Skip to content

Sjunet (self-managed)

For Elastisys Managed Services Customers

You can ask for this feature to be enabled by filing a service ticket.

The Swedish Sjunet is a private network, managed by Inera, designed for healthcare systems with strict requirements. It is used by regioner, komuner and private actors with in the healthcare system. As the healthcare system has high requirements when it comes to distributing sensitive information. Sjunet as a private network, means they can validate that the strict requirements, such as high availability, stability and bandwidth, are meet. Also, that only authorized and audited users are allowed to use it.

Who is Sjunet for?

Sjunet is for actors that are working with the Swedish healthcare system that require a high available, stable and secure network. Today there are over 100 services, such as Nationell patientöversikt, Intygstjänster and Födelseanmälan, using Sjunet to be reliably available for hospital and healthcare centers.

How Compliant Kubernetes connects to Sjunet

The architecture diagram below shows how Compliant Kubernetes connects to Sjunet and who is responsible for what.

The platform administrator configures NodeLocalDNS to use Sjunet's DNS to resolve Sjunet domains. Together with static routes, network traffic heading to Sjunet is routed to a virtual machine acting as a gateway. The gateway will be co-located within the same security group as the cluster to ensure that traffic between the cluster and the gateway is secure and closed off from the outside.

Inera, which is the administrators of Sjunet, require you to use a VPN when connecting to Sjunet over the public network.

The application developer is responsible to install a supported VPN client on the VM acting as the gateway and connect it to Sjunet's VPN. Together with the static networking route within the cluster, this means that traffic intended for Sjunet will be routed correctly via the gateway.

Architectural diagram

Compliant Kubernetes Platform administrators area of responsibility Application Developer Application developers area of responsibility Inera Ineras area of responsibility

For Elastisys Managed Services Customers

Inform your platform administrator by filling a service ticket if additional IPs are required to be routed via the gateway machine. Or if additional security group ports, UDP/TCP, are required to be opened to allow traffic to flow in or out from the machine.

Further Reading