Elekta Network Security Solution Installation and Configuration

Network Security Solution Installation and Configuration Information

Article number: 1016395_01 Language: English

Copyright statement

©2010 Elekta Limited. All rights reserved. Do not make printed or electronic copies of this document, or parts of it, without written authority from Elekta Limited. The information contained in this document is for the sole use of Elekta Limited personnel, authorised users of the Equipment, and Licensees of Elekt a Limited and for no other purpose. Use of trademarks and trade names statement

The Elekta trademarks, service marks, logos and trade names that we use in this document are the registered and unregistered trademarks and trade names of Elekta AB (publ.), its affiliates or a third party that has licensed its trademarks and trade names to Elekta AB (publ.) or its affiliates. Do not make copies, show, or use trademarks or trade names without written authority from Elekta Limited, an affiliate of Elekta AB (publ.). Acknowledgement of other trademarks

Elekta acknowledge the registered trademarks and trade names of other manufacturer that we use in this document. Referenced documents

Elekta does not supply all documents that we refer to in this document with the equipment. Elekta reserves the right to make the decision on which of the documents it supplies with the equipment. Contact information: TECHNICAL SUPPORT HELPDESK — ALL PRODUCTS TEL +44 (0)1293 654 400 – FAX +44 (0)1293 654 401 – mailto: [email protected]

WORLDWIDE PRODUCT MANUFACTURING and SUPPORT CENTERS

1016395_01

ONCOLOGY

NEUROSURGERY

ELEKTA LIMITED Linac House Fleming Way, Crawley West Sussex RH10 9RR United Kingdom Tel +44 1293 544 422 Fax +44 1293 654 118

ELEKTA INSTRUMENT AB Kungstensgatan 18 Box 7593 SE-103 93 Stockholm Sweden Tel +46 858 725 400 Fax +46 858 725 500

Network Security Solution

Copyright statement

©2010 Elekta Limited. All rights reserved. Do not make printed or electronic copies of this document, or parts of it, without written authority from Elekta Limited. The information contained in this document is for the sole use of Elekta Limited personnel, authorised users of the Equipment, and Licensees of Elekt a Limited and for no other purpose. Use of trademarks and trade names statement

The Elekta trademarks, service marks, logos and trade names that we use in this document are the registered and unregistered trademarks and trade names of Elekta AB (publ.), its affiliates or a third party that has licensed its trademarks and trade names to Elekta AB (publ.) or its affiliates. Do not make copies, show, or use trademarks or trade names without written authority from Elekta Limited, an affiliate of Elekta AB (publ.). Acknowledgement of other trademarks

Elekta acknowledge the registered trademarks and trade names of other manufacturer that we use in this document. Referenced documents

Elekta does not supply all documents that we refer to in this document with the equipment. Elekta reserves the right to make the decision on which of the documents it supplies with the equipment. Contact information: TECHNICAL SUPPORT HELPDESK — ALL PRODUCTS TEL +44 (0)1293 654 400 – FAX +44 (0)1293 654 401 – mailto: [email protected]

WORLDWIDE PRODUCT MANUFACTURING and SUPPORT CENTERS

1016395_01

ONCOLOGY

NEUROSURGERY

ELEKTA LIMITED Linac House Fleming Way, Crawley West Sussex RH10 9RR United Kingdom Tel +44 1293 544 422 Fax +44 1293 654 118

ELEKTA INSTRUMENT AB Kungstensgatan 18 Box 7593 SE-103 93 Stockholm Sweden Tel +46 858 725 400 Fax +46 858 725 500


Field Change Order (FCO)

Each page of this document has a date at the bottom of the page, for example (02/2010). This is the date of release of the page. When Elekta do a change to a page, the page gets a new date. Elekta can release the changed pages as a Field Change Order (FCO). You You can identify the FCO by the unique reference number and the new date on the pages. It is your responsibility to put the changed pages of the FCO into this document, and to record the change in the table below. below. Change record

When you put a change into this document, record the FCO number and the date that you made the change. Then, sign in the signature field. FCO number


Date

Signature

1016395_01

– Blank page –

1016395_01


List of pages

List of pages ii iii iv

11/2010 11/2010 11/2010

v vi

11/2010 11/2010

vii viii

11/2010 11/2010

ix x

11/2010 11/2010

1-1 1-2 1-3 1-4 1-5 1-6 1-7 1-8 1-9 1-10 1-11 1-12 1-13 1-14 1-15 1-16

11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010

2-1 2-2 2-3 2-4 2-5 2-6

11/2010 11/2010 11/2010 11/2010 11/2010 11/2010

3-1 3-2 3-3 3-4 3-5 3-6 3-7 3-8 3-9 3-10 3-11 3-12 3-13 3-14 3-15 3-16 3-17 3-18

11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010 11/2010


3-19 3-20 3-21 3-22

11/2010 11/2010 11/2010 11/2010

4-1 4-2 4-3 4-4 4-5 4-6

11/2010 11/2010 11/2010 11/2010 11/2010 11/2010

5-1 5-2 5-3 5-4

11/2010 11/2010 11/2010 11/2010

6-1 6-2 6-3 6-4 6-5 6-6

11/2010 11/2010 11/2010 11/2010 11/2010 11/2010

7-1 7-2 7-3 7-4 7-5 7-6

11/2010 11/2010 11/2010 11/2010 11/2010 11/2010

A-1 A-2 A-3 A-4

11/2010 11/2010 11/2010 11/2010

B-1 B-2 B-3 B-4

11/2010 11/2010 11/2010 11/2010

C-1 C-2 C-3 C-4

11/2010 11/2010 11/2010 11/2010

LoW-1 LoW-2

11/2010 11/2010

1016395_01

List of pages

– Blank page –

1016395_01


Table of contents

Table of contents 1 Introduction 1.1

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

1.2

Function of this document. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

1.3

Warnings, cautions and notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4

1.4

Intended function and use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.4.1 Intended function of the equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.4.2 Intended use of the equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.4.3 Contraindications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.5

Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5

1.6

Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5 1.6.1 IEC classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5

1.7

Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5

1.8

Safety . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.8.1 Important safety instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.8.2 Using visual display units (VDUs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.8.3 Warning labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.8.4 Maintenance and faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.8.5 Safety devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.8.6 Emergency procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.8.7 Electrical and mechanical safety . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.8.8 Electrostatic discharge sensitive devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.8.9 Fire and explosion safety. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.8.10 Electromagnetic compatibility (EMC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.9

Cleaning and disinfection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9

1-4 1-4 1-4 1-4

1-6 1-6 1-6 1-6 1-7 1-7 1-7 1-7 1-8 1-8 1-8

1.10 End of Life (EOL) disposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 1.11 Text formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10 1.12 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10 1.13 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10 1.14 Abbreviations and acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11 1.15 Important Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13 1.16 User Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15

2 Overview of the Network Security Solution 2.1

About the Network Security Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 2.1.1 Functions and features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

2.2

Controls, indicators and connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

3 Install and configure the NSS 3.1

Install the NSS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.1.1 Parts delivered with the NSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.1.2 Prepare the Elekta network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.1.3 Connect the NSS power and earth cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-3 3-3 3-3 3-3

3.2

Configure the NSS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2.1 Configure the engineer laptop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2.2 Configure the NSS hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2.3 Configure the Windows ® computer name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-4 3-4 3-5 3-8


1016395_01

Table of contents

3.2.4 3.2.5 3.2.6 3.2.7 3.2.8 3.2.9 3.2.10 3.2.11 3.2.12 3.2.13 3.2.14 3.2.15 3.2.16 3.2.17 3.2.18 3.2.19

Configure the NSS for the hospital network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8 Configure Network Time Protocol (NTP) time servers . . . . . . . . . . . . . . . . . . . . . . . 3-15 Configure Windows ® http proxy (optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16 Configure the IntelliMax Agent (optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 Verify NSS antivirus update procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 Configure the digital accelerator TCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18 Configure the MOSAIQ® Sequencer PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19 Configure RPC on the MOSAIQ ® Sequencer PC . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19 Configure SYNERGISTIQ™ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20 Configure the XVI PC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20 Configure the iViewGT ™ PC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20 Configure the DMLC PC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21 Configure the iGUIDE® PC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21 Connect the NSS network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21 Confirm the Elekta network operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21 Backup the NSS configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22

4 Operate the NSS 4.1

Access the NSS temporary data storage area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

4.2

UTM operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 4.2.1 NSS firewall operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 4.2.2 NSS antivirus and anti-malware operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5

4.3

NSS temporary data storage area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5

5 Maintenance 5.1

Software maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3

5.2

Clean the NSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3

6 Troubleshooting 6.1

Restart the NSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3

6.2

Reinstall the NSS software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3 6.2.1 Windows® activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5

6.3

Elekta service and support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5

7 NSS technical information 7.1

NSS architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3

7.2

NSS hardware specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4

7.3

NSS network interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4

7.4

NSS usernames and passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4

7.5

NSS directory structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5

Appendix A Installation planning A.1

Installation planning report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3

