D3.6 Pilot II Integration: Hospital´s Operational Technology Management System use case

For the development of this deliverable, the knowledge acquired in Task 2.1 and, above all, in D3.2 (in the first months of T3.2), where the compositions of the 3 sites and the description of the CIPSEC tools were widely explained, is assumed.

In this document the final elements displayed in the tests by both, either by the Hospital and by the solution providers will be detailed in depth, specifying where and how every appliance is going to be implemented, as it was written in D3.2, and not only presenting the functionalities offered by each solution but highlighting what are the security needs demanded by HCB that in each case have been covered.

The HCB staff has had the opportunity to learn by practise and acquire some sort of initial implementing practical experience. This learning is thanks to the deployment of the temporary testing site and the early solution pilot that was successfully implemented and shown to the reviewers in the framework of the event that took place in our facilities, as a very initial demonstration of what was intended to be tested in a large Hospital.

This experience served to:

  • Verify the effort involved in the deployment of the different components of the CIPSEC Framework.
  • Corroborate the chance to have part of the solution in the Cloud so that only those essential elements specified by the provider (Bitdefender client) are implemented in machines of the Hospital corporate network to facilitate the deployment by the IT staff of the Hospital
  • Reaffirm the need of simplifying the pilot, not by the quantity or complexity of the apparatus that compose it but by centralizing the management and having most of the equipment in the same physical site, hence the pilot developed in the site 3 was decided to be significantly enhanced

The final decision was to acquire one physical machine with sufficient system resources where a VmWare virtualization platform was implemented. Over it, different VMs were configured to house the solutions of each provider and other several VMs were also created to replicate the services of the Hospital (specific to this pilot) without the need to use servers that are in operation.

The connection between the VMs of the providers and the Internet was authorized via SSH for remote management of their machines and the sending of information from the VMs to the centralized management platform of CIPSEC was authorized by configuring the Hospital FW according to the rules given by each provider.