1.0 Intelligent Campus Network Solution
2.0 IDC Data Center Network Solution
3.0 Enterprise Cloud Solutions
4.0 Overall Information Security Solution
- 4.1 Exit Security Application Solutions
- 4.2 Branch and Mobile Internet Application Solutions
- 4.3 Data Center Security Solutions
- 4.4 Level Protection Comprehensive Solution
- 4.5 Disaster Recovery and Backup Integrated Solution
- 4.0 Overall Information Security Solution
- 4.6 CDP Local Disaster Recovery Solution
- 4.7 Dual-System Disaster Recovery Shared Storage Hot Standby Solution
- 4.8 Mirrored Hot Standby Solution for Dual-machine Disaster Recovery
- 4.9 Desktop Access Scheme
- 4.10 Anti-disclosure security management system for electronic documents
- 4.11 Email Security Overall Solution
5.0 Smart Wireless Total Solution
- 5.1 Cloud wireless solution
- 5.2 Application authentication access solution
- 5.0 Smart Wireless Total Solution
- 5.3 Smart Business Circle Solution
- 5.4 Wireless bridging solution
- 5.5 Elevator Wireless Coverage Solution
- 5.6 Hotel wireless coverage solution
- 5.7 Smart Campus Wireless Solution
- 5.8 Hospital Wireless Solution
- 5.9 Wireless retail solutions for malls
6.0 HD Video Conference Solution
7.0 IDC Computer Room Construction Solution
8.0 Intelligent Weak Current Solution
9.0 Intelligent Building Solution
10.0 Intelligent Management Center Overall Solution
1.Why hospitals deploy wireless networks
HIS 、 PACS 等），医护人员可以通过有线网络来访问、修改、输入患者信息、诊断报告和治疗方案，但在使用过程中发现，由于有线网络存在信息点固定的局限性，制约了系统发挥更大的作用。 Many hospitals have established powerful medical information management systems (such as HIS , PACS, etc.). Medical staff can access, modify, and enter patient information, diagnostic reports, and treatment plans through a wired network. However, during use, it was found that The limitation of fixed information points on the network restricts the system from playing a greater role. The application of wireless networks has completely broken this limitation. The application of wireless networks in hospitals is mainly concentrated in the following aspects.
n Wireless rounds
During the rounds, doctors often need to retrieve the patient's diagnosis and treatment records or medical history and other information at any time, and according to the specific conditions of the patient at the time to order doctors at any time. PDA ，随时查询患者的相关的信息。 The application of wireless network can enable doctors to query the patient's related information at any time through the tablet or PDA that they carry with them . It eliminates the trouble of always holding a large number of case records when diagnosing and treating patients in the ward, and can more accurately, timely and comprehensively understand the patient's detailed information. Doctors' rounds are simple and easy, and patients can get timely and accurate diagnosis and treatment.
n Facilitate patient visits
Outpatient queuing and poor medical conditions are common problems in hospitals at present. Reducing waiting for consultations, improving the efficiency of diagnosis and treatment, and avoiding infection due to waiting for consultations have become a top priority. PDA ，将接诊或等待的患者数量信息登记传输到前台负责分诊人员的计算机上，方便分诊人员了解每个门诊医生当前的接诊情况，及时调配资源。 After the wireless network is deployed, the doctor can use the equipped tablet or PDA to register and transmit the number of patients who are admitted or waiting to the computer of the triage staff at the front desk, so that the triage staff can know the current situation of each clinic doctor. And timely deployment of resources.
When prescribing, doctors can keep abreast of information such as the type and quantity of medicines in the prescription through the wireless network device. This prevents patients from getting the wrong medicine due to ambiguous handwriting and manual operation when formulating prescriptions, and improves diagnosis and treatment efficiency.
n Convenient information point expansion
It is relatively difficult to add information points to a wired network, and dust and noise will be generated during construction, which will damage the hospital's medical environment. After deploying a wireless network, adding an access point requires only a wireless network card to be installed, which is very fast and convenient.
