Intelerad Network Operating System Requirements v1.9

Intelerad
Network and Operating System

Requirements Guide
We are Intelerad.
#1 in Enterprise Workflow.
COPYRIGHT For all other countries: IntelePACS is not intended for diagnostic image review on
© 2017-2021 Intelerad Medical Systems Incorporated. All Rights Reserved. mobile devices. Mobile usage for Mammography is for reference and referral only.
No portion of the contents of this publication may be reproduced or transmitted in any CONTRAINDICATIONS—None.
form or by any means without the express written permission of Intelerad Medical
Caution: Federal law restricts this device to sale by or on the order of a physician.
Systems Incorporated.
This system does not replace the education, skill, and judgment of properly trained
Except as expressly provided otherwise in writing, the information provided in this
medical practitioners. Only properly trained and qualified individuals shall have
document is provided AS IS, without any condition or warranty, whether written, oral,
access to and use IntelePACS and must know of its functionality, capabilities and
express, implied, legal, or statutory. No condition or warranty of merchantability or
limitations. Typical users of this system are trained health professionals, physicians,
fitness for a particular purpose applies to anything provided by Intelerad. Without
nurses, and technologists.
limiting the foregoing, Intelerad nor any of its suppliers warrants this documentation is
or will be accurate, error free or meets or will meet user requirements. Downloaded Images, Workstations and Isolated Installs: You and your users must
maintain IntelePACS with the most current versions, including available updates and
TRADEMARKS
Intelerad, Intelerad Medical Systems, and the Intelerad logo, IntelePACS, upgrades. Delaying or refusing updates or upgrades following a recall may result in a
InteleBrowser, IntelePACS Browser, InteleViewer, Reporting Worklist Module, non-compliant IntelePACS
InteleOne, InteleOne XE, InteleFlex, Assignment Engine, InteleWeb, Acquisition SAFETY ISSUES: IntelePACS is a medical device, and as such, must meet medical
Traffic Controller, Multi-Method Reporting, Intelerad Pulse, IntelePACS 3D, Image device safety and effectiveness requirements imposed by national regulations. Any
Fusion, InteleSuite, InteleRIS, Flow, Nuage, Disaster Recovery Services, Cloud unmonitored or unconnected use of IntelePACS, or use of IntelePACS without a valid
Imaging Platform, Intelerad Peer Review, Intelerad Critical Results, Critical Results right may put the health and safety of patients at risk as you will not be advised of the
Module, ATC Portal, Panorama, InteleConnect, InteleConnect EV, Clario availability of any software patch, bug fix, update or upgrade nor will be informed of
SmartWorklist, and Clario Reporting are either registered trademarks or trademarks of Field Safety Notices, Medical Device Recalls or Advisory Notices related to
Intelerad Medical Systems Incorporated. IntelePACS. Client and authorized users must consult national regulatory site(s) to be
THIRD-PARTY TRADEMARKS informed of Field Safety Notices, Medical Device Recalls or Advisory Notices related to
Adobe, Acrobat, and Reader are either registered trademarks or trademarks of IntelePACS. Intelerad does not have access to authorized users systems to implement
Adobe Systems Incorporated in the United States and/or other countries. Firefox is a corrections to prevent (or correct) occurrences of patient safety issues. You are
registered trademark of Mozilla Foundation in the United States and other countries. responsible to flow down recall and patient safety information to your users.
Google Chrome browser is a registered trademark of Google Inc. in the United States
Referring Physicians Use: Images for authorized referring physicians may not be of
and other countries. Internet Explorer is a registered trademark of Microsoft
diagnosis quality and should not be used for diagnostic purposes.
Corporation in the United States and other countries. Intel, Pentium, Pentium II Xeon,
and Pentium III Xeon are trademarks or registered trademarks of Intel Corporation or InteleConnect: Images in InteleConnect are intended for review only and are not
its subsidiaries in the United States and other countries. Microsoft and Windows are appropriate for diagnostic purposes. Please use InteleViewer for diagnostic viewing.
either registered trademarks or trademarks of Microsoft Corporation in the United
CD Burning and nuage Patient Portal: Intelerad Client remain responsible to collect
States and/or other countries. NVIDIA is a trademark or registered trademark of
patient consents and accesses. Images on CD and on nuage Patient Portal are
NVIDIA Corporation in the United States and/or other countries. Oracle and Java are
intended for review only and are not appropriate for diagnostic purposes. Please use
registered trademarks of Oracle Corporation and or its affiliates. PowerScribe 360 is a
InteleViewer for diagnostic viewing.
trademark or registered trademark of Nuance Communications Inc. or its affiliates in
the United States and/or other countries. Sun, Sun Microsystems, and Java are Intelerad Medical Systems Incorporated
trademarks or registered trademarks of Sun Microsystems, Inc. in the United States 800, boul. De Maisonneuve East, 12th floor
and other countries. Safari, Mac, and OS X are trademarks of Apple Inc., registered in Montreal (Quebec)
the United States and other countries. H2L 4L8 Canada
All other brand names, product names, or trademarks belong to their respective
DECLARATION OF CONFORMITY
holders.
We hereby certify that IntelePACS, a Class IIa Medical Device, is in compliance with
