web viewanswer all questions that apply to your solution. for items that do not apply to your...

UI Health CareHealth Care Information Systems

Technical Operations

IT Assessment Questions

Revised: 5/5/16

1

The University of Iowa Hospitals and Clinics/UI Health Care (UIHC) has a full service information technology department (Health Care Information Systems). This document outlines a baseline of UIHCs technical services platform standards for review by vendors with regard to purchasing and implementing enterprise and departmental systems.

Answer all questions that apply to your solution. For items that do not apply to your solution indicate ‘Not Applicable’ or ‘NA’ as a response, and provide an explanation when necessary. These standards, if proven difficult or impossible given the vendor options, will provide enough substantiation to reject the given vendor option.

SUMMARY OF SOLUTION/SYSTEM Provide a high level summary of the system or solution that is being proposed to the

UIHC.RESPONSE:

HARDWARE PURCHASING All computer hardware is purchased separately from software. The UIHC has a process

in place for computer hardware procurement.

Does your solution allow for the UIHC to purchase all hardware?___ YES ___ NO ___Not ApplicablePlease explain:

SOLUTION TYPE Is your proposed system

___ A Cloud or Hosted solution only___ An On-Premise solution only___ A hybrid model that offers both Cloud and On-Premise solutions

CLOUD BASED OR HOSTED SOLUTION What is the maximum latency your cloud or hosted application solution can tolerate and

still function effectively?RESPONSE:

What is the minimum bandwidth your cloud or hosted app requires to function?RESPONSE:

What port(s) and protocol(s) are required for your cloud or hosted app to function properly?

RESPONSE:

2

Describe your Internet connectivity, including who your Internet Service Provider(s) (ISP) is and the level of redundancy you have in place.

RESPONSE:

What does the ISP offer in terms of physical and systems security?RESPONSE:

What security controls are in place from a facility perspective?RESPONSE:

What uptime and performance Service Level Agreements (SLAs) does the ISP offer?RESPONSE:

Does the ISP offer 24-hour customer service/support?RESPONSE:

What options do we have for monitoring/visibility?RESPONSE:

Is the ISP compliant with FISMA, PCI DSS, HIPAA, SOX, GLBA, NERC CIP, or other regulations that are relevant to our industry?

RESPONSE:

Do you provide a hosted sandbox/test environment for evaluation and user pilot? RESPONSE:

What is your disaster recovery design if the software, data or content is corrupted or site is exploited?

RESPONSE:

What is your security exploit patching process?RESPONSE:

What is your reimbursement for business impact due to service level failure including security exploit?

RESPONSE:

IDENTITY MANAGEMENT/AUTHENTICATION UIHC uses various tools to manage system authorization.

Does your software utilize the use of an API or another programmable interface in order to support identity management access automation?

3

___ YES ___ NO ___Not ApplicablePlease explain:

UIHC uses Microsoft Active Directory (AD) as our preferred authentication Single Sign On solution.

Does your system support application authentication using AD?___ YES ___ NO ___Not Applicable

UIHC uses self-signed certificates to enable secure Lightweight Directory Access Protocol (LDAP) authentication.

Does your solution support secure LDAP and the loading of self-signed certificates?___ YES ___ NO ___Not Applicable

If not through AD/LDAP, describe the authentication mechanism; include minimum requirements.

RESPONSE:

How do users and security settings get created in your system?RESPONSE:

In previous installations, who is typically the one to create the users, profiles, and security settings?

RESPONSE:

OPERATING SYSTEM Does your software run on a Windows or Linux Operating System?

RESPONSE:

If Linux: UIHC uses Red Hat Linux, either 5.11, 6.6 or 7.0 as their preferred Linux

operating system. NOTE: Within the major Red Hat releases, ex: 5.X, 6.X, 7.X Red hat guarantees API compatibility, meaning that an application ‘certified’ to run on a 6.1 will run on any 6.X release. While CentOS is simply a re-compile of Red Hat sources and is functionally the same, it comes with no support and will not be used by UIHC.