Appendix B CD Drive B.1

Activate the CD Drive for Windows ® . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3

Appendix C Software Licenses C.1

Zentyal Software License. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-3

1016395_01


List of figures and tables

List of figures and tables Table 1.1 Table 1.2 Figure 2.1 Figure 2.2 Figure 2.3 Figure 2.4 Table 3.1 Figure 3.1 Table 3.2 Figure 3.2 Figure 3.3 Figure 3.4 Figure 3.5 Figure 3.6 Figure 3.7 Figure 3.8 Figure 3.9 Figure 3.10 Figure 3.11 Figure 3.12 Figure 3.13 Figure 3.14 Table 4.1 Table 4.2 Figure 6.1 Figure 6.2 Figure 7.1 Table 7.1 Table 7.2 Table 7.3 Figure 7.2 Figure B.1

Glossary of terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10 Abbreviations and acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11 Typical NSS network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 Front panel of NSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 Rear panel of NSS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 Rear of NSS (without service panel cover). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6 Parts delivered with the NSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Position of NSS on TCC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 IP addresses for NSS and Elekta network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Dual Elekta treatment networks with dual NSS units . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5 NSS login screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6 NSS Dashboard screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6 NSS System general configuration screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 NSS Gateways and Proxy menu screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 NSS Saving changes screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10 NSS Network Interfaces screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11 NSS Gateways and Proxy configuration screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12 NSS Domain Name Server Resolver screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13 NSS Adding a new name server screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14 NSS Date and Time Configuration screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15 NSS Antivirus screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 NSS Backups list showing the new backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22 NSS External LAN port exception table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 NSS IP address and IP port forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Launch Virtual Machine Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4 Windows XP Professional Setup Wizard welcome screen . . . . . . . . . . . . . . . . . . . . . . . . 6-4 NSS software architecture overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3 NSS ethernet networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 NSS usernames and passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 NSS usernames and passwords for NSS shared directories . . . . . . . . . . . . . . . . . . . . . . . 7-5 NSS temporary data storage area directory structure . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5 Launch Virtual Machine Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-3


1016395_01

List of figures and tables

– Blank page –

1016395_01


Introduction

1

Introduction Section

Title

Page

1.1

Introduction........................................................................................................... 1-3

1.2

Function of this document ..................................................................................... 1-3

1.3

Warnings, cautions and notes................................................................................. 1-4

1.4

Intended function and use ...................................................................................... 1-4

1.5

Compatibility......................................................................................................... 1-5

1.6

Compliance............................................................................................................ 1-5

1.7

Training ................................................................................................................. 1-5

1.8

Safety..................................................................................................................... 1-6

1.9

Cleaning and disinfection....................................................................................... 1-9

1.10

End of Life (EOL) disposal..................................................................................... 1-9

1.11

Text formats ........................................................................................................ 1-10

1.12

Conventions......................................................................................................... 1-10

1.13

Glossary............................................................................................................... 1-10

1.14

Abbreviations and acronyms................................................................................ 1-11

1.15

Important Notices................................................................................................ 1-13

1.16

User Notices......................................................................................................... 1-15


1016395_01

Introduction

– Blank page –

1016395_01


Introduction Introduction

1.1

Introduction This chapter gives regulatory and safety information about the Elekta Network Security Solution. Descriptions

This document gives information on all configurations of the equipment.

1.2

Function of this document This document describes the pre-installation and preparatory checks required to make sure that the Network Security Solution is compatible with, and configurable within, present or new Elekta networks. It provides installation and configuration information and instructions for use to help the user in the safe and correct installation and operation of the equipment. The user is the authority who has the contro l of the equipment and the person or persons who operate and work on the equipment. Clinical user A Clinical User is a qualified person who uses the digital accelerator, and its accessories, for the treatment of patients. A Clinical User is trained in the safe, clinical operation of the digital accelerator. Such treatment must be therapeutic only. Service user A Service User is a qualified Service Engineer or Physicist who is trained to do the maintenance tasks on the digital accelerator and its accessories. A Service User operates the digital accelerator, and its accessories, to do tests, adjustments, and repairs to the equipment. Such operation must not be therapeutic. All users

Before you operate the equipment, Elekta recommends that you read, understand, and obey all: •

Warnings

•

Safety labels and markings

•

Cautions

•

Important notices

•

Notes

•

User notices

•

Release notes

Elekta recommends that you: •

Read carefully the information in the Safety section of this chapter

•

Keep this document with the equipment for easy reference.


1016395_01

Introduction Warnings, cautions and notes

1.3

Warnings, cautions and notes This section shows how we use warnings, cautions, and notes in this document.

WARNING x.x A warning is an instruction which, if ignored, can cause fatal or serious injur y, injury, or clinical mistreatment.

CAUTION x.x A caution is an instruction which, if ignored, can cause damage to the equipment, other material, data, or the environment.

Note:

A note gives more information about the related text. A note is not an instruction.

1.4

Intended function and use

1.4.1

Intended function of the equipment The Elekta Network Security Solution (NSS) is a multi-purpose device designed to protect Elekta's Treatment Delivery Suite (TDS) from illicit intrusion attempts and malware attack. A single NSS provides Unified Threat Management (UTM) functionality (firewall and malware protection) and temporary secure data storage for a single digital linear accelerator and its associated IT components.

1.4.2

Intended use of the equipment Only install and operate the equipment for its intended use, and in agreement with the safety procedures and instructions in the supplied documentation. No information in this document removes the responsibility of the user to use professional judgement and best practice. The installation and operation of the equipment must obey the applicable laws and regulations in the jurisdiction in which the equipment is installed. Incorrect operation of the equipment that does not agree with the intended function and use can release Elekta or their agent from all or some of their responsibility for non-compliance, damage, or injury that such use can cause.

1.4.3

Contraindications Do not operate the equipment if there are (or could be) the contraindications that foll ow: There are no identified contraindications for this equipment.

1016395_01


Introduction Compatibility

1.5

Compatibility

WARNING 1.1 Do not use a part or accessory that is not approved by Elekta. If you ignore this warning, incorrect radiation and other safety risks can cause fatal or serious injury, injury, or clinical mistreatment.

Only operate the equipment with Elekta-suppli ed or approved, compatible equipment or parts. Contact Elekta for information about the compatibility of other equipment or parts. Do not use accessories, transducers, and cables that are not s pecified by Elekta. They can have an effect on the electromagnetic compatibility (EMC) performance, which can increase emissions or decrease immunity of the equipment.

WARNING 1.2 Do not make modifications, or do maintenance work on the equipment, unless you are a qualified person with the applicable authority. If you ignore this warning, incorrect radiation and other safety risks can cause fatal or serious injury, injury, or clinical mistreatment.

Only make modifications, or do maintenance work on the equipment if you are a qualified person with the applicable authority. Such work must apply best engineering practice and obey the laws and regulations in the jurisdiction in which the equipment is installed. Modifications or maintenance work that is not approved by Elekta, or not done by a qualified person with the correct authority, can cause damage to the equipment and cancel the warranty.

1.6

Compliance The design of the equipment is in compliance with international standards for safety.

1.6.1

IEC classification Refer to User Installation Manual, Elekta NSS-01 from Captec Ltd, UK.

1.7

Training Make sure that you have the necessary training before you operate, or do work on the equipment. Because countries have different regulations for tr aining, make sure that your training is in compliance with the laws and regulations of the jurisdiction in which the equipment is installed.


1016395_01

Introduction Safety

1.8

Safety Every reasonable precaution has been taken during manufacture to safeguard the health and safety of persons who will operate the Network Security Solution. Elekta recommends that all operators at all times obey the precautions in this section.

1.8.1

Important safety instructions All medical electrical equipment must have the correct installation, operation and maintenance. This is specially applicable to safety related items. For your safety and the safety of the patients, Elekta recommends that you read, understand and obey all:

1.8.2

•

Warnings, cautions and notes in this document and related documents.

•

Warnings, cautions and safety markings on the equipment and the accessories of the equipment.

•

Instructions and information in the Safety section of this document and related documents.

Using visual display units (VDUs)

WARNING 1.3 Do not use a visual display unit (VDU) unless you obey the applicable Health and Safety regulations and procedures. If you ignore this warning, you can cause damage to your health.

1.8.3

Warning labels This section gives examples of the warning labels that you can find on Elekta products.

1016395_01

General warning

If the warning label has instructions on it, obey the instructions. If the warning label has no instructions on it, refer to the related product documentation for information.

Radiation warning

This label gives you a warning that dangerous radiation is possible.

High voltage warning

This label gives you a warning that there can be high voltage.

Laser warning

This label gives you a warning that there can be a laser beam in, or near to, the equipment.


Introduction Safety

1.8.4

Do not sit caution

This label gives you a caution not to sit on parts that have this label.

ESD caution

This label gives you a caution that there are devices in the equipment that are sensitive to electrostatic discharge.

People’s Republic of China - Ministry of Information Industry Order #39

This label gives you a warning that the equipment contains one or more of the specified materials in Ministry Order #39. The number in the center of the symbol gives the safe environment protection period in years.

Disposal warning

This label gives you a warning that the disposal of the equipment, or parts of the equipment, must not be through domestic waste systems.

Maintenance and faults The NSS contains no user serviceable parts.

1.8.5

Safety devices There are no safety devices applicable to the Network Security Solution.

1.8.6

Emergency procedures There are no emergency procedures applicable to the Network Security Solution.

1.8.7

Electrical and mechanical safety

WARNING 1.4 Do not remove covers or cables from the equipment unless special instructions in this document tell you to. Always put covers on again before you use the equipment. There are high voltages and parts that move in the equipment. If you ignore this warning, exposure to high voltages and parts that move can cause fatal or serious injury, or injury.

Only operate the equipment in rooms that are in compliance with the applicable electrical safety laws and regulations for this type of equipment. Before you do maintenance and repair work, or start to clean the equipment, isolate the electrical power supply and prevent unwanted movement of the equipment.


1016395_01

Introduction Safety

1.8.8

Electrostatic discharge sensitive devices

CAUTION 1.1 Do not touch the printed circuit boards (PCBs) and other electronic parts unless you wear a grounded antistatic wrist strap. If you ignore this caution, electrostatic discharge can cause damage to the parts and cause them to h ave a malfunction.

Semiconductors, integrated circuits, and parts that contain them, are sensitive to electrostatic discharge (ESD). These devices are known as electrostatic discharge sensitive devices. ESD can cause damage to these devices and cause them to have an immediate or subsequent malfunction. To prevent ESD damage to these devices, always wear a grounded antistatic wrist strap, and obey ESD precaution procedures.

1.8.9

Fire and explosion safety

WARNING 1.5 Do not use the equipment in rooms that contain flammable or explosive gases. Some anesthetic gases and disinfectant sprays are flammable or explosive. If you ignore this warning, fire or explosion can cause fatal or serious injury, injury, or damage to the equipment.

1.8.10

Electromagnetic compatibility (EMC)

WARNING 1.6 Do not put portable or mobile radio frequency (RF) communication devices near to the equipment. The emissions from such RF devices can be more than the EMC standards, which can have an unwanted effect on the operation of the equipment. If you ignore this warning, the RF emission can cause the equipment to have a malfunction, which can cause fatal or serious injury, clinical mistreatment, or damage to the e quipment.

Elekta products are in compliance with applicable EMC emission standards. It i s possible that the emissions from portable and mobile RF communication devices are more than the EMC standards. In such conditions, the EMC emissions can have an unwanted effect on the operation of medical electrical equipment.

1016395_01


Introduction Cleaning and disinfection

1.9

Cleaning and disinfection At regular intervals, it is necessary to clean the equipment.

WARNING 1.7 Do not start to clean the equipment, or use a disinfectant spray, before you isolate the equipment from the electrical supply. If you ignore this warning, the exposure to high voltages can cause fatal or serious injur y.

WARNING 1.8 Do not use a spray that is flammable or explosive. The fumes from such sprays can start a fire or cause an explosion. If you ignore this warning, fire or explosion can cause fatal or serious injury.

CAUTION 1.2 Do not let water and other liquids get into the equipment. If you ignore this caution, water and other liquids can cause electrical short-circuits, metal corrosion, and other damage to the equipment.

CAUTION 1.3 Do not use sprays to clean the medical equipment room because the sprays can go into the equipment. If you ignore this caution, the sprays can cause electrical short-circuits, metal corrosion, or other damage to the equipment.

1.10

End of Life (EOL) disposal

WARNING 1.9 Do not move or discard radioactive and hazardous material unless you are qualified and have an applicable license. If you ignore this warning, radioactive and hazardous material can cause fatal or serious injury, and damage to the environment.

“End of Life (EOL) disposal” refers to the procedure used to remove and discard the equipment, or parts of the equipment, to a condition that it is not possible to operate the equipment for its intended use. Always use procedures that give the best possible protection to the environment when you remove and discard the equipment. The procedures must obey the laws and regulations of the jurisdictions in which you discard the equipment. Do not discard Elekta products through the domestic waste systems. Only an approved facility with an applicable license must remove and discard the equipment and recycle the material. Do not discard material that is hazardous to health and the environment together with other material. Before you remove and discard the equipment, contact Elekta Ltd. for information.


1016395_01

Introduction Text formats

1.11

Text formats This section gives the conventions for the text formats that you can find in this document. Text Format

Definition

The text that shows on a VDU screen

Bold

Button labels Screen (window) labels Keyboard key legends File names Sequential selections Important information

1.12

SMALL CAPS

Signal names

courier

Denotes text to be entered by the user, or paths

Conventions This section gives the conventions for terms that you can find in this document. Term

Convention

Authorized person A person who is given the authority to do the work on the equipment by the authority that controls the equipment. Qualified person

1.13

A person that is recognized by a competent authority to have the necessary knowledge and training to do specified tasks.

Glossary This section gives the definitions of some of the terms that you can find in this document.

Table 1.1

Glossary of terms

Term

1016395_01

Explanation

Firewall

Software that provides protection against attempted network intrusion.

Malware

Software designed to infiltrate a computer without the owner’s consent or knowledge.

HOSTS

The HOSTS file is a computer file used to store information on where to find a node on a computer network.

SAMBA

SAMBA is open source software that provides file and print interoperability between Linux and Microsoft ® Windows.

Unified Threat Management

The provision of integrated defence against all forms of potential network attack.


Introduction Abbreviations and acronyms

1.14

Abbreviations and acronyms This section gives the conventions for the abbreviations and acronyms that you can find in this document.

Table 1.2

Abbreviations and acronyms

Abbreviation

Definition

DHCP

Dynamic Host Configuration Protocol

DICOM

Digital Imaging and Communications in Medicine

DLL

Dynamic Link Library (file)

DMLC

Dynamic Micro Multi-Leaf Collimator

DNS

Domain Name Service

EMC

Electromagnetic Compatibility

FTP

File Transfer Protocol

HTTPS

Hypertext Transfer Protocol (Secure)

ICOM

IDEF abbreviation for Inputs, Controls, Outputs & Mechanisms

iCOM-Fx

External field selection interface

iCOM-Vx

External verification interface

IDM

Intelligent Device Management

IEC

International Electrotechnical Commission

IP

Internet Protocol

IT

Information technology

KVM

Kernel-based Virtual Machine

LAN

Local Area Network

LCS

Linac (digital accelerator) Control System (see TCS)

NetBT

NetBIOS over TCP/IP

NIC

Network Interface Card

NSS


NTP

Network Time Protocol

PDF

Portable Document Format (electronic file format)

R&V

Record and Verify

RATM

Remote Automatic Table Movement

RPC

Remote Procedure Call

RT

Radiation Therapy

SFTP

Secure File Transfer Protocol

SSH

Secure Shell

SSL

Secure Sockets Layer

TCP/IP

Transmission Control Protocol / Internet Protocol

TCP/UDP

Transmission Control Protocol / User Datagram Protocol


1016395_01

Introduction Abbreviations and acronyms Table 1.2

Abbreviations and acronyms

Abbreviation

1016395_01

Definition

TCC

Treatment Control Cabinet

TCS

Treatment Control System

TDS

Treatment Delivery Suite

TPS

Treatment Planning System

UPS

Uninterruptable Power Supply

USB

Universal Serial Bus

URL

Universal Resource Locator (web or internet address)

UTM

Unified Threat Management

WINS

Windows Internet Name Service

XVI

X-ray Volume Imaging


Introduction Important Notices

1.15

Important Notices When Elekta releases an Important Notice, include the Important Notice in this section. Then change the Amendment Record in the Preliminary section, and include the information in your procedure.


1016395_01

Introduction Important Notices

– Blank page –

1016395_01


Introduction User Notices

1.16

User Notices When Elekta releases a User Notice, include the User Notice in this section. Then change the Amendment Record in the Preliminary section, and include the information in your procedure.


1016395_01

Introduction User Notices

– Blank page –

1016395_01


Overview of the Network Security Solution

2

Overview of the Network Security Solution Section

Title

Page

2.1

About the Network Security Solution .................................................................... 2-3

2.2

Controls, indicators and connectors....................................................................... 2-5


1016395_01

Overview of the Network Security Solution

– Blank page –

1016395_01


Overview of the Network Security Solution About the Network Security Solution

2.1

About the Network Security Solution The Network Security Solution (NSS) provides antivirus, anti-malware and firewall protection for Elekta digital accelerator control systems for Desktop Pro ™ R6.0 and later. The NSS also protects the following auxiliary Elekta systems: •

iViewGT ™

•

XVI

•

MOSAIQ® Sequencer

•

iGUIDE®

•

DMLC.

Each NSS protects one Elekta digital accelerator and a maximum of six auxiliary Elekta systems as shown in Figure 2.1.

Figure 2.1

Typical NSS network

The NSS also serves as the host for IntelliMax Agent. The NSS requires only a single point connection to the hospital network and therefore needs only a single hospital IP address to enable all necessary communications.


