Cisco Extended Care 1.0 Solution Design
Guide
November 25, 2013
Cisco Systems, Inc.
www.cisco.com
Cisco has more than 200 offices worldwide.
Addresses, phone numbers, and fax numbers
are listed on the Cisco website at
www.cisco.com/go/offices.
Text Part Number: OL-30842-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display
output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in
illustrative content is unintentional and coincidental.
Cisco Extended Care 1.0 Solution Design Guide
© 2013 Cisco Systems, Inc. All rights reserved.
C O N T E N T S
CHAPTER
1
Overview
1-1
Objectives and Audience
1-1
An Overview of Cisco Extended Care
1-1
Not Intended for Use In Emergency or for Patient Monitoring
Key Features in Cisco Extended Care 1-2
Patient Portal 1-2
Provider Portal 1-3
Video Conferencing 1-3
Historic Wellness Readings Graphs
Access to Questionnaires 1-3
Appointment Calendar 1-3
HL7 Compatibility 1-3
Quick Connect 1-3
Educational Videos 1-3
Secure Messaging 1-3
Instant Messaging 1-3
OpenEMR Compatilbility 1-4
Collaboration APIs 1-4
Customizable Branding 1-4
Cisco Extended Care Architecture
1-3
1-4
Data Center Components 1-6
Data Center Software Requirements 1-6
Data Center Hardware Requirements 1-6
Video Conferencing Data Center Components
Servers 1-7
Multi-point Control Units 1-7
Video Endpoints 1-8
Infrastructure Requirements
Key Considerations
CHAPTER
2
1-2
1-7
1-9
1-10
Designing the Framework
2-1
Data Center Deployment Models 2-1
Enterprise Deployment Options 2-1
Enterprise 2-1
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
1
Contents
Enterprise with High Availability 2-1
Enterprise with Multiple Instances 2-2
Achieving Higher Availability 2-2
Network Deployment Options 2-3
Overlay Network 2-3
Converged Network 2-3
Communication with Resources Outside the Cisco Extended Care Network
Accessing Resources Outside the Enterprise Network 2-4
CHAPTER
3
Video Endpoint Considerations
Supported Video Endpoints
Servers 3-2
Server Groups
4
3-1
3-1
3-2
Multi-Point Control Units
CHAPTER
2-4
3-2
Cisco Extended Care Bandwidth Requirements and Quality of Service Recommendations
4-1
Bandwidth Requirements for Endpoints Using Cisco Extended Care 4-1
Video Endpoint Bandwidth 4-2
Cisco TelePresence System EX60/EX90/Edge 95 and Cisco TelePresence C20/C40 Bandwidth
Requirements 4-2
Cisco Extended Care / Jabber Video Bandwidth Requirements 4-2
Bandwidth Requirements for a Cisco Extended Care Application Server
Quality of Service
4-3
4-3
QoS Best Design Practices for Cisco Extended Care 4-4
Best Practices for Converged Networks 4-5
Marking Cisco Extended Care Traffic
CHAPTER
5
Cisco Extended Care Security
Overview
4-5
5-1
5-1
Patient Information Precautions
Patient Privacy 5-1
5-1
Authentication / Access Control 5-2
Authentication Options 5-2
External LDAP-Authentication 5-2
External Third-Party Application Authentication 5-2
Dedicated Cisco Extended Care Authentication 5-3
Mixed Authentication 5-3
Cisco Extended Care Security Policy 5-3
Cisco Extended Care 1.0 Solution Design Guide
2
OL-30842-01
Contents
Security Policy Controls for Cisco Extended Care-Authenticated User Names
Security Policy Controls for All Cisco Extended Care User Names 5-4
Other Authentication Security Features 5-4
Transmission Security
Network Security
5-4
5-5
Using Firewalls in Converged Networks 5-5
Cisco Extended Care and Cisco TelePresence TCP and UDP ports
Ports and Protocols Required for Third-Party Applications 5-6
CHAPTER
6
Cisco Services for Cisco Extended Care
A
For More Information
6-4
Software Compatibility
A-1
Browser Compatibility
5-5
6-1
Introduction 6-1
Installations and Configurations 6-1
Additional Services 6-2
Cisco Extended Care Workshop 6-2
Cisco Extended Care Custom Application Support (CAS)
Cisco SMARTnet 6-2
APPENDIX
5-3
6-2
A-1
GLOSSARY
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
3
Contents
Cisco Extended Care 1.0 Solution Design Guide
4
OL-30842-01
CH A P T E R
1
Overview
Revised: November 25, 2013, OL-30842-01
Objectives and Audience
The Cisco Extended Care Solution Design Guide provides an overview of the options and best practices
for designing Cisco Extended Care, including:
•
selecting a deployment model
•
choosing the features you want to include in your installation
•
configuring the video conferencing portion of the application
•
determining bandwidth requirements and implementing quality of service
•
determining security requirements and defining your security policy
•
selecting Cisco service options
The target audience is Cisco Extended Care planners and designers. The objective of this document is to
enable these planners and designers to make informed decisions about all aspects of the design.
Note
All Cisco Extended Care documentation referenced in this manual can be found at:
http://www.cisco.com/en/US/partner/products/ps13401/tsd_products_support_series_home.html.
Note
Refer to Appendix A, “Browser Compatibility”for a list of browsers and their level of support in Cisco
Extended Care.
An Overview of Cisco Extended Care
Cisco Extended Care is a personal health and wellness collaboration platform, enabling patient
engagement and care team interactions at any time and from anywhere.
The application provides:
•
Enhanced and efficient care coordination
•
Secure messaging
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
1-1
Chapter 1
Overview
Not Intended for Use In Emergency or for Patient Monitoring
•
Appointment calendar and scheduling
•
Ability to access questionnaires
•
Real time video collaboration
•
Anywhere access to care team consults
•
Content sharing
•
Video platform to drive health and wellness awareness and education
•
Open APIs to enable third party applications and environments
Not Intended for Use In Emergency or for Patient Monitoring
Cisco Extended Care is not intended for use in emergency situations. In the event of an emergency, call
911 or your local emergency response system.
Cisco Extended Care is not for use in situations involving real-time patient monitoring or alarming.
Key Features in Cisco Extended Care
Cisco Extended Care has the following key features:
•
Patient Portal
•
Provider Portal
•
Video Conferencing
•
Historic Wellness Readings Trending
•
Access to Questionnaires
•
Appointment Calendar
•
HL7 Compatibility
•
Quick Connect
•
Educational Videos
•
Secure Messaging
•
Instant Messaging
•
OpenEMR Compatibility
•
Collaboration APIs
•
Customizable Branding
Patient Portal
Allows patients to connect with a care provider via video conferencing and get access to educational
material, messages, wellness data, appointment calendar, questionnaires, etc.
Cisco Extended Care 1.0 Solution Design Guide
1-2
OL-30842-01
Chapter 1
Overview
Key Features in Cisco Extended Care
Provider Portal
Allows care providers to view ready appointments, start video conference with patients, access patient
details, send messages to patients, view patient wellness data, create and save SOAP notes, etc.
Video Conferencing
Allows patients to connect with a care provider via video conferencing.
Historic Wellness Readings Graphs
Allows patients and providers to graph the patient’s historic wellness readings over time. Historic
wellness readings are readings from a wellness device that are either manually entered by the patient or
retrieved from external sources, such as a PHR.
Access to Questionnaires
Allows patients to respond to a questionnaire and also access previous responses.
Appointment Calendar
Allows patients to view their appointment calendar and start a scheduled appointment.
HL7 Compatibility
Allows for customizable request and response HL7 templates for a given deployment.
Quick Connect
Allows patients to start an unscheduled appointment.
Educational Videos
Allow patients to access and view educational material (videos from youtube.com) made available by
their care team.
Secure Messaging
Allows patients to view messages sent by their care team. Messages can be searched based on date/time
and keywords.
Instant Messaging
Allows interaction between patients and care providers within an appointment.
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
1-3
Chapter 1
Overview
Cisco Extended Care Architecture
OpenEMR Compatilbility
Allows a customer to use OpenEMR in the absence of any HL7 compatible EMR.
Collaboration APIs
Provide a set of APIs that customers/partners can use to enable video collaboration in legacy
applications.
Customizable Branding
Allows customer/partner to customize their branding logos and images on the patient portal in their
offering.