由于无线电波的开放性，任何人都能监听到信道中无线数据的传输，这就对无线网络的安全性提出了 The wireless network brings great convenience to the hospital's business, but since the wireless network's working frequency band is mainly a public wireless band without a license, cordless phones, private radios, and even microwave ovens will interfere with it, and because of the openness of radio waves , Anyone can listen to the wireless data transmission in the channel, which puts forward the security of the wireless network Claim.
医院中,患者的电子病历、个人资料都 In the hospital, the patient's electronic medical records and personal data are all 一旦被无线网络被黑客攻破泄漏，患者电子病历被、恶意修改，或者个人资料被其他机构获得，都会给患者带来不小的麻烦。 It is considered confidential. Once the wireless network is hacked and leaked, the patient's electronic medical record is modified, maliciously modified, or the personal information is obtained by other institutions, it will bring a lot of trouble to the patient. On the other hand, at the same time, the confidentiality of the hospital's own information is particularly important. If this information leaks out through the wireless network and the information leaks, it will also cause irreparable losses to the hospital. This shows the importance of wireless network security deployment.
Since wireless devices work by receiving and transmitting wireless signals, and wireless signals are divergent in space, can wireless signals potentially interfere with patients and medical equipment?
n Potential interference from wireless devices to the patient (implanted pacemaker or defibrillator)
n Potential interference from wireless devices to medical devices
n HIS （医院信息管理系统）的挂号收费模块连接，读取患者基本信息及挂号就诊信息； Connect with HIS (Hospital Information Management System) registered charging module to read basic patient information and registered medical information;
n HIS 的收费划价模块连接，掌握患者就诊流程； Connect with HIS 's pricing and pricing module to grasp the patient consultation process;
n HIS 的药房调剂模块连接，读取发药信息。 It is connected with the pharmacy dispensing module of HIS to read the medicine delivery information. ； And can provide patients with queue information at any time ;
The biggest feature of wireless devices is that the access points are flexible and convenient, and are not constrained by space in the coverage area of wireless signals. Based on this feature, users have the following two questions:
n . Whether medical staff can quickly access the hospital management system when moving in different wireless network coverage areas, and whether there will be business interruption during the rapid movement .
n If used by medical staff 语音电话，在快速移动的过程中是否存在通话的中断或不清晰。 Wifi voice call, whether there is interruption or unclearness of the call during fast moving.
2.5. Wireless network planning and implementation issues
The implementation of wireless networks is also a problem that needs to be solved. In summary, there are three main points:
n How to solve the problem of blind spots in signal coverage during wireless implementation
Because wireless signals are spread in space, and the walls of different materials of buildings will affect the transmission of wireless signals to different degrees. The attenuation strength is different. In the implementation process, especially hundreds or thousands of deployments When there are a large number of APs, how to achieve blind spot coverage must be considered. How can I quickly detect whether the wireless signal penetrates the wall that is blocked in the middle, so that all the blind spots of the signal are covered?
n AP 供电问题 How to solve the problem of wireless AP power supply
Many hospitals did not consider the deployment and construction of wireless networks when they started building. That is, they did not reserve a power socket for wireless APs. If a wireless network is deployed, will the power lines be rebuilt and the construction costs will be inevitable? Promotion. Inconvenient.
n Interference between APs
When multiple APs are deployed in a certain space, the signals emitted by each AP will always have overlapping and overlapping places, which will cause signal interference. Then, whether the signal interleaving between APs will cause mutual signal interference. ? How to solve it needs attention.
2.6. Wireless network management issues
In order to achieve full signal coverage, if a large number of APs are deployed in a wireless network, how to quickly and effectively configure and manage hundreds or thousands of these APs, and how to effectively and simply perform so many APs in future maintenance operations What about management? 。 Whether wireless networks can be integrated into the management system of the original wired network, and the simultaneous management of wired and wireless networks is also a concern for many hospitals when deploying wireless networks .
