Presentation is loading. Please wait.

Presentation is loading. Please wait.

AllianceChicago Services - Architecture Overview and Q&A

Published byMaría del Pilar Castellanos Sevilla Modified over 5 years ago

Similar presentations

Presentation on theme: "AllianceChicago Services - Architecture Overview and Q&A"— Presentation transcript:

1 AllianceChicago Services - Architecture Overview and Q&A
Matt Sterling Director, Information Technology

2 Agenda IT Team Organization Infrastructure Review Best practices
Uptime Calculations Security topics (if time or join us tomorrow) Please ask questions as we go along

3 AllianceChicago Resources
We supply all services through Citrix XenApp or XenDesktop There is an encrypted connection between the workstation you access from and the Citrix NetScaler in the datacenter. Users have no direct access to servers. We handle software updates for windows and for Centricity as well as all other supporting applications that HB utilizes. We do not get involved in user administration, access control and utilization of Centricity Practice Solution. This is the responsibility of the health center

4 IT Team Organization

5 Cyxtera Datacenter 350 E. Cermak

6 Security - Physical 350 E Cermak has at least three layers of physical security Digital Reality runs the entire building and secures access into the first floor of the building Once getting off the elevator to the 7th floor, two access doors limit access to the datacenter floor. The first access to the lobby is badge only, the second access door requires fingerprint and badge at the same time. Once on the datacenter floor, a badge is required to enter our dedicated cage. Cameras record access to all areas in and outside of the building Normal tier-3 N+1 datacenter protections for power and cooling exist Annual SAS70 audit is completed by the datacenter service provider

7

8 DR and Business Continuity
We have a significant amount of redundancy within our infrastructure We have N+1 host server blades available We have N+1 power and network capabilities We do not contract currently for compute capabilities outside of our secured datacenter

9 DR and Business Continuity
We now have multiple layers of backup within the datacenter and off site We have snapshots of data on the same storage system available at a regular interval depending on the server We are implementing snapshots of data from our production storage system to a DR storage system on a regular interval We have a separate Commvault backup system which captures backups every evening We use that same Commvault system to capture SQL log information every 15 minutes for CPS databases We copy backups from the local Commvault system to a Azure data vault off site on a regular basis depending on the type of data

10 DR and Business Continuity
We have tiered all of our servers according to risk to determine expediency of deploying patches and emergency software updates We have tiered all of our servers according to system restore procedure to determine frequency and mode of backup

11 DR and Business Continuity Future
In the future, we may move our redundant storage off site and consider utilizing older hardware to support a diminished access capacity that could be available at a moment's notice with little downtime. (decisions on cloud strategy with GE will impact this decision)

12 Best Practices with AllianceChicago resources
Moving from computer to computer If you are not carrying a laptop from room to room, take advantage of “Disconnect” from the Citrix screen If you do not see “Disconnect” then you likely do not have 3.alliance-ehrs.org included as a “trusted site” in your Internet Explorer settings When you log back in after using “Disconnect” please be sure to wait up to 10 seconds for your session to reappear the way you left it. That means it will return as minimized if you made it smaller to get to the other screen to disconnect

13 Best Practices – Windows Updates
Take Windows updates on endpoint workstations whenever they are available Updates typically come out on “Patch Tuesday” from Microsoft which is once a month Plan to role out to many computers only after testing on a few Change management is recommended in order to avoid having a bad next day

14 Best Practices – Citrix Receiver
AllianceChicago is currently using Citrix XenApp version 7.6 LTSR We have immediate future plans to upgrade to Citrix XenApp Version LTSR Citrix recommends that you install the most current version of their Receiver application to remain within support However, they are maintaining an LTSR (Long term Service Release) version on which AllianceChicago users should standardize

15 Best Practices – Citrix Receiver (Cont.)
The current version of LTSR receiver is linked to on the AllianceChicago applications icon page

16 Best Practices – Citrix Receiver (Cont.)
All software updates should be tested in your environment before installing to all machines It is recommended to turn off the ability for the receiver to update itself on supported computers by GPO (or can change manually or during install)

17 Downtime identification and communication
How to classify an issue (user, computer, network, application) Internal escalation process for IT issues or EMR issues Communications plan to report from site to site How to escalate quickly to AllianceChicago with the most info possible