1016395_01

Overview of the Network Security Solution About the Network Security Solution

2.1.1

Functions and features The NSS provides the following functions and features:

Note:

•

A secure, reliable single-point connection between the Elekta and hospital networks

•

Firewall blocking of all unauthorised network traffic between the Elekta and hospital networks

•

A secure 1 TB temporary data storage area offering automatic scanning against viruses and malware

•

Prevention of virus and malware contamination between hospital and Elekta networks

•

Seven switched external 1GB full duplex ethernet LAN ports

•

Single external 1 GB ethernet LAN port to enable configuration

•

Host for IntelliMax Agent

•

Automatic cleanup utility for temporary data storage area

•

Automatic virus/malware definition updates

•

Automatic Microsoft® updates

•

SAMBA server

•

DHCP server

•

SFTP server.

It is the responsibility of the hospital to ensure that any data transferred to the NSS temporary data storage area is backed up to another secure location if t he data is to be retained for longer than 8 days. The NSS automatically deletes data i n its shared data storage area after 9 days.

CAUTION 2.1 The NSS will NOT remove any viruses, malware, spyware or ‘trojan horses’ present on the Elekta network devices. It prevents further contamination from the hospital network. Failure to remove any existing threats present on any device in the Elekta network may result in incorrect operation of the Elekta network devices connected to the NSS.

1016395_01


Overview of the Network Security Solution Controls, indicators and connectors

2.2

Controls, indicators and connectors The controls, indicators and connectors of the NSS are located on the front and rear panels of the unit, as shown in Figure 2.2, Figure 2.3 and Figure 2.4. 2

3

1

4

4 Figure 2.2

(1) (2)

Front panel of NSS

Green power indicator CD/DVD ROM drive

3

4

5

(3) (4)

6

7

8

9

Engineer laptop ethernet port Filter cover panel screws

10

11

12

2

1 Figure 2.3

(1) (2) (3) (4) (5) (6)


Rear panel of NSS

IEC type power connector Earth terminal ET1 ON(I)/OFF(0) switch MOSAIQ® ethernet port iGUIDE® ethernet port DMLC ethernet port

(7) (8) (9) (10) (11) (12)

TCS ethernet port iViewGT™ ethernet port XVI ethernet port Spare ethernet port Hospital network ethernet port Service panel

1016395_01

Overview of the Network Security Solution Controls, indicators and connectors

6

1

2 Figure 2.4

(1) (2) (3)

1016395_01

3

4

5

Rear of NSS (without service panel cover)

Mouse port Keyboard port VGA video port

(4) (5) (6)

Not used Not used Not used


Install and configure the NSS

3

Install and configure the NSS Section

Title

Page

3.1

Install the NSS ....................................................................................................... 3-3

3.2

Configure the NSS ................................................................................................. 3-4


1016395_01

Install and configure the NSS

– Blank page –

1016395_01


Install and configure the NSS Install the NSS

3.1

Install the NSS The NSS is not equipped with a monitor or keyboard. A laptop computer is needed to set up and configure the system.

3.1.1

Parts delivered with the NSS The NSS is supplied with the following components: Table 3.1

Parts delivered with the NSS

Description

3.1.2

Quantity

Elekta NSS unit

1

IEC AC power cable

1

1 m CAT5e network cable

1

1 m earth cable

1

NSS Installation & Configuration Information (this document)

1

NSS software DVD

1

Prepare the Elekta network Complete the installation planning report provided in Appendix A before you start installing the NSS. Before you install the NSS, check that you have all of the components listed in Table 3.1.

3.1.3

Connect the NSS power and earth cables 1

Put the NSS unit on top of the digital accelerator Treatment Control Cabinet (TCC) as shown in Figure 3.1. If the NSS cannot be positioned on top of the TCC, another suitable location can be used.

Figure 3.1


Position of NSS on TCC

1016395_01

Install and configure the NSS Configure the NSS

3.2

2

Ensure that the ON/OFF switch at the rear of the NSS is set to OFF ( 0).

3

Connect earth terminal ET1 to an earth connection terminal on the TCC.

4

Connect the power cable to the IEC socket on the rear of the NSS.

5

Connect the power cable to a filtered, grounded power outlet on the TCC UPS.

6

Do not connect the NSS to the hospital network or to any of the Elekta network devices.

Configure the NSS Table 3.2 lists IP addresses assigned to the NSS and the Elekta network devices it protects. These IP addresses are fixed. Table 3.2

IP addresses for NSS and Elekta network

Network Element

Subnet Mask

NSS to hospital network

Specified by hospital

Specified by hospital

NSS to Elekta network

192.168.30.1

255.255.255.0

NSS to engineer network

192.168.35.1

255.255.255.0

Digital accelerator TCS

192.168.30.2

255.255.255.0

MOSAIQ® Sequencer 1

192.162.30.3

255.255.255.0

XVI

192.168.30.4

255.255.255.0

iViewGT™

192.168.30.5

255.255.255.0

DMLC

192.168.30.6

255.255.255.0

iGUIDE®

192.168.30.7

255.255.255.0

IntelliMax Agent

192.168.81.2

255.255.255.0

1

3.2.1

IP Address

For hospitals using other Record and Verify systems, change the R&V system IP address to the MOSAIQ® Sequencer IP address.

Configure the engineer laptop Configure the engineer laptop TCP/IP settings to use DHCP. The NSS has an integrated DHCP server which gives an IP address to the laptop. An ethernet network patch cable is required to connect the laptop to the NSS. To access the NSS graphical user interface, you will need to have the latest version of the Mozilla Firefox ® browser (http://www.mozilla.com/firefox) installed on your laptop. Firefox® is installed in the Tools directory.

CAUTION 3.1 Ensure that the laptop is running a current version of a suitable antivirus/anti-malware program with fully updated definitions. Failure to do so may result in the NSS becoming infected with any virus or malware present on the laptop.

Note:

1016395_01

It is strongly recommended that you do a full anti virus scan of the laptop before connection to the NSS.



Ensure Firefox® is NOT configured to use an http proxy server. Open the browser and do the following steps:

3.2.2

1

Click Tools.

2

Click Options.

3

Click Advanced.

4

Click Network.

5

Click Settings.

6

Click No Proxy.

7

Click OK.

8

Click OK.

Configure the NSS hostname If the hospital has multiple digital accelerators, one NSS will be required to provide protection for each accelerator. See Figure 3.2. The hostname of each NSS must be unique. The factory default setting is ElektaNSS01. If there is more than one NSS in the network, the hostname of one or more NSS must be changed. Proceed to Section 3.2.4 if you are installing only a single NSS.

Figure 3.2

Dual Elekta treatment networks with dual NSS units

Do the following steps to change the hostname: 1

Set the ON/OFF switch at the rear of the NSS to ON (I). Allow 5 minutes for the NSS to start.

2

Connect a laptop (see Section 3.2.1) to the ENGINEER PC port on the front of the NSS. Start the laptop. The NSS will assign an IP address in the range 192.168.35.xx to the laptop.

3

Start the Firefox ® browser and connect to the NSS using the following URL: https://192.168.35.1


1016395_01


4

When prompted for the password (see Figure 3.3) enter: Username:

elekta

Password:

generation10

Figure 3.3

5

NSS login screen

The NSS Dashboard is displayed. See Figure 3.4.

Figure 3.4

NSS Dashboard screen

6

Click System.

7

Click General. The System general configuration screen is displayed. See Figure 3.5.

1016395_01



Figure 3.5

8

NSS System general configuration screen

In the Change Hostname section, enter the new hostname in the format: ElektaNSS0x where x=2,3...

9

Click Change. A message appears that is almost the same as: The hostname will be changed to elektanss02 after saving changes.

10 Click Save Changes. 11 Click Save .


1016395_01


3.2.3

Configure the Windows® computer name If the hospital has multiple digital accelerators, one NSS will be required to provide protection for each accelerator. See Figure 3.2. The Windows ® computer name of each NSS must be unique. The factory default setting is ElektaNSSXP01. If there is more than one NSS in the network, the Windows ® computer name of one or more NSS must be changed. Proceed to Section 3.2.4 if you are installing only a single NSS. Do the following steps to change the Windows ® computer name: 1

Connect a laptop (see Section 3.2.1) to the ENGINEER PC ethernet port.

2

Start the laptop.

3

Configure a Windows ® Remote Desktop Connection on the laptop to connect to the NSS Windows ® XP Professional virtual machine using the following information: IP address:

192.168.81.2

Username:

elekta

Password:

generation10

4

Click start.

5

Click My Computer.

6

Click View system information .

7

Click the Computer Name tab.

8

Click Change....

9

Enter ELEKTANSSXP0x into the Computer name field, where x=2,3,4... as required. The number must be different from any other NSS in the Elekta network.

10 Click OK. 11 Click OK to acknowledge the computer restart message. 12 Click OK. 13 In the Systems Settings Change window, click Yes to restart the Windows ® virtual machine. The computer name change will be applied when the Windows ® virtual machine restarts.

