VPN Connectivity Specifications

Objective

Establish and ensure encrypted connectivity to Hospitals for secure transfer of Medical information to Photon Infrastructure.

Purpose

In order for Photon to exchange information and provide services to customers, clients and 3rd parties etc, we require the creation and use of a VPN(Virtual Private network). This is an encrypted tunnel between the Photon Cloud and a client provided endpoint. Access restrictions are discussed at time of VPN creation and turnup. Both, Photon and the client/customer put into place these restrictions as further failsafe's from malicious or unexpected activities.

The creation of this tunnel is standard in just about every industry currently operating in the world. its a protection mechanism to securely encrypt the data we share back and forth over the internet. Additionally, employing this technology provides an additional control point in our cloud environment to observe, target and control the exchange of information at a per customer level.

Lastly, every single hospital we have worked with has required this as a standard layer of protection

Configuration Requirements

The VPN operates in 2 "Phases." Both of ends (Photon and the customer) must match identically in all cases.

Phase 1:

IKE Version: 2 Encryption: AES-256 Hash: SHA-256 DH: Group 14 (Modp2048) Lifetime: 86400

Phase 2:

Transformation: ESP Encryption:AES-256 Hash:SHA-256 Perfect Forward Secrecy: Yes DH: Group 14 (Modp2048) Renegotiation: 86400

Hospital Internal Policies

Like with the VM PACs VM policies Photon will work with the hospital to respect their internal security and traffic encryption policies as best as we can. The ultimate goal is to establish the VPN and have it exist until the client/customer no longer requires Photons' services