From: Howard C. Berkowitz (hcb@gettcomm.com)
Date: Thu Jul 08 2004 - 15:46:23 GMT-3
At 10:06 AM -0700 7/8/04, Tom Rogers wrote:
>Thats what I was leading to using 3550, but then I was wondering
>what security measures (HIPPA) I would have to take,
If you're referring to the health privacy legislation, it's HIPAA.
For a complete bit of trivia, that stands for Health Insurance
Portability and Availability Act. Recently, a large group of updates
were enacted, requiring things like signing for prescriptions. That
extension was called the HIPAA Administrative Simplification Act. Who
says Congressmen have no sense of humor?
More to the point, I'll try to give some initial guidelines for HIPAA
compliance. If you are running across the public Internet, you must
encrypt. Host-based SSL is often the cheapest, simplest way to do
that.
At present, unless the data are especially sensitive, there is no
requirement to encrypt on WAN carrier facilities such as dial, FR, or
dedicated lines. These are considered physically protected.
LANs are more of a tossup, and really need to be evaluated
case-by-case. When we have a LAN that is physically restricted to
the intensive care unit, a secure location, we don't worry about
encrypting for HIPAA (although see below for other reasons). General
hospital LANs, and definitely wireless LANs, have much more of a need
for encryption. Again, application/transport level end-to-end may be
adequate.
If you are dealing with healthcare data, at least in the US, you may
encounter other security requirements. 21CFR11 specifies some rules
for clinical trials, and, while they are less concerned about content
encryption, are very concerned about auditability. The Drug
Enforcement Administration rules for electronic prescribing of
controlled substances requires very strong authentication,
auditability, and digital signatures, but isn't as concerned with
content privacy.
In general, if I am doing healthcare infrastructure, I tend to build
to the most restrictive set of all of these.
>to protect my user's data going across the Providers switch. Its not
>that I dont trust my provider, but then I might have to look into
>some sort of encrypting the traffic.
>In that sense, 3550 might not be able to do ipsec (not sure though) or nat.
>So am still thinking and talking to the management as to what the
>requirement is.
>
>thnx
>Tom
>
>
>James <james@towardex.com> wrote:
>It seems like each of these end sites are managed by you, all aggregating into
>a 6500 in a POP. I'd recommend 3550 at each site.. Its just simple and one 1U
>device to deploy. I don't suppose you need a lot of edge features at
>each remote
>site though? I am assuming you don't, hence why 3550 is probably easier..
>
>Either way, if you are going to use the 7200, it has NPE-400 which
>is very well
>sufficient for a FE, especially for a non-hub site where pps count is probably
>low.
>
>-J
>
>On Wed, Jul 07, 2004 at 10:47:59PM -0700, Tom Rogers wrote:
>> Basically all these remote 20 sites at present re ATM (45mb).
>>Since, Fa 100 cost is coming down to half, we're planning to change
>>the topology.
>> I had laid down this network with 7204VXRs for ATM connectivity
>>and a 3550emi as first switch in the rack at user lan. So I have 1
>>7204 and 1 3550 emi at each site.
>> Now with this new topology (fa handout) I just need one device.
>>All I am going to run is pure ip traffic with EIGRP. This is all in
>>within 200 mile radius and is not crossing any carrier nor
>>connection to internet is in the picture.
>> I want the fast and max throughput on this type of connectivity
>>and make use of full 100mb BW provided by the carrier. At the HUB
>>(2 gig handout) I am going to connect to 6500 directly, that is not
>>an issue.
>>
>> Having said that, which direction should I lean? 3550 or 7204
>> Following is a sample of type of 7200 I have on each site.
>>
>> cisco 7204VXR (NPE400) processor (revision A) with 114688K/16384K
>>bytes of memory.
>> Processor board ID 26797215
>> R7000 CPU at 350Mhz, Implementation 39, Rev 3.3, 256KB L2, 4096KB L3 Cache
>>
>> James wrote:On Wed, Jul 07, 2004 at 08:54:55PM -0700, Tom Rogers wrote:
> > > Thank you guys for the response. I am at point where I need to
>make a decision between 7204 VXRs and 3550 EMIs. I am going to be
>given Fa 100mb handout by the provider.
>> > Basically I ll need to 2 Fa connections, one to the provider and
>>the other to my lan at each site.
>> > I am going to have 20 such remote locations all layer 2 handouts
>> > (in one broadcast domain), with the hub as 2 gig handout.
>> > I have several 7200s and 3550s as spare.
>> > What should I use? Which will have the better throughput?
>> > thanks
>> >
>>
>> I see, this is for a production network.
>> I am not sure how much of 100mb line you are looking to use, but
>>if you don't
>> want to multihome, etc in the future, 3550 EMI should definately
>>give you the
>> performance, as its hardware based, just watch out the system resources.
>>
>> 7200 Series VXR with NPE-300 or higher should be able to serve you
>>quite well
>> for most applications. But if you are looking to push linerate
>>of >= ~200Mbps
>> traffic to about gig worth of traffic, then NPE-G1 finally makes 7200 Series
>> useful again :)
>>
>> Exactly how much traffic are you looking to push, not just in
>>bits, but also in
>> packets is what you will need to determine. Are you looking to get
>>multihomed
>> later and run BGP, etc, etc is another set of questiosn to keep in mind. I'd
>> personally prefer starting out with 7200 VXR in place as router,
>>IMHO. Depends
>> on the NPE you have, 3550 will most likely give you more
>>performance but at a
>> tough cost of smaller available resources/breathing room to work
>>with (in terms
>> of feature set of the box) than with a 7200 router.
>>
>> -J
>>
>> --
>> James Jun TowardEX Technologies, Inc.
>> Technical Lead Network Design, Consulting, IT Outsourcing
>> james@towardex.com Boston-based Colocation & Bandwidth Services
>> cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net
>>
>>
>> __________________________________________________
>> Do You Yahoo!?
>> Tired of spam? Yahoo! Mail has the best spam protection around
>> http://mail.yahoo.com
>>
>> _______________________________________________________________________
>> Please help support GroupStudy by purchasing your study materials from:
>> http://shop.groupstudy.com
>>
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>--
>James Jun TowardEX Technologies, Inc.
>Technical Lead Network Design, Consulting, IT Outsourcing
>james@towardex.com Boston-based Colocation & Bandwidth Services
>cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net
>
>
>---------------------------------
>Do you Yahoo!?
>New and Improved Yahoo! Mail - Send 10MB messages!
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:11:50 GMT-3