Will your solution work on this platform/OS?___ YES ___ NO ___Not Applicable

UIHC utilizes Red Hat’s Yum Update service via the University Satellite Server as our update management‐ solution. This can be either manually or be scripted and

4

rebooted. The updates will be applied on a monthly basis. This will require a monthly downtime of at least 30 minutes.

Will your solution operate in this environment?___ YES ___ NO ___Not Applicable

UIHC uses Kerberos authentication for local users on the Linux system.

Does your solution work with this authentication? ___ YES ___ NO ___Not Applicable

Does the application run as root?RESPONSE:

If the application runs as root, explain why this is needed.RESPONSE:

If the application needs a separate UID, explain the requirements.RESPONSE:

Does your company require a login___ YES ___ NO ___Not Applicable

If YES, do you need root/pseudo access?___ YES ___ NO ___Not Applicable

If YES, please explain why.RESPONSE:

UIHC uses IBM TSM for UNIX/Linux as our enterprise backup solution.

Does the application work with IBM TSM? ___ YES ___ NO ___Not Applicable

Are there special backup considerations that cannot be addresses by the IBM TSM product?


Does the application allow for quiesce of any databases for clean backups?___ YES ___ NO ___Not ApplicablePlease explain:

5

UIHC monitors its UNIX/Linux environment with IBM ITM. This monitors FS / CPU / Memory etc.

Can your software co exist‐ with these and similar monitoring agents on the host system?

___ YES ___ NO ___Not Applicable

If Windows: UIHC utilizes Microsoft’s Windows Server Update Service (WSUS) as our update-

management solution. The servers are configured to accept all relevant updates and auto-restart at the completion of the scheduled updates.

Can your solution operate in this environment?___ YES ___ NO ___Not Applicable

UIHC uses IIS as its preferred web server.

If you require a web server, but do not use IIS, explain why your solution deviates from this.

RESPONSE:

UIHC uses EMC Avamar as our enterprise backup solution.

Does your application work with this backup solution? ___ YES ___ NO ___Not Applicable

Are there special backup considerations that cannot be addressed by the Symantec NetBackup product?


UIHC monitors their environment with a combination of tools such as SCOM (for Windows), Dell OpenManage (for hardware), vCenter Operations Manager (for VMware), and Accelops (for additional systems monitoring).

Can your software co-exist with these and similar monitoring agents on the host system?


SERVER HARDWARE CONFIGURATION UIHC uses VMware v5.5 as their preferred hypervisor.

Does your system support virtualization with VMware?

6


UIHC uses Dell hardware with redundant components such as power supplies, processors, and network interface adapters.

Will your solution work using Dell hardware? ___ YES ___ NO ___Not Applicable

If NO, and your solution requires the use of different hardware, who is the vendor?

RESPONSE:

How is support handled?RESPONSE:

Who is responsible for the monitoring and management of this hardware? RESPONSE:

UIHC uses Windows Server 2012 R2 as its preferred operating system.

Is there a reason why this operating system version would not work with your solution?


UIHC uses adapter teaming with their server deployments.

Does your solution handle adapter teaming? ___ YES ___ NO ___Not Applicable

Are there any special configuration settings that should be considered?___ YES ___ NO ___Not ApplicablePlease explain:

Describe the supported method(s) for automated updates of server-side application components (for new application versions, bug fixes, etc). List supported methods for each type of server within your solution, including Citrix Presentation Server / XenApp, and explicitly state which server-side components must be manually updated.

RESPONSE:

NETWORK ARCHITECTURE Provide a block diagram showing systems and network architecture, data flows, etc.

RESPONSE:

7

UIHC does not permit extensions of its communications backbone (i.e. additions of third party AP’s, switches, firewalls, etc.).

Can your solution be implemented in this type of environment?___ YES ___ NO ___Not Applicable

Detail all network communication port and protocols utilized.RESPONSE:

The UIHC communication backbone contains numerous networks across geographic locations. Individual VLAN’s that do not traverse telecommunication rooms or locations.