INDICATIONS FOR USE Council Directive 93/42/EEC and marked with
IntelePACS is a software application that receives digital images and data from
various sources (such as CT scanners, MR scanners, ultrasound systems, R/F units,
computer and direct radiographic devices, secondary capture devices, scanners,
imaging gateways, or other imaging sources). Images and data can be
communicated, processed, manipulated, enhanced, stored, and displayed within the
system and/or across computer networks at distributed locations. Post-processing of
the images can be performed using Multi Planar Reconstruction (MPR).
AUSTRALIAN SPONSOR
Only preprocessed DICOM for presentation images can be interpreted for primary
Emergo Australia
image diagnosis in mammography. Mammographic images with lossy compression
201 Sussex Street, Darling Park, Tower 2, Level 20
and digitized film screen images must not be reviewed for primary image
Sydney, NSW 2000, Australia
interpretations
tel: +61.0.2.9006.1662
Mammographic images may only be interpreted using a display that is cleared, and
that meets technical specifications reviewed and accepted, by your regulatory
authorities. Title: Intelerad Network and Operating System
Requirements Guide
IntelePACS on mobile devices (applicable for IntelePACS 5.1.1 or later Document version: 1.9
only):
For Canada, United States, Europe, Australia, New Zealand, and South Africa only: Date: 2021-05-02
When used with a mobile device, IntelePACS is suitable for diagnostic image review Part number: IHNRENRG-O Issue 010
only on tested devices as specified in your Intelerad product's documentation.
IntelePACS is not intended for primary diagnostic image review on mobile devices.
Mobile usage for Mammography is for reference and referral only.
TABLE OF CONTENTS
Intelerad
Copyright
Disclaimer 4
Document Conventions 5
About This Guide 6
Download the Latest Version 6
Network Requirements 7
Introduction 8
Port Scanning Between IntelePACS Servers 8
Multi-Site Network Configuration 8
Network Port Details 12
Server Requirements 23
Supported Linux Versions 24
Operating System Maintenance 24
Linux and Server Installation 24
Server Monitoring Software 26
Third-Party Software 27
3
DISCLAIMER
Intelerad is a software company. As such, Intelerad's approval of the hardware does
not constitute a guarantee that the hardware configuration provided by the hardware
vendor is functional. Intelerad relies on the hardware vendor to ensure compatibility of
all its internal and external components, as well as the operating system. Hardware
requirements mostly concern the components significant for performance and
reliability. Minor components like cables, connectors, power cords and rack mounting
rails might be required even though they are not explicitly listed in the minimum
requirements. The purchase of these components should follow the hardware
vendor’s recommendations.
A medical device such as IntelePACS must be supported and maintained to be used
under applicable authority regulations. If your IntelePACS is not accessible to
Intelerad's Support Team, Intelerad will not provide maintenance, including remote
monitoring, remote diagnostics, and maintenance. IntelePACS is a medical device,
and as such, must meet medical device safety and effectiveness requirements
imposed by national regulations. The Client is advised that using IntelePACS without
access from Intelerad’s Support Team might put the health and safety of patients at
risk, as the Client may not be advised of the availability of software patches, bug fixes,
updates or upgrades, nor will they be informed of Field Safety Notices, Medical Device
Recalls, or Advisory Notices related to IntelePACS. Furthermore, Intelerad will not be
in a position to have access to the Client’s systems to implement corrections to
prevent occurrences of patient safety issues. Any use of the Licensed Software
beyond Intelerad’s standard support practice is the client’s own responsibility.
4
DOCUMENT CONVENTIONS
Several conventions are used throughout this document. A list of these and examples
of their use are provided below.
Convention Example
Text that you enter in a field, or on a command In the Date field, enter
line are in courier font. 2003/04/04.
Keyboard commands are in SMALL CAPS AND Press CTRL+C to copy text.
BOLD.
New terminology or concepts are italicized. The process of automatically
distributing the images is referred
to as autorouting.
Interface elements, such as menus, buttons, From the Font list, choose the
options, and preferences are bold. desired font.
Menu selections are separated by vertical Choose File | Print to print this
lines. page.
Information that is important for a user to To view reports, you must have
know when performing a task, such as the Report privilege enabled in
prerequisite information or restrictions, is your user account.
represented with a note icon .
Information that is helpful to a user, such as You can also use the CTRL+T
when describing an alternate or simpler way keyboard shortcut to show or
to perform a task, is represented with a tip hide thumbnail images.
icon .
Information that warns users to potential Image measurements are saved
problems in the outcome of what they are for the current application
doing, such as data loss or data breach, is session only. If you exit the
represented with a warning icon . application, all measurements
are lost.
5
ABOUT THIS GUIDE
This guide is intended primarily for IT Operations personnel.
This guide details the network requirements, recommended multi-site network
configuration, network port traffic, and server operating system requirements, for
IntelePACS and InteleOne XE.
Download the Latest Version

