Client Profile:
- Small Oklahoma hospital with approximately 150 staff, 100 network
workstations
- Hospital very reliant upon Microsoft Outlook, with Exchange
2003 as e-mail server
- Stringent HIPAA requirements for security auditing
Project Objectives:
- Design migration of 100+ user medical facility from Windows
2000 to Windows 2003
- Assist in migration of Exchange 2000 to Exchange 2003
- Design/implement user network perimeter security with
firewalls
- Provide virtual private network (VPN) encrypted LAN access
to remote users
- Enable Outlook Web Access (OWA) on Windows 2003 LAN, utilizing
encrypted traffic
- Enable use of digitally signed, encrypted e-mail in
conjunction with Exchange 2003
- Existing virus scanning was not centralized which prevented
administrators from having a real-time picture of status of virus updates
and infection status across the enterprise
- No centralized operating system update capability existed
resulting in risks due to Windows operating systems being un-patched
- Client users were complaining of numerous issues, however
no centralized database was available to allow prioritization
Project Results:
- DVITS designed and implemented migration of six servers
from Windows 2000 to Windows 2003
- Internal security and information access auditing
established
- Implemented enterprise-quality VPN firewall to allow
establishment of strong perimeter security while allowing use of VPN for
remote access to network.
- OWA implemented using Secure Sockets Layer (SSL) on the local
network. This allows encrypted remote access to e-mail, schedules, and contacts
thus simplifying collaboration for remote or traveling users
- Encrypted e-mail established in conjunction with
Certificate Server and Exchange to allow HIPAA compliant exchange of e-mail
- Strategic consulting resulted in short- and medium-term
technology plan of action
- Use of DVITS AIM database allowed consultants to work with
the client in prioritizing issues based upon both usability and risk issues
- Use of Trend Micro Client/Server/Messaging to centralize
virus/spyware/malware scanning was recommended
- Microsoft Software Update Services was implemented to
centralize a scheduled operating system update capability