The above points are the concerns of typical hospitals in terms of wireless applications. At the same time, they also put forward some key requirements for the construction of wireless networks. So what else should the hospital pay attention to when choosing a wireless network? What characteristics should the new generation wireless network possess? Is the most expensive device combined the best wireless network? Below, this must be H3C hospital wireless solutions to help hospitals plan wireless network selection of six standards from the aspects of security, interference, roaming, power supply, management, value-added and so on to select wireless devices.
The importance of wireless network security issues was explained earlier. In addition to H3C wireless devices supporting WEP, WPA / WPA2, TKIP, CCMP, etc., the medical industry has been cautious about the application of wireless networks, and security issues are the most important. This situation usually occurs when there is no security control in the wireless space. If an illegal user establishes a connection with a legitimate AP, it means that our network is open to the outside, which will lead to the leakage of important data and information. In addition to standard encryption methods, you can also use H3C wireless intrusion detection and wireless EAD wireless security solutions to ensure network security.
n Wireless intrusion detection
传统的安全手段是通过定义合法用户列表、加密方式保证合法用户数据的安全性，但这种手段太单一，而且显得很被动。 For the control of illegal users, the traditional security method is to ensure the security of legal user data by defining a list of legitimate users and encryption. However, this method is too simple and passive.
H3C 's wireless intrusion solution breaks this limitation and makes wireless networks more secure. H3C wireless intrusion solution has the following characteristics:
Ø AP 工作在两种工作模式：模式一、 AP 负责监听空口所有信道的信息，但不负责用户报文的转发。 The wireless controller can specify the AP to work in two working modes: Mode 1. The AP is responsible for monitoring the information of all channels on the air interface, but it is not responsible for user packet forwarding. AP 在为用户转发数据的同时定期切换到其他信道监听信息 Mode 2: The AP periodically switches to other channels to monitor information while forwarding data for users
Ø The AP device is responsible for reporting the monitored wireless device and the attacking wireless device to the wireless controller.
Ø AP 上报的设备信息识别非法设备，排除合法设备 The WLC identifies illegal devices based on the device information reported by the AP and excludes legitimate devices
Ø AP 将非法设备列入黑名单或者对其发起攻击 The wireless controller can control the AP to blacklist or launch attacks on illegal devices
n EAD 解决方案 Wireless EAD Solution
EAD （端点准入防御）方案中的 iNode 客户端支持统一认证，可以进行无线认证和安全认证的一次完成，从而方便部署和使用。 The iNode client in the wireless EAD (Endpoint Admission Defense) solution supports unified authentication, which can perform wireless authentication and security authentication at one time, thereby facilitating deployment and use. EAD 方案中，拥有合法身份的用户除了被验证用户名、密码等信息外，还被检查是否满足安全策略的要求，包括病毒软件是否安装、病毒库是否升级、是否安装了必要的系统补丁等等。 In the wireless EAD solution, in addition to the verified user name and password, users with a legal identity are also checked to meet the requirements of the security policy, including whether virus software is installed, virus databases are upgraded, and necessary system patches are installed. and many more. EAD 会根据预定义的策略为其分配对应的网络访问权限，避免了非授权的网络访问现象，达到硬隔离的效果。 For users who meet both identity checks and security checks, EAD will assign corresponding network access rights to them according to predefined policies, avoiding unauthorized network access and achieving the effect of hard isolation.
H3C 无线 EAD 解决方案有如下特点： To sum up, the H3C wireless EAD solution has the following characteristics:
Ø EAD 。 Wireless-based EAD .
EAD 客户端、无线控制器和 EAD 策略服务器的配合实现无线 EAD 功能，适合于无线单独接入组网及无线有线混合组网等等。 The wireless EAD function can be implemented through the cooperation of a wireless EAD client, a wireless controller and an EAD policy server , which is suitable for wireless separate access networking and wireless wired hybrid networking, etc.
