Presenting the Cisco® Application-Oriented Networking (AON) Healthcare Solution - an innovative approach to healthcare information systems integration.
Keeping up with changes in Health Level Seven (HL7) messaging standards is proving to be an ever-increasing challenge, especially as demands for exchanging electronic health records with regional health information organizations (RHIOs), health information exchanges (HIEs), and health information networks (HINs) continue to drive changes to the standards. Cisco® AON provides a new approach that dramatically simplifies the transformation, secure transport, and reliable delivery of HL7 messages directly from existing applications. In addition, it provides a reliable, scalable, in-network platform for current and future Health Insurance Portability and Accountability Act of 1996 (HIPAA) compliant data exchange standards, including secure delivery, routing, and transformation of HIPAA X12 and National Council for Prescription Drug Programs (NCPDP) messages.
Designed to meet the demanding requirements of healthcare providers, payers, benefits managers, and governmental agencies, Cisco AON extends and replaces legacy server-based messaging, transformation, and data security software with a reliable and scalable network-embedded platform. Add secure connectivity, message auditing, non-repudiation, data mining, and high-speed processing to the Cisco AON Healthcare Solution, and it easily surpasses the capabilities of today's server software-based messaging and transformation engines.
Cisco AON is available in multiple form factors, which can be selected based on the customer`s network topology and performance requirements. Three of these form-factors are shown in Figure 1.
Figure 1. Cisco AON Form Factors
Branch Office
Network Module for Cisco 2800/3700/3800 Routers
Single-core 1 GHz Intel 373 Celeron-M CPU, 1 GB RAM, 80 GB hard disk drive
CADE-1010 Integrated Single-Core Appliance
Single-core Intel D352 3.2 GHz CPU, 1 GB RAM, 250 GB hard disk drive
Enterprise Data Center
CADE-2142 Integrated Dual Quad-Core Appliance
2 Quad-Core Intel E5320 1.86 GHz CPUs, Up to 18 GB RAM, Up to 735 GB hard disk drive
Features and Benefits
Cisco AON natively understands the content and context of application messages and conducts operations on those messages in-flight according to business-driven policies and rules. It complements existing networking and application technologies with enhanced security, visibility, messaging, and optimization services that provide a higher degree of awareness regarding the essential business information flowing in the network. These services help to:
• Enforce consistent business policies across information access and exchange
• Provide visibility of information flow, including monitoring and metering of information flow for both business and infrastructure purposes
• Enable disparate applications to communicate by routing information to the appropriate destination, in the format expected by that destination
• Enhance application optimization and security by providing application-level load-balancing, processing offload, message caching, compression, encryption, and digital signature capability in addition to authentication and authorization services
Cisco AON works primarily at the message level rather than the packet level. Typically it inspects the full message, including the payload as well as all headers. It also understands and enhances delivery of application-level transport protocols such as HTTP and Java Messaging Service (JMS).
Built-In Transformation Support and Failsafe Security
Cisco AON has native capability to produce and consume proprietary and standard XML, flat-file, and standards-based document formats. Utilizing open business-to-business (B2B) messaging standards, Cisco AON can be easily configured to facilitate secure data exchange directly between different organizations over the Internet (eliminating the need for VPNs, Value Added Networks (VANs), or dedicated/leased lines), provision encryption/decryption services, and generate/validate digital signatures. And all this is available either as an add-on module to existing Cisco routers and switches or as a standalone, network-embedded appliance, eliminating the need to provision, configure, and maintain servers.
Cisco AON includes support for the following security features:
• Authentication: Cisco AON can verify the identity of a sender's inbound message-based content (username and password, WS-Security profile, digital certificate, and so on). The solution integrates with security frameworks, such as Kerberos Protocol, and Lightweight Directory Access Protocol (LDAP) servers such as Netegrity SiteMinder, Microsoft Active Directory, OpenLDAP, and SunONE.
• Authorization: Cisco AON can determine which level of access the originator of the message should have to the services it is attempting to invoke. Features supported include Security Assertion Markup Language (SAML) authorization assertion embedded in Simple Object Access Protocol (SOAP), WS-Security headers, LDAP group-based authorization, and customer-defined rule-based control policies.
• Non-repudiation and data integrity: Cisco AON can digitally sign message elements or entire messages at any given AON device. Features supported include insertion and verification of XML signatures in WS-Security headers, detached envelope and enveloping XML signature types, signatures based on private keys, Secure Hash Algorithm version 1 (SHA-1) digest computation, and RSA digest encryption.
• Confidentiality: Based upon policy, Cisco AON can encrypt and decrypt message elements or entire messages. Features supported include Triple Digital Encryption Standard (3DES) and Advanced Encryption Standard (AES)-128/192/256 symmetric ciphers, RSA symmetric ciphers, destination URL-based keys, and certificates.