Cisco Extended Care Architecture
Figure 1-2 illustrates the layered architecture of Cisco Extended Care and Figure 1-2 illustrates an
overview of the components in Cisco Extended Care.
Figure 1-1
Cisco Extended Care Layered Architecture and Supported Cisco Video and Infrastructure Equipment
Cisco Extended Care 1.0 Solution Design Guide
1-4
OL-30842-01
Chapter 1
Overview
Cisco Extended Care Architecture
Figure 1-2
Cisco Extended Care Architecture
Partner Server
The partner server (shown on the upper left side of Figure 1-2) can be any of the systems available with
the partner/customer that is connected with Cisco Extended Care, such as:
Note
•
A HL7 based EMR – for patient information and appointment scheduling.
•
A wellness readings Store server – to save and/or retrieve wellness readings.
•
An IFrame based integration with an existing partner/customer portal – for providing an integrated
user experience across portals with single sign-on (SSO).
•
A custom authentication system being used by the partner/customer – to authenticate Providers.
•
A custom scheduling system being used by the partner/customer – for appointment scheduling.
A partner server is not a mandatory component, as there can be deployments without any
customer/partner systems integration. A partner server can be in the same data center as the Cisco
Extended Care server (for example, HL7 EMR system maintained by the partner/customer) or can be on
the cloud (for example, wellness readings Store server).
Cisco Extended Care Proxy Server
Cisco Extended Care Proxy server (see Figure 1-2) is software that enables the Provider and the Patient
to connect to Cisco Extended Care application from outside the enterprise network.
Cisco Extended Care Application Server
The Cisco Extended Care Application server (see Figure 1-2) is data center software that manages all of
the connectivity and provides services to the end users. This server ties together all the components of
Cisco Extended Care.
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
1-5
Chapter 1
Overview
Data Center Components
Data Center Components
Cisco Extended Care requires software and data center hardware in an enterprise data center. The
required components can vary, depending on the features and video components selected. This section
briefly describes the required components.
Data Center Software Requirements
Cisco Extended Care Application Server is the data center software that manages all of the connectivity,
It is comprised of the following internal components:
•
Cisco Extended Care Application Server – This server ties together all the components of Cisco
Extended Care. Specifically, the Cisco Extended Care Application Server:
– maintains the master information about resources and manages the resources
– manages sessions and appointments
– implements patient and provider workflows
– manages the Cisco Extended Care Administrative Server, the Cisco Extended Care Portal, and
the Unified Communications (UC) servers
– interfaces with applications supporting Cisco Extended Care connectors
Note
•
Cisco Extended Care Provider Portal – This Portal maintains the provider login sessions, provides
the UI to the providers and interfaces to the Application Server to validate sessions.
•
Cisco Extended Care Patient Portal – This Portal maintains the patient login sessions, provides
the UI to the patients and interfaces to the Application Server to validate sessions.
•
Cisco Extended Care Administration Server – This management server is used to configure,
administer and manage the Application Server and the Cisco Extended Care Portal.
A software disk will be made available for Cisco Extended Care install.
Data Center Hardware Requirements
Cisco Extended Care Application Server runs on the following platforms:
•
Enterprise Server
– Processor: Two (2) multi-threaded four (4) core 2.4GHz CPUs with 12MB cache
– Minimum Hard drive: 100GB SATA/SSD/SAS
– Minimum Memory: 16GB DDR3, 1333 MHz
– Network Interface Card: Quad Port 10/100/1Gb
– Optical Drive DVD±R
– RAID support optional
– Red Hat Enterprise Linux 5.7 or later compatible
•
Virtual Machine
– Virtual Machine Version 7 or 8
Cisco Extended Care 1.0 Solution Design Guide
1-6
OL-30842-01
Chapter 1
Overview
Data Center Components
– Guest OS: RHEL 5 64 Bit
– Virtual Processor
– Number of Virtual Sockets: 2
– Number of cores per virtual Socket: 2
– Memory:
16 GB
– Hard Disk:
100 GB
– Virtual Network Interface Cards: 1 Adapter : E1000
•
Additional components required if implementing the high availability design option:
– an additional physical server that is identical to the first one
– VMware vSphere Hypervisor (ESXi) 5.1
– Vsphere Client 5.1. This runs on a Windows platform
– Network File System 1
– vCenter Server 5.1. This runs on a 64 bit Windows platform
•
Additional components required if accessing Cisco Extended Care from outside the enterprise
network:
– A separate Server to act as the Reverse Proxy server similarly configured as the Enterprise
server.
Video Conferencing Data Center Components
Cisco Extended Care supports a variety of servers and multipoint bridges that typically reside in a data
center.
Servers
Cisco Extended Care supports the following servers:
•
Cisco Unified Communication Manager (CUCM)
•
Cisco TelePresence Video Communications Manager (VCS) (Both Control and Expressway)
•
TelePresence Management Suite (may be required when using Cisco Jabber Video for
TelePresence).
With Cisco Extended Care, the application can support interoperability between diverse video endpoints
in a point-to-point configuration, greatly reducing the cost of deployment. For more detail on Call
Control options and interoperability, see Chapter 3, “Video Endpoint Considerations”.
Multi-point Control Units
In addition, Cisco Extended Care supports the following multipoint control units:
Cisco TelePresence™ Multipoint Switch (CTMS) – Software using Cisco TelePresence-only
endpoints can use the CTMS.
1. The Network File System should be compatible with the ESXi and vCenter used in Cisco Extended Care. Refer
to the ESXi/vCenter documents before deciding which Network File System to use.
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
1-7
Chapter 1
Overview
Data Center Components
Cisco TelePresence Server MSE and the Cisco TelePresence MCU MSE - combine to provide a
high-capacity voice and video conferencing media services engine that supports conference bridging,
interoperability, gateway, management and recording functions.
Cisco TelePresence Multipoint Control Units (MCUs) – Software using only non-CTS-500 video
endpoints can use the MCU.
For more detail on video endpoint switching and interoperability, see Chapter 3, “Video Endpoint
Considerations”.
Video Endpoints
The video endpoint facilitates video conferencing for two or more locations. Supporting a variety of
video endpoints gives enterprises a choice in video quality, size/form factors, bandwidth required and
cost. Cisco Extended Care facilitates video conferencing with the following video endpoints2 in
Figure 1-3.
Figure 1-3
Video Endpoints
Cisco Extended Care is compatible with a SIP-standards based video conferencing system, and the
compatibility falls into one of three categories:
•
Fully integrated - one click Join and Leave on the Cisco Extended Care window.
•
Partially integrated - one click Join on the Cisco Extended Care window, but ending the
teleconference is handled outside of Cisco Extended Care.
•
Compatible but not integrated - manual dial is required
2. The Cisco TelePresence System (CTS) 500 (with a 37 inch display), Cisco TelePresence System Edge 95 MXP,
and Cisco E20 IP Phone are no longer sold, but supported by Cisco Extended Care for the current install base
of those products.
Cisco Extended Care 1.0 Solution Design Guide
1-8
OL-30842-01
Chapter 1
Overview
Infrastructure Requirements
Table 1-1 lists all the fully integrated, partially integrated, or compatible but not integrated video
endpoints. For setting up the video endpoints, see the applicable manual as outlined in the following
table.
Table 1-1
Supporting Documentation for Fully Integrated, Partially Integrated or Compatible Video Endpoints
Video Endpoint
Integration
CTS-500
Join / Leave Cisco TelePresence System 500 Assembly, First-Time Setup,
and Field Replaceable Unit Guide
Cisco TelePresence
Codec C20
Join / Leave Profile Series, Codec C Series and Quick Set C20/C20Plus
Getting started guide or Installing the TANDBERG Quick Set
C20
Cisco TelePresence
Codec C40
Join / Leave Cisco TelePresence Codec C40 Installation Guide
Cisco TelePresence
Codec C60
Join / Leave Cisco TelePresence Codec C60 Installation Guide
Cisco TelePresence
SX20
Join / Leave Cisco TelePresence SX20 Installation Guide
Cisco TelePresence
System EX60
Join / Leave Cisco TelePresence System EX60 Installation Guide
Cisco TelePresence
System EX90
Join / Leave Cisco TelePresence System EX90 Installation Guide
Cisco Jabber Video
Join only
Cisco TelePresence Movi Administrator Guide
Cisco TelePresence
MX200
Join/Leave
Cisco TelePresence MX200 Installation Guide
Cisco DX650 IP Phone
Join/Leave
Cisco DX650 IP Phone Datasheets and Literature
Cisco E20 IP Phone
Manual
Dial
Cisco E20 IP Phone Installation Guide
Cisco Edge95 MXP
Join/Leave
Cisco Edge95 MXP Datasheets and Literature
Join only
Cisco Jabber for iPad Administration Guide
Join/Leave
Cisco Desktop Video Jabber Developer
Cisco Jabber™ for iPad
Cisco Desktop Video
1
Manual
1. If you want to know more about Jabber SDK ports, protocols, and open issues, refer to the Jabber SDK Release
Notes, which can be found at http://developer.cisco.com/web/jabber-developer/release-notes-3.0.1.