Does the solution have any specific architectural restrictions regarding VLAN’s, IP address subnet sizes for the device and/or servers?


Describe the solution's interaction/integration with DHCP and DHCP products, including requirements and limitations.

RESPONSE:

Does your system require DHCP reservations or static assignments?___ YES ___ NO ___Not ApplicablePlease explain:

Describe the solution's interaction/integration with DNS and DNS products, including requirements and limitations.

RESPONSE:

Does the solution use any wireless communication methods? (Infrared, Blue Tooth, Radio Frequency, etc.)


If wireless RF is used, is an FCC license required to operate devices within our facility?___ YES ___ NO ___Not Applicable

Describe in detail the solution's wireless capabilities. (802.11A,B, G,N)RESPONSE:

Describe in detail the solutions wireless encryption and authentication capabilities. (WPA2-PSK, WPA2-Enterprise, AES, etc)

RESPONSE:

8

Describe the applications and monitoring networking requirements. Both wired and wireless.

RESPONSE:

Can the device be monitored via SNMP, WMI, Syslog?___ YES ___ NO ___Not Applicable

If YES, which and what version? RESPONSE:

Are the SNMP community strings hard set or configurable?RESPONSE:

Does your platform support Quality of Service? ___ YES ___ NO ___Not Applicable

If YES, explain in detail how your traffic is marked (control, payload, etc).RESPONSE:

Does the platform/solution utilize multicast or directed broadcast for communications? Include additional details on the nature of this traffic (PIM Sparse Mode, PIM Dense Mode, any mechanisms for forwarding directed broadcast traffic to other networks, etc.).

RESPONSE:

Does the platform/solution support IPV4 public and private (RFC 1918) addressing? ___ YES ___ NO ___Not Applicable

Does the platform/solution support IPV6?___ YES ___ NO ___Not Applicable

Provide any EAP/Supplicant capabilities of the platform/solution.RESPONSE:

CLIENT SOFTWARE APPLICATION Does your application support being installed on non-Default Web Site, and custom

wwwroot path?___ YES ___ NO ___Not Applicable

Provide a proposed implementation plan consistent with the provided UIHC configuration and architecture.

RESPONSE:

9

How are updates to the software deployed?RESPONSE:

Does your solution require any third-party software (i.e. Java, Flash, Quicktime, Visual Studio, .Net Framework, etc.),


If YES, identify what software is required and what versions are approved?RESPONSE:

Describe how they are patched (interval, management tools, etc.) RESPONSE:

Do you agree to accept and support all security updates released for dependent 3rd party components?


Describe any data export functions. RESPONSE:

What formats are available?RESPONSE:

Describe any data archiving functions.RESPONSE:

Describe the systems auditing capabilities.RESPONSE:

Describe user auditing functions.RESPONSE:

What capacity does your software have to provide remote access to the application to users?

RESPONSE:

Describe any mobile device integration.RESPONSE:

To what extent are you involved during installation? RESPONSE:

10

From your experience, how many resources would be required by us to implement this project (one staff member for two weeks, etc.)?

RESPONSE:

DESKTOP HARDWARE CONFIGURATION UIHC uses Dell desktop hardware with the minimum specification being an Intel I5

processor with 4GB memory all the way up to the current manufacturer specification.

Will your solution work in this environment?___ YES ___ NO ___Not ApplicablePlease explain:

Does your system require client software to be deployed to workstations in order to access the data?


If YES, do you have an MSI package available?___ YES ___ NO ___Not ApplicablePlease explain:

Is your client software supported on Macintosh OS?___ YES ___ NO ___Not Applicable

UIHC uses Windows 7 x 64 bit Enterprise and Mac OS X current and 1 previous (i.e. 10.10 and 10.9) versions as their preferred operating systems.

Does your solution at a minimum support these OS’s? ___ YES ___ NO ___Not Applicable

What additional OS versions are supported?RESPONSE:

UIHC uses Microsoft Internet Explorer 11 and Firefox or Chrome versions that are kept up to date as preferred web browsers for Windows and the current version of Safari or Firefox as preferred web browsers for Mac.

