Concord Hospital thrives on NetFlow

Longtime Lancope user understands the benefits of flow-based management

While flow-based management is lately garnering considerable industry attention, the technology has long been a must-have for the IT team at Concord Hospital, a regional health care system in Concord, N.H.

Concord's interest in flow-based management -- NetFlow, to be specific -- dates back to the early 2000s, says Mark Starry, director of enterprise architecture and security at the hospital system, which has 10,000 endpoints. That's when IT began building switch clusters in order to meet its commitment to four- to five-nines network availability during a period of rapid growth, he says.

IN PICTURES: Ultimate guide to the flat data center network

"With switch clusters, we instantly noticed that we had no way of telling which traffic was going to take which route. We had no chokepoints in our network any longer and, because we were ramping into 10 Gigabit Ethernet, nobody could give us a sniffer," Starry says.

Around 2005, at a security conference, Concord IT professionals stumbled on Lancope and its StealthWatch System, which provides not only security but also network monitoring using NetFlow. "Our CTO said, 'We found the perfect solution.' With NetFlow, we could capture the data and normalize, deduplicate and present it in a graphical screen that makes it easy to understand," Starry says.

"It was the most amazing thing I'd seen in a long time in the network world," he recalls thinking.

However, Concord had a problem -- the Nortel hardware it used at the time didn't support NetFlow. "So we put a half-million dollars into infrastructure upgrades to get to Nortel's R-level modules, support NetFlow and get Lancope in the door," Starry says.

"We need to see every single packet, every session that goes through our network -- and now we have that full visibility," he says.

Today, Concord uses the latest version of StealthWatch -- 6.0, for which was a beta tester. On a normal business day, Concord sees on average about 30,000 flows to the Internet and more than 100,000 flows internally per hour, says Mike Goodnow, senior network engineer for the hospital.

"I've always seen NetFlow as a boon, but a lot of people still really don't get it, especially in health care," Starry says. "But now we're generating so much traffic in switch clusters, cloud computing and other different models that more people are starting to realize there's no way to get a handle on that data without something like this."

Learn more about this topic

Lancope, SevOne boost performance management wares

Research project aims to simplify large-scale network control

Adam Powers CTO of Lancope: Top 5 uses of netFlow

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT