Running and maintaining a secure Unity RIS/CVIS/PACS

Similar documents
CS Series Installation Guide Release 8.2 UNITY TM RIS/PACS

Mississippi State University RFP Enterprise Imaging Informatics Solutions Questions and Answers September 13, 2017

VMware Mirage Getting Started Guide

Unity R9 Beta Program

emix Implementation Steps

Support for the HIPAA Security Rule

Paragon Protect & Restore

Microsoft Windows Server Administration Fundamentals. Download Full Version :

Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.

OsiriX in the Enterprise:

Contingency Planning and Disaster Recovery

Perceptive VNA. Technical Specifications. 6.0.x

IBM Spectrum Protect Version Introduction to Data Protection Solutions IBM

FUJIFILM MEDICAL SYSTEMS

Quick Start - BlueArc File Archiver

IBM Tivoli Storage Manager Version Introduction to Data Protection Solutions IBM

Quick Start - OnePass Agent for Windows File System

MANUFACTURER RamSoft Incorporated , Adelaide St E Toronto, ON M5C 3E4 CANADA

Data Storage, Recovery and Backup Checklists for Public Health Laboratories

These release notes cover new features and improvements for Clario s Worklist, Portal and Cloud VR.

Healthcare IT A Monitoring Primer

DefendX Software Control-Audit for Hitachi Installation Guide

VMware Mirage Getting Started Guide

ECM-VNA Convergence Connector

Quick Start - NetApp File Archiver

VMware vsphere Data Protection Evaluation Guide REVISED APRIL 2015

PACS Scan Mobile. User Help. Version: Written by: Product Knowledge, R&D Date: September 2016 LX-DOC-PSM2.0.1-UH-EN-REVB

HP Designing and Implementing HP Enterprise Backup Solutions. Download Full Version :

User Guide - Exchange Database idataagent

Administration GUIDE. OnePass Agent for NetApp. Published On: 11/19/2013 V10 Service Pack 4A Page 1 of 132

Administration Guide - NetApp File Archiver

IBM Spectrum Protect HSM for Windows Version Administration Guide IBM

What s New in PowerScribe 360 Reporting, Version 2.5

IMPAX 6.3. Application Server Configuration Guide. Configuring the IMPAX 6.3 Application Server Using the IMPAX Business Services Configuration Tools

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Chapter 2 CommVault Data Management Concepts

StorageCraft OneXafe and Veeam 9.5

ShowCase Image Center Administrator s Guide

Copyright 2011, TeraMedica, Inc.

VMware vsphere Data Protection 5.8 TECHNICAL OVERVIEW REVISED AUGUST 2014

Quick Start Guide TABLE OF CONTENTS COMMCELL ARCHITECTURE OVERVIEW COMMCELL SOFTWARE DEPLOYMENT INSTALL THE COMMSERVE SOFTWARE

RamSoft Platform Specifications Version 6.0

VMware Mirage Web Manager Guide

1 Overview All Breast Biopsy Recommendations & Incompletes All Breast Six Month Follow-Up... 3

version 5.4 Installation Guide

StorageCraft OneBlox and Veeam 9.5 Expert Deployment Guide

Dell EMC Isilon with Cohesity DataProtect

NTP Software VFM Administration Web Site

Knowledge Exchange (KE) System

Administrator s Guide

Release Notes. LiveVault. Contents. Version Revision 0

Quick Start Guide - Exchange Database idataagent

PACS: Image Distribution

Chapter 9 Protecting Client Data

Printer and Driver Management

Symantec Backup Exec Blueprints

Chapter 11. SnapProtect Technology

RIS RECEPTION. Quick Reference Guide

Identity with Windows Server 2016 (742)

Features - SRM Windows File System Agent

Hitachi HH Hitachi Data Systems Storage Architect-Hitachi NAS Platform.

