Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Tip

This document applies to OnePacs Gateway version 2.5.1+.


What is the OnePacs Gateway?

The OnePacs Gateway is software that receives DICOM images from an imaging device or archive, then compresses and securely transfers them to OnePacs.

Where does it run?

The OnePacs Gateway runs on a Windows-based computer on the local network of an imaging facility or hospital.  The computer may be a physical server or a virtual machine.  The OnePacs Gateway runs as a system service on the computer and does not require a user to be logged in.

Does it require a VPN?

No.  The OnePacs Gateway uses transport layer security (TLS) to securely communicate with the OnePacs Cloud over the internet.

Requirements


Excerpt
Hardware, software and bandwidth requirements:
ComputerA physical server, PC, or virtual machine.
Operating SystemWindows 7, Windows 8.1, Windows 10, Windows Server 2012, Windows Server 2016 (32 or 64 bit)
Processor2+ Ghz processor (Intel i5/i7 or similarly powered AMD recommended) with minimum 2 cores (4+ cores recommended)
Memory8 GB or more recommended (required w/ HL7 interface), 4 GB minimum
Disk SpaceAt least 100 GB free disk space on C:
Internet5+ mbps upload bandwidth is recommended.  Less than 1 mbps upload bandwidth is not supported.
Software

The computer should only be used for the OnePacs Gateway.

Network Requirements:

The OnePacs Gateway does not require a public IP address or any inbound ports to be opened in your organization's firewall.  A static private IP address on the a secure local area network is required to provide a fixed target for your DICOM devices to communicate with.  Inbound DICOM traffic is received on port 4104 (configurable) and the gateway communicates with the OnePacs Cloud on a *.onepacs.com domain on port 443 using only secure protocols.  

Installation Requirements:
User AccountA local Administrator Windows user account is required to perform the installation.  It must be a local account - not a domain user.
AE Title

You must obtain a licensed AE title from OnePacs prior to installing the OnePacs Gateway as it will be required during the installation setup.

Host NameThe Windows computer name must not contain the underscore (_) character



Security

Encryption in-flight 

All information transmitted to the cloud platform is encrypted using using transport layer security (TLS) with a minimum of 128-bit Advanced Encryption Standard (AES) public key encryption utilizing a SHA-2 hash algorithm.

Physical Access Controls and Disk Encryption

The OnePacs license agreement requires physical access restrictions limiting physical access to the gateway computer to authorized personnel with a legitimate need to access the equipment and/or the use of whole hard disk encryption (e.g. BitLocker).

Anti-Virus

It is recommended that an anti-virus with a current subscription be in place on the Gateway PC. To ensure proper operation of the Gateway exclude the following directories from the anti-virus scans:

  1. C:\Program Files (x86)\OnePacs
  2. C:\Program Files (x86)\PostgreSQL
Segregation of Data

The OnePacs Gateway should not be configured to support storage of DICOM images from multiple unrelated organizations.

Secure Local Network

By default, the OnePacs Gateway is configured to receive DICOM images from a local PACS or local imaging modalities on a secure local area network (LAN).  It is not recommended to store images to the gateway on on an untrusted network unless TLS is enabled on the DICOM listener.  All outbound DICOM image transmissions to the OnePacs Cloud uses mandatory TLS encryption by default.