Is there a reason why any of these web browsers would not work with your solution?


What additional browser versions are supported?RESPONSE:

11

UIHC utilizes Microsoft’s System Center Configuration manager (SCCM) as our Windows update management solution with full updates being released every 3rd Friday of the month with out-of-band (critical) patches delivered as necessary.

Can your solution operate in this environment? ___ YES ___ NO ___Not Applicable

Do you agree to accept and support all Microsoft released security updates?___ YES ___ NO ___Not Applicable

UIHC utilizes Secunia to patch third party applications such as Adobe Flash, Shockwave, Acrobat, Apple QuickTime, Mozilla Firefox, Java and other applications.


UIHC utilizes Casper Suite for Mac as our Macintosh update management solution. Updates are delivered to these systems on an as needed basis and could prompt for possible restart.


INTERFACES Describe the message coding standard and transport protocol supported (i.e. HL-7 and

XML data interface through an Ethernet TCP/IP sockets connection). RESPONSE:

What version?RESPONSE:

UIHC utilizes Cloverleaf as its interface engine.

Can your system work with Cloverleaf, if any interfaces are required?___ YES ___ NO ___Not ApplicablePlease explain:

UIHC utilizes Connexall as its middleware solution for secondary alarm management.

Can your system work with Connexall, if any middleware is required?___ YES ___ NO ___Not ApplicablePlease explain:

12

Has your application ever been integrated with Epic before?___ YES ___ NO ___Not Applicable

If YES, is it a real time interface to Epic?RESPONSE:

What types of interfaces are available on your application?RESPONSE:

DATABASE UIHC uses Microsoft SQL Server Enterprise Edition as our preferred database solution.

We run several data maintenance plans that shrink, reorg, check database integrity, update statistics, and perform full database backups.

Will these maintenance plans interfere with the effective operations of your database?


Do you have your own maintenance plan requirements?___ YES ___ NO ___Not ApplicablePlease explain:

What size database(s) and data growth rate is specified for an environment of our size? RESPONSE:

If user counts change how do we calculate those specifications?RESPONSE:

How is archival of data accomplished to facilitate efficient use of storage versus legal requirements and solution performance?

RESPONSE:

What additional features of MS SQL will need to be installed (i.e. Reporting Services, SSAS, SSIS, Full Text Indexing, etc)?

RESPONSE:

Is it required that user authentication/authorization be passed to the database, or does a service account access the database for all applications to database integration?

RESPONSE:

If MS Reporting Services is required, do you recommend the environment have separate physical servers for RDBMS vs. Reporting Services?

13

RESPONSE:

Is there any need for clients to connect directly to the SQL Server or does all communication with the SQL Server go through a web, application or other server?

RESPONSE:

ENTERPRISE STORAGE AND FABRIC MANAGEMENT UIHC utilizes Brocade Fibre Channel SAN switches in a Core-Edge topology. Core

switches and most edge switches are 16 Gb/sec capable with some racks only supporting 8 Gb/sec speed. All switches support auto-negotiate down to 2 Gb/sec.

Can your system work in this environment?___ YES ___ NO ___Not ApplicablePlease explain:

UIHC uses EMC VMAX enterprise class storage mainly for its WinTel environment and IBM SVC for its Epic and AIX systems.


CIFS/SMB and NFS clients must be able to use Isilon OneFS storage infrastructure for file storage. NFS clients are encouraged to use DNS configuration in order to better handle node reboots on the NAS.


All HBA driver/firmware and host software must maintain EMC or IBM supported levels and be kept up to date in order to run effectively.

Does your system meet these requirements?___ YES ___ NO ___Not ApplicablePlease explain:

Storage Virtualization services are available using EMC’s VPLEX distributed volume architecture and IBM’s Storwize Virtualization Center (SVC). IBM’s SVC is a more mature and robust system which allows for replication operations. Each system provides data center resiliency and Active/Active host I/O including ESX support.

Is data replication between data centers required?