These video endpoints are described in detail in Chapter 3, “Video Endpoint Considerations”.
Infrastructure Requirements
The user’s infrastructure must meet the basic minimum specified requirements for Cisco Extended Care
to perform as intended. This includes, but is not limited to:
•
adequate bandwidth
•
appropriate latency, jitter and error rate
•
appropriate video call control and routing equipment
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
1-9
Chapter 1
Overview
Key Considerations
•
appropriate capacity routing and switching equipment
•
proper software security levels
•
adequate network security
•
adequate physical security
For a complete description of the Cisco Extended Care used by the Provider, see the Cisco Extended
Care 1.0 User Guide for Provider.
For a complete description of the Cisco Extended Care used by the Patient, see the Cisco Extended Care
1.0 User Guide for Patient.
Key Considerations
When designing a Cisco Extended Care, consider the following:
Deployment Models: There are several options for how you deploy your Cisco Extended Care (both in
the data center and in the network).
Video Endpoints and Unified Communications (UC) Architecture: If you have an install base of
video endpoints and those endpoints meet the specific requirements of Cisco Extended Care, you may
want to leverage those endpoints in your design. Alternatively, if purchasing new video endpoints, you
have a number to select from. In either case, you need to determine how you will configure these video
endpoints to support video conferencing, and if applicable, what multi-point switches you will use.
Quality of Service (QoS) and Bandwidth: QoS provisions are required to help assure that critical data
gets priority and that real-time video3 is handled without degradation of the images.
In addition, while a well-designed QoS strategy can minimize bandwidth requirements, a minimum
amount of bandwidth is required for each of the three site types:
– Data center
– Patient Video Endpoints
– Provider Video Endpoints
Your choice of video endpoints may influence how much bandwidth you need to provision. In addition,
having point to point or multipoint conferences can also impact bandwidth.
Security: Cisco Extended Care has a number of features to enhance security. In addition, we support
access to Cisco Extended Care outside of the corporate firewall. It offers the capability for enterprises
to define a security policy for user authentication. As part of that security policy, you need to determine
if you want an external directory server to authenticate end users or if you want that authentication done
by Cisco Extended Care.
Cisco Services: There are several options for how Cisco Extended Care can be serviced. This decision
needs to be made up front as it may affect the network design.
Utilizing the Cisco Extended Care Collaboration APIs: Cisco Extended Care can be used with
compatible healthcare applications, directory services and EMR systems to facilitate the healthcare
workflow. To leverage this, you need to understand the options and compatible applications.
Each of these topics is covered in this document.
3. Real-time, in this instance, refers to the traffic classification of Cisco TelePresence. The Cisco Extended Care
Application software is not intended to perform real-time, active, or online patient monitoring, and does not
transmit or display any real-time data that is intended to alert a physician of alarms or other conditions that
require a physician's immediate action or response.
Cisco Extended Care 1.0 Solution Design Guide
1-10
OL-30842-01
Chapter 1
Overview
Key Considerations
Network and QoS design are touched upon briefly in this document. For more information on network
and QoS design, refer to one of the following:
•
Medianet Campus QoS Design 4.0
•
Enterprise Medianet Quality of Service Design 4.0 - Overview
•
Enterprise QoS Solution Reference Network Design Guide
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
1-11
Chapter 1
Overview
Key Considerations
Cisco Extended Care 1.0 Solution Design Guide
1-12
OL-30842-01
CH A P T E R
2
Designing the Framework
Revised: November 25, 2013, OL-30842-01
Cisco Extended Care offers a great deal of flexibility in how you implement your application. This
chapter provides the information you need to design the framework of your Cisco Extended Care,
including:
Note
•
Data center deployment models
•
Network deployment options
Framework decisions will impact the cost, deployment time, and additional components required, and
therefore these decisions should be made before continuing with the rest of your design.
Data Center Deployment Models
Cisco Extended Care can be implemented in-house using one of the three enterprise deployment models.
Enterprise Deployment Options
There are three options available for enterprises that want to implement Cisco Extended Care in their
own data center - Enterprise, Enterprise with High Availability, and Enterprise with Multiple Instances.
Enterprise
The Enterprise option is for organizations that want to implement their own instance of the Cisco
Extended Care Application Server in their data center. The Enterprise option includes a single Cisco
Extended Care Application Server that runs on the Server platform.
Enterprise with High Availability
The Enterprise with High Availability option is for organizations that want to implement their own
instance of the Cisco Extended Care Application Server in their data center and also want to maximize
availability by implementing redundant Cisco Extended Care servers and a separate Network File
System (NFS) data store. This deployment option requires two Cisco Extended Care Application
Servers1.
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
2-1
Chapter 2
Designing the Framework
Data Center Deployment Models
Additional components required if implementing the high availability option are:
•
Network File System
•
vCenter Server 5.1
For more information about achieving higher availability, refer to Achieving Higher Availability,
page 2-2.
Enterprise with Multiple Instances
In Cisco Extended Care, you can run multiple instances of the operating system, databases and Cisco
Extended Care software on the same physical server (this is also known as hardware virtualization). This
capability is available only if the multiple instances are licensed for the same enterprise and use.
Figure 2-1 shows the Cisco Extended Care multiple-instances architecture. This feature enables multiple
instances of the Cisco Extended Care Application Server to reside on a single server while remaining
logically isolated.
Additional components required for multiple instnances are:
•
Figure 2-1
VMware Hypervisor ESXi 5.1
Cisco Extended Care Multiple Instances Architecture
Achieving Higher Availability
Cisco Extended Care is designed to maximize high availability. Some features are inherent and others
involve additional components.
1. Since only one is active at a time, only one license is required.
Cisco Extended Care 1.0 Solution Design Guide
2-2
OL-30842-01
Chapter 2
Designing the Framework
Network Deployment Options
Application Recovery: The Cisco Extended Care data center applications are monitored for failures and
restarted using a leaky bucket scheme. That is, as long as the application fails less than a prescribed
number of times within a time period, it will be restarted automatically. If the application fails more than
the prescribed number of times within the time period, manual intervention is required to restore system
availability.
Externalized Database: Cisco Extended Care application data (not patient data) can be stored in an
external MySQL database in the Network File System server. This allows the system state to remain
persistent in the event of an application failure and allows availability to be restored in the fastest
possible time.
Hardware Backup with Mirroring: You can maximize availability of your Cisco Extended Care by
implementing a redundant server and utilizing the vCenter Server to achieve high availability. With these
components in place, if the active server fails, the Cisco Extended Care applications will be migrated to
the spare server and will continue to run.
In addition, the servers that are being used for this release provide high availability at the hardware level
by providing support for such features as RAID mirroring and dual power supplies. 2
Network Availability: Various best practices like multi-pathing and running Hot Standby Routing
Protocol (HSRP) or Virtual Router Redundancy Protocol (VRRP) on network routers should be
implemented to provide a high available network platform.
Network Deployment Options
Cisco Extended Care can be implemented either as an overlay network or as a converged network.
Overlay Network
With an overlay network, new servers, routers, switches and lines are installed specifically to handle
Cisco Extended Care. The network is built from the start using QoS best practices with adequate
bandwidth to handle an effective Cisco Extended Care software. Change management is simplified as
the changes required for the Cisco Extended Care network do not impact the other network applications
and vice versa.
