Healthcare Network Taps SD-WAN, Custom-Builds MPLS Core: Here’s Why

By Greg BryanJun 1, 2016


Kris Kline from Kaiser Permanente was one of many network planners at the New York WAN Summit to talk about their migration to the cloud and implementing software-defined wide area network (SD-WAN). As a nonprofit, Kaiser's goals for its network were not just about reducing costs. In fact, its latest WAN evolution highlights some familiar objectives common to many organizations moving to a hybrid WAN.

Kaiser Permanente is the largest nonprofit health plan in the U.S, with over $62 million in annual revenues, 2.1 million members, and operations in eight states and the District of Columbia. A rapidly growing membership base and new healthcare services, which demand network resiliency, prompted plans for what Kline, principal for network strategy, calls Kaiser Permanente's "WAN 3.0." The new architecture, which will be rolled out in five years, consists of two strategies: a hybrid WAN edge and a carrier neutral facility core.

A Hybrid WAN Edge

Prior to its recent redesign, the Kaiser Permanente WAN consisted of dual MPLS connections from individual company locations, including from its data centers. Each data center also had a direct connection to the Internet. Other locations, however, did not have direct Internet links, even though between 30% and 60% of these locations' traffic was bound for the Internet. To reach the Internet, traffic had to be backhauled over expensive MPLS links to the data centers first.

Previous WAN Architecture

The demands on these expensive MPLS connections were poised to grow substantially, as traffic was forecast to grow 20% to 40% per year. Faced with these escalating costs, an SD-WAN implementation was appealing because it had the potential to deliver network growth in a cost-effective manner. Kline's plan was to add Internet connectivity at each location, shift certain non-critical traffic to these links and use SD-WAN capability to manage the three network connections (one Internet plus two MPLS links) at each location. 

“The goal is to be able to handle our high growth rate by leveraging the Internet for Internet-bound traffic, freeing up MPLS for critical traffic and using all the links more efficiently,” said Kline, who describes this as their "hybrid edge." 

"The goal is to be able to handle our high growth rate by leveraging the Internet for Internet-bound traffic, freeing up MPLS for critical traffic and using all the links more efficiently."

"SD-WAN, implemented via a hardware device at each company location, supports dynamic link usage and policy-driven assignment of different types of applications," Kline explained. One example of policy-driven application assignment would be to say, “I want voice traffic to use the best transport available at any given time.” Another example would be to set up an automatic fail over to one of the other links in the event that any individual link becomes inoperable. 

A Custom-Built MPLS Core

The second part of the network redesign strategy at Kaiser is to support the growing use of cloud services in the organization via a new core network. To meet the bandwidth, speed, and capabilities needed at the core, Kline and his team purchased 10 Gig wavelength services, over which they created their own mesh MPLS network. With some research, they were able to isolate and connect to three carrier neutral facilities (CNFs) that conveniently provide Kaiser access to all of its cloud service providers. With these three sites, Kaiser is able to leverage the diversity of carrier options at these locations to gain greater flexibility, availability, and competitive network pricing. 

Combined Edge and Core WAN Architecture

Lessons Learned

While this design is a work in progress, Kline points out a few lessons from his experience so far. These three interrelated takeaways focus on Kaiser's deployment of cloud services.

  • The role of your security team. Cloud services will change the traffic patterns and security requirements of your network. Work closely with your security team to help plan for these new demands to ensure your traffic can be carried efficiently and cost effectively across your network.
  • The role of your application team. Early on, Kline created a cloud working group for Kaiser's various application teams. This helped his network team design a network that met the needs of new cloud services the application teams selected.
  • The role of choosing the right carrier neutral facilities. As Kaiser's experience shows, choosing the right carrier neutral facilities can have a huge impact on the complexity and cost of your connection to the cloud.


2021 SD-WAN Vendor Guide

Greg Bryan

Greg Bryan

Greg is Senior Manager, Enterprise Research at TeleGeography. He's spent the last decade and a half at TeleGeography developing many of our pricing products and reports about enterprise networks. He is a frequent speaker at conferences about corporate wide area networks and enterprise telecom services. He also hosts the WAN Manager Podcast.

Connect with Greg