So to give you some intuition I had to build real networks, I'm going to walk you through a real hospital IoT deployment. Real deployment of IoT inside a hospital. We'll be talking about the real network infrastructure behind this deployment. So if you think about it, building a hospital is a challenging thing. It seems simple. There's all these people coming in, and they're getting sick, and there's doctors, and things like that, but if you think about it, there's really a lot of networking stuff that has to go on behind the scenes to make a hospital work efficiently. So inside a hospital, there's a bunch of things and sometimes these things require payments. For example, you may have a pharmacy where users can swipe credit cards, and you may have billing systems and so on. Now, dealing with payment cards is actually really challenging problem. There's a whole industry set up around credit cards and credit card payments, and there's been a huge backlash because all these systems are getting hacked, and you use your credit cards and then you get a letter in the mail saying, "Your credit card information was stolen from this company and this company and this company." It's been a big problem. So the credit card industry has created a specification called PCI, Payment Card Infrastructure, where the goal is to improve the robustness of the system. So if you operate a payment card system, you need to be really careful about your system in making sure it's secure. So this is a big challenge that even hospitals have to address. Hospitals also have a double whammy because they're also associated with HIPAA regulations. If you're an entity that stores sensitive medical information, the set of illnesses or diseases that a person has, that's very sensitive information and you're required by law to protect it. So there's a set of laws known as HIPAA, which require hospitals to maintain this information in various secure ways. HIPAA and PCI, they both apply the networks in different ways. So when you design these networks, you have to apply segmentation and policies in ways that conform to these laws. You have to do that very carefully. In addition, there's things like implants inside people, and medical devices. These devices are becoming increasingly networked. We're putting things like diabetes medication inside of people, and dispensing tools, and things like this. These things are networked, which is very powerful because now we can monitor patients externally through communication. We don't have to like open them up every time we need to check on something. But if you have something like a pacemaker and is connected to the internet, you don't want people getting in that thing. We have to protect it. So networked implants are also a challenge we need to deal with. There's also things like patient monitoring. There's all these little devices you see inside our hospitals. These are becoming increasingly networked as well. So for example, if you're in a fetal care unit, you have all your children, your babies laid out and your monitoring their heart rates and things like that. That's all networks and that's very critical data. You don't have outages. You large need for redundancy for these networks. There's also things like guest wireless networks. You have users coming in and they want to access the wireless network, but you have to segment this network off as well because you don't want your guest wireless users getting on these other networks. That's a big security issue. There's also things like Medical Automation and AI, which is being increasingly used inside hospitals to monitor patient health, look at statistics, look at how efficient doctors are being in diagnostics. This is a big system that's often run inside of hospitals or inside of datacenters, which need to communicate with these various other mechanisms and segments. So how do you build a hospital? How do you build a network that has to do all of these different things, that has to keep all of these different things secure? It's a huge challenge. So what we do is, we use the devices and the technologies we've been talking about. So what you'll do is, you'll start off by creating a network. So the first thing you'll do is you'll do topology design. You'll figure out where you want your network to go. You'll say, "Okay. I have a hospital. I want to have to set of wiring closets where I can put servers, have a network operations facility in my basement, run wires between them. Then I'll have a bunch of ports and walls where I'm going to be able to plug in medical devices. This is a consultation room with patients, I'm going to have a medical terminal there. I'm going to put sensors here and so on." So you're going to think about what you want and where you want it, and then you're going to write down your topology in a way that respects those physical and geographic constraints. So you're going to have something like this. You have a set of access switches, and distribution switches, and then lines that go out to individual rooms and to wireless networks and so on. Up inside the hierarchy you're going to have servers, and that's where you're going to store your credit card information, your private data and things like that. Then you have an Internet connection with a very secure set of firewalling services to block it off. So you're going to have this. You're going to have your physical network lab. But if you think about it, this doesn't really solve any of these problems. All this does is, it provides transport between different locations on your network. It provides the ability to provide data, the ability for data to go from one to another point. It doesn't do anything about preventing your PCI network from being accessible from your guest wireless network and so on. So the way we deal with that is through something called segmentation or micro-segmentation. What that is about is that it's about carving up your network virtually. So what we'll do is, we'll use primitives like VLANs and VRFs to virtualize different layers in your network. Then we'll place these different services into these different layers. Then we'll define policies about how and when these different layers can reach each other. So in particular, we'll look at our network and we'll say, "Okay. I'm going to have payment card infrastructure on this network, I'm going to have different points of sale, little things I can swipe my credit card in, credit card servers." I want that to be segmented off because if malware in my HIPAA network, I don't want that getting in my PCI network and vice versa. So what I'm going to do is, I'm going to define a VLAN for that. I'm going to give the VLAN a name, maybe PCI or point of sale. Then I'm going to give it a number because every VLAN needs a number. Every VLAN also needs a prefix, so I'm going to assign it a prefix as well. So this comprises a segment in my network. Then I'm going to define another segment for my general data. I'm going to define another segment for my voice traffic so I can give a higher quality of service and so on. So what I'm going to do is I'm going to think about all the different segments I want in my network. I'm going to construct different VLANs for each of them. Each of them is going to have IP address range. Then I can define policies on these segments. When you define policies in routers, you can't really say, "Don't let my PCI network touch my voice network." You can't do policies like that. Policies are written in terms of addresses. So when you put access controls in, you're going to say specifically 10.10.97.0 should not be able to reach 10.10.96.0. So that's how we use addresses. So this gives an overview of how you build a hospital network at a high level. Next, what we're going to do is, we're going to go into more detail and walk through the specific topology design process we use to construct the network and actually connect the VLANs together.
