Configuration Management Supplement 67 Robert Horn, Agfa Healthcare

Configuration Management The Problem being solved The Problem being solved Use Cases Use Cases Sup. 67 – DICOM Configuration Management Sup. 67 – DICOM Configuration Management

The Problem Being Solved Installation of DICOM equipment Installation of DICOM equipment »Takes too long »Requires too much effort »Requires time consuming, multi-vendor coordination »Involves too many mistakes Upgrading and repairing DICOM equipment Upgrading and repairing DICOM equipment »Requires too much service effort for configuration tasks that are unrelated to the problem being solved. »Configuration complexity prevents customer self-help for simple problems

Use cases Add a new machine Add a new machine Locate Actor, IP, AE-title, Security information Locate Actor, IP, AE-title, Security information Single node power up and establish configuration Single node power up and establish configuration Time Synchronization Time Synchronization

Constraints Support vendor extensions Support vendor extensions Support site and enterprise extensions Support site and enterprise extensions Consider installed IT support facilities in selection Consider installed IT support facilities in selection Do not invent a new protocol Do not invent a new protocol

Network Services DHCP DHCP »Assigns IP address, hostname »Informs DNS of assignment »Provides routing, NTP, DNS, etc. information to client DNS DNS »Provides hostname to IP lookup services »Provides server location lookup services NTP NTP »Provides accurate time and time synchronization »See for descriptions, software, evaluation, and configuration guidance.

LDAP Very Widespread use, Very Widespread use, –No surprises to the IT staff –Large base of trained users and administrators –Large base of software clients Support by Microsoft, Unix, Open Source Support by Microsoft, Unix, Open Source Support for federated databases Support for federated databases Easy to extend by adding schema Easy to extend by adding schema

Infrastructure requirements DHCP, DNS, NTP, LDAP may be on one host, or may be on multiple hosts. DHCP, DNS, NTP, LDAP may be on one host, or may be on multiple hosts. Normal network design issues, nothing special for the DHCP, DNS and NTP services. Normal network design issues, nothing special for the DHCP, DNS and NTP services. LDAP is increasingly integrated into IT operations. This makes its use for configuration management more attractive, but means a greater planning involvement with the IT organization. LDAP is increasingly integrated into IT operations. This makes its use for configuration management more attractive, but means a greater planning involvement with the IT organization.

Beyond AE-Titles –Installation and Network Configuration oriented –Locate Application given the AE-title »TCP/IP parameters –AE Configuration »SOP Classes supported (SCU/SCP, Transfer Syntaxes) »Vendor extension »Obtain new unique AE-Title –Device Configuration »Description »Vendor extension »Hospital extension

Preconfigured Installation Large network addition Large network addition Multiple vendors Multiple vendors Reduce coordination and scheduling delays Reduce coordination and scheduling delays Reduce configuration errors Reduce configuration errors Reduce staging requirements Reduce staging requirements

Preconfigured Installation A A A A B B B LDAP LDIF Network Planning Prepared Configurations Prepared Configurations Vendor A Preparation Vendor B preparation DHCP IT Organization

Add another machine DHCP LDAP DNS Get IP, hostname, etc. Find LDAP Server Query Configuration Obtain Unique AE Titles Update Configuration Install Hardware Assign Name Configure System

Customer Assisted Maintenance –Simple device swap –Remote reconfiguration –Local reconfiguration

Present Supplement Status Supplement 67 – Proposed for Frozen Draft Supplement 67 – Proposed for Frozen Draft Could be updated and final by September or October. Could be updated and final by September or October.

Configuration Management Actors

Individual AE Title LDAP Schema DICOM Configuration Unique AE Titles Registry Individual AE Title Devices Vendor Information, Certificates, Device Configuration parameters, etc. AE-Title, Description, AE Configuration parameters, etc. Network AE Transfer Capability SCU/SCP, Hostname, Port, etc. } This portion is used to provide unique AE titles automatically.

# # The following attribute types are defined in this document: # #NameSyntaxMultiplicity # #dicomDeviceNamestringSingle #dicomDescriptionstringSingle #dicomManufacturerstringSingle #dicomManufacturerModelNamestringSingle #dicomVersionstringMultiple #dicomVendorDatabinaryMultiple #dicomAETitlestringSingle #dicomNetworkConnectionReferenceDNMultiple #dicomApplicationClusterstringMultiple #dicomAssociationInitiatorboolSingle #dicomAssociationAcceptorboolSingle #dicomHostnamestringSingle #dicomPortIntegerSingle #dicomSOPClassOIDSingle #dicomTransferRolestringSingle #dicomTransferSyntaxOIDMultiple #dicomPrimaryDeviceTypestringMultiple #dicomRelatedDeviceReferenceDNMultiple #dicomPeerAETitlestringMultiple #dicomTLSCipherSuitestringMultiple #dicomAuthorizedNodeCertificateReferenceDNMultiple #dicomThisNodeCertificateReference DNMultiple #dicomInstalledboolSingle # LDAP Schema

Example of attribute definition # 3.1 dicomDeviceNamestringSingle # # This attribute stores the unique name (within the scope of the LDAP database) # for a DICOM Device. # # It is a single-valued attribute. # This attribute's syntax is 'Directory String'. # Its case is not significant for equality and substring matches. # attributetype ( NAME 'dicomDeviceName' DESC 'The unique name for the device' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX SINGLE-VALUE )

Objects Defined # The following object classes are defined in this document. All are # structural classes. # #NameDescription # #dicomConfigurationRootroot of the DICOM Configuration Hierarchy #dicomDevicesRootroot of the DICOM Devices Hierarchy #dicomUniqueAETitlesRegistryRootroot of the Unique DICOM AE-Titles Registry Hierarchy #dicomDeviceDevices #dicomNetworkAENetwork AE #dicomNetworkConnectionNetwork Connections #dicomUniqueAETitleUnique AE Title #dicomTransferCapabilityTransfer Capability

Example of Object Definition # # 4.4 dicomDevice # # This structural object class represents a DICOM Device. # objectclass ( NAME 'dicomDevice' DESC 'DICOM Device related information' SUP top STRUCTURAL MUST ( dicomDeviceName $ dicomInstalled ) MAY ( dicomDescription $ dicomManufacturer $ dicomManufacturerModelName $ dicomVersion $ dicomVendorData $ dicomPrimaryDeviceType $ dicomRelatedDeviceReference $ dicomAuthorizedNodeCertificateReference $ dicomThisNodeCertificateReference) )

Use of LDAP Schema Schema text from the supplement Schema text from the supplement »in the format used to configure generic LDAP servers »Cut and paste from supplement into server configuration file tested and verified Local extension by modifying schema Local extension by modifying schema

Purpose of Frozen Draft Find any remaining flaws in the Frozen Draft Find any remaining flaws in the Frozen Draft »Inhouse experience at several companies revealed flaws in the public comment version. »The flaws only became apparent during the development of trial versions. Inter-company trials Inter-company trials »are expected to reveal other flaws in the Frozen Draft version »The trials are not exploring implementation compatibility, only clarity of the standard »The trials are not a compatibility connectathon »The Committee for Advancement of DICOM is organizing a small group of trial implementations.

Future additions Security parameter distribution Security parameter distribution »LDAP is one of the mechanisms for distributing PKI information for key management.