3.2.4

Configure the NSS for the hospital network 1

Set the ON/OFF switch at the rear of the NSS to ON (I). Allow 5 minutes for the NSS to start.

2

Connect a laptop (see Section 3.2.1) to the ENGINEER PC port on the front of the NSS.

3

Start the laptop. The NSS will assign an IP address in the range 192.168.35.x x to the laptop.

4

Start the Firefox® browser and connect to the NSS using the following URL: https://192.168.35.1

5

1016395_01


elekta

Password:

generation10



The NSS Dashboard appears. See Figure 3.4. 6

Click the Network menu item.

7

Click the Gateways menu item to display the Gateways menu screen. See Figure 3.6

Figure 3.6

NSS Gateways and Proxy menu screen

8

Select any defined gateways except the default gateway dhcp-gw-eth0.

9

Click the ‘dustbin’ icon under Action to delete the gateway(s). The default gateway cannot be deleted.

10 Click Save Changes. 11 Click Save .


1016395_01


Figure 3.7

NSS Saving changes screen

12 Click the Network menu item. 13 Click the Interfaces menu item.

1016395_01



.

Figure 3.8

NSS Network Interfaces screen

14 Click the eth0 tab. 15 Set Method to Static from the dropdown list. 16 Enter the fixed IP address and subnet mask provided by the hospital for the NSS. 17 Click Change. 18 Click Save Changes. 19 Click Save . 20 Click the Gateways menu item.


1016395_01


Figure 3.9

NSS Gateways and Proxy configuration screen

21 Click Add New. 22 Create a new Gateway with the following information: Name:

HospitalGateway

IP Address:

hospital gateway IP address

Interface:

eth0

23 Click the Default tickbox. 24 Click Add. 25 If the hospital uses Internet proxy settings, type the applicable settings. 26 Click Save Changes. 27 Click Save . 28 Click the Network menu item. 29 Click DNS.

1016395_01



Figure 3.10

NSS Domain Name Server Resolver screen

30 Click Add New.


1016395_01


Figu Figure re 3.11 3.11

NSS NSS Add Addin ingg a new new name name serv server er scre screen en

31 Enter the IP address of the hospital DNS server (as recorded in Appendix 1) into the Domain Name Server field. 32 Click Add. 33 Click Save Changes. 34 Click Save .

1016395_01



3.2.5

Configur igure e Network Time ime Protocol (NTP) time serve rvers The NSS can use NTP to synchronize its timestamps to an external NTP time server. server. Do the following steps to configure NTP on the NSS: 1

Click System.

2

Click Date/Time.


NSS NSS Dat Datee and and Time Time Conf Config igur urat atio ion n scr scree een n

3

Click the Primary Server field and clear the default entry. entry.

4

Enter the hospital NTP Server IP Address into the Primary Server field.

5

Click Change.

6

Click Save Changes .

7

Click Save .

The basic configuration of the NSS is now complete. To configure the http proxy service if required, proceed to Section 3.2.6. 3.2.6. To install IntelliMax Agent onto the NSS, proceed to Section 3.2.7. 3.2.7 . Otherwise, proceed to Section 3.2.8. 3.2.8.


1016395_01


3.2.6

Configure Windows® http proxy (optional) The NSS runs a Windows ® XP Professional kernel-based virtual machine. See Section 7.1. 7.1. The NSS utilizes the http protocol in order to retrieve operating system and security updates for Windows ® XP Professional. At hospital sites where an http proxy is used, the IP address of the proxy server must be configured to enable the update process. Do the following steps in order to configure http proxy operation: Configure a Windows ® Remote Desktop Connection on the laptop to connect to the NSS Windows® XP Professional virtual machine using the following information: IP address:

192.168.81.2

Username:

elekta

Password:

generation10

1

Open Microsoft ® Internet Explorer. Explorer.

2

Click Tools.

3

Click Internet Options... .

4

Click the Connections tab.

5

Click LAN Settings... .

6

Click the Use a proxy server for your LAN tickbox.

7

Enter the hospital proxy server IP address (as recorded in Appendix 1) in to the Address field.

8

Type the hospital proxy settings s ettings into the Port field.

9

Click OK.

10 Click OK. 11 Close the browser. browser. 12 Click start. 13 Click Run.... 14 Enter cmd into into the text box. 15 Click OK. 16 In the DOS window, enter the following: proxcfg -u

17 Close the CMD window. To install IntelliMax Agent onto the NSS, proceed to Section 3.2.7. 3.2.7. Otherwise, proceed to Section 3.2.8. 3.2.8.

1016395_01



3.2.7

Configure the IntelliMax Agent (optional) To configure IntelliMax Agent, you will need to have the latest version of IntelliMax Agent installation software. The software and manual can be downloaded from http://www.elekta.biz. Do the procedure in Section 3.2.6 to configure a Windows ® Remote Desktop Connection on the laptop to connect to the NSS Windows ® XP Professional virtual machine using the following information: IP address:

192.168.81.2

Username:

rtduser

Password:

rtduser

Install and configure IntelliMax Agent by following the instructions in the IntelliMax Agent Installation and Configuration Instructions, 45133702183.

3.2.8

Verify NSS antivirus update procedure The NSS updates its antivirus definitions every hour via connection to the Internet. Elekta recommends that following installation the antivirus update process is verified. Do the following steps: 1

If not currently connected to the NSS Dashboard, do steps 2 to 6 of Section 3.2.4.

2

Click Antivirus.

Figure 3.13


NSS Antivirus screen

1016395_01


3.2.9

3

Verify the timestamp of the entry under Database Update Status . If necessary, wait for 60 minutes from the time of completion of installation to allow time for the update to happen.

4

If the timestamp updates after 60 minutes, the antivirus update procedure has been successful. If the timestamp does not update, contact Elekta.

Configure the digital accelerator TCS Use IP Addresses rather than hostnames for all network locations in this section. All network drives mapped from Elekta network devices to the NSS temporary data storage area use the username and password ‘rtduser’ to authenticate the mapping. DICOM operations must use the ports specified in Table 4.2 in order to function. Use the instructions in the Desktop Pro ™ Service Mode User Manual, do the following steps: 1

2

Set the TCS to: IP address:

192.168.30.2

Subnet mask:

255.255.255.0

Gateway:

192.168.30.1

Set the TCS backup location to use the NSS temporary data storage area, using the following URL: \\192.168.30.1\backup\tcs

3

Set the TCS Server Maintenance locations to use the NSS temporary data storage area, using the following url: \\192.168.30.1\backup\tcs

4

In System Configuration, set the new URL (based on the new IP address) for the ACAL directory.

5

In Service Graphing Directories, set the directories to use the NSS temporary data storage area using the following URL: \\192.168.30.1\data\tcs

1016395_01

6

In Remote Table Movement, set the IP address (if conf igured) to the new address for the XVI (see Table 3.2).

7

Set the IP address (if configured) to the new address for the Record & Verify system. This is the MOSAIQ ® Sequencer address in Table 3.2.

8

In Printers, set the the new URL for the Record to File folder.



3.2.10

Configure the MOSAIQ® Sequencer PC Use the instructions in the MOSAIQ ® Software Installation Procedure to do these steps: 1

3.2.11

Set the MOSAIQ ® Sequencer PC to: IP address:

192.168.30.3

Subnet mask:

255.255.255.0

Gateway:

192.168.30.1

2

Edit the MOSAIQ ® impac.ini, Mergecom.app and VMI configuration files and enter the new TCS IP address (see Table 3.2).

3

Edit the HOSTS file and add the hostnames and IP addresses for the MOSAIQ ® and SQL servers.

Configure RPC on the MOSAIQ® Sequencer PC The Microsoft® Distributed Transaction Coordinator (MSDTC) uses Remote Procedure Calls (RPCs). The random range of ports allocated by the RPC function to MSDTC operations can create problems for the NSS firewall. Therefore the range of ports available for use by RPC needs to be restricted. Do the following steps on the MOSAIQ ® Sequencer PC. You must be logged in as a user with administrator rights: 1

Click Start.

2

Click Run...

3

Enter dcomcnfg.

4

Click Component Services .

5

Double click Computers.

6

Right click My Computer.

7

Select Properties.

8

Click the Default Protocols tab.

9

Select Connection-orientated TCP/IP.

10 Click Properties. 11 Add a port range of 5000 to 5020. 12 Click OK. 13 Click OK. 14 Close the Component Services window. 15 Restart the MOSAIQ ® Sequencer PC.


1016395_01


3.2.12

Configure SYNERGISTIQ™ Using the instructions in the SYNERGISTIQ ™ Software Installation Procedure, do the following steps:

3.2.13

1

Edit the C:\xvi\merge\mergecom.app file on the XVI PC and enter the new network details of the MOSAIQ ® Sequencer (see Table 3.2).

2

Edit the C:\iview\merge\mergecom.app file on the iViewGT ™ PC and enter the new network details of the MOSAIQ ® Sequencer (see Table 3.2).

3

Edit the impac.ini file on the MOSAIQ ® Sequencer and enter the new network details of the TCS in the MLC_CLIENT_IP field. (see Table 3.2).

