H3C Supports the Regional Medical Information Construction in Zhangjiagang

    27-10-2022

Background:

To achieve the goals of the new medical reform in China, a regional health information platform based on electronic health records must be established. The regional public health information platform is an integrated system established for collecting, processing, storing, retrieving, analyzing, researching, transmitting, and providing information services in the health field. It contains the e-government platform of the Health Bureau, public health information network, hospital information network, medical emergency network, social medical security network, community health information network, and subsystems involving many departments connected with the government public information network and other networks.

With a high starting point, the regional public health construction takes into account regional planning and realizes the connectivity of various medical and health institutions at all levels. In accordance with the construction method of "unified platform, unified standard, interconnection, and resource sharing", the construction must realize the digitization of all medical and health institutions in the region and sharing of the health information, so as to provide convenient services to the public. The construction of digital regional health is essential for building a digital city and is inevitable for social development.

The Zhangjiagang health information platform is the central component and the cornerstone of regional health informatization. It serves as a supportive platform for all regional medical and health institutions to achieve information sharing and exchange, process integration and collaboration, resource management and configuration, and service monitoring and assessment. It can promote the reform of the medical and health system.

 

Figure 2 Platform application architecture diagram

As shown in the figure above, the entire regional health informatization architecture mainly includes several major parts, such as the regional health record data center, Electronic Health Record (EHR) management system, public medical information service platform, and various basic service information systems. The whole platform is built based on the existing basic service information systems of each health service organization. Data exchange and sharing between the systems are completed through the standardized interface group of Zhangjiagang Health Information Platform. In this way, the platform realizes the integration of personal health data and service integration in the whole region. In overall platform planning, each service system is both the provider and consumer of the data services.

Network description:

In the core layer, the S7500E series switches were selected. The health network platform carries multiple services at the same time, and all services are processed by the core switch. Using H3C S7510E as the core switch of the service system can meet the network demands of high capacity, high performance, high reliability, high security, and expansion capability. The two core S7510E switches are interconnected by Gigabit Ethernet (GE) high-speed links. With the Intelligent Resilient Framework 2 (IRF2) technology, the two high-end devices are virtualized into one logical device. With the de-routing hot backup technology, redundant backup and non-stop Layer 3 forwarding of all data in the control plane and data plane is achieved within the entire virtual architecture. This greatly enhances the reliability and performance of the virtual architecture, eliminates single point failures, avoids service interruption, and guarantees the high reliability of the core nodes. After the concentration of data, the whole system carries multiple service systems. Since different services have different demands on the network bandwidth and delay, the core switches must give equal importance to both service and performance. S7510E adopts a powerful ASIC chip to achieve the distributed processing of services with line speeds. This provides users with guaranteed service features and ensures line rate forwarding of data messages. Meanwhile, S7510E is configured with the Intrusion Prevention System (IPS) module and security plug-in card for firewalls.

The access layer is configured with the S5500EI Gigabit access switch, which features twenty-four 10/100/1000 Base-T Ethernet ports, four reusable 1000 Base-X SFP Gigabit Ethernet ports (Combo), and two expansion slots. The switch supports stacking and 10 GbE uplink modules. The switch can be expanded as the number of servers continues to grow in the future.

The MSR50 series multi-service routers are deployed at the network egress to handle the demands for external data caused by the unexpected heavy traffic. This avoids the flaws of the poor performance of traditional general-purpose CPUs and the inflexibility of network processors when processing services, and brings the possibility of high-performance processing of complex network services.

The SecPath ACG product accurately identifies and controls the P2P/IM/VoIP bandwidth abuse, online games, stock speculation, multimedia applications, unauthorized website access, and other behaviors in the network. At the same time, it can conduct in-depth analysis and post-event audits on network traffic and users' online behaviors. With the powerful URL filtering feature, it provides a comprehensive understanding of network application models and traffic trends. This greatly enhances the service control capability of the network, helps users optimize their network resources, and creates a harmonious and orderly network environment for users.

SecBlade IPS provides an intrusion prevention module that specializes in analyzing layers 4 to 7 of the network and provides an intrusion prevention system for real-time defenses. This can be considered as a complement to the inadequate firewall security layer to improve the security layer in the network transmission process, block hacker attacks and worm propagation, and protect internal hosts from vulnerabilities.

SecBlade FW integrates features including the firewall, Virtual Private Network (VPN), content filtering, and Network Address Translation (NAT). This enhances the security service capability of the network devices and provides users with comprehensive security protection. It provides external attack prevention, internal network security, traffic monitoring, URL filtering, application layer filtering, and other features to effectively secure the network. The H3C Application Specific Packet Filter (ASPF) technology for application state detection has been used. It supports email alerts, attack logs, stream logs, and network management monitoring to assist users in network management.

新华三官网