Skip redundant pieces
Information Resources  :

NETWORK INFRASTRUCTURE UPGRADE AND MIGRATION:


What we’re doing and why we’re doing it

New network deployment and architecture

The University and the Hospital installed a new network infrastructure in the fall of 2002. It consists of separate University and Hospital networks sharing a connection to the Internet. The new network was installed parallel to the original, or legacy, network so that both could be operational during a methodical migration from the old to the new. The new network is much faster, much more reliable, and more secure. There is a connection between the original network and the new network that allows internal campus users from either network to access servers on either network.

Improved security: firewalls, VPNs, private IP address

The Hospital will place a firewall between the University and the Hospital network requiring anyone on the University network (users outside the physical hospital building) to utilize VPN technology (discussed in more detail later in this document) to access hospital systems or servers. This firewall also protects the Hospital from intrusion from the public Internet. This configuration is required to meet the Hospital Security Department’s interpretation of the Federal HIPAA legislation.

The University is installing a firewall between the University network and the Internet. The University will create two areas behind the firewall: a secure area for sensitive servers and all workstations and a public area for web servers and other servers that require access from the Internet. Access from off campus to the secure area will require the use of VPN (Virtual Private Network) client software on the off-campus computer (home computer, laptop, or other). VPN technology creates a secure, authenticated and encrypted “tunnel” (path that is secure) between the off-campus computer and the system being accessed.

Both the Hospital and the University are implementing “private IP addressing.” Under the current system, every computer in the Medical Center has a global Internet address and is potential visible anywhere on the Internet. With private addressing, all University computers will be essentially invisible to the Internet.


KUMC Network Overview

Migrating Users to the new Network

We began migrating users to the new network on January 7, 2003. We will move users from the old to the new network floor by floor and building by building during the winter and spring of 2003 with a target completion date of July 2003.

Information Resources along with department computer administrators will conduct pre-migration meetings two weeks prior to the migration of each floor to determine any individual user requirements or configurations. Once we migrate a floor to the new network, every desktop computer on that floor will be behind the firewall and will have a private address. Any special individual needs for resource access either on or off-campus should be raised during the pre-migration meetings so they can be resolved.

Remote (home) access to information resources on the new network

Home users of broadband (cable modem, DSL) Internet services will need to run a VPN client on their home computer to access either University or Hospital resources behind the firewalls. We are developing protocols and will begin to distribute VPN clients in late January or early February 2003.

Users of KUMC-Online (KUMC’s dial-up network service) will see no change in their access unless they need to access resources behind the Hospital’s firewall, in which case they will need to run the Hospital’s VPN client on their computer

A list of questions that need to be answered in the pre-migration meeting:

  1. Are you aware of having a fixed IP address? Have you ever been told that you have a permanent or static IP address or a permanent lease?
  2. Do you connect to the SMS system in the Hospital?
  3. Do you use any other Hospital servers or systems? Which ones?
  4. Do you ever connect to this PC from home or another off-campus site? Does this computer use a modem to allow incoming connections? What package do you use to connect to your PC? (PC Anywhere, Carbon Copy, Windows terminal server, netmeeting etc.)
  5. Does anyone off campus attach to your PC or a server in this building? If so what services do they use? (FTP, HTTP).
  6. Are you aware of any servers or shared computers running in this building or in your department?
  7. Do you use a VPN Client to access off campus resources?
  8. Do you use direct IP printing?
  9. Do you use Novell Client32 to map a drive (e.g., the g:\ drive) to a KUMC file server from home or another off-campus site?
  10. Do you use a Macintosh? If so visit www2.kumc.edu/help/appletalk.
  11. Do you videoconference over the Internet?

FAQ

What is a firewall?
A firewall is hardware and software installed at the perimeter of a network to enforce access control policies between the internal network and external networks. This is typically accomplished by blocking certain types of traffic from entering the internal network.

What is a VPN?
VPN stands for Virtual Private Network. It allows users off-campus to establish an encrypted, authenticated tunnel to the campus network, bypassing the firewall.
This allows users to access the campus network as if they were directly connected to the campus network. Users off-campus desiring to access services blocked by the firewall will need to use a VPN client.

For more information

Please address questions about the new network and the network migration to Steve Selaya (ext. 8-4835), Matt Fuoco (ext. 8-4970), or Jim Bingham (ext. 8-7301).

top of page