IT Infrastructure Architecture and Implementation for a Medical and Service Facility

The project involved the design and implementation of a complete IT infrastructure for the multifunctional MediSword facility, combining medical, recreational, sports, and hotel facilities. The goal was to create a stable, secure, and easy-to-maintain IT environment that supports the daily operations of the reception desk, treatment rooms, and customer and guest services.

The scope of work included architectural design, configuration, system integration, and ongoing infrastructure maintenance.

Scope of Work

1. LAN / Wi-Fi Network

  • Design of wired infrastructure for the reception desk, treatment rooms, technical support, and hotel areas,
  • Wi-Fi network with clear division into:
    – employee network,
    – guest network,
    – technical device network,
  • network segmentation (VLAN) and guest network isolation,
  • router and switch configuration and signal coverage optimization,
  • basic security mechanisms and network parameter monitoring.

2. Windows Server and Work Environment

  • Active Directory domain implementation
    – user accounts, groups, and roles,
    – centralized permission management,
  • network shares and printers,
  • group policies (GPOs) for reception desks and offices,
  • event auditing and basic security policies.

3. Server Services and Application Systems

  • integration of the application layer with the server infrastructure,
  • VPS configuration for websites and reservation systems,
  • domain, DNS, and SSL certificate management,
  • service availability monitoring and automatic notifications,
  • system stability and response time optimization.

4. Backup and Data Protection

  • automatic backups of key workstations and documentation,
  • rotational backups with regular recovery tests,
  • data loss protection and basic malware protection mechanisms,
  • documentation of backup and recovery procedures.

5. Video Surveillance (CCTV)

  • Configuration and integration of IP cameras in public areas and back offices,
  • Circuit TV system separation into a separate subnet,
  • Secure remote access via VPN,
  • Monitoring of recording parameters and data retention,
  • Integration of monitoring with the remaining IT infrastructure.

6. Access Control

  • Integration of card/RFID/ticket systems with the facility network,
  • Configuration of entry points: reception, service areas, offices,
  • Central management of user permissions,
  • Monitoring of logs and device communication,
  • Operational support and troubleshooting.

7. IT Infrastructure Maintenance

  • Ongoing user support,
  • Regular system and device updates,
  • Continuous monitoring of key services,
  • Quick response to failures and incidents,
  • Full infrastructure and procedure documentation.

Key architectural decisions

  • dividing the network into segments with different security levels,
  • centralized user management within a domain,
  • separation of technical systems (CCTV, access control) from the user network,
  • automated backups,
  • emphasis on documentation and ease of maintenance.

Results

The implemented IT infrastructure ensured stable and predictable system operation throughout the facility. The structured network, centralized user management, secure backups, and monitoring and access control systems enabled:

  • efficient reception and office service,
  • increased data and facility security,
  • full control over the IT environment,
  • easier maintenance and further expansion of the infrastructure.

Technologies

Windows Server, Active Directory, GPO, DNS, DHCP, SMB
Linux (VPS), Apache / Nginx, SSL certificates
Routers and switches (VLAN, network segmentation)
Multi-zone Wi-Fi
Rotational backups and playback tests
CCTV (IP cameras, recorders)
VPN (OpenVPN)
CMS (Joomla)

See other projects