This guide is subject to frequent updates. Before referencing this guide for your
IntelePACS hardware project, Intelerad highly recommends that you visit the
Knowledge section of the Intelerad Service Portal
(https://serviceportal.intelerad.com/csm?id=kb_article&sys_
id=c70dcd7cdbfdcbc04361534e5e961928) to download the latest version of this
guide.
6
1
NETWORK
REQUIREMENTS
This chapter details the network requirements for IntelePACS and InteleOne XE.
In this chapter:
Introduction 8
Port Scanning Between IntelePACS Servers 8
Multi-Site Network Configuration 8
Network Port Details 12
7
Introduction
IntelePACS servers at each installation site must comply with the networking
requirements that are described in this guide in order for IntelePACS servers to
function properly and to guarantee service and support from Intelerad. Internally, all
IntelePACS servers must have unrestricted access to all other IntelePACS servers.
All Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports, as
well as all Internet Control Message Protocol (ICMP) packets, require unrestricted
access between servers. Each server must be identified by a single hostname and IP
address pair across the system. Network address translation between servers is not
supported.
The High Availability Cluster and Load Balanced Cluster features for IntelePACS rely
on IP address migration between servers. It is therefore required that the servers are
on the same local area network and that multicasting is enabled on that network.
Port Scanning Between IntelePACS Servers

To ensure trouble-free operation, IntelePACS servers initiate port scans between
themselves and other IntelePACS servers in order to verify that the required network
ports are not filtered. For information on the network ports, see “Between IntelePACS
Servers” table in “Network Port Details" (page 12). Ensure that any intrusion detection
system (IDS) in place is aware of this requirement. The network scans are performed
by IntelePACS software and consist of ICMP and SYN scans.
Multi-Site Network Configuration

Multi-site IntelePACS or InteleOne XE implementations typically span several imaging
sites such as hospitals and client-specific sites, and data center locations or
headquarters. While the client controls the networking infrastructure at their own site,
hospitals often have their own established networks and security policies.
The major constraints to multi-site networks are as follows:
l Existing hospital networks cannot easily be changed.
l Hospital security policies may prevent the presence of an IntelePACS server on
the hospital network with links to other IntelePACS servers at other sites.
l All IntelePACS servers must be able to connect to each other without network
address translation (NAT).
8 1 | Introduction
The Recommended Muli-Site Networking diagram below illustrates Intelerad's
networking recommendations that should satisfy the realities of hospital networks and
security policies, and also satisfy the requirements of a multi-site IntelePACS
installation or InteleOne XE solution.
The major features of the recommended network configuration are:
1 | Multi-Site Network Configuration 9

l Each site has their own InteleOne XE subnet.
l A central router, typically at a central data center, routes traffic between all
InteleOne XE subnets.
l Each subnet is connected to the central router via a VPN or dedicated link.
The following sections describe three different hospital or imagining facility scenarios.
Hospital B with the IntelePACS Server on the Hospital Network

The hospital has its own network, but tolerates an IntelePACS server with addresses
on both the hospital network and the InteleOne XE network.
This configuration requires that the hospital network not conflict with any of the
InteleOne XE subnets, otherwise the local IntelePACS server is not able to
communicate properly with other IntelePACS servers in the InteleOne XE solution.
Router B is configured to route all InteleOne XE traffic, such as traffic originating from
Subnet B, to Router A as its next hop.
Diagnostic workstations can reside on the InteleOne XE subnet (recommended) or on
the hospital network.
Advantages Limitations
l The hospital can l It is not possible to push images from IntelePACS
maintain its own servers that are not on the hospital network to
network numbering workstations on the hospital network.
scheme.
l It is not possible to DICOM-ping AE titles on the
l No firewall rules hospital network from all web servers to test DICOM
need to be connectivity.
maintained.
l It is not possible to send images to IntelePACS
servers that are not on the hospital network.
l Port forwarding for HL7 traffic between the Hospital
RIS and Intelerad’s RIS integration gateway must
be set up on Router B.
Hospital C with the IntelePACS Server in a DMZ