Virtual Machine Backup Guide Update 2 Release for ESX Server 3.5, ESX Server 3i version 3.5, VirtualCenter 2.5

Chapter 10 Protecting Virtual Environments

Audit Record Repository Manager

AvePoint Governance Automation 2. Release Notes

Availability for the modern datacentre Veeam Availability Suite v9.5

NTP Software Defendex (formerly known as NTP Software File Auditor) for NetApp

DICOM DIRECTOR. User Manual for. DICOM Director Gateway. DICOM Director Team Version 1.0

Using Computer Associates BrightStor ARCserve Backup with Microsoft Data Protection Manager

User s Manual. Version 5

TSM Studio Dataview's and Dataview Commands. TSM Studio

Real-time Monitoring, Inventory and Change Tracking for. Track. Report. RESOLVE!

NTP Software VFM. Administration Web Site for EMC Atmos User Manual. Version 6.1

NTP Software File Auditor for Hitachi

Pinnacle3 Professional

6/4/2018 Request for Proposal. Upgrade and Consolidation Storage Backup Network Shares Virtual Infrastructure Disaster Recovery

Test-King.VMCE_V8.40Q.A

The power of centralized computing at your fingertips

IBM Scale Out Network Attached Storage (SONAS) using the Acuo Universal Clinical Platform

User Guide - Exchange Mailbox Archiver Agent

Introduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike

Vembu BDR Suite. Free vs Paid Edition. Backup & Disaster Recovery. VEMBU TECHNOLOGIES TRUSTED BY OVER 60,000 BUSINESSES

MOVE AntiVirus page-level reference

Course Outline. exam, Installation, Storage and Compute with Windows Server Course 20740A: 5 days Instructor Led

Backup and Recovery FAQs

Contents George Road, Tampa, FL

NTP Software VFM Administration Web Site For Microsoft Azure

Setting Up the Dell DR Series System on Veeam

Microsoft SQL Server

The simplified guide to. HIPAA compliance

BACKUP APP V7 MICROSOFT SYSTEM STATE BACKUP AND RESTORE GUIDE

VMware Mirage Web Management Guide. VMware Mirage 5.9.1

Data Center Operations Guide

Zemana Endpoint Security Administration Guide. Version

Executive Summary SOLE SOURCE JUSTIFICATION. Microsoft Integration

Network Performance, Security and Reliability Assessment

Knowledge Exchange (KE)

Backup and Recovery. Benefits. Introduction. Best-in-class offering. Easy-to-use Backup and Recovery solution

Installation, Storage, and Compute with Windows Server 2016

ROYAL INSTITUTE OF INFORMATION & MANAGEMENT

Transcription:

TechNote: Unity System Backend for System Administrators Running and maintaining a secure Unity RIS/CVIS/PACS Unity Releases 9, 10, and 11 April 3, 2015 For system administrators Contents Getting started... 2 DR Systems servers... 2 Web servers and remote access... 3 Exam archive options... 5 Exam restores... 9 Backups... 10 User authentication and Active Directory... 10 Hardware supplied by DR Systems or the customer... 12 Microsoft security updates... 12 Antivirus programs... 14 Disaster recovery... 14 Copyright 1997-2015 DR Systems, Inc. and its licensors. All rights reserved. Protected by U.S. Patents: http://www.drsys.com/legal/. Template: TCP-000181-L Phone: 858.625.3344 US Toll Free: 800.794.5955 www.drsys.com

TechNote: Unity System Backend for System Administrators 2 of 15 Getting started Use this document for an introduction on running and maintaining the Unity RIS/CVIS/PACS backend system. DR Systems servers PACS Server The PACS Server is the primary server for any Unity site. It is responsible for: Active Directory domain controller User and computer accounts User authentication Group policies File server Exam data DR Systems application data Reports Web server HTTP traffic for Universal Manager Report viewing Database server Dedicated Database Server (optional) Depending on the size, volume, and workflow at a site, a Dedicated Database Server (DDS) may be needed. The purpose of the DDS is to run the PACS and audit databases. The database is configured to load itself into RAM. This way, a majority of the database operations occur in RAM and not on the physical disk. The DDS also serves as a secondary Active Directory domain controller. Core application server The following DR Systems applications run on the Core application server: Archive and restore Automation Print formatters

