Secure Storage Expansion for Sensitive Patient Data
The group practice Dres. Haubert & Partner consists of a total of four dentists, twelve employees, two apprentices and three dental technicians based in Wathlingen, Germany. The foundations for the group were laid by Dr. Gerhard Haubert, who opened his first dental practice in Wathlingen in June 1990. Dr. Karin Haubert then joined the practice in 1993, followed by Dr. Holger Haubert in 2001. In 1999, Dr. Franziska Haubert opened a second practice in the same location. The two practices were subsequently extended and ultimately merged in 2005.
The group practice now has six treatment rooms and works in keeping with the motto “healthy teeth for a lifetime.” The concept is based on the following three pillars: Professional prevention and oral hygiene as well as modern, aesthetic and functional dentistry.
The dentistry performed in the practice generally focuses on preserving teeth and maintaining their function and aesthetics in the long term. Each patient is cared for individually before, during and after the treatment.
Our main priority is for our employees to be able to treat patients in a friendly, calm atmosphere free from fear and pain.
The group practice Dres. Haubert & Partner already uses on a network infrastructure, which includes a server from a well-known manufacturer among other things. This has now reached its maximum storage capacity, meaning the memory is in urgent need of expansion. However, the traditional solution of simply replacing the server with a new one would involve high costs, a long downtime and a complex setup process. Network performance needs to be maintained at a good standard throughout as patient data, dental software and even x-ray images must be constantly accessible in the practice within the shortest possible time. Longer downtimes would be inconceivable when dealing with patients.
High data protection and security standards are also essential in order to reliably protect the sensitive data of those using the practice from unauthorized access at all times.
Since the branded server currently used by Dres. Haubert & Partner has reached its maximum storage capacity, the dental practice opted for a Buffalo TeraStation 51210RH, which is now used parallel to the existing server. The latter is primarily used for system data, while the TeraStation is now responsible for storing all other practice data. The network memory is connected directly to the server via an Ethernet trunk with two 10-Gbit/s ports. The connection to the LAN is made via a 1-Gbit/s line; there is also another 1-Gbit/s connection available on the NAS for configuration and management. The TeraStation 51210RH is a 12-bay Rackmount NAS for businesses that need a reliable RAID-based memory system for their business-critical applications. Compared to the more traditional approach of swapping the old server for a completely new model with more storage capacity, this additional Buffalo NAS solution allows the group practice to bypass a costly, expensive exchange that would mean a longer downtime. There are also no compromises in terms of performance for the practice thanks to the device’s powerful hardware.
The TeraStation 51210RH has a high-performance Annapurna Labs® Alpine quad-core processor with 1.7 gigahertz and eight gigabytes of DDR3 ECC memory. This provides enough performance to easily handle data transfers and common NAS functions. The device is partially populated with four, or fully populated with twelve hard drives and up to 120 terabytes available. This is therefore ideal for growing companies that want to start with a smaller initial investment, but want to leave room for expansion in terms of storage space. JBOD and conventional RAID classes 0, 1, 5, 6 and 10 are supported so that users can count on maximum data transfer rates and also on the highest level of data security in the event of hard disk failure. Two integrated 10-gigabit Ethernet ports ensure reliably high transfer speed at all times.
The device therefore has enough computing power to provide memory for a virtualization server and the virtual machines running on it, such as Office packages or domain controllers. The practice does not yet have virtualization, but does intend to invest in the technology in the near future and will use a completely new server to do so. The TeraStation should, however, continue to be available as a reliable and secure memory solution in the network, even if a new server is integrated.
The TeraStation allows Dres. Haubert & Partner to avoid the conventional approach of swapping the old server for a new model with more storage space; this is advantageous as this approach is significantly more expensive and more complex. And although the practice had expected the network’s performance to drop slightly, this was not the case thanks to the direct connection of the Buffalo NAS and the device’s computing power.
The implementation was, in fact, carried out in the space of a weekend, meaning there was no downtime at all during day-to-day operations as the practice is only open from Monday to Friday. A second TeraStation 51210RH with the same equipment was also installed in a different fire protection section. The main memory data is automatically replicated for backup, so duplicate records are maintained at all times, and can be restored quickly in case of loss, and work can be resumed immediately using the second network memory.
Benefits for the Company
If the server was down for longer, this would pose significant limitations to the day-to-day work of Dres. Haubert & Partner, since many patient’s data and also medical documents such as X-ray images are only found on the network memory. In this instance, it would not be possible to coor-dinate treatment appointments, access patient records or view essential documentation for the internal laboratory. All this would happen with a more costly solution, such as a complete server swap. First of all, all the data on the old server would have to be backed up in order to then be able to perform the restore. All of this would have taken several days, therefore resulting in a longer downtime. The costs for the exchange would also have been somewhat higher—not only for the system consultant Kuhnert, who supervised the project, but also for the practice itself, since no productive work would have been possible.
