HCN Frequently Asked Questions
Hardware and Software Requirements
1. What are the system requirements to run HCN on your desktop?
The system requirements to run HCN on your desktop?
- Processor: Pentium-based 400MHz processor or higher
- Memory: 64MB RAM minimum (128MB recommended)
- Operating System: Windows 98SE/Me/NT/2000 (with service pack 2 or higher; current is 4)/XP
- Browser: Internet Explorer V5.5 or higher (will not work with other web browsers)
- Internet Access required – dedicated connectivity(ISDN or LAN) is preferred;.
- Firewall port 443 (SSL, outbound) must also be open if connecting to the Internet via a corporate VPN connection.
2. Will I have to purchase additional hardware to run HCN?
No. The HCN server applications are not installed on customer owned servers nor do they run inside your data center. HCN does not require any special equipment nor additional servers to be installed in a data center or at a user’s workstation. HCN does use a VPN to connect to Providers back-end databases and runs primarily as a browser application for end users.3. Will HCN operate with my current firewall?
Yes, usually withgout any changes. HCN will operate with any firewall using transparent HTTP, Socks 4 or Socks 5 proxies.
4. Will HCN require custom configurations to my firewall?
There are two ports that are used by HCN network client users:
TCP/80 HTTP for public web services
TCP/443 HTTPS for secure web services
TCP/80 and TCP/443 are widely used and it is extremely likely that both parts will be open for outbound communication in all subscriber firewalls. If the Rules are tied to the URL/IP address in the firewalls then the following options need to be added
a. Preferred option the exception : add exception for the URLS:
hcn.ca.hcn-us.com , cert.ca.hcn-us.com, ca.hcn-us.com
b. If IPs are used then use: 18.104.22.168, 22.214.171.124, 126.96.36.199
If the subscriber runs with a permissive outbound firewall policy (one that may block some ports designated as “bad” but generally allows all ports for outbound communications) then the odds are that no firewall changes will be required to use the HCN service. It should be noted that a restrictive outbound firewall policy definitely enhances network security, and therefore we strongly recommend use of restrictive polices whenever possible.
The HCN network poses no security risk to the corporate network. All documents and data are encrypted before and during transport. Access to the HCN network and application is ‘invitation only’, uses strong authentication, imposing a multi-layered digital-key security model and secure web-services throughout the HCN network. No data is exposed directly to the Internet at any time.
5. What protocol is used for communication outside the firewall?
For Provider to HCN systems data transfer, all traffic is routed over the HCN VPN and does not travel on the public Internet. For HCN to individual Subscriber data transfer, all communication is encrypted with a 128-bit cipher key and moves between the local desktop and the HCN servers using the SSL protocol. This protocol provides a very high level of security for an Internet based application. Most firewall configurations allow SSL traffic to pass in and out of the network making it very likely that HCN traffic will pass through most firewalls with no additional configuration changes.
6. If HCN sends messages directly to other users, will firewalls need to be configured for inbound connections?
Although HCN includes an integrated Secure Instant Messenger system, the HCN system does not allow communications directly from one HCN subscriber to another. Rather, HCN uses a secure Jabber server to “broker” connections between workstations. When a user sends a secure IM to another HCN user, the Jabber Messenger software makes an outbound connection to the Jabber server, which acts as a gateway for all IM communications between senders and receivers. No inbound connections are used to begin any IM sessions so that firewalls do not need to be configured to allow for them.
7. Does HCN send messages only to users that are currently on-line?
NO. Jabber Messenger is a secure IM system that uses a store and forward technology that allows messages to be delivered immediately if the recipient is online but will automatically store the message on the Jabber server for later delivery if the intended recipient is offline. As soon as the intended recipient authenticates to the HCN system, the Jabber server will deliver the message.
8. Does HCN require an “install” or does it operate entirely from within a browser?
HCN does require ‘installation’. The HCN application functions within a web-browser, however, we require more security and functionality than exists just within a web-browser for authentication and messaging. An install program automatically launches as part of the initial HCN signup process that is very easy to operate. For the vast majority of users, the default prompts can be selected and the software can be installed in about a minute. The workstation must be granted the appropriate rights needed to allow the download of the Jabber/Messenger software.
9. Will users need to enter a Web address to start the application?
NO. The application will start by clicking on an icon that will be setup as part of the install program. The application will prompt for a user name and password and authenticate the user. Once properly authenticated, the user can send messages to other users or use the browser-based features of the application. All interactions with the HCN System will be performed through this single application. The browser-based features of the application will actually use the Internet Explorer installed on the workstation, with the browser displayed as a window within HCN.
10. Are security certificates required in order to use HCN?
YES. In order to provide the highest level of security, each user will be issued a certificate that will uniquely identify them as a valid HCN participant. The certificate must be installed within Internet Explorer; however, the installation process is very simple and will be handled during the download of the application. The certificate does not interfere with any other web based activities; it is used only to secure transmissions within HCN.
NOTE: Each certificate downloaded IS tied to the WINDOWS USER ACCOUNT.
11. What should be done if a user needs to swap in a new machine?
At times, a user’s machine will need to be replaced. At that time, the user will contact primary support coordinator who will revoke the existing certificate (the certificate on the machine no longer being used) and will issue a new certificate for the same user. An email containing the links needed to download the new certificate and the HCN application will be sent to the user’s email address. The user will follow the instructions and links in the email to download a new certificate and another copy of the application. This process will be very similar to the process used in downloading the initial certificate and application.
12. Why does a user need to have administrative rights in order to download the digital certificate?
The certificate needs to be downloaded under the workstation user’s account. If another person with admin rights logs onto the workstation and downloads the certificate, then the certificate will be downloaded under their account, not the workstation user’s account. If the certificate is downloaded this way, when the workstation user tries to launch HCN, the application will not find the certificate, as it is not under the user’s account. Because of this, the workstation user will temporarily need to have administrative rights to the workstation when downloading the certificate, in order to download the certificate under their account.