Each PopMedNet network hosted by HPHCI is hosted separately in the same secure environment. This section describes the system hosting infrastructure and security controls.
Hosting, Security and Support for the PopMedNet™ software application is provided by HPHCI and consists of:
The hosting environment is managed in Microsoft Azure in a FISMA/SAS -70 private cloud services and operates TIER III data centers (TIER III covers full system redundancy and redundant commercial connections to major backbones). Specifically, Tier III is comprised of multiple active power and cooling distribution paths, has redundant components, and is fault tolerant, providing 99.995% availability. QTS has facilities in many major US cities and around the world and provides: redundant HVAC, redundant fire suppression, redundant power with UPS and generator backup. The facility is secured with man-trap entrances, photo identification validation, manned armed security tours, and video surveillance 24 hours per day, 7 days per week.
HPHCI supported systems connect to the internet via dual Juniper Router / Firewall / VPN concentrators that provide redundant connections to the internet with automatic failover. Each device has redundant power supplies connected to separate power circuits in the Tier III data center. The devices provide routing functions from the VLANs implemented on the redundant switches to the Internet. In addition to routing, the systems provide firewall and VPN functionality. Firewalls are configured to restrict inbound traffic to only HTTP (port 80) and/or port HTTPS (443) to the web servers. All clients are assigned dedicated web servers on virtual machines. No direct inbound web access is allowed to the database servers. All database traffic is routed through the firewalls and limited to the appropriate web server. VPN is dual authentication, requiring the use of an RSA token in addition to username/ password. The VLANs span the dual Ethernet switches and dual physical NICs are teamed on the servers for production data providing 2GB bandwidth and redundancy in the event of NIC or switch failure.
The Application Portal is hosted in a two server configuration, one server (Portal web Server) to run the application and to service all applications requests that come in via the Web. This server runs the Portal application under IIS and ASP .NET. The second server (Portal Database server) houses the Portal Database in a MS SQL Server 2012 instance. There will be no connection from the Portal Database server to the web. All requests will be made via the Portal Web server. Web servers are on virtual machines with support for load balanced web farms as utilization increases and database servers are physically clustered servers for FISMA compliance. Database server is replicated via log shipping to a QTS data center which is also FISMA compliant. Each server is hardened and performance tuned according to Microsoft best practice documentation. A third Management Server (not open to the Web and only available via Virtual Private Network) will be used by Operations Administrators to monitor the health and tune the Portal Web Server and the Portal Database Server.
Data is encrypted in transit and at rest within the data center.
The general requirements and detailed requirements are in the following two tables.
Hosting, Security & Support: General Requirements
Requirement | Description |
General Requirements | |
Multiple Hosting Environments | Separate Development / QA / UAT (User Acceptance Testing) and Production hosting environments are required to isolate active data partners from implementation and testing work being performed for the PopMedNet™ software or any other related activity. |
System Software | Development and Production hosting environment each require Windows Server, IIS, .NET and SQL Server as the operating environment. |
Production System Monitoring | Internal monitoring for hardware, system software, or application software failures and remediation. |
Ticketing System | System for logging, tracking, and auditing resolution of all incidents detected via monitoring or due to support calls. |
Technical Support | Technical/customer service support is available online and by phone. |
Software Patches | Application of software patches for the operating environment (Windows Server, IIS, .NET and SQL Server) and the PopMedNet™ Portal application will be applied on a regular basis during regularly scheduled maintenance windows. Publishing of updates to the DataMart will occur on a regular basis. |
Requirement | Description |
Detailed Requirements | |
Ping, pipe, power, connectivity, fire suppression, security. | Redundant TIER III level network connectivity at LAN and WAN, HVAC, fire suppression, and power along with physical and video security monitoring. |
Servers, Virtual Machines | Web servers are hosted in private cloud based on Citrix XenServer with redundant physical servers supporting automated failover and load balancing. Database servers are clustered physical servers. All servers or VMs are connected to RAID 10 iSCSI SAN for storage and SAN based backup. |
System software | Windows 2008 R2 Server or later, IIS 7.5 or later, .NET Framework 4.5 Update 1, and SQL Server 2012 or later. |
Server maintenance | Regular maintenance windows to install system software and application software and to allow installation of patches and upgrades as well as server performance analysis. |
Solution environment backup | Daily scheduled backup of the solution source and web server runtime environment. |
Database backup | Full backup daily and incremental every 15 minutes. Stored onsite. The system will backup files on the disaster recovery database for 2 weeks. |
System event and SNMP trapping and notification | Trapping, alerting and responding to hardware, system software (operating system, database) and application software errors and notifications. |
div#children-section.pageSection { display: none; } |