Vocera XMPP Proxy Server

A proxy server is a dedicated machine that behaves as a secure intermediary between an endpoint and another server from which a user is requesting service. The Vocera XMPP Proxy server facilitates secure messaging used in the Vocera Platform appliance by intercepting XMPP requests and then verifying their fulfillment. XMPP Proxy communicates with a network switch to pass on XMPP requests to the Vocera Platform server.

This diagram shows how the XMPP Proxy server fits into a typical networking infrastructure model. The XMPP Proxy server is positioned between networks in the demilitarized zone and securely facilitates external facing services of the Vocera Platform, such as XMPP requesting, to the Internet.

The Vocera XMPP Proxy server provides a pass-through to the client-server handshake sequence. The handshake sequence includes network, encryption, and user authentication; with this process, the connections originating from the XMPP Proxy and passed to the Vocera Platform appear to be received directly from Vocera Vina clients. XMPP Proxy operates on Ethernet layer 3 only; the encryption, authentication, message data, etc. is negotiated and handled directly between Vocera Vina and Vocera Platform.

The facility's IT support must configure their own DNS entries for all XMPP Proxy servers in deployment. For XMPP Proxy deployments, the hospital's network administrator should set up the domain name system (DNS) resolution with a "split horizon" design. In a split horizon scenario the internal Vina clients connect directly to the Vocera Platform, while the external Vina clients connect to the public Internet IP for the XMPP Proxy, and are then forwarded to Vocera Platform.

The XMPP Proxy server only supports inbound client connections using the XMPP service (TCP/IP port 5222). XMPP Proxy acts as a reverse proxy, using IP forwards and NAT (network address translation) for port 5222, to provide Vina clients on external networks access to the Vocera Platform XMPP service.

The Vocera Vina client connection is the only service that is enabled on the XMPP Proxy. Due to security considerations, only XMPP is provided. XMPP Proxy has a robust security profile, and other network services such as HTTPS or SSH are not enabled. Remote CLI access is disabled by default, but it can be selectively added to internal networks.

Vocera XMPP Proxy also provides mitigation against a potential distributed denial of service (DDoS) attack with SYNPROXY, a Red Hat Enterprises product. The TCP three-way handshake is completed with the client prior to establishing a connection with the Platform server, and therefore, SYN-flood attacks are ineffective against the Vocera Platform.

Vocera provides an administrator account that is shared with the facility to allow access to the XMPP Proxy appliance for future configuration updates since remote access is not available. After the initial administrator log in, the default password (given by Vocera) must be changed and securely stored for future use, either by the facility's IT personnel in a safe location or by Vocera via Salesforce.

The administrator login will directly launch the configuration menu; command line access will not be accessible from this account. The new XMPP Proxy appliance password storage location is at the discretion of the Implementation Specialist. It is imperative that the default password is changed so that the network security that XMPP Proxy provides is not compromised. An internal administrative account is available for initial configuration and is never shared with the facility. This internal administrative account supersedes the facility-level administrator account with unique privileges, including command line access.

Multiple Vocera XMPP Proxy servers can provide redundancy in the event of a failover. Refer to Vocera Platform Administration Guide for more information about the high availability (HA) feature in Vocera Platform.