The General tab allows you to modify general settings of the router such as image storage location, the refresh rate of the status window, and adjustment of Promiscuous Mode.
Storage - Allows you to specify the directory where you would like to store images relative to the server. This directory must be created prior to routing images.
Refresh Rate - Allows you to specify the number of seconds that will pass before the main status window is updated. It is recommended that you specify a rate of 1-5 seconds otherwise you will get inconsistent numbering in your display of the number of images received/sent due to the router sending images it receives in between the refresh.
Promiscuous Mode - A checkmark in this box allows any device to send images to the router. Uncheck this box if you only want the specified devices listed in the Remote Devices to send to the router
The Database tab allows you to specify database settings such as the username, password, server, and database.
Username - the username to log on to the SQL database (this should be left as default unless you have setup your own SQL server)
Password - the password used to log on to the SQL database (this should be left as default unless you have setup your own SQL server)
Server - the name of the server where the database is hosted. Important: This MUST be the hostname of the server. It cannot be an IP address or "localhost"
Database - the name of the SQL database running on the database server
The User Management Window allows you to create, edit, and delete users of the DICOM eXtender Software.
The fields for each user are as follows:
•Username - indicates the username of the user
•Name - indicates the name of the user
•Email Address - indicates the email address of the user
•AccountType - indicates whether the user is an administrator (1) or a user (2). An administrator has full rights including the ability to create, edit and delete users, AE devices and routes. A user has limited rights and can only view transfer activity on the server, log files, view study list and send images.
•Enabled - indicates whether or not the account is enabled or not. A checkmark indicates that the account is active.
Clicking the "Add" button will allow you to create a new user and will open the following window:
The fields in this window are the same as before with the exception of the password field, which is the user's password.
The TLS(SSL) option allows you to enable and disable Transport Layer Security (TLS) by placing a checkmark in the "Enable TLS" box. This checkmark is global. This means if you place a checkmark in this box then all incoming and outgoing transmissions will use TLS. If you attempt to route images with this checkmark enabled to a DICOM device that does not support TLS the transmission will fail. If you attempt to send images to the DICOM eXtender router using a DICOM device not using TLS then the transmission will fail.
The options for TLS (SSL) are as follows:
•Private Key File - allows you to browse or specify the location of your private key file. For example: C:\TLS\key.pem
•Use Private Key Password - Place a checkmark here if you would like to use a private key password. Uncheck if you do not.
•Private Key Password - Type the private key password used during the creation of your certificate.
•Certificate File - Type or browse to the location where your certificate file is located.
•Certificate Authority File - Type or browse to the location where you Certificate Authority File is located.
In order to have a mixed mode (i.e. Incoming transmissions use TLS and outgoing transmissions use standard DICOM transmissions) you must make additions to the Windows registry.
Under the "HKEY_LOCAL_MACHINE\SOFTWARE\Nufinity\DICOMROUTER\" key, add the following DWORD's:
If TLS is enabled and this value is set to 1 it will disable TLS on receiving of images.
If TLS is enabled and this value is set to 1 it will disable TLS when sending images.
Creating SSL Files:
In order to use SSL communication with DICOM eXtender you must create a Certificate Authority File, a Certificate File, and a Private Key file. You may obtain one from mPlexus by contacting firstname.lastname@example.org or simply follow the instructions below to create your own.
Important Note: These instructions require you type out long commands that must be typed in exactly for these instructions to work. To avoid any mistypes you may want to highlight and copy each command below and and then "Right Click" in the command window to paste the commands and press "Enter" to execute. Any time " " are used it is assumed that you will NOT type the " ".
1.Download the following two files and save them in your C:\ root drive: openssl.exe and openssl.cnf.
2.Open a Command Prompt (Click Start | Run | "cmd" | press Enter)
3.Ensure you are on the C: drive by typing "c:" and pressing Enter and then type "cd c:\" and press Enter. You don't actually have to use the C: drive as your base directory but we use it here for simplicity's sake. If you want to use another location for storing the SSL files you can simply type "cd" followed by a space and then drag the desired location into the command prompt window and then press Enter.
4.Type "mkdir CA" and press Enter.
5.Type "cd CA" and press Enter.
6.Type "mkdir newcerts private" and press Enter.
7.Type "echo 01 > serial" and press Enter.
8.Type "notepad index.txt" and press Enter.
9.Notepad will open up. Click "Yes" and close Notepad.
10.To create a certificate authority type the following: "..\openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 3650 -config ../openssl.cnf" and press Enter.
11.You will be asked to enter a "PEM pass phrase" type in a password and press Enter. Retype the password and remember this password for later use below.
12.Press Enter repeatedly to accept the default for the rest of the fields except the final field which asks for "Common Name (hostname, IP, or your name). Make sure you fill out the common name field. We recommend to use the machine's name.
13.To create a new request type "..\openssl req -new -nodes -out req.pem -config ../openssl.cnf" and press Enter.
14.To sign the request type the following: "..\openssl ca -out cert.pem -config ../openssl.cnf -infiles req.pem" and choose Y at the end.
Now, you will have three files in the "CA" directory:
Here is how those files map to the DICOM eXtender TLS (SSL) Options Window:
Note: If you want to change the information entered in step 12 or use this same file for other computers you can run this command: "..\openssl req -new -nodes -out req.pem -config ../openssl.cnf"
Posted in: | Tags: | Comments (0)
| View Count: (24541)