Why Use VMware NSX for Mergers and Acquisitions?

The trend of mergers and acquisitions (M&A) is on the rise for healthcare providers and it is not slowing down. As MACRA is defined over the next few years and reimbursals are modified, we will see continued pressure to consolidate healthcare organizations. There will be impact to staff, systems, and to all aspects of the combined organizations. Merges take quite a bit of time to integrate systems and migrate patient data to a central system. What is the opportunity cost of that time to patient care, outcomes and the bottom line?  Often times clinical outcome improvement initiatives, capital investments and improving operational efficiency is delayed until leadership decides how they will integrate the organizations. This plan will then fully consume resources, budgets and can take years to complete. These organizations are still working in a legacy hardware based approach and thought process.  Shifting to a software defined architecture approach allows for a simpler and quicker integration of organizations and shared services.

What if there was a way to leverage all existing network and data center hardware between the acquiring or acquired, maximize data center efficiency and utilization across locations, while maintaining security policy and control? Yes, you can with VMware NSX!  NSX can be a significant part of your M&A plan and the run book for on-boarding ambulatory centers, doctors offices, urgent care centers, and other healthcare services.  You are now moving to a streamlined and automated policy based methodology.

UntitledThe use cases demanded by the business determines the features and services you need  to enable with VMware NSX.  You can be selective in what steps you take, your on-boarding approach and where you need to apply specific solution components. Once integrated in your environment, NSX software defined capabilities are always available for insertion and immediately available to serve the business requests.  For example, in a virtual desktop deployment or for a business critical applications architecture you can enable security based only aspects with micro-segmentation, where it is not required to enable the NSX software defined networking capabilities. You can also start with software defined networking but I will discuss why you may want to secure your workloads prior to connecting to unknown entities.


The NSX Methodology for M&A

The following four categories layout an approach for an M&A methodology supported by VMware NSX.  The order is important since we are leveraging the NSX platform to reduce risk while providing the ability to move faster than other approaches.  I have outlined the ASCII (Assess, Secure, Connect, Integrate/Ingest) approach below and I will elaborate on each section in future posts.


Screen Shot 2016-06-28 at 9.26.30 AMliveflowAssured security enables organizations to adopt and operate distributed security models such as micro-segmentation, across data center, across organizations and the cloud. Most organizations do not have the details of application flows between the various application modules.  All flows including East-West data center flows need to be analyzed and categorized.  These categories will be the basis for security groups where security modeling and object based security policies are created to achieve a Zero Trust security model for  your most critical EHR and PCI applications.


isolationSecure the applications with micro-segmentation where workloads are locked down in a zero trust model, while you apply policies around the components of an application, specific workloads, a security quarantine tag, or apply a policy for an entire organization. Policy enforcement moves from static line entries to object level based automated enforcement. You define the policy and the workloads are dynamically protected. The data center is now protected inside the perimeter where your own internal data center infrastructure and east-west traffic is secured.  This lessens the risk that a compromised system integrated during the M&A process can infect your existing systems.  As part of the M&A process you can extend this protection into the acquired data center prior to connecting them to your network.  This allows you to add another level of security by micro-segmenting the acquired data center and gaining greater visibility into their environment.


Screen Shot 2016-06-28 at 4.03.33 PMA secured data center allows you to connect to other data centers or offices with a reduced attack footprint while mitigating and reducing risk.  IP connectivity is all you need between hosts wherever they are located.  There are multiple options to connect at the Layer 2 or Layer 3 level allowing workloads to move without requiring an IP address change.  In many cases there are legacy applications with hard-coded IP addresses where you need to maintain or extend the same segment across data centers.  You can leverage the Internet while waiting on data center interconnects without adding hardware.   You can even start to look at SD-WAN alternatives and reduce your monthly recurring WAN costs. Applications can move freely to where the resources are available.  You can spin up all the components for the connection without needing additional hardware by using NSX Edge Services Gateways.  Now you are turning a manual and tedious process into a run book you have created easily replicated using NSX.


Screen Shot 2016-06-28 at 4.01.23 PMYou have a securely connected environment and you can use it with the great efficiency. Workloads can be moved or migrated to the primary data center as virtual workloads or as a P2V migration. You can start to offer high availability at the application layer while offering BC/DR services much easier than before. You now have planned migration options as well as the ability to spin up on demand security policies, distributed routing and switching and software load balancing from a centralized management platform.  QA, Test, and development platforms can co-exist on the same physical hosts using distributed firewalls, distributed routing and NAT.  The barriers where workloads are segmented between racks or data centers no longer exist and your utilization of assets will increase.


Healthcare organizations can leverage NSX for increased speed, agility, and security, in addition to deep CapEx and OpEx savings. The M&A conundrum using a software defined network and security provides significant savings over traditional physical integration approaches while ensuring application connectivity and data security.  Reducing risk, simplifying the operational component of mergers and driving down costs are all powerful benefits of NSX.

Please also see Securing and Simplifying M&A with NSX by Blane Clark.