Rover approval from UW

From: Vosberg, Mark W <MVosberg@uwhealth.org>
Sent: Monday, February 28, 2022 3:13 PM
To: Debbie Nasett <Debbie.Nasett@agrace.org>
Cc: Joy Mayfield <Joy.Mayfield@agrace.org>; Barczak, Jeffrey M <JBarczak@uwhealth.org>; Hunley, Jessica <jhunley@swedishamerican.org>
Subject: RE: External Rover Access for Agrace. External Url endpts for Agrace Rover mdm deployment.

WARNING: This email appears to have originated outside of the Agrace email system.
DO NOT CLICK on links or attachments unless you recognize the sender and know the content is safe.

Yes it is approved by uw security. Good to go.

From: Debbie Nasett <Debbie.Nasett@agrace.org>
Sent: Monday, February 28, 2022 3:01 PM
To: Vosberg, Mark W <MVosberg@uwhealth.org>
Cc: Mayfield, Joy <Joy.Mayfield@agrace.org>; Barczak, Jeffrey M <JBarczak@uwhealth.org>; Hunley, Jessica <jhunley@swedishamerican.org>
Subject: RE: External Rover Access for Agrace. External Url endpts for Agrace Rover mdm deployment.

WARNING: This email appears to have originated outside of the UW Health email system.
DO NOT CLICK on links or attachments unless you recognize the sender and know the content is safe.

Ok, thank you so much for all the work on this one. So it is approved by the Security team at the UW?

We will give it a try.

Thanks
Deb

From: Vosberg, Mark W <MVosberg@uwhealth.org>
Sent: Monday, February 28, 2022 10:04 AM
To: Debbie Nasett <Debbie.Nasett@agrace.org>
Cc: Joy Mayfield <Joy.Mayfield@agrace.org>; Barczak, Jeffrey M <JBarczak@uwhealth.org>; Hunley, Jessica <jhunley@swedishamerican.org>
Subject: FW: External Rover Access for Agrace. External Url endpts for Agrace Rover mdm deployment.

WARNING: This email appears to have originated outside of the Agrace email system.
DO NOT CLICK on links or attachments unless you recognize the sender and know the content is safe.

Hi deb, I think this is all you need for deploying rover for agrace. No need for internal UW certs.

Rover External Prd

epicrover://handheld/config/K2tud6tWLkNAIVQ26C7far3C2vcndIG2KochjkjRxQFKFYQaJQIWBwb3RCbm7joTlvOg9HUHGKFtOk7dUHKzCmsGLp%2b2MzJW6Fp0x1yBXdc%3d

Rover Test External

epicrover://handheld/config/K2tud6tWLkNAIVQ26C7fahg7m1ioWs8gOpm3QBREtafpCQ6J2fRgKnM8QkEDnUooDwKU4MusaVsU7qpd42dW9%2f8KImJEjZuxAGHW8ncyRhw%3d

Revor Test External

epicrevor://handheld/config/K2tud6tWLkNAIVQ26C7fahg7m1ioWs8gOpm3QBREtafpCQ6J2fRgKnM8QkEDnUooDwKU4MusaVsU7qpd42dW9%2f8KImJEjZuxAGHW8ncyRhw%3d

I also included the email chain with security. We are good to go. Let me know if you have any issues. Plus let me know if it works if you don’t mind.

From: Thiesenhusen, Ed J <EThiesenhusen@uwhealth.org>
Sent: Friday, February 25, 2022 4:12 PM
To: Vosberg, Mark W <MVosberg@uwhealth.org>; Barman, Lisa M <LBarman@uwhealth.org>
Cc: Barczak, Jeffrey M <JBarczak@uwhealth.org>; Brock, Forrest <FBrock@uwhealth.org>
Subject: RE: External Rover Access for Agrace

Mark,

This configuration sounds acceptable to Security.

Thank you,

Ed Thiesenhusen

Manager - Information Security Infrastructure & Technical Systems Administration

UW Health – Information Services

Tel:608.720.6518

From: Vosberg, Mark W <MVosberg@uwhealth.org>
Sent: Friday, February 25, 2022 3:50 PM
To: Thiesenhusen, Ed J <EThiesenhusen@uwhealth.org>; Barman, Lisa M <LBarman@uwhealth.org>
Cc: Barczak, Jeffrey M <JBarczak@uwhealth.org>; Brock, Forrest <FBrock@uwhealth.org>
Subject: RE: External Rover Access for Agrace

That is correct. Lots of external internet traffic goes through them for epic.

From: Thiesenhusen, Ed J <EThiesenhusen@uwhealth.org>
Sent: Friday, February 25, 2022 3:43 PM
To: Vosberg, Mark W <MVosberg@uwhealth.org>; Barman, Lisa M <LBarman@uwhealth.org>
Cc: Barczak, Jeffrey M <JBarczak@uwhealth.org>; Brock, Forrest <FBrock@uwhealth.org>
Subject: RE: External Rover Access for Agrace

Mark,

Just to confirm, the epicproxy servers have a 3^rd-party certificate, correct?

Thanks,

Ed Thiesenhusen

Manager - Information Security Infrastructure & Technical Systems Administration

UW Health – Information Services

Tel:608.720.6518

From: Vosberg, Mark W <MVosberg@uwhealth.org>
Sent: Friday, February 25, 2022 12:09 PM
To: Barman, Lisa M <LBarman@uwhealth.org>
Cc: Thiesenhusen, Ed J <EThiesenhusen@uwhealth.org>; Barczak, Jeffrey M <JBarczak@uwhealth.org>; Brock, Forrest <FBrock@uwhealth.org>
Subject: External Rover Access for Agrace

Wanted to verify that this setup is ok with security team.

Agrace rover access will come in externally via our epic proxy servers in the DMZ. They deploy rover via MDM as per-app VPN. This forces the app to connect via vpn to agrace’s internal network. From there it goes back out to the UW epicproxy server. Proxy server IP filtering will only allow rover connections from the Agrace external IP.

So we have 3 layers of security for rover external access which all must be satisfied. Ip filtering, epic login, and authorized to use rover app in your EMP record.

Please let me know if you have any issues with this.

We actually set this up in nonprd epic on 6/2020. Just forgot about it since the PM for the project left UW.

Mark Vosberg

UW Health - DBA Administrator

Tel: 608-720-6431