Straightforward and Fast Implementation
IT consultants, Kuhnert, who were responsible for the implementation, only needed one weekend to integrate the NAS: Kuhnert pre-configured the NAS prior to implementation and brought it to the practice on a Friday night, when the Rackmount NAS was first installed. Kuhnert then bundled the two integrated 10-gigabit Ethernet ports of the TeraStation 51210RH to ensure maximum data transfer rates at all times. With the aid of Windows on-board tools (command line commands) and remote maintenance software, Teamviewer, the systems consultants copied all data from the old server to the NAS together with all authorizations. By the following Monday morning, the network memory was already in operation. Employees at the group practice did not notice anything of the memory changeover.
No Performance Losses Thanks to High Computing Power
Communication with the TeraStation 51210RH is carried out via the Internet Small Computer System Interface (iSCSI) protocol, ensuring that devices can access the built-in hard drives. The operating system simulates a local hard drive, even though the memory is located within the NAS. This boosts usability, but does present a common iSCSI-based problem. This is because this protocol involves block-based access via TCP/iP. This method causes some overhead as additional information is required for the memory. Especially compared to the Fiber Channel pro-tocol (FC-P) widely used in networks, iSCSI can therefore lead to performance losses. Further-more, only copper was used for the network lines and not glass fiber, which also means reduced performance. In fact, however, performance losses were restricted to such an extent that users barely noticed the changeover. The main reason for this is the TeraStation 51210RH’s powerful hardware and the numerous Ethernet ports, including the option of bundling the two network connections with 10 Gbit/s.
High Security Standards Protect Sensitive Patient Data
Security against cyberattacks, ransomware and theft are top priorities for Buffalo. And anyone dealing with such sensitive data, such as the group practice Dres. Haubert & Partner, must be able to rely on high security standards and measures.
The TeraStation Series NAS systems are closed systems that do not even assign root privileges to the administrator. This way, Buffalo is able to prevent the installation of unsafe third-party applications that would pose a risk of malware and virus infections. Connection to various network services can also be further restricted by disabling LAN ports or services. This reduces potential risks even further. Even the entire in-stallation of the TeraStation is carried out locally, meaning no active Internet connection is re-quired. There are also no user accounts created for remote maintenance as cybercriminals could steal these usernames and passwords.
The hard drives within the NAS devices can also be securely encrypted with the strong AES 256-bit standard. Even if the drives are stolen from the network memory, the data stored on them cannot be read—even on other TeraStations. Data transfer is also encrypted, which can be done via HTTPS. SFTP (SSH File Transfer Protocol) is also supported, which enables the secure exchange of data between host computers.
A password is always required to manage a TeraStation. Password protection can also be set up for file access. The support of ACL (Access Control List) also enables fine-tuned access rights control, e.g., for individual files or subfolders. Incidentally, if password protection is set up, other NAS models on the network need the appropriate access rights to make backups of TeraStation.
Buffalo also offers an optional license for virus scanning software to prevent infection of the entire network. If infected files are transferred to the NAS, the software detects them and either removes or quarantines the affected files, depending on the settings, to protect other systems in the network and prevent system-wide infection.
Even if the network memory itself is stolen, unauthorized persons would still not be able to access the memory. An activatable boot authentication, which is performed when connecting via a VPN or to a server or PC, ensures that the network memory only starts up on successfully authenticated devices. If this is not the case, the NAS will not boot. Potential thieves are therefore unable to use the device or to access the data. Incidentally, the data is automatically encrypted with active boot authentication, as mentioned above.
Tip: Complete backups of NAS devices are very useful and should be performed regularly. For example, Dres. Haubert & Partner uses the Buffalo TeraStation’s replication function to carry out real-time data backup on an identical Buffalo device in a different fire zone, and stores the yearly backup on USB hard drives in a strongbox.
External Access Possible
Remote access to the TeraStation 51210RH is essentially possible via an FTP browser, WebAccess or cloud synchronization functions. Since the access options can be defined in a fine-grained manner, each user only receives the data and services relevant to them, so that even sensitive data is extensively protected. Irrespective of this, employees and customers can access the services, data and applications at any time via Internet-capable devices, wheth-er mobile or stationary. If desired, the NAS can also be completely sealed off from the outside world to ensure the security of the data.
Five-Year Warranty and VIP Customer Service from Buffalo
Buffalo provides Dres- Haubert & Partner and all other customers of the TeraStation with a 5-year warranty, as well as the Buffalo VIP customer service. The latter includes advance exchange of devices and hard disks. In the event of a hard drive failure, the exchange will be made within 24 hours. This ensures that a technical problem does not lead to a longer work stoppage. Fast assistance is also available from Buffalo Technical Support via the tele-phone hotline.