Ø Complete security status assessment.
SMS 、 LANDesk 、 BigFix 等业界桌面安全产品的配合使用，支持和国内外主流病毒厂商联动。 The EAD client can perform security authentication checks on the terminal, including virus database versions, patches, installed application software, agents, dial-up configurations, etc., and supports the use with Microsoft SMS , LANDesk , BigFix and other industry desktop security products. Cooperation with mainstream virus manufacturers.
Ø Role-based network authorization.
EAD can issue pre-configured access control policies to the security linkage device based on the role of the end user, and regulate the user's network usage behavior according to the user role permissions.
Ø Expand open solutions.
The EAD solution provides customers with an extended and open structural framework, which protects the existing investments of users to the greatest extent.
Ø Flexible and convenient deployment.
EAD 还支持灵活的旧网改造方案和客户端静默安装等特性。 EAD treats users with different identities differently according to the security policy configured by the network administrator, and customizes different security inspection and processing modes, including monitoring mode, reminder mode, isolation mode, and offline mode; In addition, EAD also supports flexible old network reconstruction solutions And client silent installation.
3.2. Green and secure wireless network-solving the problem of wireless signal interference in hospitals
The wireless signal mentioned earlier 是否会对患者和医疗设备存在干扰。 Does divergence interfere with patients and medical equipment? The following will be described from the following three aspects.
n From the power analysis, the wireless signal will not cause interference to the patient
RF 发射功率不可超过 100mW ， H3C 无线网络设备符合国际标准，实际工作在规定的安全发射功率范围之内，必然不会对人体健康产生影响。 The Radio Management Committee of the Ministry of Information Industry of China stipulates that the RF transmission power of a single wireless access point device must not exceed 100mW . H3C wireless network equipment conforms to international standards. The actual work is within the specified safe transmission power range, and it will not affect human health.
n Theoretical analysis, wireless signals will not interfere with medical equipment
The mutual interference and impact of wireless networks and medical instruments depends on the placement of the device, the transmission frequency, the output power, and the device's ability to resist interference. Research shows that if properly designed, wireless LAN devices will not affect medical equipment.
Wireless equipment will not affect many precision equipment in the hospital, and electromagnetic interference in the hospital will not affect the normal operation of the wireless network. The working environment of medical equipment is relatively complicated. All precision equipment has adopted anti-interference shielding measures. It has strong anti-interference ability. General electromagnetic interference will not affect the normal operation of the equipment. 60mW~100mW 之间，比 GSM 手机的功率小得多，对医疗设备更不会产生响。 The output power of wireless network equipment is between 60mW and 100mW , which is much smaller than the power of GSM mobile phones, and it will not cause any noise to medical equipment. According to the national frequency band allocation for wireless communication, wireless LAN devices work in the two frequency bands of 2.4GHz or 5.8Gz, while medical devices mostly work in two frequency bands below 100MHz and above infrared. Due to the operating frequency and the modulation used The methods are quite different, so the two will not cause mutual signal interference. Although nuclear magnetic resonance machines, X-ray machines, CT machines, high-frequency electric knives, etc. are interference sources, the interference power generated is considerable, and the spectrum width is large, but such devices generally work in well-shielded rooms and generate wide frequency bands. The interfering signal decays very quickly when the space spreads, so as long as the wireless network is not in the same room, the problem of interrupted communication is generally not caused. For some medical devices such as wireless ECG monitors that use the ISM band or even wireless LAN technology, due to technical compatibility, they can avoid mutual data interference in parameter settings during use to ensure the equipment of both parties. Normal communication.
n From the scale application and professional test results, the wireless signal is green and safe
Wireless devices have been widely used in hospitals around the world for a long time, and so far there have been no accidents in which wireless devices endanger human health and interfere with medical equipment.
