Interface Connectivity Worksheet (Supplemental)

Transcription

Interface Connectivity Worksheet (Supplemental)
Interface Connectivity Worksheet
(Supplemental)
Socket (MLLP) over SSH
Socket (MLLP) over VPN
FTP over VPN
Version 2.2
Athenahealth Confidential. Do not redistribute without permission.
Socket'(MLLP)'over'SSH'Connec0vity'Worksheet'
athena&interface&server&
logs&into&SSH&server&at&client&
Your&local&network&
E'(creden;als)&
Vendor&
System&
F'(ip)&
G'(port)&
C'(ip)&
H'(port)&
SSH&
Server&
Vendor’s&app&server&talks&
internally&to&SSH&server&
athena&network&
A&(ip)&
B'(port)&
Internet&
SSH&tunnel&creates&secure&
communica;on&path&
Interface&
Server&
IP:&208.78.140.30&
(or)&
IP:&208.78.143.130&
Client'setup'informa0on'
A:&public&IP&address&of&SSH&server*& ________________________&
B:&public&port&of&SSH&server&(22)&
________________________&
E:&SSH&username/password&
________________________&
C:&internal&IP&address&of&SSH&server&
F:&internal&IP&address&of&app&server&
H:&internal&port&for&SSH&server&
G:&internal&port&for&app&server&
________________________&
________________________&
________________________&
________________________&
A'B'E'required&for&all&SSH&connec;ons&
C'F'H'required&for&connec;ons&to&athena&
C'F'G'required&for&connec;ons&from&athena&
*&If&you&do&not&already&have&an&SSH&server,&athena&suggests&VSHELL,&at&hRp://www.vandyke.com/products/vshell/index.html&
Interface&Connec;vity&Worksheet&&–&&page&2
&
&&Version&2.2
&&&&&&&&&&&&&&&&&&&&&athenahealth&Confiden;al.&&Do&not&redistribute&without&permission.&
VPN'Connec0vity'Guidelines'
Your&local&network&
Vendor&
System&
F'(NAT’d&ip)*&
P'(local&ip)&
G'(port)&
VPN&
Router&
athena&network&
A&(ip)&
VPN&tunnel&
J&(brand/model)&
VPN'Requirements'
VPN$setup$call$
Your&network’s&VPN&and&NAT&configura;ons&
should&be&complete&and&tested&prior&to&the&
VPN&setup&call&(see&next&page).&Failure&to&
complete&configura;on&prior&to&the&call&will&
lead&to&substan;al&delays&in&establishing&
connec;vity.&
$
NAT$rou1ng$
athenahealth&requires&your&network&to&be&
configured&to&NAT&to&either&a&public&IP&
address&OR&a&private&IP&address&that&athena&
will&provide&in&order&to&avoid&IP&overlaps&
within&our&network.&If&you&do&not&have&
access&to&network&engineering&resources&to&
set&up&a&NAT&or&do&not&wish&to&NAT&your&
traffic,&we&recommend&a&standardized&
connec;vity&method&rather&than&VPN.&
&
IKE'Authen0ca0on'Method' PreYshared&keys&
IKE'Encryp0on'Algorithm' AES256&*&
IKE'Hash'Algorithm' SHA_1&‡&
IKE'DiffieNHellman'Group' Group&2&
Phase'1'Life0me' 86400&
IPSEC'Protocols' ESPYAH&
IPSEC'Encryp0on'Algorithm' AES256&*&
IPSEC'Integrity'Algorithm' ESP_SHA_HMAC&
Perfect'Forward'Secrecy' Disabled&
Phase'2'Life0me' 28800&
Mode' Tunnel&
IP'Payload'Compression' Disabled&
Dead'Peer'Detec0on' On&
*&3DES&can&be&used&if&AES256&is&unavailable&
‡ &MD5&can&be&used&if&SHA1&is&unavailable&
&
Interface&
Server&
Cisco&ASA&5550& IP:&208.78.140.29/32&
IP:&208.78.140.250&
208.78.140.30/32&
VPN'Gateway'AFributes'
Interface&Connec;vity&Worksheet&&–&&page&3
VPN&
Router&
&&Version&2.2
&&&&&&&&&&&&&&&&&&&&&athenahealth&Confiden;al.&&Do&not&redistribute&without&permission.&
Socket'(MLLP)'over'VPN'Connec0vity'Worksheet'
Your&local&network&
Vendor&
System&
F'(NAT’d&ip)*&
P'(local&ip)&
G'(port)&
VPN&
Router&