The hospital has its own network, and its security policy requires that IntelePACS
servers are sequestered in a demilitarized zone (DMZ).
10 1 | Multi-Site Network Configuration

Router C is configured to route all InteleOne XE traffic, such as traffic originating from
Subnet C, to Router A as its next hop.
Diagnostic workstations can reside on the InteleOne XE subnet (recommended) or on
the hospital network.
l The InteleOne XE l A static network address translation (NAT) table
server does not must be built and maintained. This table maps IP
pose a perceived addresses of the hospital RIS/PACS infrastructure
security risk to the on the hospital network one-to-one to IP addresses
hospital network. on the InteleOne XE subnet in the DMZ.
l This setup supports l Bandwidth for communication between the
hospital networks InteleOne XE server and entities on the hospital
even if their network network is limited by the throughput of the hospital
address ranges firewall.
collide with an
InteleOne XE l Port forwarding for HL7 traffic between the Hospital
subnet. RIS and Intelerad's RIS integration gateway must
Hospital D on the InteleOne XE Subnet

The hospital network agrees to be part of the InteleOne XE network.
l Least restrictive l The hospital network addressing scheme may not
communication permit this configuration.
between InteleOne
XE and the hospital l If Router D’s default gateway is not Router A,
RIS/PACS Router D must be configured to route all InteleOne
infrastructure. XE traffic to Router A. Such routes must be added
to Router D every time a new InteleOne XE subnet
is added.
l It is not possible to send images to IntelePACS
servers that are not on the hospital network.
l Port forwarding for HL7 traffic between the Hospital
RIS and Intelerad’s RIS integration gateway must
1 | Multi-Site Network Configuration 11

Network Port Details
This section describes the network traffic for Intelerad software. Generally, Intelerad
expects inter-server traffic to be unrestricted. As a result, the information provided in
this section is subject to change. However, this information can be useful in the case
where a firewall partitions the network.
The requirements contained in this section are valid for IntelePACS up to and
including version 4.15.1. Newer versions of IntelePACS may have different
network requirements, which will be specified once new versions are released.
It is good practice to enforce Quality of Service (QoS) on the network. The following
tables provide the recommended QoS priorities that can be used to configure QoS on
the network. A lower priority number indicates that this traffic should take precedence
over traffic with a higher priority number. Generally, database traffic needs to be
delivered most urgently, while DICOM traffic can use the leftover bandwidth with the
lowest priority.
Network performance (latency and bandwidth) between locations depends on the
expected volume and expected use. IntelePACS is capable of handling higher latency
links for remote facilities, but latency between data centers should be reasonable. If
you anticipate greater than 25 ms of latency between data centers, be sure to
communicate this to your Project Manager or Solution Architect early in the process.
Between IntelePACS Servers and the Internet*

Port Protocol QoS** Service Source Destination Description
1194 TCP/UDP 2 Client Link Designated Intelerad Software-based VPN from at least two
VPN servers network designated servers. Designated servers
include the MDB servers and the core
Monitoring/Prometheus server(s).
5222 TCP 2 Client Link Designated Intelerad Software-based VPN from at least two
VPN servers network designated servers. Designated servers
include the MDB servers and the core
Monitoring/Prometheus server(s).
25 TCP 6 Email All servers Internet PACS servers need to be able to deliver
notification email notifications to local administrators.
The target server range can be restricted if a
specific email relay server is being used.
53 TCP/UDP 2 DNS All servers Internet DNS lookups. The target server range can
be restricted if a specific DNS server is
being used.
80 TCP 3 Web All servers Internet This is used to retrieve software from
12 1 | Network Port Details

