Transcript Configuration Management

Configuration Management
Supplement 67
Robert Horn, Agfa Healthcare
Configuration Management
The Problem being solved
 Use Cases
 Sup. 67 – DICOM Configuration Management

The Problem Being Solved

Installation of DICOM equipment
»
»
»
»

Takes too long
Requires too much effort
Requires time consuming, multi-vendor coordination
Involves too many mistakes
Upgrading and repairing DICOM equipment
» Requires too much service effort for configuration tasks that
are unrelated to the problem being solved.
» Configuration complexity prevents customer self-help for
simple problems
Use cases
Add a new machine
 Locate Actor, IP, AE-title, Security
information
 Single node power up and establish
configuration
 Time Synchronization

Constraints
Support vendor extensions
 Support site and enterprise extensions
 Consider installed IT support facilities in
selection
 Do not invent a new protocol

Network Services

DHCP
» Assigns IP address, hostname
» Informs DNS of assignment
» Provides routing, NTP, DNS, etc. information to client

DNS
» Provides hostname to IP lookup services
» Provides server location lookup services

NTP
» Provides accurate time and time synchronization
» See www.ntp.org for descriptions, software, evaluation, and
configuration guidance.
LDAP

Very Widespread use,
– No surprises to the IT staff
– Large base of trained users and administrators
– Large base of software clients
Support by Microsoft, Unix, Open Source
 Support for federated databases
 Easy to extend by adding schema

Infrastructure requirements



DHCP, DNS, NTP, LDAP may be on one host, or
may be on multiple hosts.
Normal network design issues, nothing special for
the DHCP, DNS and NTP services.
LDAP is increasingly integrated into IT
operations. This makes its use for configuration
management more attractive, but means a greater
planning involvement with the IT organization.
Beyond AE-Titles
– Installation and Network Configuration oriented
– Locate Application given the AE-title
» TCP/IP parameters
– AE Configuration
» SOP Classes supported (SCU/SCP, Transfer Syntaxes)
» Vendor extension
» Obtain new unique AE-Title
– Device Configuration
» Description
» Vendor extension
» Hospital extension
Preconfigured Installation
Large network addition
 Multiple vendors
 Reduce coordination and scheduling delays
 Reduce configuration errors
 Reduce staging requirements

Preconfigured Installation
Vendor A Preparation
LDAP
Prepared
Configurations
LDIF
IT Organization
A
A
DHCP
Network
Planning
A
LDIF
Prepared
Configurations
A
B
B
B
Vendor B preparation
Add another machine
Get IP, hostname, etc.
DHCP
Install Hardware
Assign Name
Find LDAP Server
DNS
LDAP
Query Configuration
Configure System
Obtain Unique AE Titles
Update Configuration
Customer Assisted Maintenance
– Simple device swap
– Remote reconfiguration
– Local reconfiguration
Present Supplement Status
Supplement 67 – Proposed for Frozen Draft
 Could be updated and final by September or
October.

Configuration Management
Actors
Find NTP Server
(Broadcast)
NTP Client
OR
Maintain Time
NTP Server
Maintain Time
SNTP Client
Find NTP Server
(DHCP)
DHCP Client
Find DHCP and Use
Server
DHCP Server
DNS Server
Resolve Hostname
Maintain
Lease
DNS Client
DDNS
Coordination
Resolve Hostname
Find LDAP Server
LDAP Client
LDAP Server
Query LDAP Server,
Client Update LDAP
Server
One or more Client
actors will be in the
same device
One or more Server actors may be in the same device
LDAP Schema
DICOM Configuration
Unique AE Titles Registry
Individual AE Title
Individual AE Title
Individual AE Title
Devices
}
This portion is used to
provide unique AE titles
automatically.
Vendor Information, Certificates, Device Configuration parameters, etc.
NetworkAE
AE
Network
TransferCapability
Capability
Transfer
AE-Title, Description, AE Configuration parameters, etc.
SCU/SCP, Hostname, Port, etc.
LDAP Schema
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
The following attribute types are defined in this document:
Name
-------------------------------dicomDeviceName
dicomDescription
dicomManufacturer
dicomManufacturerModelName
dicomVersion
dicomVendorData
dicomAETitle
dicomNetworkConnectionReference
dicomApplicationCluster
dicomAssociationInitiator
dicomAssociationAcceptor
dicomHostname
dicomPort
dicomSOPClass
dicomTransferRole
dicomTransferSyntax
dicomPrimaryDeviceType
dicomRelatedDeviceReference
dicomPeerAETitle
dicomTLSCipherSuite
dicomAuthorizedNodeCertificateReference
dicomThisNodeCertificateReference
dicomInstalled
Syntax
-----string
string
string
string
string
binary
string
DN
string
bool
bool
string
Integer
OID
string
OID
string
DN
string
string
DN
DN
bool
Multiplicity
-----------Single
Single
Single
Single
Multiple
Multiple
Single
Multiple
Multiple
Single
Single
Single
Single
Single
Single
Multiple
Multiple
Multiple
Multiple
Multiple
Multiple
Multiple
Single
Example of attribute definition
# 3.1 dicomDeviceName
string
Single
#
# This attribute stores the unique name (within the scope of the LDAP database)
# for a DICOM Device.
#
# It is a single-valued attribute.
# This attribute's syntax is 'Directory String'.
# Its case is not significant for equality and substring matches.
#
attributetype ( 1.2.840.10008.15.0.3.1
NAME 'dicomDeviceName'
DESC 'The unique name for the device'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
Objects Defined
#
#
#
#
#
#
#
#
#
#
#
#
#
The following object classes are defined in this document.
structural classes.
Name
--------------------------dicomConfigurationRoot
dicomDevicesRoot
dicomUniqueAETitlesRegistryRoot
dicomDevice
dicomNetworkAE
dicomNetworkConnection
dicomUniqueAETitle
dicomTransferCapability
All are
Description
-------------------------root of the DICOM Configuration Hierarchy
root of the DICOM Devices Hierarchy
root of the Unique DICOM AE-Titles Registry Hierarchy
Devices
Network AE
Network Connections
Unique AE Title
Transfer Capability
Example of Object Definition
#
# 4.4 dicomDevice
#
#
This structural object class represents a DICOM Device.
#
objectclass ( 1.2.840.10008.15.0.4.4
NAME 'dicomDevice'
DESC 'DICOM Device related information'
SUP top
STRUCTURAL
MUST (
dicomDeviceName $
dicomInstalled )
MAY (
dicomDescription $
dicomManufacturer $
dicomManufacturerModelName $
dicomVersion $
dicomVendorData $
dicomPrimaryDeviceType $
dicomRelatedDeviceReference $
dicomAuthorizedNodeCertificateReference $
dicomThisNodeCertificateReference) )
Use of LDAP Schema

Schema text from the supplement
» in the format used to configure generic LDAP
servers
» Cut and paste from supplement into server
configuration file tested and verified

Local extension by modifying schema
Purpose of Frozen Draft

Find any remaining flaws in the Frozen Draft
» Inhouse experience at several companies revealed flaws in the
public comment version.
» The flaws only became apparent during the development of
trial versions.

Inter-company trials
» are expected to reveal other flaws in the Frozen Draft version
» The trials are not exploring implementation compatibility, only
clarity of the standard
» The trials are not a compatibility connectathon
» The Committee for Advancement of DICOM is organizing a
small group of trial implementations.
Future additions

Security parameter distribution
» LDAP is one of the mechanisms for distributing PKI
information for key management.