athena&network&
A&(ip)&
VPN&tunnel&
J&(brand/model)&
A:&public&IP&address&of&VPN&gateway& ________________________&
J:&VPN&gateway&device&model&
________________________&
F:&NAT’d&IP&address&of&app&server&
________________________&
P:&Local&IP&address&of&app&server&
________________________&
G:&local&port&for&app&server&
________________________&
U1:&VPN&administrator’s&name&
________________________&
U2:&VPN&administrator’s&email&
________________________&
U3:&VPN&administrator’s&phone&
________________________&
U4:&Setup&(MYF&at&10am&or&3pm&ET)& ________________________&
&
Interface&
Server&
Cisco&ASA&5550& IP:&208.78.140.29/32&
IP:&208.78.140.250&
208.78.140.30/32&
Client'Setup'
Interface&Connec;vity&Worksheet&&–&&page&4
VPN&
Router&
&&Version&2.2
A'J'F'P'required&for&all&VPN&connec;ons&
F&Vendor&system&must&have&a&public&IP&address,&or&
NAT’d&address&assigned&by&athena&from&one&of&the&
following&pools:&
192.168.241.x&&
&10.255.2.x&
192.168.248.x&&
&10.255.3.x&
192.168.250.x&&
&10.255.4.x&
192.168.251.x&
&192.168.253.x&
&
If&you&REQUIRE&a&specific&range&from&above&(subject&
to&availability),&please&specify&–&otherwise&athena&
will&select:&&_______________________&
G'required&for&connec;ons&from&athena&
U1NU3&required&for&;mely&setup&of&VPN&connec;on&
U4&Select&a&date/;me&to&exchange&preYshared&secret&
and&validate&network&connec;vity&–&Monday&thru&
Friday&at&10Y11am&OR&3Y4pm&Eastern&Time.&
&&&&&&&&&&&&&&&&&&&&&athenahealth&Confiden;al.&&Do&not&redistribute&without&permission.&
FTP'over'VPN'Connec0vity'Worksheet'
Your&local&network&
FTP&
Server&
F'(NAT’d&ip)*&
P'(local&ip)&
VPN&
Router&
athena&network&
A&(ip)&
G'(port)&
E'(creden;als)&
D'(file&path)&
J&(brand/model)&
VPN&tunnel&
A:&public&IP&address&of&VPN&gateway& ________________________&
J:&VPN&gateway&device&model&
________________________&
F:&NAT’d&IP&address&of&FTP&*&
________________________&
P:&Local&IP&address&of&FTP&server&
________________________&
G:&local&port&for&app&
________________________&
E:&FTP&username/password&
________________________&
D:&File&path&to&final&FTP&directory&
________________________&
U1:&VPN&administrator’s&name&
U2:&VPN&administrator’s&email&
U3:&VPN&administrator’s&phone&
U4:&Setup&(MYF&at&10am&or&3pm&ET)&
________________________&
________________________&
________________________&
________________________&
&
Interface&
Server&
Cisco&ASA&5550& IP:&208.78.140.29/32&
IP:&208.78.140.250&
208.78.140.30/32&
Client'Setup'
Interface&Connec;vity&Worksheet&&–&&page&5
VPN&
Router&
&&Version&2.2
A'J'F'P'required&for&all&VPN&connec;ons&
F&The&FTP&server&must&have&a&public&IP&address,&or&
NAT’d&address&assigned&by&athena&from&one&of&the&
following&pools:&
192.168.241.x&&
&10.255.2.x&
192.168.248.x&&
&10.255.3.x&
192.168.250.x&&
&10.255.4.x&
192.168.251.x&
&192.168.253.x&
&
If&you&REQUIRE&a&specific&range&from&above&(subject&
to&availability),&please&specify&–&otherwise&athena&
will&select:&&_______________________&
G'E'D'required&for&FTP&connec;ons&to/from&athena&
U1NU3&required&for&;mely&setup&of&VPN&connec;on&
U4&Select&a&date/;me&to&exchange&preYshared&secret&
and&validate&network&connec;vity&–&Monday&thru&
Friday&at&10Y11am&OR&3Y4pm&Eastern&Time.&
&&&&&&&&&&&&&&&&&&&&&athenahealth&Confiden;al.&&Do&not&redistribute&without&permission.&