Intelerad and Red Hat, and on occasion, to
assist in retrieving tools or documents
needed to support IntelePACS. If
necessary, the remote address range can
be restricted to Intelerad's subnetworks
(104.156.67.64/26) and to your upstream
Ret Hat network servers.
123 TCP/UDP 2 NTP All servers Internet Network Time Protocol (NTP) for
synchronizing clock.
443 TCP 2 Web All servers Internet This port is absolutely essential for various
components, including remote monitoring
software, lifecycle management software,
operating system updates, and cloud
services (e.g., voice recognition, cloud
storage). If necessary, the remote address
range can be restricted to the following:
l Intelerad's subnetworks
(104.156.67.64/26)
l Your upstream Red Hat network
servers (e.g., cdn.redhat.com)
l M*Modal data centers (e.g.,
integration.mmodal.com)
l Amazon AWS (*.amazonaws.com
for accounting, cloud storage, etc.;
*cloudfront.net to access product
documentation from the application.)
l Billing servers (ims.bintray.com)
22 TCP 2 SSH Intelerad Designated Interactive support network
network servers
443 TCP 2 Web Intelerad Designated Interactive support network
services network servers
5022 TCP 2 Image Intelerad Designated Interactive support network
streaming network servers
*This table describes the network communication requirements between IntelePACS servers and the
Internet. Normally, opening up outgoing ports is not a problem for our clients because people do not
operate IntelePACS servers. Consequently, restricting outgoing web access, such as to ports 80 and 443,
is typically not a security concern.
** Sets the priority level for network traffic on the port. The lower the QoS value, the higher the priority for
network traffic.
1 | Network Port Details 13

Between IntelePACS Servers*
22 TCP 2 SSH All servers All servers Interactive support access
and non-DICOM data transfer
25 TCP 6 SMTP All servers All servers Server-to-server error
notification emails
80 TCP 2 HTTP All servers All servers Server-to-server web
applications
443 TCP 2 HTTPS All servers All servers Server-to-server web
applications
123 TCP/UDP 2 NTP All servers All servers Server-to-server time
synchronization
513 TCP 2 Login All servers All servers System administration
514 TCP 2 Syslog All servers All servers System administration
1991 TCP 2 Hessian All servers All servers Server-to-server database
intermediary (Accounting
Central)
4141 TCP 2 Linkerd All servers All servers Server-to-server inter-process
communication
4559 TCP 2 HylaFAX All servers All servers Server-to-server hylafax
protocol
5000 TCP 5 DICOM All servers All servers Server-to-server and client-to-
server DICOM protocol
5005 TCP 2 RIS HL7 All servers All servers Server-to-server and client-to-
server HL7 protocol
5006 TCP 2 RIS Console All servers All servers Server-to-server HL7 service
console
5008 TCP 2 RIS Proxy All servers All servers Server-to-server HL7 proxy
service
5009 TCP 2 Hessian All servers All servers Server-to-server database
intermediaries proxy service
5010 TCP 3 DMWL All servers All servers Server-to-server and client-to-
server DICOM modality
worklist
5011 TCP 3 DMWL All servers All servers Server-to-server and client-to-
server DICOM modality
worklist
5012 TCP 2 Hessian All servers All servers Server-to-server hessian inter-
process communication
(DicomMasterService)

(ImageRenderingService)
(AnalyticsDataServices)
(AccountingNode)
(AnalyticsIntegrationServices)
(RegionalArchiveIntegration)
(PacsGlobals)
(DicomExternService)
5020 TCP 4 Image All servers All servers Server-to-server image
Streaming streaming
5021 TCP 4 Image All servers All servers Server-to-server image
Streaming streaming
5022 TCP 4 Image All servers All servers Server-to-server and client-to-
Streaming server image streaming
5080 TCP 2 HTTP/HTTPS All servers All servers Server-to-server web proxying
5081 TCP 2 HTTP/HTTPS All servers All servers Server-to-server token service
5100-5300 TCP 2 IPC All servers All servers Server-to-server hessian inter-
(Signalling)
5269 TCP 3 Tigase All servers All servers Server-to-server instant
messaging
5483 TCP 1 PostgreSQL All servers All servers Server-to-server database
(main PostgreSQL instance)
6130-6880 TCP 2 PostgreSQL All servers All servers Server-to-server database and
inter-process communication
(Atlas applications)
7100 TCP 1 Sybase All servers All servers Server-to-server database
(Sybase)
7110 TCP 1 Sybase All servers All servers Server-to-server database
(Sybase)

8300-8302 TCP/UDP 3 Consul All servers All servers Server-to-server database
(Consul)
9000-9013 TCP 3 IPC All servers All servers Server-to-server hessian inter-
(Signalling)
9090 TCP 2 Prometheus All servers All servers Monitoring
ICMP ICMP 3 Ping All servers All servers Monitoring
*Normally, all network ports are open between all IntelePACS servers. If the network is fully open between all
IntelePACS servers, then this section is not relevant. If you must filter the network internally between IntelePACS
servers, then refer to this table for the network communication requirements between IntelePACS servers.
** Sets the priority level for network traffic on the port. The lower the QoS value, the higher the priority for network
traffic.
Between the IntelePACS Web Server (Large) in the DMZ and