14


If YES does the application support Synchronous mirroring? ___ YES ___ NO ___Not Applicable

Are point in time copies required? ___ YES ___ NO ___Not Applicable

If YES, how many?RESPONSE:

Will the point in time copies need to be Application Consistent or Crash Consistent?

RESPONSE:

SAN Fabric health is monitored using Brocade Network Advisor product. This product allows UIHC to monitor host activity, initiator driver/firmware version, topology maps and firmware repository management.


LOAD BALANCING AND HIGH AVAILABILITY UIHC uses a combination of F5 BIG-IP product suite to provide hardware load balancing

services and Microsoft Cluster Services (MSCS) to provide a highly available systems environment.

Do you use one or both of these services with your solution? ___ YES ___ NO ___Not Applicable

If NO, explain how you provide a highly available environment.RESPONSE:

In a web farm configuration some applications require session affinity, which is the client connecting to one web server in the web farm until client logout.

Does your solution require client session affinity for any duration of time? ___ YES ___ NO ___Not Applicable

If YES what is the recommended architecture?RESPONSE:

15

SOFTWARE LICENSING What are the software licensing models available?

RESPONSE:

How is licensing of a pre-production/test environment calculated or handled?RESPONSE:

BUSINESS CONTINUITY/DISASTER RECOVERY Provide a detailed explanation of disaster recovery and/or business continuity that is

built into your system. Include examples of architectures to illustrate your business continuity/disaster recovery strategy.

RESPONSE:

SECURITY/FIREWALL/VPN UIHC uses Intel Security (formerly McAfee) antivirus solution.

Does the application work with antivirus software installed ___ YES ___ NO ___Not Applicable

Does the application work specifically with Intel Security?___ YES ___ NO ___Not Applicable

Does the system require that Virus protection be disabled for specific files/folders for the system to function properly?


If YES, specify the requirement.RESPONSE:

Describe the solution’s interoperability requirements, capabilities and limitations with various network security environments, including but not limited to Network-based ‘stateful’ firewalls, VPN’s, Network-based Admission Controls (NAC), and Intrusion Detection/Protection Systems.

RESPONSE:

Does the solution provide data encryption in transit? ___ YES ___ NO ___Not Applicable

If YES, describe the type, level, and strength of the encryption.RESPONSE:

16

Does the solution provide data encryption in storage? ___ YES ___ NO ___Not Applicable

If YES, describe the type, level, and strength of the encryption.RESPONSE:

Has this solution been security tested? ___ YES ___ NO ___Not Applicable

If YES, specify who completed the testing.RESPONSE:

Does this solution have documented best-practice security configurations and processes?


Does any user password get stored in the application/database? ___ YES ___ NO ___Not Applicable

UIHC uses a security model in which different components to an application might exist on separated data center networks which might require communication across a firewall.

Can your solution work across multiple data center networks? ___ YES ___ NO ___Not Applicable

Can you provide specific firewall requirements such as which component initiates the communication and which port it will communicate over?


Can the application be periodically scanned with vulnerability monitoring solutions, such as Qualys?


TEST ENVIRONMENT What do you recommend for a non-production/test environment architecture used for

customization, development and QA Testing?RESPONSE:

Explain in detail how you handle a TEST system? Is the TEST system a copy of the production environment?

RESPONSE:

17

SUPPORT Describe in detail, your support model, including Service Level Agreements (SLAs).

RESPONSE:

Do you provide 24x7x365 support for the Production system? ___ YES ___ NO ___Not Applicable

What will be provided to UIHC support staff for service support materials, such as software diagnostic keys (how many levels?), service manuals, schematics, and best practice alerts?

RESPONSE:

What is your Revision or Software Update (major or minor) frequency and process? RESPONSE:

Are there any possible exclusions?___ YES ___ NO ___Not ApplicablePlease explain:

What are your expectations for required/scheduled downtimes?RESPONSE:

Will support from the vendor require any access to the UIHC infrastructure? ___ YES ___ NO ___Not ApplicablePlease explain:

18

web viewanswer all questions that apply to your solution. for items that do not apply to your...

Documents