Converged Network
This alternative allows customers to leverage the existing investment in their production networks. This
is an option as long as that the current customer network can or will meet the overall requirements of the
converged network. The challenges are optimizing the network for additional load and real-time video
requirements and addressing change management requirements to enable integration of the new
components while keeping existing components stable.
Note
Real-time, in this instance, refers to the traffic classification of Cisco TelePresence.
2. These need to be configured and setup appropriately according to the deployment environment to enable higher
availability.
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
2-3
Chapter 2
Designing the Framework
Network Deployment Options
Communication with Resources Outside the Cisco Extended Care Network
You may require the capability for interaction between the new Cisco Extended Care network
components and the resources outside the Cisco Extended Care network. A key part of the design process
is to make this determination. At a minimum, consider the following:
•
Support - Will the software require remote access from the support team to the Cisco Extended Care
Application to resolve issues?
•
Printing - You may choose to leverage the print capability of Cisco Extended Care with a networked
printer. That printer can be dedicated to Cisco Extended Care or may be outside the Cisco Extended
Care network.
•
Authentication - If you use an existing LDAP directory to authenticate users, Cisco Extended Care
needs to be able to communicate with LDAP directory server.
•
EMR - If you choose to integrate an existing EMR server with Cisco Extended Care, then Cisco
Extended Care needs to be able to communicate to your integration engine which in turn, needs to
be able to communicate with EMR server.
By maintaining a firewall between the networks and punching holes in that firewall for specific port
numbers and IP addresses, you can address these requirements without compromising security.
Accessing Resources Outside the Enterprise Network
Some third party applications and environments may use open APIs. In this case, the network must be
designed to enable Cisco Extended Care components to access those applications and environments over
the Internet.
In addition, patients and some Cisco Extended Care Providers may be outside of the enterprise network.
•
To enable access to applications and services outside of an enterprise network, the following are
required:
– The vendor edge firewall must allow specific ports and protocols for accessing Cisco Extended
Care from the Internet.
– The trusted sites configured at the Provider(s)/Patients browser must include the applicable
servers for any integrated third-party applications.
– VCS Expressway (for establishing video conferencing)
– Cisco Extended Care Proxy Server (installed on a separate Server as shown in Figure 2-2)
Figure 2-2 shows the components required to enable Providers and Patients to be outside of the
enterprise network.
Cisco Extended Care 1.0 Solution Design Guide
2-4
OL-30842-01
Chapter 2
Designing the Framework
Network Deployment Options
Figure 2-2
Components and Configuration Required when Patients and Providers are Outside the Enterprise Network
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
2-5
Chapter 2
Designing the Framework
Network Deployment Options
Cisco Extended Care 1.0 Solution Design Guide
2-6
OL-30842-01
CH A P T E R
3
Video Endpoint Considerations
Revised: November 25, 2013, OL-30842-01
This section describes the following:
•
Description of Supported Video Endpoints
•
Supported Servers
•
Supported Multi-Point Bridges
This chapter touches on each of these topics and describes where to find additional information.
Supported Video Endpoints
Several video endpoints are deemed compatible with Cisco Extended Care. A subset of these devices are
no longer being sold (they have reached end of life) but they have a current install base, so are listed
here. The following list includes all the supported video endpoints 1.
Current video endpoints (that is, video endpoints that can still be purchased) include the following:
•
Cisco TelePresence SX20
•
Cisco TelePresence Codec C20/C40/C40
•
Cisco TelePresence System EX60/EX90
•
Cisco TelePresence MX200
•
Cisco DX650 IP Phone
•
Cisco Jabber™ for iPad
•
Cisco Jabber Video
•
Cisco Desktop Video
Legacy video endpoints are video endpoints that are supported but can no longer be purchased from
Cisco. Legacy video endpoints include the following:
•
Cisco TelePresence 500
•
Cisco Edge 95 MXP
•
Cisco E20 IP Phone
1. Cisco Extended Care application is not responsible for the performance of the video endpoints that are not in
the supported video endpoints list.
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
3-1
Chapter 3
Video Endpoint Considerations
Servers
Note
With the exception of Cisco Jabber Video and Cisco Jabber ™ for iPad, all supported video endpoints
are fully integrated. That is, the telepresence video conference is started by clicking on the Join button
and ended by clicking on the Leave button. With Jabber Video and Jabber™ for iPad, Join starts the
video conference, but the Patient or Provider must use Jabber video controls to end the video conference.
Servers
Cisco Extended Care supports the following servers:
•
Cisco Unified Communication Manager (CUCM)
•
Cisco TelePresence Video Communications Manager (VCS) (Both Control and Expressway)
VCS Expressway is required to register endpoints outside of the enterprise network and must be
used in conjunction with the Cisco Extended Care Application Proxy Server.
•
Cisco TelePresence Management Suite (TMS) may be required if using Cisco Jabber Video and
Cisco Jabber™ for iPad. When used to support Jabber Video, TMS must be used in conjunction with
VCS and must be configured to work with VCS. Jabber end users are provisioned in TMS with
phone numbers for user names. When configuring the Jabber Video, the phone number must match
the TMS user name and the passwords must match. The Server group specified at the endpoint must
contain the VCS server that is configured to work with TMS.
Server Groups
Cisco Extended Care allows you to configure server groups. These groups enable you to specify a group
of servers that can be used by an endpoint to establish video conferences. To make a video conference
call on behalf of an endpoint, the Cisco Extended Care Application Server will attempt to reach any of
the servers in the group.
You cannot mix CUCM servers with VCS servers in a server group.
When endpoints are configured, they are associated with a server group. You MUST configure at least
one server group (even if there is only one server in that group) and if you have both VCS and CUCM
servers, you must configure at least two server groups.
Multi-Point Control Units
Cisco Extended Care supports the following multipoint control units, which are configured as Meeting
Resources to Cisco Extended Care:
Cisco TelePresence™ Multipoint Switch (CTMS) – Can be used with all video endpoints except for
Desktop Video and Jabber™ for iPad. The video endpoints must be registered to CUCM if they are to
connect to the CTMS.
Cisco TelePresence Server MSE and the Cisco TelePresence MCU MSE - combine to provide a
high-capacity voice and video conferencing media services engine that supports conference bridging,
interoperability, gateway, management and recording functions. The 8710 can be used with any of the
supported video endpoints. The 8510 can be used with any of the supported video endpoints except the
CTS-500.
Cisco Extended Care 1.0 Solution Design Guide
3-2
OL-30842-01
Chapter 3
Video Endpoint Considerations
Multi-Point Control Units
Cisco TelePresence Multipoint Control Units (MCU) – Works with VCS and can be used with all
supported video endpoints except for the CTS-500.
Note that an MCU is required when more than two parties have to join a video appointment.
In addition to configuring the meeting resources to the Cisco Extended Care Administration Server, there
are other configuration steps required. Table 3-1 provides a high level overview of the steps required to
configure a CUCM environment and a VCS environment and indicates which bridges are supported in
each environment.
Table 3-1
Support and Configuration of Resources
Server
Supported Endpoints
Supported Bridges
Configuration
1
CTMS , MSE 8710, MSE
CTS-500, DX650,
EX-60, EX-90, C20,
8510, Codian MCU
C40, C60, E20, Desktop
Video, SX20, MX200,
Jabber™ for iPad
CUCM
VCS or VCS
Expressway
Edge 95 MXP, EX-60, MSE 8710, MSE 8510,
EX-90, C20, C40, C60, Codian MCU
Jabber Video2, E20,
SX20, MX200,
Jabber™ for iPad2,
•
Create Trunks for the CUCM to the
Bridge
•
Associate route patterns with each
trunk
•
Configure the multipoint devices to
work with CUCM
•
Register endpoints to CUCM
•
Register MCU to VCS
•
Create a conference
•
Associate Conference ID (bridge
number)
•
Register endpoints to VCS
Tip: After you register the device, make
sure the device can reach the static bridge
you created
1. CTMS is not supported for Desktop Video and Jabber™ for iPad
2. Also requires TelePresence Management Suite.
Table 3-2
For More Information
Product
Additional Product Documentation
CUCM
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/docguide/8_6_1/d
g861.html
VCS (all releases)
http://www.cisco.com/en/US/products/ps11337/prod_maintenance_guides_
list.html
TelePresence
Management Suite
http://www.cisco.com/en/US/docs/telepresence/infrastructure/tms/config_g
uide/Cisco_TMS_Provisioning_Deployment_Guide_13-0.pdf
MSE 8710
http://www.cisco.com/en/US/docs/telepresence/infrastructure/ts/user_guide
/Cisco_TelePresence_Server_2-2_Product_user_guide.pdf
MSE 8510
http://www.cisco.com/en/US/prod/collateral/ps7060/ps11305/ps11317/ps1
1340/data_sheet_c78-627558.pdf
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
3-3
Chapter 3
Video Endpoint Considerations
Multi-Point Control Units
Product
Additional Product Documentation
CTMS
http://www.cisco.com/en/US/docs/telepresence/multipoint_switch/1_8/adm
inistration/guide/preface.html
MCU
http://www.cisco.com/en/US/products/ps11341/products_user_guide_list.ht
ml
Cisco Extended Care 1.0 Solution Design Guide
3-4
OL-30842-01
CH A P T E R
4
Cisco Extended Care Bandwidth Requirements
and Quality of Service Recommendations
Revised: November 25, 2013, OL-30842-01
This chapter discusses the minimum recommended bandwidth required for Cisco Extended Careand the
recommended QoS settings used when installing Cisco Extended Care so that the existing network traffic
is not impacted by the addition of Cisco Extended Care traffic.
