Based in Lewiston, Maine, St. Mary's Regional Medical Center serves the state's Androscoggin County. Along with its 233-bed acute care facility, St. Mary's provides physician services and operates Maine's largest nursing home, an independent living center for the elderly and disabled, in addition to satellite occupational health offices.
As with every hospital in the United States, St. Mary's is facing regulatory and security issues. For this reason, the hospital needs a portfolio of tools to not only help meet storage, security and compliance requirements, but also those which will scale with the hospital's business and technology needs.
More reliable storage on disk
Our IT department had overwhelming backup issues. Over the last few years the hospital found the need to add backup servers and backup tape libraries to keep up with the growing demand of data. St. Mary's has more than 50 servers on the Windows platform and handles hundreds of Lotus Notes databases (Lotus is an IBM company, Armonk, N.Y.), many different types of applications, including financial, billing, administrative, and a large electronic medical records application utilizing Oracle and SQL Server.
To perform nightly backups, our IT staff had to parse data out to different servers and storage devices, and even so, the backup window was closing. Tapes were getting old and starting to have problems. Each night we began backups at 5 p.m., and they often wouldn't be completed until 7 a.m. It was even getting to the point where backups were still running at 7 a.m., which made things more difficult for people who tried to use the applications that were still running. Each day when backups were finished the tapes were taken to an alternate site and placed in a fireproof cabinet. Our backups began failing more often, so we had to find a quick solution.
St. Mary's had been using a disk-to-disk backup solution for a couple of years. The staff and I discussed putting the hospital's entire backup system into that scenario. We knew disk-to-disk was a lot faster to back up and restore and was more reliable, so we considered alternatives to tape. We looked at various companies, reading literature about data compression and byte-level backup technology. We chose Westborough, Mass.-based ExaGrid because of the company's approach to data reduction.
ExaGrid provides byte-level delta data reduction which stores only deltas from backup to backup instead of storing full file copies, significantly reducing the amount of data stored, saving costly disk space and providing fast restores. ExaGrid will also configure systems offsite, install them, and guide staff through setting up the backup jobs. The company also monitors the system and takes care of any problems offsite. Another appealing factor was cost. The cost of the alternative solutions we looked at was considerably higher.
The ExaGrid system is installed as a disk-based target for St. Mary's existing Cupertino, Calif.-based Norton (Symantec) Backup Exec application for backups and restores. Due to ExaGrid's byte-level delta data reduction technology, we're not storing the same data over and over again, and we can back up a good amount of data, 500GB, in a relatively short period of time.
Room for growth
The amount of data the hospital needs to back up is growing each year. The biggest component of that data is in e-mail communication, St. Mary's has 1,200 Lotus Notes users who collaborate on projects. These include an application that tracks patient inflow/outflow to give physicians and executives a pulse on the patient population and projects within the financial and medical areas.
Because of the way the ExaGrid system is designed, we can hold a lot more data on disk than we used to. Previously, we could only store about a week's worth of data on disk. Now, we're retaining a couple of month's worth. Also, restores have been very fast. We sized the system to handle our needs today, but should we need more storage space, we can add more repository servers.
ExaGrid's approach provides standard compression for the most recent backups and byte-level delta data reduction for all previous backups. With the byte-level delta data reduction, St. Mary's is experiencing 20 percent compression depending on the type of data being backed up and the amount of changes. St. Mary's backup process got faster with each backup update and offered more compression.
St. Mary's now performs all backups on a single backup server within a nighttime backup window. We hold lab data for seven years and, for some departments, we must maintain data forever. Restores, even those for large files, take seconds. St. Mary's has a second ExaGrid system installed at an alternate location for disaster recovery. We feel comfortable knowing that we have a redundant, self-replicating system that is offsite for disaster recovery.
We must constantly monitor the hospital's computer network for malicious behavior. If there is an event or user behavior that seems out of place, we can investigate using our Intrusion Detection Systems (IDS). We built our own IDS using common software called Snort (by Columbia, Md. -based Sourcefire) on a couple of Linux boxes, one inside the network and one just outside.
An IDS is critical for any institution to have. For example, one of the employees had downloaded data from a Web site which also installed a botnet software application that runs automated tasks over the Internet and propagates vulnerabilities on his PC. We were able to catch it and nip it in the bud with IDS before this person's machine became a robot.
While the IDS monitors our network for threats from both the outside as well as the inside, a network monitoring system that monitors for problems due to overloaded and/or crashed servers, poor network connections and other potential issues is also utilized. Using "What's Up Gold" from Lexington, Mass.-based Ipswitch, a network monitoring solution, we mapped the network and receive notifications by e-mail and cell phone text messages when problems occur. This has averted major problems on several occasions.
St Mary's also uses RAID configurations on all major servers to protect against drive failures and ensure data integrity. RAID refers to a data storage scheme using multiple hard drives to share or replicate data among the drives.
Keeping the mission
Network and resource availability is absolutely critical for our hospital staff. We need the best technology to maintain our critical data and to ensure we offer the best care for our patients. "Respect. Excellence. Compassion. Stewardship." The mission remains the same, but the technology requirements to meet high standards for care are only going to get more stringent over time. By applying the right technology, we will stay ahead of demand.