Internal IntelePACS Servers*
22 TCP 2 SSH DMZ All servers Interactive support access
servers and non-DICOM data transfer
80 TCP 2 HTTP DMZ All servers Server-to-server web
servers applications
443 TCP 2 HTTPS DMZ All servers Server-to-server web
servers applications
123 TCP/UDP 2 NTP DMZ All servers Server-to-server time
servers synchronization
5000 TCP 5 DICOM DMZ All servers Server-to-server DICOM
servers protocol (presentation states,
etc.)
5005 TCP 2 RIS HL7 DMZ All servers Server-to-server HL7 protocol
servers
5006 TCP 2 RIS Console DMZ All servers Server-to-server HL7 service
servers console
5009 TCP 2 Hessian DMZ All servers Server-to-server database
servers intermediaries proxy service
5012 TCP 2 Hessian DMZ All servers Server-to-server hessian inter-
servers process communication
(DicomMasterService)
(ImageRenderingService)

(AnalyticsDataServices)
(AccountingNode)
(AnalyticsIntegrationServices)
(RegionalArchiveIntegration)
(PacsGlobals)
(DicomExternService)
5020 TCP 4 Image DMZ All servers Server-to-server image
Streaming servers streaming
5080 TCP 2 HTTP/HTTPS DMZ All servers Server-to-server web proxying
servers
5100-5300 TCP 2 IPC DMZ All servers Server-to-server hessian inter-
(Signalling)
5269 TCP 3 Tigase DMZ All servers Server-to-server instant
servers messaging
5483 TCP 1 PostgreSQL DMZ All servers Server-to-server database
servers (main PostgreSQL instance)
6130-6880 TCP 2 PostgreSQL DMZ All servers Server-to-server database and
servers inter-process communication
(Atlas applications)
7100 TCP 1 Sybase DMZ All servers Server-to-server database
servers (Sybase)
7110 TCP 1 Sybase DMZ All servers Server-to-server database
servers (Sybase)
9000-9013 TCP 3 IPC DMZ All servers Server-to-server hessian inter-
(Signalling)

ICMP ICMP 3 Ping DMZ All servers Monitoring
servers
443 TCP 2 HTTPS Internet DMZ servers Web applications,
InteleViewer. The blocking of
unknown/foreign IPs is
permitted.
5022 TCP 4 Image Internet DMZ servers Image streaming (optional if
Streaming you prefer tunneling over port
443)
*This table describes the network communication requirements for the "Large" version of IntelePACS web
servers residing in a DMZ. The ports detailed in this table are required to establish connections from the
IntelePACS web servers in the DMZ to the IntelePACS servers on the internal network, and from Internet
users to web servers in the DMZ. Tunneling or routing of data on port 443 without modifying packets is
required for Instant Messaging, and for Image Streaming when port 5022 is blocked.
From all IntelePACS servers to the IntelePACS web servers in the DMZ, all ports must be open as per the
Between IntelePACS Servers table.
network traffic.
Between the IntelePACS Web Server (Light) in the DMZ and

Internal IntelePACS Servers*
22 TCP 2 SSH DMZ All servers Interactive
servers support access
and non-DICOM
data transfer
80 TCP 2 HTTP DMZ All servers Server-to-server
servers web
applications
443 TCP 2 HTTPS DMZ All servers Server-to-server
servers web
applications
5022 TCP 4 Image DMZ All servers Server-to-server
Streaming servers image streaming
443 TCP 2 HTTPS Internet DMZ Web
servers applications,
InteleViewer.
The blocking of
unknown/foreign
IPs is permitted.
5022 TCP 4 Image Internet DMZ Image

(optional if you
prefer tunneling
over port 443)
*This table describes the network communication requirements for the "Light" version of
IntelePACS web servers residing in a DMZ. The ports detailed in this table are required to
establish connections from the IntelePACS web servers in the DMZ to the IntelePACS servers
on the internal network, and from Internet users to web servers in the DMZ. Tunneling or
routing of data on port 443 without modifying packets is required for Image Streaming when
port 5022 is blocked.
** Sets the priority level for network traffic on the port. The lower the QoS value, the higher the
priority for network traffic.
Between Scanners and IntelePACS Servers*

5000 TCP 5 DICOM Scanners Local servers Client-to-server
DICOM protocol
5010 TCP 3 DMWL Scanners Local servers Client-to-server
DICOM modality
worklist
5011 TCP 3 DMWL Scanners Local servers Client-to-server
DICOM modality
worklist
<variable> TCP 5 DICOM Local servers Scanners Server-to-client
DICOM protocol (for
example, Storage
Commit)
*This table describes the network communication requirements between scanners and IntelePACS
servers. In some cases, the IntelePACS servers must initiate DICOM communication back to the scanner,
such as when there are storage commit requests to be serviced.
network traffic.
Between InteleViewer Workstations and IntelePACS Servers*