For more information on QoS, refer to one of the following:
•
Medianet Campus QoS Design 4.0
•
Enterprise Medianet Quality of Service Design 4.0 - Overview
•
Enterprise QoS Solution Reference Network Design Guide
Bandwidth Requirements for Endpoints Using Cisco Extended
Care
Bandwidth requirements vary depending on the following factors:
•
the quality selected for the video endpoint.
– The Cisco TelePresence System 500 offers two resolution settings (720p or 1080p) and four
quality settings (lite, good, better or best). Other video endpoints also have multiple resolution
settings.
– The Cisco TelePresence System EX60/EX90/Edge 95 MXP and the Cisco TelePresence
C20/C40 offer high, medium, and normal settings at 30fps or 60fps.
Note that on top of any bandwith figures contained in this chapter, there will be at a minimum an
additional 30 kbps overhead for loading web pages.
Note
The recommended minimum bandwidth for any Cisco Extended Care Endpoint Computer (a
customer-supplied computer that customers, such as patients or providers, use for Extended Care
sessions) is 512kbps. See Table 4-1 for more details.
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
4-1
Chapter 4 Cisco Extended Care Bandwidth Requirements and Quality of Service Recommendations
Bandwidth Requirements for Endpoints Using Cisco Extended Care
Video Endpoint Bandwidth
The bandwidth requirements can vary based on a number of parameters: video endpoints, resolution,
frames per second (fps), and for certain endpoints, the optimal definition profile. The bandwidth required
at the per video endpoint is:
•
Cisco TelePresence System 500: between 1164 kbps and 4628 kbps for transmitting and between
1292 kbps and 4756 kbps for receiving.
•
Cisco TelePresence System EX60/EX90/Edge and the Cisco TelePresence C20/C40: between
512kbps and 2560kbps.
•
Jabber video requires between 128kbps to 720kbps.
Cisco TelePresence System EX60/EX90/Edge 95 and Cisco TelePresence C20/C40 Bandwidth
Requirements
For the Cisco TelePresence System EX60/EX90/Edge 95 and Cisco TelePresence C20/C40, the minimum
bandwidth required depends on the resolution (from 1080p to 448p) and the frames per second (fps).
Table 4-1
Cisco TelePresence System EX60/EX90/Edge95 MXP and Cisco TelePresence C20/C40 Minimum
Bandwidth Requirements in kbps
30fps
1080p
720p
576p
448p
Bandwidth 2560
1152
768
512
2240
1472
1152
60fps
Bandwidth NA
For the Cisco Extended Care application itself, Cisco recommends a minimum Committed Information
Rate (CIR) of 128 kbps.
The rest of the bandwidth requirement is based on the video endpoint. See Table 1-1.
Cisco Extended Care / Jabber Video Bandwidth Requirements
To address environments where bandwidth is limited, the Jabber Video option combined with using the
low resolution for the video requires the least total bandwidth. Jabber Video requires between 128kbps
to 720kbps.
•
If high video resolution is selected for streaming video, the total bandwidth for the Jabber Video,
including overhead, is between 2034kbps and 2744kbps.
•
If low video resolution is selected for streaming video, the total bandwidth for the Jabber Video,
including overhead, is between 934kbps and 1644kbps.
Cisco Extended Care 1.0 Solution Design Guide
4-2
OL-30842-01
Chapter 4
Cisco Extended Care Bandwidth Requirements and Quality of Service Recommendations
Bandwidth Requirements for a Cisco Extended Care Application Server
Bandwidth Requirements for a Cisco Extended Care Application
Server
The bandwidth required for a Cisco Extended Care Application Server depends on whether point to point
or multipoint is configured. The only significant traffic that flows through the Application Server (or
more accurately, through the multipoint switch) is the video conferencing traffic in a multi-point
configuration. Therefore, to estimate the bandwidth required at a Application Server, determine the
maximum number of concurrent endpoints that will be in a multi-point appointment at any point in time,
and add the bandwidth required for each endpoint using the values specified in Table 4-1, and then add
20% for encapsulation overhead.
Quality of Service
A major benefit of the Cisco’s Extended Care solution is that real-time1, high-definition video and audio
(Cisco TelePresence) can be transported over a converged IP network. The key enabling technology to
accomplish this convergence is Quality of Service (QoS).
QoS technologies refer to the set of tools and techniques (such as queuing and prioritization) to manage
network resources so that varying network traffic requirements are addressed. In particular, for real-time
interactive traffic, such as Cisco TelePresence, latency, jitter, and loss are minimized. QoS technologies
allow different types of traffic to intelligently contend for network resources. For example, voice and
real-time video may be granted strict priority service, while some critical data applications may receive
(non-priority) preferential services and some undesired applications may be assigned deferential levels
of service. Therefore, QoS is a critical, intrinsic element for the successful network convergence of
voice, video, and data.
The Cisco Extended Care solution incorporates a number of components. Several of these components
generate a different type of traffic and hence have different QoS requirements. The traffic types include:
•
Other Video Conferencing Systems: While less bandwidth intensive, other supported video
conferencing endpoints still require adequate bandwidth and prioritization to assure that the end user
experience is optimal.
•
Video conferencing traffic flows through the application server if it is a multiparty call (in other
words, if an MCU is involved.)
•
HTTPS/HTTP data (patient data, questionnaires, historical wellness readings, messages, and
application data to begin and end appointments and manage the flow of the Cisco Extended Care
appointment). This traffic is typically encrypted and always goes to the Application Server. It is not
significant from a bandwidth perspective. For simplicity, this data can be marked and queued with
the multimedia streaming traffic or left unmarked and sent in the best effort queue.
•
Jabber SDK to Jabber SDK: See Table 4-2.
1. Real-time, in this instance, refers to the traffic classification of Cisco TelePresence. The Cisco Extended Care
Application Server software is not intended to perform real-time, active, or online patient monitoring, and does
not transmit or display any real-time data that is intended to alert a physician of alarms or other conditions that
require a physician's immediate action or response.
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
4-3
Chapter 4
QoS Best Design Practices for Cisco Extended Care
Table 4-2
Cisco Extended Care Bandwidth Requirements and Quality of Service Recommendations
Cisco Jabber SDK to Jabber SDK QoS Parameter Recommendations at 512 Kbps
Parameter
Value
Latency
<150ms
Jitter
0 ms (constant) and 0 ms of jitter
Packet loss
0%
Multiparty Mode (Mcu Call)
Not Supported @ 512
Point To Point w/high BW Endpoint
Good video takes approx. 2 minutes
Point To Point w/controlled BW 256Kbps (option to set
incoming/outgoing in 2nd Endpoint)
Good video takes approx. 50 seconds
QoS Best Design Practices for Cisco Extended Care
When designing a network to support Cisco Extended Care, QoS best design practices should be
employed wherever possible. These best practices include the following:
•
Classification and marking policies should be implemented in Cisco Catalyst hardware as close to
the source of the traffic as possible (e.g., on the access edge switch to which the Cisco Extended
Care System is attached).
•
Use Differentiated Services Code Point (DSCP) whenever possible. DSCP provides more
granularity than IP Precedence.
