IU Health Sciences Network

On this page:


Overview

The IU Health Sciences Network (HSN) is a virtualized and protected network that secures workstations used for healthcare and related research. With IU School of Medicine (IUSM) approval, the HSN can be provided wirelessly or from almost any data jack at IUPUI and, via special partnerships with IU Health and Eskenazi hospitals, within those facilities as well.

To view all the content available to you here, use the green Log in button at the top of this page to log into the Knowledge Base.

The HSN provides two important features:

  • The HSN is protected by a firewall that prohibits all but select networks from initiating inbound traffic. All traffic is allowed to exit the HSN, unrestricted. However, internet-sourced traffic is not allowed to initiate connections to systems within the HSN.
  • The HSN is a virtualized network that has been extended into the IU Health and Eskenazi hospitals. Members of the IU community within one of those hospitals can connect to the HSN in one of three ways:
    • You can request that the HSN or "IU Network" be provided to a specific data jack.
    • You can connect to a special wireless SSID called "IU HSN Secure". IU HSN Secure places those within the HSN and is broadcast at each hospital.
    • An SSL VPN group for IUSM provides remote access to the HSN; it is authenticated against the same Active Directory groups as IU HSN Secure. You can reach the SSL VPN at https://vpn.iu.edu/hsn.

Use the HSN

Two groups of IU users may wish to access the HSN:

  • Those located within IU Health or Eskenazi hospitals who need access to restricted or privately addressed IU resources
  • Those located within IU facilities who want an extra layer of security for their healthcare or research workstations

The HSN is composed of one large public/private subnet for both wired and wireless, regardless of where the network is located.

Some public and private IPs are available for static assignment. If you require a static IP, contact dns-admin@iupui.edu with your location (institution and building). If you have a device, such as a printer, that will not require reachability outside of IU, you should use a private IP address to enhance security and reduce the number of public IPs consumed.

Do not place servers on the HSN; servers should be placed within one of the IU Data Centers, behind the Data Center firewalls.

The IU network does not provide encryption; it is important that any critical data requiring encryption be encrypted prior to transmission from the client or server. Encryption between the client and server ensures that the encryption is end-to-end.

To make sure the HSN is easily available, no departmental separation exists within IU Health or Eskenazi. Other than VLAN separation between buildings, all HSN workstations are able to communicate with each other, and all are behind the same firewall. Therefore, as a final layer of protection, workstations within the HSN should be operating host-based firewalls.

IU users within IU Health may request wired access to the HSN by contacting the IU Health Help Desk and specifying a jack ID. To request wired access to the HSN at the Eskenazi hospital, contact the hospital help desk at 317-880-7800.

Note:
IU HSN Secure wireless and the HSN SSL VPN Group are restricted to IUSM users. If you believe you should be able to access these services but cannot, contact htshelp@iu.edu.

IU workstations, whether on the IU or HSN networks, will not be able to reach IU Health or Eskenazi privately addressed systems, unless the appropriate institution is aware of the need for the system to be reachable from IU. In such cases, IU Health or Eskenazi can generally use their edge firewall or router to perform network address translation (NAT). Using NAT, either institution can statically provide a public-to-private IP mapping. This should enable an IU workstation to reach the system, such as a web server, using the statically mapped public IP address. However, it is important that any workstation at IU that needs to communicate to an IU Health or Eskenazi system is configured with a public IP.

Privately addressed devices, such as printers or servers, on IU's network or within the HSN, will not be reachable by IU Health or Eskenazi. IU does not perform NAT translations for private IPs. Therefore, any system at IU that either needs to be reachable by an IU Health or Eskenazi system or needs to connect to an IU Health or Eskenazi system, must itself have a public IP.

This is document bdnb in the Knowledge Base.
Last modified on 2023-08-16 16:09:53.