443 TCP 3 Web InteleViewer Web server IntelePACS
applications user
applications,
and optionally,
tunneled
image
streaming

5022 TCP 4 Image InteleViewer Web server Proxied image
Streaming streaming.
Optional if 443
tunneling is
operational.
5022 TCP 4 Image InteleViewer All servers Direct image
Streaming streaming.
Optional if you
are using
proxied or
tunneled
streaming.
5035 TCP 5 DICOM All servers InteleViewer DICOM
Transfer transfers from
IntelePACS to
InteleViewer
(optional, and
rarely used)
5000 TCP 5 DICOM Workstations Local servers DICOM
Transfer transfers from
workstations
(optional, and
rarely used)
<variable> TCP 5 DICOM All servers Workstations DICOM
Transfer transfers to
workstations
(optional)
*This table describes the network communication requirements between workstations and IntelePACS
servers. In some cases, the IntelePACS servers must initiate DICOM communication back to the
workstation, such as when DICOM images are routed instead of streamed, for non-Intelerad workstations.
All IntelePACS user applications connect using HTTPS. Tunneling without modifying packets is required for
instant messaging and image streaming. If your user base connects from known networks, restrict access
to those networks instead of allowing access from all Internet addresses.
network traffic.
Between a RIS and IntelePACS Servers*

5005 TCP 2 HL7 RIS RIG servers HL7
messaging
from a RIS

<variable> TCP 4 HL7 RIG servers RIS HL7
messaging to
a RIS
*This table describes the network communication requirements between a RIS, or other HL7 data source
or destination such as HIS and EMR, and IntelePACS servers acting as a RIS Integration Gateway (RIG)
server.
network traffic.

22
2
SERVER
REQUIREMENTS
This chapter details the requirements for Intelerad servers.
In this chapter:
Supported Linux Versions 24
Operating System Maintenance 24
Linux and Server Installation 24
Server Monitoring Software 26
Third-Party Software 27
23
Supported Linux Versions
The following operating systems are supported for new IntelePACS and InteleOne XE
servers:
From To
Required Operating System
Version Version
Oldest 4.14.1 Red Hat Enterprise Linux 5 with latest update (32-bit
i386, 64-bit x86_64)
4.1.1 Latest Red Hat Enterprise Linux 6 with latest update (64-bit
R24 x86_64)
4.2.1
R21
4.2.4
R7
4.3.1
R1
4.10.1 Latest Red Hat Enterprise Linux 7 with latest update (64-bit
R2 x86_64), or CentOS 7 with latest update (64-bit x86_
64)
Operating System Maintenance

It is the client’s responsibility to apply operating system and hardware/firmware
updates, critical patches, and Common Vulnerabilities and Exposures (CVE) security
updates. You must notify Intelerad before performing an operation that requires a
server reboot, such as kernel updates, firmware updates, and hardware maintenance.
Installing additional software packages, such as Red Hat Enterprise Linux (RHEL) or
third-party software, is not permitted without written consent from Intelerad.
Linux and Server Installation

The following is a list of requirements and notes regarding Linux and server
installation:
24 2 | Supported Linux Versions

l It is the client’s responsibility to install the operating system.
l When using Red Hat, the recommended Red Hat subscription is Standard
Subscription. Self-Support Subscription is acceptable only for customers who
are comfortable with the Red Hat Terms of Service
(https://access.redhat.com/support/offerings/production/sla).
l You must use the server hostname that is prescribed by Intelerad.
l Ensure that the server is configured according to the vendor’s recommendations
for low latency and/or high-performance computing. This typically entails the
following configurations, among others:
o Enable processor Turbo Mode
o Disable memory scrubbing
o Select Performance mode where possible
o Disable C states
l You must disable Hyper-threading on the server.
l The server IP addresses must be statically assigned.
l Intelerad requires access to the root account for the operating system on the
IntelePACS server.
l All servers using RHEL must be registered with the Red Hat Network and have
an active subscription to the following channel according to the version of Red
Hat:
o RHEL6: rhel-6-server-optional-rpms
o RHEL7: rhel-7-server-optional-rpms
l An internal, external, or virtual CD/DVD drive is required to install the operating
system.
l All servers must be configured to use ext4 filesystem.
l All IntelePACS partitions must be mounted by referencing their filesystem UUID.
l Swap space must be 12 GB and must be located on the operating system RAID.
l Use a standard install for the operating system. Intelerad will install any missing
packages that are required.
l Use operating system installation media (CD or DVD) that contains the latest
updates of the Red Hat versions listed above. Older versions may lack the
required drivers.
2 | Linux and Server Installation 25