•
Always deploy QoS in hardware, rather than software, whenever a choice exists. QoS policies, like
classification, marking/remarking, and/or policing can all be performed at line rates with zero
Central Processing Unit (CPU) impact in Catalyst switches. Cisco IOS routers, on the other hand,
perform QoS operations in software, resulting in a marginal CPU impact, the degree of which
depends on the platform, the policies, the link speeds, and the traffic flows involved.
•
Follow industry standards whenever possible, as this extends the effectiveness of your QoS policies
beyond your direct administrative control. For example, if you mark a real-time application, such as
VoIP, to the industry standard recommendation as defined in RFC 3246 (An Expedited Forwarding
Per-Hop Behavior), it receives high priority servicing at every node within your enterprise network.
The relevant standards are listed below in chronological order:
– Between Cisco’s QoS Baseline and RFC 4594 is the RFC 4594 recommendation to mark Call
Signaling as CS5. Cisco plans to continue marking Call Signaling as CS3 until future business
requirements arise that necessitate another marking migration. Therefore, for the remainder of
this document, RFC 4594 marking values are used throughout, with the one exception of
swapping Call-Signaling marking (to CS3) and Broadcast Video (to CS5). These marking
values are summarized in Table 4-3.
Table 4-3
Cisco Marking Recommendations
Cisco Extended Care 1.0 Solution Design Guide
4-4
OL-30842-01
Chapter 4
Cisco Extended Care Bandwidth Requirements and Quality of Service Recommendations
Marking Cisco Extended Care Traffic
Application
L3 Classification
PHB
L3 Classification
DSCP
Application
Examples
Network Control / Routing
CS6
48
EIGRP, OSPF,
HSRP, IKE
VoIP Telephony / Voice
EF
46
Cisco IP Phone
Broadcast Video (RFC 4594
only)
CS3 by RFC 4594,
24 by RFC4594,
CS5 by Cisco
40 by Cisco
Cisco IPVS,
Enterprise TV
Real-time Interactive
CS4
32
Cisco TelePresence
System 500
Multimedia Conferencing
AF4
34
Cisco CUPC,
WebEx, Interactive
Video
Multimedia Streaming
AF3 or CS4
26
Cisco DMS, IP/TV,
Call Signaling (same name CS5 by RFC 4594,
used by both)
40 by RFC4594,
SCCP, SIP, H323
CS3 by Cisco
24 by Cisco
Low-Latency Data /
Transactional Data
AF21
18
ERP Apps, CRM
Apps
Operations/Administration
/Management (OAM) /
Network Management
CS2
16
SNMP, SSH, Syslog
High-Throughput Data /
Bulk Data
AF11
10
Email, FTP,
Backups
Best Effort - same name
used by both
DF
0
Default Class
Low-Priority Data /
Scavenger
CS1
8
You Tube, Gaming,
P2P
Best Practices for Converged Networks
In addition to the above best practices, the following best practices apply to converged networks:
•
Limit the amount of real-time voice and video traffic to 33% of the link capacity or else data may
be starved out resulting in very slow and erratic performance of data applications.
•
Reserve at least 25% of the link bandwidth for the default Best Effort data class.
•
Utilize a 1% Scavenger or Low-Priority class to ensure that unruly applications do not dominate
your default Best Effort data class.
•
Use Weighted Random Early Detection (WRED) on all TCP flows, where ever possible, preferably
DSCP-based WRED.
Marking Cisco Extended Care Traffic
The recommended marking for traffic is as follows:
•
Cisco TelePresence System 500: Class Selector 4 (CS4)
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
4-5
Chapter 4
Cisco Extended Care Bandwidth Requirements and Quality of Service Recommendations
Marking Cisco Extended Care Traffic
•
Interactive video from all other video endpoints: DSCP AF41
Cisco Extended Care 1.0 Solution Design Guide
4-6
OL-30842-01
CH A P T E R
5
Cisco Extended Care Security
Revised: November 25, 2013, OL-30842-01
Overview
This chapter discusses the security features in Cisco Extended Care. It is the responsibility of the
enterprise to assure that any other required security measures are implemented (for example, securing
data sent to a printer or protecting passwords.)
Patient Information Precautions
Cisco Extended Care may collect patient information during an appointment between a patient and a care
provider over secure links.
Medical facilities using Cisco Extended Care should take proper precautions with patient information
obtained in a Cisco Extended Careappointment, including the following:
•
Securely handling any printed or transcribed information
•
Securing the room in which the care provider is conducting the teleconference appointment when
an appointment is in progress (in particular, if the Provider needs to leave the room briefly)
•
Instructing the participants to exit the appointment session upon the conclusion of the appointment
by selecting Exit.
Patient Privacy
The CEC browser pages will have a login to enforce authentication. Cisco recommends also using
passwords to lock/unlock the Endpoint Computers.
Anyone not a part of the same appointment as the Provider is unable to view the historical wellness
readings. When the Provider leaves the appointment or logs off, the historical wellness readings are
removed from the Provider’s Cisco Extended Care appointment window. However, the data (historical
wellness readings, questionnaires, etc.) are available for future access once a provider or patient logs
back into Extended Care.
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
5-1
Chapter 5
Cisco Extended Care Security
Authentication / Access Control
If an appointment session is idle for a configurable number of minutes, the end users get a warning
message. If there is no response to the warning message in 5 minutes1, the appointment is terminated and
the user is logged out.
Authentication / Access Control
The security policy for Cisco Extended Care should be determined prior to installation. As part of the
install process, you will be asked how you want your end users to be authenticated and if you want the
end users authenticated by Cisco Extended Care, how you want passwords, inactivity and lockout
handled. This section covers the decisions you need to make prior to installation and in addition,
discusses other security features of Cisco Extended Care.
Authentication Options
Cisco Extended Care allows members of he care team, such as a Provider, to be authenticated in one of
three ways:
•
External LDAP directory
•
External directory that is part of an integrated third-party application like OpenEMR
•
Directly with Cisco Extended Care
If required, you can configure your system to support both direct and external authentication. The
alternatives are described below.
External LDAP-Authentication
Cisco Extended Care works with any LDAP directory that supports either anonymous or password-based
authentication. It is supported over either unsecure (ldap) or secure (ldaps) connections.
Note that LDAP authentication can be used only for providers and not for patients.
There are a number of reasons to choose external LDAP authentication. By choosing to authenticate
using an external LDAP directory:
•
End users can use the same username for multiple applications.
•
End users change their password once and the new password is then valid across all systems that
interface to the LDAP server.
•
Administrators can remove an end user from all systems at once.
•
Administrators can reset a password and have it affect all systems at once.
•
Site wide security policy and changes are automatically reflected in Cisco Extended Care.
External Third-Party Application Authentication
Third party applications can support the Cisco Extended Care connectors to enable them to be integrated
with Cisco Extended Care. If a third-party application supports the Authentication Connector, then Cisco
Extended Care can authenticate users against the directory in the third-party application. 2
1. This is the default, but the value is configurable.
2. Third party applications must be validated by Cisco.
Cisco Extended Care 1.0 Solution Design Guide
5-2
OL-30842-01
Chapter 5
Cisco Extended Care Security
Authentication / Access Control
Dedicated Cisco Extended Care Authentication
You can choose to have Cisco Extended Care authenticate end users if you do not have an external LDAP
server, aren’t using an integrated third party applications or if you want Cisco Extended Care users to
have a unique user name or password that works only with Cisco Extended Care (but note that there is
no way to assure that the end user doesn’t use the same password in all cases).
Mixed Authentication
Mixed authentication can be useful if you want LDAP-authenticated users and Cisco Extended Care
authenticated users. In this case, mixed authentication allows you to leverage external directories to
authenticate most Cisco Extended Care users, but it also allows special user IDs to be created ad hoc for
training purposes or perhaps for temporary employees. It also allows you to utilize the training and
testing user names that ship with the product, regardless of how you want other users authenticated.
If you opt for mixed authentication, your site administrator can add users to be authenticated by Cisco
Extended Care or enable users (who are authenticated using an external directory) to use Cisco Extended
Care.
Cisco Extended Care Security Policy
As part of the installation of Cisco Extended Care, you need to make certain decisions about the security
policy you want to have enforced. That security policy primarily applies to Cisco Extended Care
Authenticated Users, but has two additional parameters that apply to all users.
