GE Healthcare

The information in this course is FOR

TRAINING PURPOSES ONLY and not to be
used as promotional material. The
information may not be current or
appropriate for all systems. Before working
on any equipment consult appropriate
current service documentation. Failure to
follow procedures in current service
documentation or misuse of the course
information may result in equipment
damage, personal injury or death.

The primary sources of the material

contained in this course are released Service,
Sales, or Marketing documentation.

OPTIMA XR2X0
Security, Backup/Restore & LFC Version: 1b
Classification: C
Course Code: XR201091
Learning Objectives

Describe the Enhanced Security

Features of Optima XR240 GEN1

Identify the Backup & Restore

Procedures

Identify the Software Load From

Cold Procedure

Identify the Firmware Load From

Cold Procedure

page 4
Describe the Enhanced Security
Features of Optima XR240 GEN1

page 5
Optima XR240 Security Overview
3 Areas of Concern: RSE - RSvP

• Facility Network Facility

Responsibility
FIREWALL
• Detector Communication
System DIRECTORY
• User Access Responsibility SERVER

VPN Tunnel

PNF LDPS
USB FIREWALL DICOM over TLS
Peripherals
UDI
DICOM
HIS/RIS PACS
PRINTER
EA3
Service
Personnel
PSK
Admin
Users Routine
Users page 6
Patients
Security – Facility Network
System-Side Security Network-Side Security
Product Network Filter (PNF) MAC Filtering
• A host-based firewall TLS, LDPS, DICOM
• The primary defense against intrusion Internet Proxy Server
• If it is disabled for service reasons, be sure to re- VPN
enable it afterwards

Note! GE Security protocol requires the firewall

to be configured ON. If someone disables it,
remind them of the risk to security/privacy.

page 7
PNF Configuration Insite Proxy Configuration
Security – Detector Communication
• Wi-Fi using 802.11n protocol and wi-fi protected access (WPA)
• Detector data is secured with a 128-bit encryption key (derived from a shared key)
• Each Optima PC generates its own unique SSID and pre-shared key (PSK)
• Only a registered detector gets the PSK (and only via dock or tether)
3. The SSID and PSK are
shared to detector during
registration and docking

4. The detector connects to

the AP using the SSID & PSK
2. The access point
receives the SSID and
1. The PC generates a PSK during configuration
unique SSID and PSK

Note: Before a ‘roaming’ detector can

re-connect, it must first be docked page 8
Security – User Access
Login access is managed by EA3, using LDAP Protocol (aka Active
Directory) Password strategy for geservice acct is UDI + GON
Optima software is designed with 2 local user accounts (stored on
the system HDD) • the last 14-characters of the system UDI label,
plus the GE global order number
• geservice – GE Service role
• admin – Administrator role • Must be set during installation
The hard-coded username and password in the previous design • The password for geservice is also applied to the
has been eliminated operating system, such as a terminal window
Administrators are strongly encouraged to create unique
credentials for each of their staff members
The geservice account is also used by GE clinical applications team
Linux OS security is also enhanced – terminal window access is
unavailable without an SSA service key

Unique Device Identification

(UDI) Label

Note: Remote access may be impossible

if this strategy is not adhered to. page 9
Eng GUI (Ctl+Shift+F5)
Describe the Enhanced Security
Features of Optima XR240 GEN1

Identify the Backup & Restore

Procedures
System Backup
What is Included?
• Calibration & configuration data
• System error log files
• Image quality results
What is NOT included?
• Patient images! (export using image
management)
Watch for status updates
• Protocol database (save using protocol during media write/read
archive procedure)
• RRA report, DI report, and Dose report SUIF/Utilities/Backup
• Hospital IP-Address conflict script
Backup media may be either CD disk or USB
flash memory
USB should be formatted to remove vendor Caution! The backup file set is written to
the root directory ONLY. If any folders exist,
files, clear the volume label, and set the file they are skipped without notice!
system to FAT or FAT32

Sample USB backup page 11

System Restore
Restore operation is divided into sections. To
completely restore all of the system files, the
process must be repeated for each item.
• Digital
• Generator TNT data
• IUI
• System control
• IP looks
• Digital Cassette
• OS configuration
Media Root Directory

