Louisville Medical Center

Louisville Medical Center Network
Technical Implementation Status

December 1, 1999

This report is based on a meeting held December 1, 1999 by the LMCnet Technical Committee. The committee met to discuss the implementation tasks and time lines for proposed LMCnet projects, including Internet access, removal of dedicated circuits, and any other additional "quick wins" that might be possible over the next six to twelve months.

Attending were:

Dave Cox, UofL
Bob Dooley, UMC
Mike Dyre, UofL
Hans Fiedler, UofL
Phil Shelley, JHHS
Kevin Shively, UofL
Dan Wintringham, JHHS
JoAnn Kaelin, UofL

LMCnet Network Connectivity

Two organizations (UofL and UMC, Inc.) are currently connected to the LMCnet ATM backbone. A meeting is scheduled for December 13^th to complete the installation of the LMCnet to Jewish. Norton is expected to connect to the LMCnet in the 1^st Quarter 2000.

Connectivity to the LMCnet ATM backbone is a prerequisite for access to any shared services. Also, some joint projects, such as the ATM connection between the UofL CVIP Lab and Norton Healthcare, depend on this connectivity.

Institutional Network Facilities

Currently, some ad hoc networking has been implemented to provide access for University faculty in remote locations, such as on the 6^th floor of Jewish hospital and in the Doctor's Office Building. These connections depend on dedicated cable or fiber paths outside of the normal networking of the organization that owns the facility. These arrangements provide an extension of the UofL network into the other institution.

When the LMCnet backbone network is complete, each organization should be able to provide connectivity and access to services for the occupants of a building regardless of organizational affiliation. However, this access also depends on the resolution of issues of security and addressing.

Security and Firewalls

Security is often implemented by isolating an organization's network behind a firewall. The firewall gives the network manager control over the traffic passing into or out of a network

UofL implements network security though its routers and switches and does not have a separate firewall system. UMC send all traffic for the Internet or LMCnet through a firewall system (using Novell Border Manager) which implements address translation. Jewish has not yet implemented a firewall. <Alex - status of firewall at Norton?>

IP Addressing

Systems at UMC, Jewish, and Norton are networked using private IP addresses, and will be able to access each other's systems using private address space over the LMCnet. Routing on LMCnet will be implemented so that these private addresses will not be passed out to UofL or to the Internet.

At UofL, IP addresses are assigned dynamically through DHCP. Jewish Hospital uses hard-coded addresses. <Alex - how are IP Addresses assigned at Norton?>

Internet Access for workstations

UofL's network is implemented with Internet access directly to each desktop. Each system on the University network is capable of full Internet access, and has a public (advertised) IP address. In UMC and Jewish, full internet access to all desktops is not desired and has not been implemented. Provision of Internet service at Jewish requires an approval process. <Alex - implementation at Norton?>

To provide Internet access at the hospitals, a workstation must be identified to the network so it can be assigned a public IP address. In most cases an address translation server is required to translate the private addresses to public ones. Each organization is responsible for managing and maintaining its own address translation server if needed.

Internet access for organizations

One of the first implementation opportunities is the provision of Internet services through the LMCnet. The LMCnet should be able to provide a high performance Internet connections at a lower cost since access to UofL's DS-3 (45 Mbps) Internet circuit is possible with no local loop costs.

Implementation is simplified if Internet service is provided through LMCnet to an entire organization. If Internet access for UofL faculty is to be provided by UofL, but Internet access for the rest of an organization is to be provided through another vendor, then it will be necessary to split the traffic based on the workstations where it originates.

Once the LMCnet connections are in place, provision of Internet service is mostly a matter of establishing desktop connectivity and network administration. The network administration issues involve the firewall and address translation.

Within the UofL network, a Belknap - HSC dedicated fiber link is desired to provide a separate path for Internet traffic. While Internet service can be supported today across the FDDI link, the fiber link will relieve the campus network of that load.

Access to library databases and services

The University Libraries subscribe to web-accessible data services that are licensed for University faculty, staff, and student use. Hospital libraries need access to these databases for at least the UofL faculty.

The data vendors use a primitive form of authentication by allowing access to workstations connecting from the louisville.edu domain or with a 136.165.xxx.xxx IP address.

University campus workstations and UofL.net Remote "Plus" dial account users can access these databases and services directly since the access comes from louisville.edu. However, access from locations originating on networks outside of UofL require the use of a UofL proxy server.

The proxy server acts as an agent for university faculty, staff or students that are in off-campus locations or on the Internet through another ISP, such as AOL or BellSouth.net. The proxy server is used only for licensed data base access, not for general Internet access, and must be set up for each separate database.

A proxy server (using a browser proxy auto-configuration file) in place and operational today. A different kind of proxy server (called a pass-through proxy) is being tested which will allow secure authenticated access without browser configuration requirements. Availability of the pass-through proxy is expected in the 1^st quarter 2000.

Dedicated circuits

Two T1s and on 56K circuit were identified:

T1 from UMC to Jewish Hospital Information Services
T1 from UMC to Jewish Hospital Pathology Lab
56K line from UMC to Norton

It is proposed that dedicated circuits be replaced by Permanent Virtual Circuits (PVCs) through the LMCnet ATM network. Any new PVCs will be tested before conversion for the physical circuit. There is no time line yet for replacement of the dedicated circuits to Jewish. The technical group will need to identify the tasks and time line at a future meeting.

Other Opportunities

The group briefly discussed other possibilities for the LMCnet, including:

Shared voice services, such as voice over IP
Shared remote access (via shared modem pool)
Sharing of digital images
Access to electronic medical records

Conclusions

1) The immediate issues that can be addressed are Internet access and removal of dedicated circuits.

2) Tasks required to configure Internet access include:

complete the LMCnet connection,
extend institutional network access to the desired locations,
establish the firewall and IP address translation systems, and
administer routing of Internet traffic to the proper service provider (splitting between two providers where necessary).

3) The hospitals should look at acquiring all their Internet service through LMCnet to potentially obtain higher performance at a lower cost.

4) Dedicated circuits should be moved to LMCnet as soon as possible to begin saving the costs for leased circuits.