Security Policy Controls for Cisco Extended Care-Authenticated User Names
Access to the Cisco Extended Care software is controlled by passwords at both the Patient Endpoint and
the Provider Endpoint.
All data (including username, password, patient data, readings, questionnaires, etc) that flow between
the browser (both patient and provider endpoints) and the server are transmitted over an HTTPS
connection. This uses a 256 bit key for encryption.
Extended Care has two ways of storing passwords based on their usage:
•
All user (provider and patient) login passwords are stored after hashing using an MD5 algorithm.
This is a one-way hash mechanism that does not require an encryption key.
•
Passwords that are required for authenticating against external systems (like CUCM password, VCS
password, etc.) are encrypted using a 128 bit key before storage.
The following security policies can be modified for end users that are authenticated by Cisco Extended
Care (dedicated):
•
Force a password change on the first login.
•
Disable an account if the user does not log in for a certain number of days. The inactivity days can
range from 1 to 730. (This does not apply to the site administrator id.)
•
Have passwords expire after a certain number of days. The expiration days can range from 1 to 999.
•
Require strong passwords. You can specify the minimum password length and the minimum number
of character types. The length of strong passwords can be between 1 and 15 characters with a
minimum of character types ranging from 1 to 4.
•
Prevent password reuse. You can specify the number (1-20) of saved passwords.
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
5-3
Chapter 5
Cisco Extended Care Security
Transmission Security
Security Policy Controls for All Cisco Extended Care User Names
The following security policy affects all users (including externally authenticated users):
•
Auto-log out a user for inactivity (pressing enter, clicking a mouse key, etc.) during a Cisco
Extended Care session. The log out can be specified to occur after a specified period (between 1 and
999 minutes) of inactivity, after which a warning message is displayed. You can also specify the
duration of time after the warning message and before the log out. It can be any integer between 1
and 60 minutes.
Other Authentication Security Features
Associating Endpoints to Access Cisco Extended Care
When adding users and selecting a Cisco Extended Care Endpoint, the Site Administrator selects
Default Endpoint.
Enabling Users to Access Cisco Extended Care
A site administrator is responsible for configuring Cisco Extended Care end users to enable them to
access the Cisco Extended Care software. Configuration varies dependent on how those end users are
authenticated.
•
End users authenticated by Cisco Extended Care must be added. The site administrator must specify
a username, password and display name. In addition, the site administrator must check a box for
each role that this end user will require. Roles include: Provider, Patient, Participant, Presenter, and
Siteadmin. An end user can be configured with any combination of these roles.
•
Externally authenticated end users are enabled to access Cisco Extended Care. In addition, these
end users can be configured to support any combination of the five user profiles. The display name
of externally authenticated end users is their LDAP common name.
Transmission Security
It is crucial that Electronic Protected Health Information (ePHI) be protected from unauthorized access.
That means that any time health information is transmitted with an identifier (such as a patient's name),
that information must be protected from unauthorized access. As part of the Cisco Extended Care Plan,
Design and Implement phase, Cisco or its partners will review the customer’s security requirements and
take these requirements into consideration in the design. It is imperative that the customer’s Security
Office be involved in the design sign off. Their involvement and sign off will help ensure that the
technology design integrates with the customer’s policies, procedures and workflow to allow the
customer to protect ePHI. The customer and covered entity is ultimately responsible for protecting ePHI.
When ePHI traverses public networks, some form of encryption must be utilized. To provide security,
HTTPS is the default for communication across all web services.
The following security measures are implemented to secure data in transit:
•
HTTPS channel
•
Auto redirect from HTTP to HTTPS
•
Cisco Extended Care Portal Server accessible with SSL encryption only
•
Secure Web services for registration and authentication
Cisco Extended Care 1.0 Solution Design Guide
5-4
OL-30842-01
Chapter 5
Cisco Extended Care Security
Network Security
Network Security
The Cisco network has inherent security features that provide additional security. These include:
•
VPN Security
•
Endpoint Encryption
•
CTMS Encryption
•
Dedicated Overlay
•
Firewall Access
As part of the Cisco Extended Care Plan, Design and Implement phase, Cisco or its partners will utilize
one or more of these capabilities to implement the security requirements defined by the customer's
security officer.
Using Firewalls in Converged Networks
A firewall is a part of a computer system or network that is designed to block unauthorized access while
permitting authorized communications. It is a device or set of devices which is configured to permit or
deny computer applications based upon a set of rules and other criteria. By controlling access to Cisco
Extended Care servers, a firewall can prevent malicious or unauthorized network connections from being
initiated to critical servers, which could impact performance or availability. By inspecting the
connections to ensure that they meet the access control policy and that the connection conforms to
expected behavior, firewalls provide a first line of defense for a secure deployment.
To enable firewalls and allow Cisco Extended Care to function properly, you may need to know the ports
and protocols used by Cisco Extended Care. Table 5-1 shows the ports and protocols used by various
components of Cisco Extended Care. If using a video endpoint other than the CTS-500, verify that the
correct ports are opened.
Also, to efficiently manage certain tasks, you may want to provide access between Cisco Extended Care
servers and outside resources. For example, you may want to enable Cisco support to remotely access
an Cisco Extended Care Endpoint Computer. You may need remote printing or access to LDAP
directories or Electronic Medical Records systems.
Cisco Extended Care and Cisco TelePresence TCP and UDP ports
The Cisco Extended Care solution uses the ports described in Table 5-1.
Table 5-1
Ports used by Cisco Extended Care 3
Product
Protocol
Transport
Ports
Cisco Extended Care
Application Server
HTTP/HTTPS
TCP
22 - SSH / TCP
UDP
443 - HTTPS / TCP
161 - SNMP / UDP
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
5-5
Chapter 5
Cisco Extended Care Security
Using Firewalls in Converged Networks
Product
Protocol
Transport
Ports
CUCM
JTAPI
UDP/TCP
2748, 8443 - HTTPS /
TCP; the app server
calls the CUCM on port
8443
Hosted Cisco
TelePresence
Exchange System
SOAP/HTTP
8080
Ports and Protocols Required for Third-Party Applications
If the installation has integrated any HL7 based EMR, the communication between Extended Care
Application Server and the EMR / integration engine happens over MLLP (Minimal Lower Layer
Protocol). The port for transport needs to be finalized during deployment. Cisco Extended Care supports
the following versions: 2.1, 2.2, 2.3, 2.3.1, 2.4, 2.5, 2.5.1, and 2.6.
3. You may need to enable additional ports for your specific video endpoints, for EMR, for LDAP,
or for a networked printer. This should be determined as part of the Planning phase.
Cisco Extended Care 1.0 Solution Design Guide
5-6
OL-30842-01
CH A P T E R
6
Cisco Services for Cisco Extended Care
Revised: November 25, 2013, OL-30842-01
Introduction
Cisco offers a full lifecycle of professional services from planning and installation to optimization and
support.
Installations and Configurations
The Cisco Extended Care Plan, Design, and Implement (PDI) Services team assesses the existing
network and physical environments, develops an implementation-ready design based on the
organization’s unique requirements, and works with internal IT staff throughout implementation, testing,
and end-user training.
The PDI Services team performs the following tasks:
•
Project management: When an enterprise is ready to begin the plan phase of deployment, the team
or an authorized Cisco partner delivers a comprehensive project schedule for the implementation
and provides a single point of contact for all issues relating to the solution.
•
Requirements validation: The team performs a detailed requirements validation to assess the
customer's business and technical requirements and verify that the deployment will meet
expectations.
•
Network path assessment: If relevant, the team examines the customer’s network and the links
between sites to identify the optimal path and network requirements for the solution.
•
Detailed design development: The team creates a detailed design for the entire solution, including
recommendations for network components (e.g., switches and routers), network configuration
recommendations (e.g., security and QoS), call control and collaboration network infrastructure
components, link speeds and other related components that affect the efficiency and effectiveness of
the Cisco Extended Care solution.
•
Network implementation plan: The team prepares an implementation plan with all configuration
details including IP addresses, call control and collaboration network infrastructure components
configuration parameters, user IDs, and passwords. The implementation plan is then used to
configure the Cisco Extended Care components.