TechNote: Unity System Backend for System Administrators 3 of 15 RIS/HL7 applications Database backups Configuration file backups Dragon Acoustic Optimizer (for sites using Dragon speech recognition.) Messenger application (centralized DICOM Send application) DR Scheduler DR Scheduler enables automated, enterprise-wide, resource-based scheduling of patients, resources, and facilities. As a fully integrated module of the DR Systems RIS option, DR Scheduler provides healthcare facilities with significant saving in time, resources, and money by reducing operating expenses, increasing efficiencies, and improving insurance payment cash flow. DR Scheduler can be configured for internal scheduling or web-based scheduling through the Internet. Fax server The fax server is a workstation class machine that is used to fax approved reports. The fax server requires a physical fax board that cannot be virtualized. DICOM server DR Systems supports centralized DICOM servers. The site s configuration determines the number of DICOM servers that are needed. All the modalities are configured to send to both a primary and a secondary DICOM server. After the exam is received from the modality, the exam can be marked for post-processing so the technologist can edit the exam before moving it online for a physician to read. The exam can also be automatically imported and put online after the exam is sent to the DICOM server. Web servers and remote access Communicator The Communicator is a server that publishes imaging exams for viewing over the Internet or an internal intranet, using a standard web browser or the DR Systems Web Ambassador application. Authorized referring physicians and reading physicians can log onto the Communicator from a remote site, enter a confidential user name and password, and access images, voice clips, and reports. The Communicator stores images and voice clips. On the Communicator file sizes are typically 1/2 to 2/3 the size of the PACS Server storage.

TechNote: Unity System Backend for System Administrators 6 of 15 Disk array archive Unity can archive exams to a UNC path (CIFS or NFS). This can be customer-supplied storage or DR Systems supplied storage. The storage devices that can be used for a disk array archive are SAN, NAS, or direct attached storage. Caution: DR Systems HIGHLY recommends backing up the storage device to another storage device because the file system can become corrupted, or multiple drive failures can lead to data loss. The following information can be archived to a disk array archive, the Disk Array Guardian (DAG): Exam images Exam reports Scanned documents Voice clips Patient demographic information

TechNote: Unity System Backend for System Administrators 7 of 15 Replicated disk array archive Because a second copy of the archive data is HIGHLY recommended, a popular alternative to the disk array archive is the replicated disk array archive. Unity provides a dual-write archive. This means that the archive application has the ability to archive data to two physically separate archive devices: 1. The archive data is written to the primary storage device first. The primary storage device must be on the same LAN as the PACS Server 2. The exam is written to the secondary storage device. The secondary storage can be offsite. 3. After the data is written to the secondary storage, Unity does an MD5 file comparison of the archive data to ensure both the primary and secondary storage are exactly the same. 4. After the MD5 comparison completes successfully, Unity updates the PACS database and notes that the exam has been archived. This process ensures that after the exam is archived, it is written to two physically separate storage devices. Unity does not rely on third-party replication software. Unity can restore the exam from either storage device. The following information can be archived to a replicated disk array archive: Exam images Exam reports Scanned documents Voice clips Patient demographic information

TechNote: Unity System Backend for System Administrators 8 of 15 DICOM archive DR Systems has validated the following DICOM archive and VNA (Vendor Neutral Archives) solutions: InSight One by Dell Merge Healthcare Carestream Health Acuo Technologies, Perceptive Software from Lexmark DICOM Grid DR Systems VNA The following information can be archived to a DICOM archive, the DICOM Guardian: No Exam images Exam reports Scanned documents Voice clips Patient demographic information Reports cannot be archived to the DICOM archive. A separate disk array archive configuration is required to archive exam reports. How exams get archived After an exam is marked Read by the reading physician, the archive status of the exam is automatically changed to Pending Archive. The archive application scans the PACS every few minutes looking for exams to archive. Exams are typically archived within 30 minutes to 1 hour of the exam being marked read. The Online tab or short term cache of exams consists primarily of Read exams that have been archived. If an archived exam is edited, depending on the edit, the exam automatically gets re-archived. Some edits do not update the exam, but only the PACS database. In this case the exam is not rearchived. Typically, exams are placed online, read, and archived within the same day that the exam is acquired, if the reading physician reads the exam that day.