l If you are installing the operating system on Dell hardware, do not use the
OpenManage installation disks. Instead, install using the latest Red Hat media
only. Do not re-use pre-existing partitions.
l Skip the X Windows configuration and run the system in run-level 3. This ensures
that X Windows is not started automatically.
l Enable write-back caching on RAID controllers that are equipped with a battery-
or flash-backed cache.
l All firmware pertaining to RAID controllers and arrays, remote access consoles,
and tape libraries should be verified and, if required, upgraded to the current
revision from the hardware manufacturer.
l UEFI boot is permitted (vs BIOS), but requires the following partitions:
o /boot/efi : Configured to use EFI System Partition or VFAT
file system
o /boot : Configured to use EXT4 file system
Server Monitoring Software

Intelerad remotely monitors servers 24/7 and is automatically notified of a wide range
of conditions. Most of the monitoring applies to Intelerad software and must be
interpreted by Intelerad Support Center personnel.
Intelerad does not directly monitor servers at the hardware level. If Intelerad
customers want to monitor their server hardware, Intelerad supports server
management solutions from both Dell and HP. Generally, hardware monitoring
systems are based on SNMP and require the Intelerad Deployment Team to install
and configure software on the monitored servers. Hardware monitoring systems also
require that clients deploy a management console on which to install the appropriate
management and monitoring software. The management console is deployed
separately from the Intelerad servers it is monitoring. Intelerad does not allow the
management console software to run on the IntelePACS servers.
Intelerad supports the following server management solutions. Click the
corresponding link for more information.
Server Management
Information
Solution
Dell OpenManage http://en.community.dell.com/techcenter/systems-
Essentials management/w/wiki/openmanage-essentials.aspx
26 2 | Server Monitoring Software

Server Management
Information
Solution
HP Systems Insight http://h18013.www1.hp.com/products/servers/management/hpsim/index.html
Manager (SIM)
HP OneView http://www8.hp.com/ca/en/products/server-software/product-
detail.html?oid=5410258
Once the hardware vendor’s monitoring hardware and software is in place, download
and complete the request form from the Intelerad Service Portal
(https://serviceportal.intelerad.com/csm?id=kb_article&sys_
id=6adb8f25db26f600da3c30cf9d9619cb). The Intelerad Deployment Team will
configure the servers to provide monitored information to the management console,
such as RAID status, CPU status, fan speed, memory, server temperature, and power
supply status.
Third-Party Software
Intelerad server software must run in a controlled environment. It is not uncommon for
software to impede other software from operating as intended. As such, installing
third-party software on IntelePACS servers is not permitted.
2 | Third-Party Software 27
28

Intelerad Network Operating System Requirements v1.9

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Intelerad Network Operating System Requirements v1.9

Uploaded by

Copyright:

Available Formats

Intelerad

Network and Operating System

InteleBrowser, IntelePACS Browser, InteleViewer, Reporting Worklist Module, non-compliant IntelePACS

About This Guide 6

Download the Latest Version 6

Port Scanning Between IntelePACS Servers 8

Multi-Site Network Configuration 8

Network Port Details 12

Supported Linux Versions 24

Operating System Maintenance 24

Linux and Server Installation 24

Server Monitoring Software 26

Download the Latest Version

Port Scanning Between IntelePACS Servers

Multi-Site Network Configuration

The major features of the recommended network configuration are:

1 | Multi-Site Network Configuration 9

Hospital B with the IntelePACS Server on the Hospital Network

Hospital C with the IntelePACS Server in a DMZ

10 1 | Multi-Site Network Configuration

Hospital D on the InteleOne XE Subnet

1 | Multi-Site Network Configuration 11

Between IntelePACS Servers and the Internet*

12 1 | Network Port Details

1 | Network Port Details 13

14 1 | Network Port Details

1 | Network Port Details 15

Between the IntelePACS Web Server (Large) in the DMZ and

16 1 | Network Port Details

1 | Network Port Details 17

Between the IntelePACS Web Server (Light) in the DMZ and

18 1 | Network Port Details

Between Scanners and IntelePACS Servers*

Between InteleViewer Workstations and IntelePACS Servers*

1 | Network Port Details 19

Between a RIS and IntelePACS Servers*

20 1 | Network Port Details

1 | Network Port Details 21

This chapter details the requirements for Intelerad servers.

Operating System Maintenance

Linux and Server Installation

24 2 | Supported Linux Versions

2 | Linux and Server Installation 25

Server Monitoring Software

26 2 | Server Monitoring Software

You might also like