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
6-1
Chapter 6
Cisco Services for Cisco Extended Care
Introduction
•
Verification Testing: Once Extended Care is installed and configured, the team performs verification
testing that includes test cases for a provider and a patient site to validate readiness of the installation
for live production.
•
Administrative knowledge transfer: The team trains the system administrators, support staff, and
end users on how to use the Cisco Extended Care technology.
Additional Services
In addition to the PDI Services described above, other service offerings available to customers of Cisco
Extended Care 1.0 are:
•
Cisco Extended Care Workshop
•
Cisco Extended Care Custom Application Support
•
Cisco SMARTnet
Cisco Extended Care Workshop
This workshop identifies the cost savings, productivity enhancement, and business transformation
opportunities enabled by the solution. The workshop is a collaborative exercise between Cisco and the
customer. The solutions as well as related quantifications are developed and validated with the customer
before being finalized. Using a systematic process, a detailed quantification of the business benefits is
produced including the impact on productivity, impact on business transformation, and the savings
potential of tele-health.
Cisco Extended Care Custom Application Support (CAS)
CAS is a support service for the Cisco Extended Care software. CAS is a Cisco Advanced Service
offering that should be ordered for every Cisco Extended Care Endpoint and renewed annually as long
as the endpoints are in use. CAS includes the following support services:
•
Application support: Provides timely fixes to issues found in the Cisco Extended Care code and
ongoing software upgrades for minor releases of Cisco Extended Care. It also enables the customer
to use a single point of contact to address any issues with any of the solution’s components.
•
Configuration management: Maintains an inventory of the Cisco Extended Care solution
components and update the solution configuration as needed with a qualified support team.
•
Change management: Manages network resiliency by assuring changes are made in a manner that
maximizes availability and performance while minimizing the impact on normal business processes.
•
Incident management: Manages Tier-2 escalated incidents and problems to resolution and closure
on Cisco Extended Care components.
Cisco SMARTnet
SMARTnet is a support service for components of Cisco Extended Care 1.0 and other Cisco solutions
and products. This service complements Cisco Extended Care Custom Application Support. SMARTnet
provides dedicated, system-level support and maintenance and global 24-hour-day, 365-day-a-year
access to highly skilled engineers. SMARTnet includes advance hardware replacement options with the
option of onsite installation, providing enterprises with parts delivery and replacement by the next
business day or within four hours on the same business day. The service also includes ongoing operating
system and sytsem software updates, which strengthen the reliability, functionality, and stability of the
Cisco Extended Care 1.0 Solution Design Guide
6-2
OL-30842-01
Chapter 6
Cisco Services for Cisco Extended Care
Introduction
Cisco Extended Care 1.0. In addition, companies gain registered access to an array of online support and
information systems. These include interactive consulting tools, a comprehensive database, and
knowledge transfer resources available through Cisco.com.
This set of Cisco technical tools and product information increases the self-sufficiency and unified
communications expertise of internal IT staff. SMARTnet should be ordered and renewed annually to
ensure high availability of the solution.
In addition to the Day 2 support service offerings discussed above, customers have the option of the
following two Day 2 support models:
•
Partner Delivered Day 2 Support Model:
Day 2 Support for the Cisco Extended Care solution is offered by authorized Cisco partners to their
customers. These authorized Cisco partners provide support for the Cisco Extended Care solution,
track issues, perform Level 1 Initial Triage and Level 2 Video Support, and escalate customer
complaints directly to Cisco.
•
Customer Managed Day 2 Support Model:
Day 2 support can be managed by Cisco customers if they wish. The customer provides Tier 1 (initial
triage and troubleshooting) support and escalates issues to Cisco using SMARTnet and CAS
contracts for entitlement. In this model, Cisco provides Tier 2 support for customer-escalated Cisco
Extended Care solution issues and Cisco product issues.
For an overview of the Support Call Flow, see Figure 6-1.
Figure 6-1
Cisco Extended Care Customer Managed or Partner Delivered Support Call Flow -
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
6-3
Chapter 6
Cisco Services for Cisco Extended Care
For More Information
For More Information
For more information about Cisco Services for Cisco Extended Care or for other Cisco products and solutions,
contact your Cisco service account manager or send an email to [email protected]
Note
For the latest Cisco Service descriptions, see
http://www.cisco.com/web/about/doing_business/legal/service_descriptions/index.html.
Cisco Extended Care 1.0 Solution Design Guide
6-4
OL-30842-01
A P P E N D I X
A
Software Compatibility
Revised: November 25, 2013, OL-30842-01
Browser Compatibility
Table A-1 lists the browsers and their level of support in Cisco Extended Care. Fully supported means
the relevant components have been completely tested on these browsers and are certified to work.
Compatible means the relevant browser components have been functionally tested on these browsers at
a high level but exhaustive testing has not been done.
Table A-1
Browser Compatibility by Operating System and User Type
Platform
Browser Name
Browser Version
Support Level
Internet Explorer
8
Fully Supported
Internet Explorer
9
Fully Supported
Chrome
26
Fully Supported
Firefox
23.0.1
Fully Supported
Internet Explorer
10
Fully Supported
Chrome
26
Fully Supported
Safari
6.0.3
Fully Supported
Chrome
26
Compatible
Safari
6.0.3
Fully Supported
Chrome
26
Not Supported
Internet Explorer
8
Fully Supported
Internet Explorer
9
Fully Supported
Chrome
26
Fully Supported
Firefox
23.0.1
Fully Supported
Windows 8
Internet Explorer
10
Fully Supported
Mac OS 10.8.4
Safari
6.0.3
Fully Supported
Patient
Windows 7
Windows 8
Mac OS 10.8.4
iPad iOS 6.1.3
Provider
Windows 7
Cisco Extended Care 1.0 Solution Design Guide
OL-30842-01
A-1
Appendix A
Software Compatibility
Browser Compatibility
Platform
Browser Name
Browser Version
Support Level
iPad iOS 6.1.3
Safari
6.0.3
Fully Supported
Chrome
26
Not Supported
Internet Explorer
8
Fully Supported
Internet Explorer
9
Fully Supported
Firefox
23.0.1
Fully Supported
Administrator
Windows 7
Cisco Extended Care 1.0 Solution Design Guide
A-2
OL-30842-01
G L O S S A RY
Revised: November 25, 2013, OL-30842-01
A
API
An application programming interface (API) specifies how some software components should interact
with each other.
B
Browser
A computer application that connects your computer with the Internet. Refer to Appendix A,
“Browser Compatibility” for a list of browsers tested for Cisco Extended Care.
C
Cisco Extended Care Cisco Extended Care is a personal health and wellness collaboration platform, enabling patient
engagement and care team interactions at any time and from anywhere.
Conference
A Telepresence conference using Cisco Extended Care.
Consult
An appointment option that allows you to include more than one Provider in an appointment. If your
Cisco Extended Care installation is configured to support consult calls, the Provider chooses whether
the call is going to be a two-party call (a point-to-point call) or a consult call (a bridge call).
E
EMR
Electronic Medical Records. If your system includes the necessary software and is configured to enable
an EMR interface, then you can save data from the appointment to EMR.
H
Hosted
A software delivery model in which the Cisco Extended Care solution and associated client data reside
in a central location managed by a hosting service, and are accessed by clients using a web browser.
Cisco Extended Care 1.0 Site Administration Guide
OL-30842-01
GL-1
Glossary
P
Provider
The care provider who provides medical evaluations from a remote site.
Provider Group
A collection of Providers who can be requested to accept a Cisco Extended Care appointment with a
single click. A facility can configure any number of Provider Groups.
Provider Station
The place where the Provider sits during the Cisco Extended Care appointment.
S
Site Administrator. The person who maintains user accounts on the Cisco Extended Care solution.
Site Admin
T
Telepresence
TelePresence is a technology that combines visual, audio, and interactive technologies to create an in
person experience.
U
URL
Uniform Resource Locator. An address on the World Wide Web. When you click a URL, your web page
is redirected to that location.
User Role
Your User Role determines which screens you see, and which functions you can perform. User
Accounts are configured so that users with a particular role (or roles) see only the windows and options
appropriate to that job description. Any given user can have from one to five roles within one User
Account. The Site Administrator configures the User Accounts.
Cisco Extended Care 1.0 Site Administration Guide
GL-2
OL-30842-01