18 Uptime Statistics – User Impact
Downtime event impact is calculated by actual session impact Director reports on actual user session begin and end times Omit sessions ended before event and omit sessions that started after the event Prior two weeks on the same day of the week in the same hours are used as usual baseline activity as an average The hours of the event – actual session times are calculated The difference between typical activity and actual activity is defined in work minutes to determine the impact and those minutes are reported

19 Uptime for last 12 months *September anomaly was caused by three events during business hours. Two events impacted only Erie and was due to a GE update that caused issues which allowed a single user to lock up all other users on the database. The third issue was firewall problem which was caused by a software bug confirmed by Cisco.

20

21 Security- Network Encryption is maintained for all access into and out of the AllianceChicago services With very few exceptions, user and administrative access to AllianceChicago resources is only through Citrix access through a purpose-built Citrix NetScaler appliance. The few exceptions are limited by IP address for specific encrypted access for administrators Layered security is in place (and in process of being reconfigured for additional controls) Biennial penetration testing (next test to be completed before the end of this calendar year) Internet Access is secured by CenturyLink for major treats before traffic even gets to our own controlled firewall

22 Security- Authentication
Authentication for Health Center users is managed by each Health Center We use Microsoft Active Directory to manage authentication for both Citrix and Centricity using the same username and password Groups are created by AllianceChicago for Health Center administrators to categorize staff access Password renewal policy can be defeated by Health Center administrators by clicking the "do not change password" setting on each user. This is not recommended. Regularly (at least quarterly) review with HR the access of all users in Active Directory and all assigned security groups to ensure access is limited to only active staff with permissions and rights reflective of their current position.

23 Security - Data is moved through interfaces
Scanned documents enter in through an encrypted transfer of files from a server at each Health Center to a server in our DMZ and then an encrypted transfer of the files from the DMZ to a shared location in the system. The files are then attached to the EMR using a hosted document management application. All automated processes for data leaving the datacenter (labs, pharmacy) is handled through encrypted connections to partner sites

24 Security - Data moved from the datacenter to the health center
Each Health Center controls the ability of each users' access to downloading files to their local workstation through group settings they control Some Health Centers have purchased a dedicated report server which administrative users can be granted access to and can pull data to the health center from that server Reports and other documents can be prepared for printing and then printed to users local devices

25 Future plans for a CSIO office
Build out cyber security office in a joint effort with Health Choice Network Dedicated staff centralized to focus internally Dedicated staff to provide as a service Health centers are the biggest risk

26 Importance of the Health Center's security processes
HIPAA security reviews focus on processes that are controlled by each health center Policies for the creation and deletion of users Policies around chart access Policies around handling printed materials Computers used to access AllianceChicago are managed by the health center Security patches to Windows and updates to Citrix Receiver

27

Download ppt "AllianceChicago Services - Architecture Overview and Q&A"

Similar presentations

ImageNow at LaSalle University Julie Riganati 215.951.5129.

ImageNow at LaSalle University Julie Riganati
Information Technology Disaster Recovery Awareness Program.

Information Technology Disaster Recovery Awareness Program.
Web Services, SOA and Security May 11, 2009 Michael Burnett.

Web Services, SOA and Security May 11, 2009 Michael Burnett.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Network security policy: best practices

Network security policy: best practices
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
November 2009 Network Disaster Recovery October 2014.

November 2009 Network Disaster Recovery October 2014.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Chapter 2: Installing and Upgrading to Windows Server 2008 R2 BAI617.

Chapter 2: Installing and Upgrading to Windows Server 2008 R2 BAI617.
Chapter 7: Using Windows Servers to Share Information.

Chapter 7: Using Windows Servers to Share Information.
SLIR Computer Lab: Orientation and Training December 16, 1998.

SLIR Computer Lab: Orientation and Training December 16, 1998.
11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.

11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.
Chapter 16 Designing Effective Output. E – 2 Before H000 Produce Hardware Investment Report HI000 Produce Hardware Investment Lines H100 Read Hardware.

Chapter 16 Designing Effective Output. E – 2 Before H000 Produce Hardware Investment Report HI000 Produce Hardware Investment Lines H100 Read Hardware.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Similar presentations

Ads by Google