Experts have proven that wireless signals interfere with medical equipment through multiple professional tests, but the result of each test is that wireless signals do not interfere with medical equipment.
FCC规定的安全 发射功率范围之内，就不会对人体健康产生影响。 In summary, as long as the wireless network equipment complies with international standards and actually works within the safe transmission power range specified by the FCC , it will not affect human health. In addition, experiments have shown that as long as the deployment environment is closely measured before the wireless network is constructed, the placement of the wireless device is reasonably designed, and the appropriate transmission power is used, the wireless device will not affect the precision medical equipment in the hospital The electromagnetic interference of various types of instruments in hospitals will not affect the normal operation of wireless devices.
3.3. ――解决无线系统和医院 HIS 系统 融合问题 H3C OAA Wireless HIS ——Solve the problem of convergence between wireless system and hospital HIS system
The seamless access of hospital network to HIS (hospital information management) system and wireless network is the most important item in hospital wireless network application. 。 The wireless HIS system includes storage and transmission of plain text data such as billing, drug charges, and inventory .
H3C products are developed based on OAA. OAA (Open Application Architecture) is an open application architecture. It refers to the establishment of an open software and hardware architecture on the basis of H3C network operation platform-COMWARE.
Based on the software and hardware interfaces and standard specifications provided by H3C, third-party manufacturers have developed richer business applications based on their own advantages, forming a situation of complementary advantages, deep integration, and win-win cooperation with H3C. By building an open business platform, H3C OAA can completely form a cooperative alliance with the top manufacturers in the medical system field, so as to achieve the integration of wireless systems and HIS systems, and to provide users with the best HIS purpose. The comprehensive coverage of wireless broadband in all corners of the hospital can guarantee such applications anytime, anywhere, allowing managers, experts, doctors, nurses, patients, and family members to easily find information anywhere in the hospital, and will no longer be restricted by network cables Flexibility, with the wireless network, you can check the Internet anytime, anywhere.
The importance of seamless roaming of the wireless network to the hospital is self-evident. This is especially important for the hospital's emergency ward, where patients have serious internal and external injuries and need emergency treatment. Through seamless roaming technology, to improve the service efficiency of outpatient registration and inpatient registration procedures, in order to solve the problem that wireless terminal equipment moves quickly in the wireless network and business is not interrupted. H3C proposes a seamless roaming solution that uses "one-time authentication and fast mobile access". The second and third layers of seamless roaming in the entire network can also enable medical staff to always connect to the network at the highest rate during the mobile rounds, thereby ensuring business continuity and achieving seamless connection, so as to avoid disruption as much as possible. Open the connection.
As shown in the figure above, when Doctor A works in the inpatient building A, he queries the information of the HIS server A, while Doctor B works in the inpatient building A. The server B queries the information. Now both the doctor A and the doctor B need to go to the inpatient building B Go to work. From the picture above, we can see that even if the positions of doctor A and doctor B move to the B building, he still reads information from the original HIS server.
Since the wireless terminal of the doctor has already passed the security certification in the inpatient building A, there is no need to pass the security authentication again when the inpatient building B is accessed, and the direct access is sufficient. During the movement, as long as there is a wireless network signal, the service will not be interrupted. "One-time authentication, mobile access" seamless roaming solution makes the wireless network not only flexible, but also more reliable.
n How to solve the problem of blind spots in signal coverage during wireless implementation
Because the general hospital wireless network adopts a separate construction method, it is mainly deployed at the corresponding location according to the coverage and capacity requirements of the wireless network WLAN, and the routing length is controlled within the allowable range. The choice of individual placement points is more flexible, and can basically be used to meet the best point requirements suitable for full WLAN coverage of wireless networks; and because more APs are used, a larger network capacity can be obtained.
