[Audio] Hi, I'm going to walk you through the AI-enhanced network design I built for Pruhart Health — a multi-site clinic architecture that uses AI for scalability, threat protection, and automated incident response..
[Audio] I'll cover three things: first, the updated network architecture and how AI supports its scalability, including how the design was exported as a GNS3 portable project to GitLab. Second, the AI-driven threat protection built into the design — the IDS/IPS setup, security practices, and automated incident response. And third, an evaluation of the AI tools themselves, looking at performance, cost-benefit, and resource utilization..
[Audio] Here's the updated network architecture. Clinic A and Clinic B each keep their own local subnets, switches, and routers, but they connect back to Pruhart Health's home network through a site-to-site VPN over the Internet — shown here as the connections into the shared Internet hub. On the HQ side, you can see the edge router, firewall, DMZ, core switch, and the server farm with the backup, file, and EHR servers. AI monitoring watches load across these servers and can automatically scale up new instances, and it also predicts when the firewall or core switch will need a hardware upgrade based on traffic baselines. At the wireless edge, AI-driven controllers at each clinic's access point adjust power and channels as device counts grow..
[Audio] This design was built out fully in GNS3, then exported as a portable project and pushed to my GitLab repository, which you can see here — keeping the topology version-controlled and reproducible for future clinic sites..
[Audio] For resource management, the design leans on Azure for elastic capacity — during a surge, like flu season or a spike in imaging uploads, workloads can burst to Azure and scale back down automatically once utilization drops. On the LAN side, VLAN segmentation lets AI adjust quality-of-service in real time — for example, boosting bandwidth for EHR traffic while throttling less time-sensitive IoT polling. For load balancing, an AI-assisted system can learn Pruhart-specific patterns — which clinic drives the most EHR queries, when backup traffic peaks — and shift load before bottlenecks form. And at the wireless edge, AI-driven controllers adjust transmit power and channel selection as device counts grow, flagging when a clinic needs a second access point..
[Audio] Moving into security — I'm recommending Cisco Secure IPS, or Firepower, deployed inline at the HQ firewall, sitting on the transit segment between the edge router and the core switch. That single point gives it visibility into everything crossing between the internet and all three VLANs, without needing a separate sensor on each one. At each clinic, lightweight threat defense on the router feeds telemetry back to a central management console hosted on Azure. The whole system runs on Cisco Talos, which continuously updates threat signatures from global data, so Pruhart benefits from intelligence well beyond just its own network traffic. This setup is also built to defend the IoT segment specifically, since medical IoT devices are often not patchable — it can automatically block suspicious lateral movement from that segment toward the server subnet..
[Audio] For malware detection specifically, the design uses three layers: signature-based detection that blocks known threats almost instantly, behavioral analysis that learns what's normal for Pruhart's traffic and flags deviations, and sandboxing, which detonates suspicious files in isolation — that last piece matters here because the servers run Ubuntu, and Linux-targeting ransomware is underrepresented in signature databases, so the behavioral layer is doing real work. On the response side, there are two automated mechanisms built in. First, dynamic quarantine — if a host is flagged as compromised, it's automatically isolated to a quarantine VLAN within seconds, no manual work required, even after hours. Second, ransomware-triggered backup protection — if ransomware indicators show up, the system automatically isolates the current backup set, verifies its integrity, and sends the security team a pre-filled incident report. This matters for HIPAA compliance specifically, since it requires both active threat prevention and detailed audit logging, and this setup covers both from one console..
[Audio] Now for the evaluation piece, starting with performance. These are directional estimates based on how the design is expected to behave, not measured production data. Right now, EHR latency spikes unpredictably between 150 and 400 milliseconds under load. With AI-driven QoS adjusting in real time, that's expected to land under 50 milliseconds internally. Mean time to detect a threat currently depends on someone manually reviewing logs, which can take minutes to hours — with continuous AI monitoring, that drops to seconds. And failover currently requires manual intervention if a router or server fails; with this design, failover can happen automatically through a backup link or an Azure-hosted instance..
[Audio] Finally, cost-benefit and resource utilization. On the cost side, this is an ongoing licensing model — Firepower, Talos, and the malware analytics platform — plus staff training and a temporary productivity dip while admins adjust. But the benefit side is significant: a single undetected ransomware event involving patient data could easily cost more in HIPAA penalties than a full year of licensing, so a lot of this is really cost avoidance. Operationally, it frees admins from constant firefighting, and new clinics can enroll into the existing security platform at minimal added cost. As for resource overhead, it shows up in three places — memory, since the system maintains behavioral baselines for every host across all sites; processing, from inline deep packet inspection at the firewall; and bandwidth, from threat updates and telemetry. The mitigation is tiered inspection — full inspection only at security boundaries, with lighter inspection for traffic that stays inside one trusted VLAN — plus using Azure's elasticity to scale compute up and down as needed..