Skip to main content

Hospital Lab Setup

This guide explains how to set up a virtual lab environment simulating hospital/healthcare network segmentation using Xshield Gatekeeper.

Prerequisites

Please complete the basic lab setup steps described in the Lab Setup Guide before proceeding with this guide.
If a similar lab built earlier exists on the tenant, please remove the lab before proceeding to build the lab using the following procedure.
See Section – Remove Hospital Lab Environment below.

Setting Up the Hospital Environment

  1. After completing the basic lab setup, run the Xshield Lab utility:

    python3 xshield_lab.py

  2. Select Option 3: Create Lab Environment for Gatekeeper
    Submenu appears with environment options to choose from.

  3. Select Option 4: Hospital
    [✓] Hospital environment with medical devices, patient monitoring systems, and clinical workstations
    Submenu appears with Integrations options to choose from.

  4. Select desired option for Integration.
    If no Integration is desired, select the option that says ‘None’.

  5. Wait for the gatekeeper and assets to appear in your tenant.
    Make sure assets go to Managed mode or move them manually.
    You should see preconfigured traffic paths between assets.

  6. At this point you are ready to use the lab.

If you would like to customize the lab with inbuilt tags, tag rules, templates, segments, and named networks, proceed to the next section – Customize Lab Environment.
You may also choose not to customize and build tag rules, templates, segments, and named networks on your own depending on your use case.

Customize Lab Environment

  1. After completing the hospital lab setup, run the Xshield Lab utility:

    python3 xshield_lab.py

  2. Select Option 7: Customize Lab Environment

Note: If you have customized the lab and desire to re-customize for any reason, it is recommended to remove hospital lab customization by selecting Option 3 – Remove Hospital Lab Customization

  1. From the submenu, select one of the options:
    • Option 1: Rename Assets using Agent prefix
      To rename assets for better organization. This may help build appropriate tag rules, searches, etc.
    • Option 2: Customize Hospital Lab
      Assign Tags, Named Network, Templates, Segments via CSV inputs.
      This will set tags and build tag rules, templates, segments, and named networks using predefined CSV config files supplied with the virtual lab.

At this point, you are ready to implement policy as desired.
Certain traffic paths are excluded from the inbuilt templates, which can be used to demo policy enforcement storyline.

Additionally, a custom tag BreachStatus when changed from NoBreach to ActiveBreach, will only allow traffic essential to run critical hospital functions.
This function can be used to demo an active breach scenario.

Remove Hospital Lab Environment

Removing the lab environment is recommended when you no longer need it, plan to rebuild the same environment, or want to build a different one.

  1. To remove hospital lab environment, run the Xshield Lab utility:

    python3 xshield_lab.py

Note: The next two steps may take a while to complete and are required only if you have customized the lab.
If you haven’t customized, proceed to step 4 directly.

  1. Select Option 7: Customize Lab Environment

  2. Select Option 3: Remove Hospital Lab Customizations

  3. Run the Xshield Lab utility again:

    python3 xshield_lab.py

  4. Select Option 8: Remove Lab Environment

  5. Verify that Gatekeeper, Assets, Tag Rules, Segments, Templates, and Named Networks built through lab customization are removed from the tenant.

Recovery Instructions

If you need to rebuild the lab environment after a host restart:

  1. Follow the Lab Environment Cleanup instructions
  2. Return to the Setting Up the Hospital Environment section above