configuration management supplement 67 robert horn, agfa healthcare
TRANSCRIPT
Configuration ManagementConfiguration Management
Supplement 67Supplement 67
Robert Horn, Agfa Healthcare
Configuration ManagementConfiguration Management The Problem being solvedThe Problem being solved Use CasesUse Cases Sup. 67 – DICOM Configuration ManagementSup. 67 – DICOM Configuration Management
The Problem Being SolvedThe Problem Being Solved
Installation of DICOM equipmentInstallation of DICOM equipment» Takes too longTakes too long
» Requires too much effortRequires too much effort
» Requires time consuming, multi-vendor coordinationRequires time consuming, multi-vendor coordination
» Involves too many mistakesInvolves too many mistakes
Upgrading and repairing DICOM equipmentUpgrading and repairing DICOM equipment» Requires too much service effort for configuration tasks that Requires too much service effort for configuration tasks that
are unrelated to the problem being solved.are unrelated to the problem being solved.
» Configuration complexity prevents customer self-help for Configuration complexity prevents customer self-help for simple problemssimple problems
Use casesUse cases
Add a new machineAdd a new machine Locate Actor, IP, AE-title, Security Locate Actor, IP, AE-title, Security
informationinformation Single node power up and establish Single node power up and establish
configurationconfiguration Time SynchronizationTime Synchronization
ConstraintsConstraints
Support vendor extensionsSupport vendor extensions Support site and enterprise extensionsSupport site and enterprise extensions Consider installed IT support facilities in Consider installed IT support facilities in
selectionselection Do not invent a new protocolDo not invent a new protocol
Network ServicesNetwork Services
DHCPDHCP» Assigns IP address, hostnameAssigns IP address, hostname
» Informs DNS of assignmentInforms DNS of assignment
» Provides routing, NTP, DNS, etc. information to clientProvides routing, NTP, DNS, etc. information to client
DNSDNS» Provides hostname to IP lookup servicesProvides hostname to IP lookup services
» Provides server location lookup servicesProvides server location lookup services
NTPNTP» Provides accurate time and time synchronizationProvides accurate time and time synchronization
» See See www.ntp.orgwww.ntp.org for descriptions, software, evaluation, and for descriptions, software, evaluation, and configuration guidance.configuration guidance.
LDAPLDAP
Very Widespread use, Very Widespread use, – No surprises to the IT staffNo surprises to the IT staff– Large base of trained users and administratorsLarge base of trained users and administrators– Large base of software clientsLarge base of software clients
Support by Microsoft, Unix, Open SourceSupport by Microsoft, Unix, Open Source Support for federated databasesSupport for federated databases Easy to extend by adding schemaEasy to extend by adding schema
Infrastructure requirementsInfrastructure requirements
DHCP, DNS, NTP, LDAP may be on one host, or DHCP, DNS, NTP, LDAP may be on one host, or may be on multiple hosts. may be on multiple hosts.
Normal network design issues, nothing special for Normal network design issues, nothing special for the DHCP, DNS and NTP services.the DHCP, DNS and NTP services.
LDAP is increasingly integrated into IT LDAP is increasingly integrated into IT operations. This makes its use for configuration operations. This makes its use for configuration management more attractive, but means a greater management more attractive, but means a greater planning involvement with the IT organization.planning involvement with the IT organization.
Beyond AE-TitlesBeyond AE-Titles
– Installation and Network Configuration orientedInstallation and Network Configuration oriented
– Locate Application given the AE-titleLocate Application given the AE-title» TCP/IP parametersTCP/IP parameters
– AE ConfigurationAE Configuration» SOP Classes supported (SCU/SCP, Transfer Syntaxes)SOP Classes supported (SCU/SCP, Transfer Syntaxes)
» Vendor extensionVendor extension
» Obtain new unique AE-TitleObtain new unique AE-Title
– Device ConfigurationDevice Configuration» DescriptionDescription
» Vendor extensionVendor extension
» Hospital extensionHospital extension
Preconfigured InstallationPreconfigured Installation
Large network additionLarge network addition Multiple vendorsMultiple vendors Reduce coordination and scheduling delaysReduce coordination and scheduling delays Reduce configuration errorsReduce configuration errors Reduce staging requirementsReduce staging requirements
Preconfigured InstallationPreconfigured Installation
A
A
A
AB BB
LDAPLDIF
LDIF
NetworkPlanning
PreparedConfigurations
PreparedConfigurations
Vendor A Preparation
Vendor B preparation
DHCP
IT Organization
Add another machineAdd another machineDHCP
LDAP
DNS
Get IP, hostname, etc.
Find LDAP Server
Query Configuration
Obtain Unique AE Titles
Update Configuration
Install Hardware
Assign Name
Configure System
Customer Assisted MaintenanceCustomer Assisted Maintenance
– Simple device swapSimple device swap– Remote reconfigurationRemote reconfiguration– Local reconfigurationLocal reconfiguration
Present Supplement StatusPresent Supplement Status
Supplement 67 – Proposed for Frozen DraftSupplement 67 – Proposed for Frozen Draft Could be updated and final by September or Could be updated and final by September or
October.October.