4

Edit the C:\impac\mergecom\mergecom.app file on the MOSAIQ ® Sequencer and enter the new network details of the XVI PC (see Table 3.2).

Configure the XVI PC Using the instructions in the XVI Instructions For Use, do the following steps: 1

2

Set the XVI PC to: IP address:

192.168.30.4

Subnet mask:

255.255.255.0

Gateway:

192.168.30.1

Set the export folder location for the XVI PC to use the NSS temporary data storage area, using the following URL: \\192.168.30.1\backup\xvi

3.2.14

3

In the Desktop Utility, set the IP address to the new address for the TCS (see Table 3.2).

4

Edit the HOSTS file and enter the new IP address and hostname of the TCS (see Table 3.2).

Configure the iViewGT™ PC Using the instructions in the iViewGT™ User Manual do the following steps: 1

2

Set the iViewGT ™ PC to: IP address:

192.168.30.5

Subnet mask:

255.255.255.0

Gateway:

192.168.30.1

Set the export folder location for the iViewGT ™ PC to the NSS temporary data storage area using the following URL: \\192.168.30.1\backup\iviewgt

1016395_01

3

If an iViewGT ™ Server is used, set the IP address to the new address for the iViewGT™ Server (see Table 3.2).

4

Edit the sri.ini file and enter the new IP address of the TCS in the iCom section.



3.2.15

Configure the DMLC PC Using the instructions in the DMLC User Manual do the following steps: 1

3.2.16

Set the DMLC PC to: IP address:

192.168.30.6

Subnet mask:

255.255.255.0

Gateway:

192.168.30.1

Configure the iGUIDE® PC Using the instructions in the iGUIDE ® System User Guide do the following steps: 1

3.2.17

Set the iGUIDE ® PC to: IP address:

192.168.30.7

Subnet mask:

255.255.255.0

Gateway:

192.168.30.1.

Connect the NSS network In order to connect and activate the Elekta network including the NSS do the following steps:

3.2.18

1

Switch off all of the Elekta network devices, including TCS and NSS, following the correct procedure for all devices.

2

Connect all of the Elekta network devices to their respective labelled ethernet ports on the rear of the NSS.

3

Connect the hospital network to the NSS via the HOSPITAL network port on the rear of the NSS.

4

Switch on the NSS (see steps 1 and 2 of Section 3.2.2).

5

Switch on the TCS.

6

Switch on all other Elekta network devices.

Confirm the Elekta network operation Do the following tests to confirm the correct operation of all Elekta network devices connected to the NSS: 1

Deliver a prescription from MOSAIQ ® to the TCS.

2

Verify iCom data received from the TCS to iViewGT ™.

3

Verify Remote Automated Table Movement (RATM) workflow from XVI to the TCS.

4

Verify TCS configuration (service graphing, linac records and backups).

5

Do SYNERGISTIQ ™ configuration tests (XVI controller, iViewGT ™ controller, Desktop controller, communications tests).

6

Verify network printer operation.


1016395_01


3.2.19

Backup the NSS configuration You will need the NSS configuration files if you have to reinstall the NSS software. Do the following steps to backup the NSS configuration files using a connected laptop: 1

Start Firefox® and connect to the NSS at IP address 192.168.35.1, using the following URL: https://192.168.35.1

2


elekta

Password:

generation10

3

Click the System menu.

4

Click the Backup menu.

5

Type an appropriate description (e.g. including the date) into the Description box.

6

Click the Backup button.

7

Upon completion, the new backup appears in the list as shown in Figure 3.14.

Figure 3.14

8 Note:

1016395_01

NSS Backups list showing the new backup

If required, click the download button to download the backup to the laptop.

Elekta recommends that the final NSS customer configuration is downloaded to the Elekta engineer laptop and then transferred to CD/DVD for security.


Operate the NSS

4

Operate the NSS Section

Title

Page

4.1

Access the NSS temporary data storage area.......................................................... 4-3

4.2

UTM operation...................................................................................................... 4-4

4.3

NSS temporary data storage area ........................................................................... 4-5


1016395_01

Operate the NSS

– Blank page –

1016395_01


Operate the NSS Access the NSS temporary data storage area

4.1

Access the NSS temporary data storage area The top level (root) directory for the NSS temporary data storage area is /home/samba/shares. Backup data is transferred from the Elekta network devices to the NSS via the Linux SAMBA service and network shares defined on the devices. Elekta network devices connected to the NSS access the SAMBA shared directories using the following details:: Username:

rtduser

Password:

rtduser

See Section 3.2.9 to Section 3.2.16 for instructions on how to configure the backup locations for the network devices. The NSS shared directory structure is shown in Section 7.5. When doing backup or data transfer to and from the Elekta network devices connected to the NSS, these shared data directories must be used, in order to make use of the NSS antivirus/anti-malware and firewall functionality. For instructions on how to backup/transfer data from Elekta network devices connected to the NSS, refer to the appropriate user manual for the device.

CAUTION 4.1 Only use official approved Elekta installation media. Do not transfer data onto any of the network devices connected to the NSS from removable media such as a USB memory device, DVD, CD or floppy disk. This can compromise the antivirus function of the NSS and result in incorrect operation of the Elekta products connected to it.


1016395_01

Operate the NSS UTM operation

4.2

UTM operation

4.2.1

NSS firewall operation The NSS provides a software firewall (the Linux Netfilter subsystem) in order to isolate the Elekta network from potential threats originating from outside the Elekta network. The NSS uses IP port forwarding to allow external access to the Elekta network devices only on specific ports. The NSS firewall will pass all outgoing data packets from the Elekta network. It will also pass all internal data packets within the Elekta network. The NSS firewall will reject all incoming data packets from the hospital network except connections using the TCP/UDP ports and protocols defined in Table 4.1 and Table 4.2. Table 4.1 defines the incoming data packets that are accepted by the NSS only. Table 4.1

NSS External LAN port exception table

Description

External port

Status

SSH/SFTP

TCP 22

open

NTP

TCP/UDP 123

open

SAMBA

TCP{/UDP 137,138,139,145

open

e-Box Administrator

TCP 443

open

RPC

TCP 135

open

Table 4.2 defines the incoming data packets that are accepted by the Elekta network only. Table 4.2

NSS IP address and IP port forwarding

Description

Incoming port on xxx.xxx.xxx.xxx1

Forward address and port

DICOM to TCS

104

192.168.30.2:104

DICOM to iViewGT™

105

192.168.30.5:104

DICOM to XVI

106

192.168.30.4:104

DICOM to DMLC

107

192.168.30.6:4006

DICOM to iGUIDE ®

108

192.168.30.7:104

MOSAIQ® Server to Sequencer

135

192.168.30.3:135

MOSAIQ® Server to Scheduler

5000-5020

192.168.30.3:5000-5020

iCom-Vx to TCS

1706

192.168.30.2:1706

1

IP address assigned to NSS by hospital

Note:

The TPS DICOM settings must be set to the values in Table 4.2.

Note:

Contact the Elekta helpdek if it is necessary to change any of the settings in Table 4.1 or Table 4.2 .

1016395_01


Operate the NSS NSS temporary data storage area

4.2.2

NSS antivirus and anti-malware operation The NSS antivirus and anti-malware function uses the ClamAV antivirus toolkit. The update engine for the antivirus definitions database is named freshclam. Antivirus definitions are updated hourly via the hospital network connection to the Internet. The NSS automatically does an antivirus scan on all data contained in its temporary data storage area and quarantines all infected files. This process is triggered when new data is written into the NSS temporary data storage area shared folders.

CAUTION 4.2 The NSS will NOT remove any viruses, malware, spyware or ‘trojan horses’ present on the Elekta network devices when the NSS is added to the net work. It prevents further contamination. F ailure to remove any existing threats may result in incorrect operation of the Elekta network devices connected to the NSS.

4.3

NSS temporary data storage area Data transferred into the NSS ‘Data’ and ‘Backup’ temporary storage folders will be removed 9 days after it is written to disk. The NSS automatically scans these folders at 1:00 AM every day and checks the timestamps of all the files in the folders. Any files 9 days old are permanently deleted.

Note:

It is the responsibility of the hospital to ensure that any data transferred to the NSS temporary data storage area is backed up to another secure location if the data is to be retained for longer than 9 days.


1016395_01

Operate the NSS NSS temporary data storage area

– Blank page –

1016395_01


Maintenance

5

Maintenance Section

Title

Page

5.1

Software maintenance .............................................................. .............................. 5-3

5.2

Clean the NSS........................................................................................................ 5-3


1016395_01

Maintenance

– Blank page –

1016395_01


Maintenance Software maintenance

5.1

Software maintenance The NSS does a periodic check for files 9 days old in the ‘Backup’ and ‘Data’ folders of the temporary data storage area. These files will be deleted. This is done once every day at 1:00 AM.

Note:

It is the responsibility of the hospital to ensure that any data transferred to the NSS temporary data storage area is backed up to another secure location if the data is to be retained for longer than 9 days. The NSS will do a periodic update of Microsoft ® Windows XP Professional via the hospital Internet connection.

