IT Networking requirements - Customer Responsibilities

 Network Provisioning and Physical Connectivity 

 Customer IT deliverables: 

• Provide an active Ethernet network drop (recommended) at each cabinet location, or provision approved Wi-Fi if wired is not feasible.

• Connect the cabinet to an approved network segment suitable for medical/IoT devices (typically an IoT/Medical Devices VLAN).

• Ensure the cabinet receives an IP address via DHCP (Static IP addressing is not supported).

• Confirm the cabinet can resolve DNS using customer standard DNS services. 

 Firewall / Internet Egress Enablement 

 Customer IT/Security deliverables: 

• Permit outbound access from the cabinet’s network segment to the vendor portal FQDN over: o TCP 443 (HTTPS) o TCP 123 (NTP)

• Ensure the cabinet network segment has a valid internet egress path (direct NAT or centralized egress).

• Implement egress policy using FQDN-based rules where supported (preferred) to avoid reliance on changing cloud IPs. 

 Security Controls and Governance 

 Customer IT/Security deliverables: 

• Confirm the cabinet is placed in the appropriate segmented network zone (e.g., restricted IoT/medical device VLAN) aligned to internal policy.

• Validate that the egress rule is least-privilege (limited to the vendor FQDN on TCP 443).

• Determine whether the cabinet traffic will be subject to TLS inspection; if TLS inspection is mandated, confirm it does not break device connectivity (or apply an exception per internal policy).

• Document the deployment as a managed clinical/IoT endpoint in relevant inventories as required by customer policy. 

Required Connections / FQDN:

download.microsoft.com - for updates to .NET

my.caredirect.heatlhcare – MedServe Portal

pool.ntp.org – NTP Service

stcaredirectdownloads.blob.core.windows.net – Azure Blob Storage

archive.ubuntu.com – Allows update to Ubuntu operating system