torturously slow at the hospital site level,” explains Baker. “Performing an IP lookup in our legacy IPAM system to find out if an address was available took around three minutes. Then we’d have to create a new DNS entry and then ask one of the engineers at corporate to clear all the cache so the entry would come around. Otherwise, you’d have to wait seven hours.”
At the time, Baptist relied primarily on Microsoft infrastructure for IPAM and DNS. Baker and his team were able to work with Microsoft to implement more robust replication services, which did improve performance to an extent. But the team agreed that there was still room for improvement. Baptist had been running Infoblox Network Identity Operating System (NIOS) to manage its dynamic host configuration protocol (DHCP) operations for many years, but hadn’t taken advantage of the solution’s DNS and IPAM capabilities. That began to change in 2018.
The Solution—Taking Advantage of Infoblox’s Full DDI Capabilities
Baker and his team worked to get buy-in on migrating to full Infoblox DDI, and got the go ahead to begin the process of cutting over DNS operations from the legacy Microsoft product. As Baker explains, the migration was a surprisingly painless process: “Even in the best migrations, there’s going to be a bug at some point, but not with Infoblox. We did the cutover and we didn’t have a single ticket, not a single call. The remote site managers didn’t even know we finished the migration. It was just a remarkably smooth process, and we’ve been running all of our domains and DNS operations on Infoblox ever since.”
The Results—Sharpened Visibility Makes Resolving Network Issues Much Easier
A particularly beneficial aspect of unleashing the full capabilities of Infoblox NIOS DDI was the increased visibility into network operations provided by Infoblox Grid technology. At its heart, Grid architecture provides a highly scalable, reliable, and fault-tolerant high availability solution, enabling distributed Infoblox appliances to function as a unified, centrally managed system—instead of independent devices. This design provides a real-time distribution, synchronization and management framework via an efficient and elegant web interface. This interface not only ensures secure communications between grid elements such as on-site appliances, it also delivers real-time visibility into network operations through comprehensive logging.
“Before Grid, operations like troubleshooting a newly deployed thermal printer or a credit card machine for the front desk was a nightmare because there was no visibility,” explains Baker. “Now, our administrators can simply run the logs to understand what’s going on within the network. Grid basically functions as both a logging and troubleshooting site, and we’re really happy with it.”
Next Up—Baptist Memorial Health Works with Infoblox to Strengthen Security Posture
Baptist has a dedicated cybersecurity team that works closely with Baker and the network team to protect infrastructure and users across the entire hospital ecosystem. As part of this effort, Baptist tested various network-layer security offerings over the years—including solutions from Infoblox and Cisco—to augment its core security infrastructure. The two teams couldn’t come to agreement on committing to a solution until Infoblox’s account executives working with Baptist introduced BloxOne Threat Defense.
“Conventional on-premises network-layer security products tend to require a dedicated manager and extra server hardware for reporting,” explains Baker. “Because it’s cloud-based, BloxOne Threat Defense Advanced does away with all of that. Installation was a matter of around five mouse clicks, and when we demo’d the solution for the security team they really loved it. The reporting that could be problematic with on-premises solutions was outstanding with BloxOne; the visibility, the tools to look up the dossier—all really simple to use. We didn’t even need training. We quickly got it implemented for every single site, so all our hospitals are now protected by BloxOne Threat Defense.”
Infoblox’s BloxOne Threat Defense Advanced applies advanced threat intelligence, behavioral analytics and machine learning to detect and pinpoint malicious behavior on the network. It then intercepts that traffic, automatically preventing network devices from connecting to command-and-control servers and other cyberthreats, while allowing legitimate DNS traffic to flow freely. With BloxOne Threat Defense Advanced, the security team at Baptist is able to proactively screen for and stop threats at the network edge, significantly improving the company’s security posture. The solution also brought unexpected benefits with managing DNS for outbound internet connections at the site level.
Local Internet Access for Improved SaaS App Performance
“When we became a Microsoft Office 365 customer, it became very apparent that we needed Internet connectivity, in layman’s terms, at every hospital,” Baker explains. “How it worked previously is that outbound traffic connections from the regional hospitals routed back through the corporate data center. So, a hospital administrator in Jonesboro, Arkansas doing a Google search or logging onto Office 365, that connection comes back to Memphis, out onto the Internet, then the session routes back through corporate and back to Jonesboro. With a SaaS app like Office 365, that extra hop through corporate can introduce latency and spotty performance. But BloxOne gave us a workaround.”
With BloxOne securing local traffic, regional hospitals can directly connect to Internet domains through a series of recursion servers without the added traffic detour through the corporate data center. Now, for that same administrator in Jonesboro initiating a session, their request first hits the regional network, the regional network then asks the regional appliance, then it goes out on its own Internet connection to BloxOne Threat Defense to create a secure direct connection. Baker relates that SaaS apps are performing well at all the remote sites, and Baptist is also getting the added benefit of DNS redundancy. “If there’s a failure in that regional Internet connection chain, the session reverts back to the appliance at corporate. So, we now have redundant DNS that we didn’t really understand we were getting access to. It was a real gift.”
Partnering for Success Over the Long Term
Baker credits the Infoblox team for adding value to Baptist’s network operations and performance above and beyond what’s found with most technology vendors. “We maintain multiple vendor relationships—hardware, software, services. We see our Infoblox account team as a partner, not just a vendor. Long after we implement anything new from Infoblox, the account team is still in touch. We’re not at all in a sales process, but they still check in to make sure everything is running right, or if there’s anything they can do to improve what we’re working on. And when we are looking to build out new capabilities, the Infoblox team gets directly involved in design, building, problem solving, tech support, escalation, sizing—all of it. When you buy Infoblox, you get a strategy partner.”