1. Analysis of hospital information development and management needs
Informatization is sweeping across all walks of life in the world. Hospital informatization is increasingly becoming a key factor in enhancing the vitality and competitiveness of hospitals. The gradual integration of medical business applications and basic network platforms is becoming a new step forward for Chinese hospitals, especially large and medium-sized hospitals. Driving force.
At present, the hospital extranet is mainly used as an information interaction platform, carrying external websites, OA, Email, Internet browsing and other services. First of all, the security of the external network of the hospital cannot be ignored. For example, the application of electronic cases in hospitals is becoming more and more widely used. It is very important to protect the safety of electronic cases; Improve hospital network efficiency; third, the Ministry of Public Security Order No. 82 requires Internet users to provide three months of online records.
2. Dr.COM hospital online authentication and authorization flow management solution
3.1 System topology structure diagram
A practical application case of a hospital
Activation process:
1. User import: take the employee number of the medical nurse as the user name to form a batch account opening table, and the account opening information such as the specific user's bandwidth and login method set in the table; the leader is a direct way, and the ordinary employees use WEB login method;
2. System cutover: hardware system and user cutover; a unified password is used during the cutover period, which is conducive to user distribution. After the cutover period, the user changes the password by himself;
3. Strategy setting: set the cost accounting rate of each department, access control strategy, etc .;
4. Activate application: monitor users' online behavior in real time, and form online log daily report.
3.2 Dr.COM system software module
Basic module: Dr.COM authentication, authorization and accounting management system
Basic module functions: authentication, authorization, Internet log, cost accounting, bandwidth control
Upgrade module: Dr.COM traffic management gateway
Upgrade module function: reasonable planning and management of application traffic such as PTP, IM, games, stocks, videos, etc.
3.3 System functions
3.3.1 Rich, powerful and flexible authentication functions
The rich, flexible and powerful Dr.COM authentication function is reflected in many aspects such as the user-side authentication method, authentication parameters, and data-side supported modes.
The rich, flexible and powerful Dr.COM authentication function is reflected in many aspects such as the user-side authentication method, authentication parameters, and data-side supported modes.
The Dr.COM user-side authentication method supports authentication based on IP, user name and VLAN ID, supports WEB, dedicated client, PPPOE, 802.1X, dedicated line and direct mode, to meet hospital leaders, doctors, nurses, hospital logistics administration, patients, Different online certification requirements for interns and graduate students;
The data side of Dr.COM supports multiple data sources such as RADIUS, LDAP, POP3, MS AD, etc., to ensure the organic integration of the external network authentication system and the internal network authentication system, and to achieve the unique identification of the two networks of medical staff and the single billing of patients.
Authentication parameters support multiple binding with IP, MAC, VLAN, DHCP POOL, IP address segment, switch port, etc. to accurately locate users.
The authentication mode can be defined based on the user's individual or user group, to ensure the flexibility of the authentication mode to the greatest extent.
3.3.3 Bandwidth management
Dr.COM 2033 BMG can configure the upstream and downstream bandwidth of the Internet based on the account, and the granularity is set to 1KB / S.
For PTP applications such as BT and eMule, the following control measures can be taken:
A: Control P2P software according to the protocol port number;
B: TCP connection number control, limiting the number of connections can also limit the flow;
C: User uplink and downlink bandwidth control, which can be controlled separately for each user;
3.3.4 Detailed access logs and statistical reports:
Dr.COM2033 is deployed at the core exit of the network, collects the online information of each user, saves it to the log server in the background, and provides the following logs
A: The access record can be accurate to which picture of Sina the user clicked. The contents of the access record mainly include account number, source IP address, target IP address, target URL record, source MAC address, online time, offline time, generated traffic, and source / destination port number.
B: Support to import the access records into the database, search according to various index relationships, and accurately locate the information to be queried.
C: The urban hotspot authentication gateway has its strong forwarding capability to ensure the integrity of the user's Internet access log.
D: When the current background is interrupted unexpectedly, Dr.COM 2033 BMG can also independently save the latest 32000 access records.
The product has obtained the security product sales license of the Ministry of Public Security, and has a good cooperative relationship with a number of security audit product manufacturers to ensure that the security audit products required by the public security department to be installed in the future can achieve compatibility and interface functions.
The rich report function can also analyze the detailed use of the Internet in hospital departments and medical staff, provide effective data support for hospital leaders to understand the employees' Internet access, and help network administrators understand the network usage status.
The above functions are provided by the basic module, the city hotspot authentication, authorization and accounting system. At the same time, the city hotspot also provides the upgrade module, the Dr.COM traffic management system. The specific functions of the upgrade module are as follows:
3.3.5 Traffic management
The main function modules of Dr.COM protocol flow control gateway are:
(1) Powerful protocol recognition engine
(2) Flexible bandwidth management
(3) Intranet IP statistics function
(4) Simple and easy to use single IP speed limit
(5) Rich report statistics
(6) System high availability
The powerful protocol recognition engine of Dr.COM protocol flow control gateway can not only recognize various plaintext protocols such as Bittorrent and eDonkey, but also its unique "encryption protocol deep recognition" technology can recognize encrypted P2P protocols such as Skype and eMule 0.47c. So far, the Dr.COM protocol flow control gateway has supported the following protocols:
(* Incomplete statistics)
3.3.6 Successful case
Practical application cases of many hospitals: Beijing Third Hospital, Beijing Hospital, Beijing Fuxing Hospital, etc.
Shaoxing contuo Transmission Technology Co.,Ltd , https://www.contuo-desk.com