TechNote: Unity System Backend for System Administrators 9 of 15 Online free space monitoring and exam deletion Unity software constantly monitors the overall system free space. When exams are acquired retention policies are set on the exam to give it a date of when it s eligible to be deleted from the system if and when the free space watermark is reached. Exams can have a delete date of three years ago and still be online because the system has not needed to delete exams to maintain the free space watermark. One of the core Unity applications is Automation. Its primary job is to monitor the system free space and delete exams when needed. By default, the free space watermark is 15%. In <X> number of years, the PACS online storage fills to 15%. After it goes below 15%, Automation deletes just enough exams every hour to get you back to the 15% watermark value. The goal of the application is to keep the system hovering at 15% free space and keep as many exams online as possible. Criteria for Automation to delete an exam Unity has a specific set of criteria that exams must meet to be eligible for automatic deletion by Automation. Exam is read. Exam is archived. Corresponding archive database rows are present. Exam is past the Purged date. And the patient must have NO scheduled exams. To monitor the system free space you need to look at the Automation application running on the core applications server. You can see the overall system free space. Exam restores Every exam is assigned an Exam Type in the PACS. Each Exam Type has a prefetch rule assigned to it. For example, the prefetch rule for CT exams could be configured to restore the previous 3 CT studies for patient XYZ, if they are not currently online. Online equals near-line storage. Five days before the patient s exam, Automation automatically restores the exams based on the Exam Type prefetch rules. The rules are customizable and can be set per Exam Type. You are not limited to only prefetched exams getting restored to the PACS. You have the ability to submit restore jobs at any time from Universal Manager by using the Prior button or the Archive tab. Reading physicians have the ability to restore exams from the Electronic Requisition displayed when they view the patient s exam on the Dominator. You can also request exams to be restored from an Online exam s priors list, or from the Archived tab.

TechNote: Unity System Backend for System Administrators 10 of 15 Backups The default configuration maintains 10 days of database and configuration file backups. The size of the site s PACS, audit, and DR Scheduler databases, along with the size of all the configuration files, allow DR Systems Service to alter the retention policy up or down depending on how much disk space is consumed on a nightly basis. The standard database backup volume size is 600 GB. This means that: The PACS Server or DDS has a 600 GB database backup volume. The core application server has a 600 GB DB backup volume. Database backups Throughout the day, the Unity DB Archive application, running on the core application server, makes six transactional database backups. Every night DB Archive performs a full database backup of the PACS, audit, and the DR Scheduler databases. Part of the full DB Archive backup activity performs a database validation. After the database backup is complete, the backed up database starts and a full database validation is performed to ensure that if the backup database needed to be used, that all the data in the database was valid and there are no issues with any of the database tables or indexes. The database backups are stored on two physically separate disks and file systems: The first copy is stored on the database backup volume. The second copy is stored on the local storage of the core application server. If your site has a backup rotation that DR Systems Service can participate in, that is encouraged. We can work with you to load a backup agent on the core application server and point the agent at the appropriate directory to backup. Configuration file backups Every night, DB Archive also copies all the configuration files, report templates, ExamForms, SmartForms, Structured Report templates, and mammography letters from the PACS volume to the local storage on the core application server. User authentication and Active Directory All DR System PACS solutions require a DR Systems supplied domain for the PACS infrastructure. Sites have two options for application user authentication: DR Systems supplied Active Directory (AD) Customer-supplied AD