5.2

Clean the NSS When cleaning the outside of the NSS first switch off the NSS and unplug the power cable from the rear of the unit. Then use a damp, soft, lint-free cloth to clean the exterior. Avoid getting moisture in any openings. Do not spray liquid directly on the NSS. Do not use aerosol sprays, solvents or abrasives that might damage the NSS. Periodically inspect the fan filter for dust buildup. If cleaning is required, remove the fan filter at the front of the NSS by removing the two large screws shown in Figure 2.2. Clean the fan filter and refit.


1016395_01

Maintenance Clean the NSS

– Blank page –

1016395_01


Troubleshooting

6

Troubleshooting Section

Title

Page

6.1

Restart the NSS...................................................................................................... 6-3

6.2

Reinstall the NSS software..................................................................................... 6-3

6.3

Elekta service and support ..................................................................................... 6-5


1016395_01

Troubleshooting

– Blank page –

1016395_01


Troubleshooting Restart the NSS

6.1

Restart the NSS If necessary restart the NSS via a laptop connected to the ENGINEER PC port on the front of the NSS. Ensure the laptop is configured as detailed in Section 3.2.1 and do the following steps:

6.2

1

Start the laptop. The NSS will assign an IP address in the range 192.168.3 5.xx to the laptop.

2

Start the Firefox ® browser and connect to the NSS at IP address 192.168.35.1.

3


elekta

Password:

generation10

4

Click System, then click Halt/Reboot, and then click Halt.

5

When the software shutdown is complete, set the power switch on the rear of the NSS to OFF (O).

6

Set the power switch to ON (I) to restart the NSS.

Reinstall the NSS software Do the following steps to reinstall the NSS software: 1

Remove the cover from the service panel (see Section 2.2) at the rear of the NSS. Connect a monitor, keyboard and mouse to the NSS.

2

Set the power switch to ON (I) to start the NSS.

3

Insert the NSS software DVD into the NSS DVD drive and close the drive tray.

4

Set the power switch on the rear of the NSS to OFF (O), and then set it to ON (I) to restart the NSS.

5

Enter Y.

6

Enter Y.

7

The NSS and virtual machine software automatically installs. This process takes up to one hour.

8

When installation is complete, select Enter.

9

Select 1 to restart the NSS.

10 Follow the screen prompt. Remove the NSS DVD, close the disc tray and select Enter to restart the NSS. 11 Double-click User Console from the desktop to open it. 12 At the prompt (see Figure 6.1), enter the command: sudo virt-manager


1016395_01

Troubleshooting Reinstall the NSS software

Figure 6.1

Launch Virtual Machine Manager

13 Enter the password generation10. 14 In the Virtual Machine Manager window click localhost and then NSSVMPC. 15 Select Next at the Windows ® XP Professional Setup Wizard welcome screen.

Figure 6.2

Windows XP Professional Setup Wizard welcome screen

16 Accept the license agreement. 17 Set the region and language options. 18 Specify a suitable name and organization. 1016395_01


Troubleshooting Elekta service and support

19 Enter the Windows ® product license key. This is given on a label attached to the NSS unit. 20 Enter a computer name of ELEKTANSSXP01 if this is the only NSS in the network. The Windows® XP Professional computer name must be unique. Enter ElektaNSSXP0x (where x = 1,2... as needed). 21 Enter the administrator password 3l3kta10. 22 Set the date, time and timezone. 23 Set the Networking settings to Typical. 24 Set the computer workgroup to WORKGROUP. 25 Click Finish to exit the wizard. The system restarts.

6.2.1

Windows® activation After the installation of Windows ® XP Professional, the operating system needs to be activated. Do the following steps: 1

Connect to the virtual machine again.

2

Click Yes in the Windows Activation dialog box.

3

Select Yes, I want to telephone a customer service representative to activate Windows .

4

Click Next.

5

Select your site location from the Step 1 dropdown list.

6

Call the customer service number in Step 2.

7

Provide the customer services representative with the Installation ID given in Step 3. The customer services representative will give you a Confirmation ID.

8

Type the Confirmation ID in the boxes provided in Step 4 . Make sure that you keep a record of the Confirmation ID for future reference.

9

Click Next to continue.

10 The Activate Windows dialog box shows Thank You! 11 Click Finish. 12 Complete the NSS installation and configuration, see Chapter 3.

6.3

Elekta service and support The Network Security Solution does not require any periodic hardware maintenance and is therefore a complete Field Replaceable Unit (FRU). The integrated support license covers configuration and software support for the term of the license (5 Years). The hardware warranty is 3 months.


1016395_01

Troubleshooting Elekta service and support

– Blank page –

1016395_01


NSS technical information

7

NSS technical information Section

Title

Page

7.1

NSS NSS arc archi hite tect ctur uree ..... ....... .... .... .... ..... ..... .... .... .... .... ..... ..... .... .... .... .... ..... ..... .... .... .... ..... ..... .... .... .... ..... ..... .... .... .... .... ..... ..... .... .... .... ..... ...... ..... .... .... .....7-3 ...7-3

7.2

NSS NSS hardw hardwar aree spec specifi ifica cati tion onss ..... ....... .... .... ..... ..... .... .... .... .... ..... ..... .... .... .... ..... ..... .... .... ..... ..... .... .... ..... ...... ..... .... .... .... ..... ..... .... .... ..... ..... .... 7-4 7-4

7.3

NSS NSS netw network ork inte interf rfac aces... es..... .... .... ..... ..... .... .... .... ..... ..... .... .... ..... ...... ..... .... .... .... ..... ..... .... .... .... .... ..... ..... .... .... ..... ..... .... .... ..... ...... ..... .... .... .... .... .. 7-4 7-4

7.4

NSS NSS user userna name mess and and passw passwor ords. ds... ..... ..... .... .... .... .... ..... ..... .... .... ..... ..... .... .... .... .... ..... ..... .... .... ..... ..... .... .... .... .... ..... ..... .... .... ..... ..... .... .... .... 7-4 7-4

7.5

NSS NSS dire direct ctor ory y struc structu ture... re...... ..... .... .... .... ..... ...... ..... .... .... ..... ..... .... .... ..... ..... ..... ..... .... .... ..... ..... .... .... ..... ..... .... .... .... .... ..... ..... .... .... ..... ..... ..... ..... .. 7-5 7-5


1016395_01

NSS technical information

– Blank page –

1016395_01


NSS technical information NSS architecture

7.1

NSS architecture The NSS is an 8 port ethernet switch and a Linux PC with three network interfaces, combined in a single unit. The network interfaces connect to: •

8 port ort ethernet sw switch

•

Hospital ne network

•

An ext exter erna nall com compu pute terr to to con confi figu gure re the the NSS NSS..

The first ethernet port of the switch is connected to the Linux PC inside the NSS. The NSS has seven seven external external ethernet ports available for connection of the Elekta network devices, see Figure 7.1. 7.1.


NSS NSS soft softwa ware re arch archit itec ectu ture re overv vervie iew w

The NSS runs Ubuntu Linux and supports the following: •

•


eBox Platform (http://www.ebox-platform.com ), a collection of Linux open source utilities that provide the following functions: —

Unifie Unified d Threat Threat Manage Managemen mentt (UTM) (UTM) functio functional nality ity,, includin including g firewal firewalll and antivirus/anti-malware protection

—

Temporar emporary y data data storag storagee area area provid providing ing a secu secure re locat location ion for for the the backup backup of of the Elekta network devices (stored data automatically deleted after 9 days).

—

Traffic raffic routi routing ng betwe between en each each of the the netwo networks, rks, incl includi uding ng the virtual virtual netw network ork

—

Conf Config igur urat atio ion n via via an inte integr grat ated ed web web int inter erfa face ce..

A ker kerne nell-ba base sed d vir virtu tual al mach machin inee (http://www.linux-kvm.org) that runs ® Windows XP Professional SP3 for embedded systems. The IntelliMax Agent is installed on this machine.

1016395_01

NSS technical information NSS hardware specifications

IntelliMax Agent is a software program that is installed on a dedicated computer in the hospital. IntelliMax Agent is the only access point for IntelliMax Connect sessions from supported Elekta products out of the hospital network. IntelliMax Agent collects machine data from supported Elekta products, which it sends to IntelliMax Enterprise on a secure Internet connection. IntelliMax Agent does not collect patient data.

7.2

NSS hardware specifications NSS hardware specifications are as follows:

7.3

•

Intel Q45 based motherboard (Mini ITX form factor)

•

Intel Core2 E7500 CPU

•

1 GB DDR2 RAM

•

1 TB hard disk drive

•

250 W mini active PFC power supply

•

Nine 1 GB full duplex ethernet ports.

NSS network interfaces The NSS provides three physical networks and one virtual network. See Figure 7.1. These networks are configured as shown in Table 7.1. Table 7.1

NSS ethernet networks

Network

Name

IP address range

Notes

hospital

Eth0

xxx.xxx.xxx.xxx

Fixed IP address specified by Hospital

Elekta

Eth1

192.168.30.xxx

For Elekta network devices

engineer

Eth2

192.168.35.xxx

For engineer laptop

virtual

Br1

192.168.81.1

For virtual machine gateway and IntelliMax Agent

192.168.81.2

The engineer network and the virtual network have individual DHCP servers. The Windows® XP Professional virtual machine is only accessible from the engineer network or the internal network. The IntelliMax Agent is accessible from the hospital network and the engineer network.