Note for Opima XR200/220 with 30kW generator:

After LFC the PC default is 15kW, and it will reject
the Gen TnT. In this case restore everything but Gen
TnT. Reboot, then restore Gen TnT.
SUIF/Utilities/Restore

page 12
Describe the Enhanced Security
Features of Optima XR240 GEN1

Identify the Backup & Restore

Procedures

Identify the Software Load From

Cold Procedure
Load From Cold (LFC) - Optima XR220
Materials needed include the USB Keyboard Backup
and DVD drive, backup media, and the
Optima Software DVD
Set Boot View
Perform a system backup because all HDD
data will be lost
Mount Media
Enable PC Boot Script View to view the PC
during LFC (more next page)
Cycle power and
Reboot and press F11 to select the DVD press/hold F11
drive, the HDD re-imaging takes 12 minutes, until NumLock LED
then the system will auto-reboot
Perform system restore
Select boot device

Hint: When the reload begins, set a timer for 12 Re-image HDD
minutes. Then clear the degraded mode condition
and confirm that the PC rebooted to the Worklist.

Restore
page 14
 System Utility Page
How to Enable PC Boot Script View SUIF/Calibration Tab

Open the SUIF/Calibration Tab

1
Click Hardware calibration (Spyder takes display)
Select PC Boot Script View
Activate Persistent PC View and commit

2
3

Note: During LFC the usual PC to Spyder

communication is disrupted. Spyder will switch to
Degraded Mode after 2 minutes.

4
OFF = static logo display
ON = active PC boot progress

HW Calibration (Spyder)
Load From Cold (LFC) - Optima XR240
Materials needed include the USB Keyboard Backup & InSite Data Push
and DVD drive, backup media, and the
Mount Media
Optima Software DVD
Perform a system backup and push machine Press F11 until NumLock
data to the Data Lake
Select boot device
Install OS first, then install Apps
Install OS (20 min)
Perform system restore
Reboot

Verify System Clock

Mount Media

Install Apps (20min)

Reboot, Set PW
Note: A wrong system clock will
Restore lock-out Class C or Class M access

page 16
Setting the Password after a LFC
The first time boot after a LFC will prompt
for a Password (GEN2) or the UDI (GEN1
system) for the user: geservice

If at any point the password becomes

unknown, the only recovery is to
complete another software load.

Set the Password

UDI for Gen1 system

page 17
Describe the Enhanced Security
Features of Optima XR240 GEN1

Identify the Backup & Restore

Procedures

Identify the Software Load From

Cold Procedure

Identify the Firmware Load From

Cold Procedure
Firmware Load From Cold
Firmware is a set of binary files with code for
each of the Optima system computers
The boot loader in Spyder copies from the USB,
then flashes the code to each subsystem
The HW Firmware Install is in the Spyder
Utilities screen
Connect the USB flash drive with the firmware
file set to the right-hand single USB port and
follow on-screen instructions
Firmware re-load takes
about 12 minutes

Caution! The FW USB flash drive must not be corrupted

in any way. A damaged USB will cause the boot loader
to fail, and possibly brick the Spyder.
page 19
Check Your Understanding
What is the primary defense against intrusion called?
PNF – Product Network Filter, a host-based
firewall. (p 7)

Where do backup files get written to, or read from?

The root directory of the selected media, USB
drive or CD/DVD drive.

How many media disks are required to perform a LFC?

Optima 200/220 = 1 disk (HDD image)
Optima 240 = 2 disks (Linux OS + Magic Apps)
After a LFC, what must be done the first time an Optima 240 system is booted?
Set the password for the user: geservice.

page 20
Summary / Review
• The following are saved during a system backup:
– Configuration and calibration data
– System error log files
– Image quality results
• Restore operation is divided sections. To completely restore all of the system files, the
process must be repeated for each item.
• Load from Cold:
– Optima XR220
– Connect the keyboard & CD/DVD drive to the USB ports.
– Perform a system backup.
– Activate PC Bootscript persistent view
– Optima XR240
– DVDs entitled Optima XR240 Operating System and Optima XR240 Applications