TechNote: Unity System Backend for System Administrators 11 of 15 DR Systems supplied AD The DR Systems supplied AD can be used for application user authentication. The system administrator has the ability to create a new user and assign that user a system role from Universal Manager Users tab. The user is created in the Unity AD. Customer-supplied AD If all the users are already created with the site s existing customer-supplied AD, Unity can point application user authentication to the customer-supplied AD. For this to work, DR Systems (DRS) provides the site s system administrator a script that creates a DRS Organizational Unit (OU). Inside the DRS OU a couple of user accounts and security groups are created. One security group that gets created is DRUserAccounts. Any user in the customer-supplied AD that gets added to the DRUserAccounts shows up in the Migrate Users dialog box (launched from the Users tab). The users are not migrated from the customer-supplied AD to the DR Systems AD. The user account is created in the PACS database, where user roles are stored. When a user account is migrated, the PACS role is also assigned to the user account. The user could be a technologist, radiologist, referring physician, system administrator, or other role. For more information on using the customer-supplied AD for user authentication, please request TechNote TCP-000436-A Integrating User Accounts from and Active Directory Domain, which is available on the Resource Center. Unity AD system state backup The DR Systems AD domain is backed up nightly by a scheduled system state backup task on the Unity domain controller. The backup is stored on the PACS volume. The system state backs up: Boot files, including the system files, and all files protected by Windows File Protection (WFP). AD user accounts and computer accounts. Sysvol. Cluster database (on a cluster node only). The registry. Performance counter configuration information. Component services class registration database.

TechNote: Unity System Backend for System Administrators 12 of 15 Hardware supplied by DR Systems or the customer DR Systems supplied hardware DR Systems offers turnkey PACS infrastructure and workstation hardware solutions. DR Systems has 20 years of experience building, designing, and tuning a PACS for optimal performance, reliability, and recoverability. As long as the site is still under a service contract and the hardware is not End of Service Life, DR Systems supports, maintains, and replaces any failed hardware components by the next business day. This gives the site one phone number to call to get all their service needs addressed. DR Systems offers the following infrastructure solutions: Physical servers Microsoft cluster server (physical servers requires a SAN) VMware Virtualization (minimum 2 host servers and a SAN are required) VMware Virtualization with Disaster Recovery and Business Continuance (Requires 2 datacenters, 2 SANs, SAN replication software, and VMware Site Recovery Manager) Customer-supplied hardware DR Systems works with sites that want to provide their own infrastructure hardware or workstations. We support the following customer-supplied infrastructure solutions: Physical servers Microsoft cluster server (physical servers requires a SAN) VMware Virtualization In a customer-supplied hardware environment, DR Systems is only able to support the Unity software running on the servers or on the workstations. The site is responsible for any hardware or storage related problems. Any involvement from DR Systems to help resolve issues other than the Unity software would be billable service. Microsoft security updates Applying Microsoft Security Updates to DR Systems-supplied servers and workstations is a key component of maintaining good network security. DR Systems has recently added an improved method of deploying security updates which leverages the Microsoft Windows Server Update Services (WSUS). DR Systems is implementing WSUS-based security updates using a central Internet-accessible WSUS admin server along with a WSUS Replica Server at each customer sit as shown in the following figure.

TechNote: Unity System Backend for System Administrators 14 of 15 Antivirus programs Exclusions on workstations The following folders must be excluded from the antivirus program: c:\drs c:\database\ c:\images\ c:\receive\ c:\temp\ c:\natspeak c:\resultsout Exclusions on servers The following folders must be excluded from the antivirus program: i:\drs i:\images i:\database (**\Images*\) < Mounted volumes (**\Imgs*\) < Mounted Volumes D:\ Y:\**\mnt*\ Include the following for all stations The following files should be included in the antivirus program: *.bat *.dll *.doc files *.exe *.ocx Disaster recovery Disaster recovery varies based on the type of disaster. A disaster could be any of the following: Data center environmental disaster Broken water pipe Fire Power Surge Human error

TechNote: Unity System Backend for System Administrators 15 of 15 Hardware failure that results in data loss Natural disasters Hurricane Flooding Fires Earthquake Meteor strike The type and extent of the disaster dictates the recovery effort. Every scenario is different and the disaster recovery efforts are determined at the time of the failure. DR Systems relies on the data backups and exam archive configuration to restore a site to normal operation following a disaster. After the scope of the disaster is determined, a recovery plan is defined and discussed with the site. Recovery time varies based on the type and severity of the disaster.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback