Part of Architecture pattern for connected medical devices - Genomics Pillar
Sample network segmentation pattern
Sample VLAN configuration for Genomics Pillar
Below are recommended virtual local area network (VLAN) configurations for you to adopt when segmenting genomics devices on your clinical network:
Sequencing data store VLANs – These VLANs will host logical grouping of the sequencing data store components within Genomic England Ltd (application, middleware, server) connected to your network.
Clinical Variant Ark (CVA) variant store VLANs – These VLANs will be dedicated to hosting the CVA variant information and knowledge repositories.
Analyser VLANs – These VLANs will host only genomics analysers connected to your clinical network within the NHS GLH or 3rd party providers.
Application VLANs – These VLANs will host applications and system components used to facilitate the request and ordering of genomic tests for patients and the distribution of test results.
Research VLANs – These research VLANs will host research applications and databases.
Interpretation VLAN – These VLANs should host the various interpretation portals (clinical interpretation portal API for example).
We recommend that VLANs are created to host a mixed economy of genomics connected medical devices (CMDs) to ensure that a specific type of genomics CMDs do not become unavailable in the event of a cyber-attack.
The above are recommendations and are by no means an exhaustive list. You can configure VLANs based on your understanding of the network.
Sample VLAN configuration for genomics using port assignment
Below is an example of VLAN configuration of genomics diagnostic connected medical devices on a clinical network for a medium to large sized health and care organisation.
| VLAN name | VLAN number | VLAN subnet assignment | Switch assignment | Switch port/number |
|---|---|---|---|---|
| Application | 10 | 172.16.2.0/28 |
Switch 4 Switch 3 |
Fa0/18 Fa0/13 |
| Interpretation | 20 | 172.16.3.0/28 |
Switch 2 Switch 1 |
Fa0/8 Fa0/3 |
| CVA variant 1 | 30 | 172.16.4.0/28 | Switch 2 | Fa0/7 |
| CVA variant 2 | 40 | 172.16.5.0/28 | Switch 1 | Fa0/2 |
| Research | 50 | 172.16.6.0/28 | Switch 3 | Fa0/12 |
| Sequencing | 60 | 172.16.7.0/28 | Switch 3 | Fa0/11 |
| Analysis | 70 | 172.16.8.0/28 |
Switch 2 Switch 1 |
Fa0/6 Fa0/1 |
Table 6: Sample VLAN configuration for genomics testing components.
The above segmentation options are focused on connected medical devices, but hospitals also have operational technology assets, such as industrial automation and control system (IACS), deployed. You should refer to standards such as ISO/IEC 2443 standard for recommended network segmentation and security best practices for guidance.
Last edited: 6 November 2023 10:54 am