• Centralized key management: The Cisco AON Management Console (AMC allows users to register, configure, bind, and provision keys and certificates from the Cisco AMC server to the AON device. Capabilities include generating, registering, and obtaining Class 2 and Secure Sockets Layer (SSL1 ) certificates using Verisign Class 3 Certificate Service; fetching, uploading, and importing SSL certificates; importing PKCS#12 certificates; and importing keys from Java keystores.
• Transport-layer security: Cisco AON supports transport-layer security mechanisms such as SSL 3.0.
Service Oriented Architecture (SOA) Support
Cisco AON can natively host Web services and JMS and MQ series transports and provides support for a number of service oriented architecture (SOA) standards. It is an ideal way to bridge between legacy protocols/data exchange standards and modern SOA integration and messaging protocols, offering unprecedented investment protection as standards continue to evolve.
Visibility
Each Cisco AON node can be configured to act as a sensor that captures, processes, and logs highly granular information about application messages. This capability helps Cisco AON provide an event-capture fabric for specified application messages. Cisco AON can inspect the messages and apply rules at the message-content level.
• Logging: Cisco AON can log messages to external systems for purposes of auditing and compliance or for future analysis.
• Contextual lookup: Cisco AON can refer to external systems to obtain contextual information required to analyze the data. For example, it can call out to a customer database to look up customer information based on a customer ID in the message.
• Notification and alerting: Cisco AON can notify or alert other applications or even end users through e-mail, text messages, and phone calls (using Cisco Unified Communications) in the case of a critical event. For example, if the service-level agreement (SLA) to deliver a message has been exceeded or a critical message has been received, operations personnel can be alerted to take corrective action.
Intelligent Message Routing
Given its role as an intermediary in highly heterogeneous application environments, Cisco AON must flexibly adapt to different types of enterprise information, business policies, and endpoints. Cisco AON operates at the application-message level, allowing a high degree of flexibility:
• Protocol support: Cisco AON understands various application access methods and provides adapters for most commonly used application transport protocols: HTTP, HTTPS, Tibco EMS, WebSphere JMS and MQ, and BEA JMS. Additionally, a custom adapter software development kit (SDK) is available for creation of new adapters to any environment. Most policies and bladelets used within Cisco AON understand the semantics of these protocols natively, allowing for higher fidelity and control of the interaction.
• Protocol switching: A Cisco AON node can act as a protocol gateway between multiple applications; for example, receiving an application message through WebSphere MQ and sending it to another application as a Web Service Message. Cisco AON supports protocol translation between any combination of its supported protocols.
Extensibility
Built on an open, extensible architecture, Cisco AON includes a set of APIs to add new adapters and bladelets. It provides an interface to develop extensions to the base AON platform using languages such as Java and C.
• The Adapter Developer Kit (ADK) supports development of plug-in custom adapters to receive and send messages from Cisco AON.
• The Bladelet Developer Kit (BDK) supports development of custom bladelets in Java and C/C++. This capability is also available in the system optimized code execution path.
Scalability and Performance
Cisco AON is designed for high performance and scalability to address the needs of the most demanding applications. It accomplishes this through:
• Virtual cluster: As application message traffic increases, additional Cisco AON devices (blades or appliances) can easily be added to a virtual cluster. Thus Cisco AON can scale horizontally and transparently to match the increased traffic.
Benefits over Server-Based Software Solutions
Cisco AON reduces the total cost of ownership (TCO) when compared with server-based transformation and messaging engines. It dramatically reduces the investment costs required for acquisition, deployment and delivery of application infrastructure. It also eliminates the people costs for ongoing application infrastructure maintenance and provides automated clustering, load balancing, and failover within network devices for high availability. Above all, Cisco AON's integrated hardware/software approach provides much faster and more reliable message processing when compared with server-based messaging and transformation engines.
Cisco AON Design, Configuration, and Management
Cisco AON operates as a set of distributed application and network services that span business, security, administrative, and network domains.
The following tools are included to centrally manage and configure Cisco AON devices regardless of hardware platform:
• Cisco AON Development Studio (ADS) is used to create policy execution plans (PEPs) that represent a set of operations (bladelets) to apply to application messages.
• Cisco AON Management Console provides centralized control for configuration, certificate management, and lifecycle management of a distributed AON network.
Service and Support
Cisco offers a flexible suite of support services designed to help maintain high-quality network performance while controlling operational costs. Service and support programs including Cisco SMARTnet® Service and Software Application Support (SAS) are available as part of the Cisco AON solution and are available directly from Cisco and through Cisco certified partners.
Cisco AON products can optionally be bundled with Cisco Advanced Services that will accelerate your time to deployment and help ensure a high-quality, reliable implementation.
1This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. For more details please visit the following website: http://www.openssl.org/.