7.4

NSS usernames and passwords The NSS is delivered with three standard user accounts, see Table 7.2. Table 7.2

NSS usernames and passwords

Username

1016395_01

Password

administrator

3l3kta10 (lower case ‘l’)

elekta

generation10

rtduser

rtduser


NSS technical information NSS directory structure

The NSS is delivered with four user accounts for the shared directories, see Table 7.3. Table 7.3

NSS usernames and passwords for NSS shared directories

Username

7.5

Password

Directories

Permissions

administrator

3l3kta10

Data, Backup, Install

all

elektauser

generation10


read, write, delete

rtduser

rtduser


read, write, delete

tdsuser

tdsuser


read, write, delete

NSS directory structure

Figure 7.2

NSS temporary data storage area directory structure

The NSS temporary data storage area consists of a directory structure as shown in Figure 7.2. This data storage area enables temporary backup of data from all Elekta network devices which are connected to and protected by the NSS. The data is transferred from the Elekta network devices to the NSS via the Linux SAMBA service and network shares defined on the devices. The NSS also facilitates secure data transfer between the protected Elekta network and the hospital network.


1016395_01

NSS technical information NSS directory structure

– Blank page –

1016395_01


Installation planning

Appendix A Installation planning Section

A.1

Title

Page

Installation planning report....................................................................................A-3


1016395_01

Installation planning

– Blank page –

1016395_01


Installation planning Installation planning report

A.1

Installation planning report Before you install the NSS into the Elekta network, do the following steps: 1

Confirm that all Elekta network devices to be connected to the NSS are functioning correctly.

2

Note the Internet settings for all existing Elekta products: IP address Subnet mask Gateway DNS Backup locations

3

Confirm that a fixed IP address and subnet mask has been assigned by the hospital to the NSS. Record the IP address and subnet mask below: NSS hospital network IP address

4

NSS hospital network subnet mask

Confirm that the physical connection to the hospital network is available, and record the hospital gateway IP address below. This is the IP address of the ethernet switch or device interface to which the NSS HOSPITAL ethernet port connects. NSS hospital network gateway IP address

5

Record the IP address of the hospital DNS server in the table below: Hospital DNS server IP address

6

Confirm that access to the Internet is available via the hospital network for Microsoft® Windows XP Professional updates and NSS antivirus updates.

7

If the hospital uses an http proxy server for http access to the Internet, record the IP address of the server in the table below: Hospital http proxy server IP address

Note:

8

If the hospital uses Elekta IntelliMax ™, the software is installed on the NSS and this will need to be available at the time of installation.

9

Ensure you have a laptop computer available which has the Firefox ® browser installed.

The hospital network administrator needs to confirm that the NSS has access to th e Internet for http, https, NTP and DNS operation.


1016395_01

Installation planning Installation planning report

– Blank page –

1016395_01


CD Drive

Appendix B CD Drive Section

B.1

Title

Page

Activate the CD Drive for Windows ® ....................................................................B-3


1016395_01

CD Drive

– Blank page –

1016395_01


CD Drive Activate the CD Drive for Windows®

B.1

Activate the CD Drive for Windows® Do the following steps to activate the CD Drive for Windows ®: 1

Remove the cover from the service panel (see Section 2.2) at the rear of the NSS. Connect a monitor, keyboard and mouse to the NSS.

2

Set the power switch to ON (I) to start the NSS.

3

Insert the applicable CD or DVD into the CD/DVD drive.

4

Double-click User Console from the desktop to open it.

5

At the prompt (see Figure B.1), enter the command: sudo virt-manager

Figure B.1

Launch Virtual Machine Manager

6

Enter the password generation10.

7

In the Virtual Machine Manager window click localhost and then NSSVMPC.

8

From the View menu, click Details.

9

Select IDE CDROM 1 from the navigation pane on the left.

10 Click the Connect button on the right. 11 Select CD-ROM or DVD. 12 From the View menu, click Console. After the CD or DVD is removed from the CD/DVD drive, follow this procedure, but click Disconnect at step 10. Note:

The CD/DVD drive must be disconnected before the virtual machine can start.


1016395_01

CD Drive Activate the CD Drive for Windows®

– Blank page –

1016395_01


Software Licenses

Appendix C Software Licenses Section

C.1

Title

Page

Zentyal Software License .......................................................................................C-3


1016395_01

Software Licenses

– Blank page –

1016395_01


Software Licenses Zentyal Software License

C.1

Zentyal Software License Zentyal is available under GNU/GPL (version 2), all our source files have this header: Copyright (C) 2008-2010 eBox Technologies S.L. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License, version 2, as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License f or more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.


1016395_01

Software Licenses Zentyal Software License

– Blank page –

1016395_01


List of warnings and cautions

List of warnings and cautions WARNING 1.1

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-5 Do not use a part or accessory that is not approved by Elekta. If you ignore this warning, incorrect radiation and other safety risks can cause fatal or serious injury, injury, or clinical mistreatment.

WARNING 1.2

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-5 Do not make modifications, or do maintenance work on the equipment, unless you are a qualified person with the applicable authority. If you ignore this warning, incorrect radiation and other safety risks can cause fatal or serious injury, injury, or clinical mistreatment.

WARNING 1.3

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-6 Do not use a visual display unit (VDU) unless you obey the applicable Health and Safety regulations and procedures. If you ignore this warning, you can cause damage to your health.

WARNING 1.4

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-7 Do not remove covers or cables from the equipment unless special instructions in this document tell you to. Always put covers on again before you use the equipment. There are high voltages and parts that move in the equipment. If you ignore this warning, exposure to high voltages and parts that move can cause fatal or serious injury, or injury.

CAUTION 1.1

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-8 Do not touch the printed circuit boards (PCBs) and other electronic parts unless you wear a grounded antistatic wrist strap. If you ignore this caution, electrostatic discharge can cause damage to the parts and cause them to have a malfunction.

WARNING 1.5

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-8 Do not use the equipment in rooms that contain flammable or explosive gases. Some anesthetic gases and disinfectant sprays are f lammable or explosive. If you ignore this warning, fire or explosion can cause fatal or serious injury, injury, or damage to the equipment.

WARNING 1.6

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-8 Do not put portable or mobile radio frequency (RF) communication devices near to the equipment. The emissions from such RF devices can be more than the EMC standards, which can have an unwanted effect on the operation of the equipment. If you ignore this warning, the RF emission can cause the equipment to have a malfunction, which can cause fatal or serious injury, clinical mistreatment, or damage to the equipment.

WARNING 1.7

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-9 Do not start to clean the equipment, or use a disi nfectant spray, before you isolate the equipment from the electrical supply. If you ignore this warning, the exposure to high voltages can cause fatal or serious injury.

WARNING 1.8

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-9 Do not use a spray that is flammable or explosive. The fumes from such sprays can start a fire or cause an explosion. If you ignore th is warning, fire or explosion can cause fatal or serious injury.

CAUTION 1.2

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-9 Do not let water and other liquids get into the equipment. If you ignore this caution, water and other liquids can cause electrical short-circuits, metal corrosion, and other damage to the equipment.


1016395_01

List of warnings and cautions

CAUTION 1.3

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 Do not use sprays to clean the medical equipment room because the sprays can go in to the equipment. If you ignore this caution, the sprays can cause electrical short-circuits, metal corrosion, or other damage to the equipment.

WARNING 1.9

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9 Do not move or discard radioactive and hazardous material unless you are qualified and have an applicable license. If you ignore this warning, radioactive and hazardous material can cause fatal or serious injury, and damage to the environment.

CAUTION 2.1

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 The NSS will NOT remove any viruses, malware, spyware or ‘trojan horses’ present on the Elekta network devices. It prevents further contamination from the hospital network. Failure to remove any existing threats present on any device in the Elekta network may result in incorrect operation of the Elekta network devices connected to the NSS.

CAUTION 3.1

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 Ensure that the laptop is running a current version of a suitable antivirus/anti-malware program with fully updated definitions. Failure to do so may result in the NSS becoming infected with any virus or malware present on the laptop.

CAUTION 4.1

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 Only use official approved Elekta installation media. Do not transfer data onto any of the network devices connected to the NSS from removable media such as a USB memory device, DVD, CD or floppy disk. This can compromise the antivir us function of the NSS and result in incorrect operation of the Elekta products connected to it.

CAUTION 4.2

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5 The NSS will NOT remove any viruses, malware, spyware or ‘trojan horses’ present on the Elekta network devices when the NSS is added to the network. It prevents further contamination. Failure to remove any existing threats may result in incorrect operation of the Elekta network devices connected to the NSS.

1016395_01


– Blank page –

Elekta Network Security Solution Installation and Configuration

Recommend Documents