SDN in brief
SDN is a secured network for data communication in the Danish healthcare sector. SDN binds local, secured networks into a common infrastructure via SDN’s node (SDX). SDN consists of data lines and active network equipment. In addition, SDN has a number of support systems, including the agreement system.
A link to the SDN hub (SDX) can currently be established by:
- An SDN-MPLS connection
- An IPSEC-encrypted VPN link via the internet
- A fixed link (private MPLS or private fibre optic)
You are welcome to contact MedCom to discuss your possibilities. Contact information below.
The SDN-MPLS link is provided by TDC, and the link is included in an SLA entered into between TDC and MedCom. The SLA includes data traffic up to and including user end-point routers.
The SDN-IPSEC-VPN link uses an internet connection/network operator of the user’s own choosing. With regard to connecting, an encrypted connection is established to ensure that the portion of the data traffic passing through the internet is protected from unauthorised access. The user is directly responsible for data traffic as far as SDX – and to meet the minimum security requirements for establishing the VPN connection to SDN.
Security requirements for establishing the VPN connection can be found here (pdf in Danish).
The fixed link (Fibre/MPLS) uses a network operator of the user’s own choosing. The user is directly responsible for data traffic as far as SDX. Alongside the connection agreement, a data processor agreement is also entered into, specifying/governing the processing of data in SDN’s area of responsibility.
Connections and security
Accordingly, the infrastructure helps to ensure that data does not come to the attention of third parties, as data is routed in a closed network, and the transmission of data is therefore protected from coming to the attention of third parties by means of MPLS separation of data, fixed links or encryption (3DES/AES-256). To improve the security of data transmission further, data controllers/service providers are encouraged to use end-to-end encryption (SSL/TLS) between server and client.
As well as securing the transmission, this restricts access to the services offered by SDN by means of an agreement system using centrally configured Access Control Lists (ACL) to give access only to services for which a prior written agreement exists between the service provider and the service user. This means that simply accessing SDN does not give access to data but only to subsequently setting up agreements that give access to selected services. The service provider can thus be certain that only parties that have been approved (directly by the service provider) have access to the data thus made available. Using NAT, the service user defines in its own network the number of users who can access the service.
The SDN agreement system
Before an SDN user can use the services available on SDN, it is necessary to enter into bilateral agreements with other stakeholders connected to SDN. The bilateral agreements establish at IP level who is permitted to connect with whom and for what purpose.
In practice, network administrators enter into agreements via the SDN agreement system, which
- is directory of connected organisations and the services they offer
- handles creation of agreements for services
- documents which organisations use these services
- forms and provisions centrally configured Access Control Lists (ACL)
The SDN agreement system consists of different sections:
- The “frontpage” of the agreement system. This page is publicly available. Here you will find user manuals, general information about the agrement system and documentation
- Agreement Portal: In this section you establish services, clients and agreements
- AgreementJira: This section is used to approve and renew agreements
Useful information on connecting to SDN
Recommendations for package size when using SDN can be downloaded here (pdf Danish version) Please contact us for details.
Jesper Søderberg Knudsen