Calculating the link budget manually is cumbersome. I jointly developed simulation software for wireless network planning with third-party partners. The planning efficiency is high, the solution is easy to modify, and the link budget is more accurate and intuitive. The figure below is a simulation of the signal strength of a hospital's wireless network.
Wireless signal strength simulation for a hospital
Through the software, various parameters in the actual environment can be reflected in the simulation, including the structure of the building, wall materials, door and window positions, furniture layout, etc., and reproduce an almost practical scene. After the simulation, a number of indicators such as signal strength and signal-to-noise ratio can be obtained, and the network can be readjusted and simulated through the results. H3C simulation software even capable of wireless network planning based on customer demand automatically, greatly reduce the difficulty of network planning and implementation.
n AP 供电问题 POE (Power over Ethernet) -solve the problem of wireless AP power supply
POE 是网络建设必备的一项功能。 In the initial stage of hospital wireless network construction, in order to reduce the cost of power wiring and reduce the complexity of construction, POE is a necessary function for network construction. POE 就像对于无线 AP 、 IP 电话这样小功率设备，我们通过网线不但可以传输数据，还可以提供 -48V 的直流电。 The so-called POE is just like low-power devices such as wireless APs and IP phones. We can not only transmit data through network cables, but also provide -48V DC power. POE 供电设备具有以下特点： H3C 's POE power supply equipment has the following characteristics:
Ø Lower port density: Wireless network deployment in hospitals is more dispersed, so low-density models are more suitable for the actual needs of wireless users;
Ø ARP 攻击等安全特性，支持基于端口和 VLAN 下发 ACL ，满足接入安全和认证的需要； More comprehensive security defense: security features such as anti- ARP attacks, support for issuing ACLs based on ports and VLANs to meet access security and authentication needs;
Ø POE 供电交换机来说，电源是重要的组成部件，是否能满负荷对交换机所有端口供电是 POE 供电交换机重要技术指标之一； Greater power supply: For the POE power supply switch, the power supply is an important component. Whether it can supply power to all ports of the switch at full load is one of the important technical indicators of the POE power supply switch;
Ø POE 交换机既可以支持千兆 SFP 模块，也可以支持百兆 SFP 模块，满足用户对接设备百兆端口的需求 More flexible port configuration: POE switches can support both Gigabit SFP modules and 100M SFP modules to meet users' needs for 100M ports for docking equipment.
n AP 之间的干扰问题 Intelligent radio frequency management-solve the interference problem between APs
AP 部署时的干扰的问题，已成为医院信息化建设的重大问题。 The convenience, fastness, and timeliness of wireless networks have become one of the important contents of hospital information construction. With the rapid expansion of wireless network construction, electromagnetic interference has gradually attracted widespread attention. The problem of interference during wireless AP deployment, Has become a major issue in the construction of hospital information.
Ø AP 上电时，无线控制器会根据 AP 的邻居关系动态调整 AP 工作的信道和发射功率，在保证覆盖的前提下保证 AP 间的干扰最小 When each AP is powered on, the wireless controller will dynamically adjust the working channel and transmit power of the AP according to the neighbor relationship of the AP to ensure minimum interference between APs while ensuring coverage.
Ø AP 覆盖区域受到外界强信号干扰时，无线控制器会控制 AP 自动切换到合适的工作信道以规避干扰信号 When the AP coverage area is interfered by a strong external signal, the wireless controller will control the AP to automatically switch to the appropriate working channel to avoid interference signals
Ø AP 发生故障而造成覆盖黑洞时，无线控制器会自动调整相邻的 AP 的发射功率以消除黑洞区域，当故障 AP 恢复工作后无线控制器可以自动调整邻居 AP 的发射功率恢复原始工作状态 When an AP in the coverage area fails and the coverage black hole is caused, the wireless controller will automatically adjust the transmit power of adjacent APs to eliminate the black hole area. When the faulty AP recovers, the wireless controller can automatically adjust the transmission of neighboring APs . Power restored to original working condition