What is the IU Health Sciences Network?

The IU Health Sciences Network (HSN) is a virtualized and protected network that secures workstations used for healthcare and related research. With IU School of Medicine (IUSM) approval, the HSN can be provided wirelessly or from almost any data jack at IUPUI and, via special partnerships with IU Health and Eskenazi hospitals, within those facilities as well. The HSN provides two important features:

  • The HSN is protected by a firewall that prohibits all but select networks from initiating inbound traffic. All traffic is allowed to exit the HSN, unrestricted. However, Internet-sourced traffic is not allowed to initiate connections to systems within the HSN.
  • The HSN is a virtualized network that has been extended into the IU Health and Eskenazi hospitals. Members of the IU community within one of those hospitals can connect to the HSN in one of three ways:
    • You can request that the HSN or "IU Network" be provided to a specific data jack.
    • You can connect to a special wireless SSID called "IU HSN Secure". IU HSN Secure places those within the HSN and is broadcast at each hospital.
    • An SSL VPN group for IUSM provides remote access to the HSN; it is authenticated against the same Active Directory groups as IU HSN Secure. Users who connect to the HSN VPN will receive an address from the following HSN IP subnet: 149.163.132.0/23 (149.163.132.11 - 149.162.133.254). You can reach the SSL VPN at https://vpn.iu.edu/hsn.

Using the HSN

Two groups of IU users may wish to access the HSN:

  • Those located within IU Health or Eskenazi hospitals who need access to restricted or privately addressed IU resources
  • Those located within IU facilities who want an extra layer of security for their healthcare or research workstations

The HSN is composed of one large public/private subnet for both wired and wireless, regardless of where the network is located. Those subnets are:

  • Public: 149.163.128.0/17
  • Private: 10.227.128.0/17

Some public and private IPs are available for static assignment. If you require a static IP, contact dns-admin@iupui.edu with your location (institution and building). If you have a device, such as a printer, that will not require reachability outside of IU, you should use a private IP address to enhance security and reduce the number of public IPs consumed.

Do not place servers on the HSN; servers should be placed within one of the IU Data Centers, behind the Data Center firewalls.

The IU network does not provide encryption; it is important that any critical data requiring encryption be encrypted prior to transmission from the client or server. Encryption between the client and server ensures that the encryption is end-to-end.

To make sure the HSN is easily available, no departmental separation exists within IU Health or Eskenazi. Other than VLAN separation between buildings, all HSN workstations are able to communicate with each other, and all are behind the same firewall. Therefore, as a final layer of protection, workstations within the HSN should be operating host-based firewalls.

IU users within IU Health may request wired access to the HSN by contacting the IU Health Help Desk and specifying a jack ID. To request wired access to the HSN at the Eskenazi hospital, contact the hospital help desk at 317-880-7800.

Note:
IU HSN Secure wireless and the HSN SSL VPN Group are restricted to IUSM users. If you believe you should be able to access these services but cannot, contact caits@iu.edu.

IU workstations, whether on the IU or HSN networks, will not be able to reach IU Health or Eskenazi privately addressed systems, unless the appropriate institution is aware of the need for the system to be reachable from IU. In such cases, IU Health or Eskenazi can generally use their edge firewall or router to perform network address translation (NAT). Using NAT, either institution can statically provide a public-to-private IP mapping. This should enable an IU workstation to reach the system, such as a web server, using the statically mapped public IP address. However, it is important that any workstation at IU that needs to communicate to an IU Health or Eskenazi system is configured with a public IP.

Privately addressed devices, such as printers or servers, on IU's network or within the HSN, will not be reachable by IU Health or Eskenazi. IU does not perform NAT translations for private IPs. Therefore, any system at IU that either needs to be reachable by an IU Health or Eskenazi system or needs to connect to an IU Health or Eskenazi system, must itself have a public IP.

As a reminder, private addresses are in the following ranges:

  • 192.168.0.0 - 192.168.255.255 (not used at IU)
  • 10.0.0.0 - 10.255.255.255
  • 172.16.0.0 - 172.31.255.255 (not used at IU)

This is document bdnb in the Knowledge Base.
Last modified on 2016-12-08 15:23:25.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.