Configuration Management Configuration Management ActorsActors
R e s o l v e H o s t n a m e
N T P C l i e n t N T P S e r v e r
D H C P C l i e n t D H C P S e r v e r D N S S e r v e r
L D A P C l i e n t L D A P S e r v e r
M a i n t a i n T i m e
F i n d N T P S e r v e r ( D H C P )
S N T P C l i e n t
D D N S C o o r d i n a t i o n
F i n d D H C P a n d U s e S e r v e r
M a i n t a i n L e a s e
F i n d L D A P S e r v e r
Q u e r y L D A P S e r v e r , C l i e n t U p d a t e L D A P S e r v e r
O n e o r m o r e C l i e n t a c t o r s w i l l b e i n t h e s a m e d e v i c e
F i n d N T P S e r v e r ( B r o a d c a s t )
M a i n t a i n T i m e
O n e o r m o r e S e r v e r a c t o r s m a y b e i n t h e s a m e d e v i c e
D N S C l i e n t
R e s o l v e H o s t n a m e
O R
Individual AE TitleIndividual AE Title
LDAP SchemaLDAP Schema
DICOM Configuration
Unique AE Titles Registry
Individual AE Title
Devices Vendor Information, Certificates, Device Configuration parameters, etc.
AE-Title, Description, AE Configuration parameters, etc.Network AENetwork AE
Transfer CapabilityTransfer CapabilitySCU/SCP, Hostname, Port, etc.
} This portion is used toprovide unique AE titles automatically.
# # The following attribute types are defined in this document:# # Name Syntax Multiplicity# -------------------------------- ------ ------------# dicomDeviceName string Single# dicomDescription string Single# dicomManufacturer string Single# dicomManufacturerModelName string Single# dicomVersion string Multiple# dicomVendorData binary Multiple# dicomAETitle string Single# dicomNetworkConnectionReference DN Multiple# dicomApplicationCluster string Multiple# dicomAssociationInitiator bool Single# dicomAssociationAcceptor bool Single# dicomHostname string Single# dicomPort Integer Single# dicomSOPClass OID Single# dicomTransferRole string Single# dicomTransferSyntax OID Multiple# dicomPrimaryDeviceType string Multiple# dicomRelatedDeviceReference DN Multiple# dicomPeerAETitle string Multiple# dicomTLSCipherSuite string Multiple# dicomAuthorizedNodeCertificateReference DN Multiple# dicomThisNodeCertificateReference DN Multiple# dicomInstalled bool Single#
LDAP SchemaLDAP Schema
Example of attribute definitionExample of attribute definition# 3.1 dicomDeviceName string Single
#
# This attribute stores the unique name (within the scope of the LDAP database)
# for a DICOM Device.
#
# It is a single-valued attribute.
# This attribute's syntax is 'Directory String'.
# Its case is not significant for equality and substring matches.
#
attributetype ( 1.2.840.10008.15.0.3.1
NAME 'dicomDeviceName'
DESC 'The unique name for the device'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
Objects DefinedObjects Defined# The following object classes are defined in this document. All are# structural classes.# # Name Description# --------------------------- --------------------------# dicomConfigurationRoot root of the DICOM Configuration Hierarchy# dicomDevicesRoot root of the DICOM Devices Hierarchy# dicomUniqueAETitlesRegistryRoot root of the Unique DICOM AE-Titles Registry Hierarchy# dicomDevice Devices# dicomNetworkAE Network AE# dicomNetworkConnection Network Connections# dicomUniqueAETitle Unique AE Title# dicomTransferCapability Transfer Capability
Example of Object DefinitionExample of Object Definition## 4.4 dicomDevice## This structural object class represents a DICOM Device.# objectclass ( 1.2.840.10008.15.0.4.4
NAME 'dicomDevice'DESC 'DICOM Device related information'SUP topSTRUCTURALMUST (
dicomDeviceName $dicomInstalled )
MAY ( dicomDescription $dicomManufacturer $dicomManufacturerModelName $dicomVersion $dicomVendorData $dicomPrimaryDeviceType $dicomRelatedDeviceReference $dicomAuthorizedNodeCertificateReference $dicomThisNodeCertificateReference) )
Use of LDAP SchemaUse of LDAP Schema
Schema text from the supplement Schema text from the supplement » in the format used to configure generic LDAP in the format used to configure generic LDAP
serversservers
» Cut and paste from supplement into server Cut and paste from supplement into server configuration file tested and verifiedconfiguration file tested and verified
Local extension by modifying schemaLocal extension by modifying schema
Purpose of Frozen DraftPurpose of Frozen Draft
Find any remaining flaws in the Frozen DraftFind any remaining flaws in the Frozen Draft» Inhouse experience at several companies revealed flaws in the Inhouse experience at several companies revealed flaws in the
public comment version.public comment version.
» The flaws only became apparent during the development of The flaws only became apparent during the development of trial versions.trial versions.
Inter-company trials Inter-company trials » are expected to reveal other flaws in the Frozen Draft versionare expected to reveal other flaws in the Frozen Draft version
» The trials are not exploring implementation compatibility, only The trials are not exploring implementation compatibility, only clarity of the standardclarity of the standard
» The trials are not a compatibility connectathonThe trials are not a compatibility connectathon
» The Committee for Advancement of DICOM is organizing a The Committee for Advancement of DICOM is organizing a small group of trial implementations.small group of trial implementations.
Future additionsFuture additions
Security parameter distributionSecurity parameter distribution» LDAP is one of the mechanisms for distributing PKI LDAP is one of the mechanisms for distributing PKI
information for key management.information for key management.