Home
/
Leica BIOSYSTEMS
/
Aperio GT 450
/
Administrator'S Manual

Leica BIOSYSTEMS Aperio GT 450, Administrator'S Manual

Share

22 pages before
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

Page: 37 / 48

Leica BIOSYSTEMS Aperio GT 450 Administrator'S Manual Download Page 37

Aperio GT 450 IT Manager and Lab Administrator Guide, Revision E © Leica Biosystems Imaging, Inc. 2022

37

This chapter discusses how Aperio products protect electronic protected health information (EPHI) and provide protections
against cybersecurity threats. We also discuss the measures you can take to protect client workstations and Aperio servers
on your network. This chapter gives information for IT network administrators, Aperio product administrators, and Aperio
product end users.

Many of the recommendations in this section apply to the Windows-based workstations that are used in conjunction with
the Aperio scanners, and the servers used to host the Aperio applications and components, such as SAM. In these cases,
the security and network settings are configured through the Windows operating system and administrative tools. The
information here is provided for reference only. Refer to your Windows documentation for specific instructions.

In many cases, your facility may require security settings and configurations more restrictive than those listed here. If that is
the case, use the stricter guidelines and requirements dictated by your facility.

i

After installation of the Aperio GT 450 product, the Leica Biosystems representative will turn over to your IT staff
sensitive cybersecurity items such as SSL certificate credentials, SAM server disk encryption key, and so on. The
customer assumes ownership of these items, and it is the customer’s responsibility to safeguard this information

Aperio GT 450 and SAM Cybersecurity Features

Cybersecurity features included in the Aperio GT 450 product protect critical functionality despite cybersecurity compromise.
These include:

`

To reduce cybersecurity vulnerability, the respective operating systems on the Aperio GT 450 VPU and SAM server
are hardened with CIS (Center for Internet Security) benchmarks.

`

The Aperio GT 450 scanner and SAM are not intended to store sensitive data, only to export/upload data to
connected applications on separate network servers. The connection between the Aperio GT 450 scanner and the
SAM server is authenticated through an encrypted, secure SSL/TLS connection.

`

Allow/deny listing is used on the Aperio GT 450 scanner and recommended for use on the SAM server. This
prevents unauthorized software from running on these components.

`

The daily maintenance for the Aperio GT 450 scanner includes rebooting it every day. (See the

Aperio GT 450

User’s

Guide

for details.) This refreshes the firmware.

`

The GT 450 Console.log file contains user login events with user names. It can also show “Possible Intrusion
Detected” in case of log-in discrepancies while accessing the scanner remotely through SSH. For details on
downloading the log files, see

“Working With the Event Log” on page 32.

6

Cybersecurity and Network

Recommendations

«
...
35
36
37
38
39
...
»

Summary of Contents for Aperio GT 450

Page 1: ...Aperio GT 450 IT Manager and Lab Administrator Guide MAN 0394 Revision E March 2022 ...

Page 2: ...spective owners Ì This product is protected by registered patents For a list of patents contact Leica Biosystems Customer Resources Ì For the latest information on Leica Biosystems Aperio products and services please visit www LeicaBiosystems com Aperio Contact Information Leica Biosystems Imaging Inc Headquarters Customer Support General Information Leica Biosystems Imaging Inc 1360 Park Center D...

Page 3: ...perio GT 450 Network Architecture 16 Aperio GT 450 Architecture 16 General Information 16 Network Bandwidth Requirements 17 How the Aperio GT 450 Fits into Your Network 17 Secure Access 17 Data Communication Pathways 18 3 Configuring the Aperio GT 450 Scanner 21 General Instructions 21 Basic Scanner Settings 22 Scanner System Information Info Page 23 Scanner System Information Settings Page 24 Sca...

Page 4: ... 6 Cybersecurity and Network Recommendations 37 Aperio GT 450 and SAM Cybersecurity Features 37 Password Login and User Configuration Safeguards 38 Physical Safeguards for Servers and Workstations 38 Physical Safeguards for Aperio GT 450 Scanners 38 Administrative Safeguards 38 Protecting the DSR or Image Storage Server 39 Use of Off the Shelf Software 39 A Troubleshooting 40 Scanner Administratio...

Page 5: ...ment Aperio GT 450 Specifications Installation Aperio GT 450 must be installed by a trained Leica Biosystems Technical Services representative Repair Repairs may be done only by a trained Leica Biosystems Technical Services representative After repairs are done ask the Leica Biosystems technician to perform operation checks to determine the product is in good operating condition Accessories For in...

Page 6: ...ction Safety Safety protection may be impaired if this device is used in a manner not specified by the manufacturer Symbols The following symbols appear on your product label or in this user s guide Symbol Standard Regulation Description ISO 15223 1 5 1 1 Manufacturer ISO 15223 1 5 1 3 Date of manufacture ISO 15223 1 5 1 7 Serial number ISO 15223 1 5 1 6 Catalog number ISO 15223 1 5 4 4 Caution SO...

Page 7: ...c Industry Standard SJ T11364 Device contains certain toxic or hazardous elements and can be used safely during its environmental protection use period The number in the middle of the logo indicates the environmental protection use period in years for the product Symbol Standard Regulation Description IEC 60825 1 Device is a Class 1 Laser Product that is in compliance with international standards ...

Page 8: ...strict Shanghai PRC PC 200025 CHINA Tel 86 4008208932 Fax 86 21 6384 1389 Email service cn leica microsystems com Remote Care email tac cn leica microsystems com Danmark Tel 0080052700527 toll free In country Tel 45 44 54 01 01 Email support dk leicabiosystems com Deutschland Leica Biosystems Nussloch GmbH Technical Assistance Center Heidelberger Strasse 17 Nussloch 69226 GERMANY Tel 0080052700527...

Page 9: ...on BioLine LLC Pinsky lane 3 letter A Saint Petersburg 197101 THE RUSSIAN FEDERATION Tel 8 800 555 49 40 toll free In country Tel 7 812 320 49 49 Email main bioline ru Sweden Tel 0080052700527 toll free In country Tel 46 8 625 45 45 Email support se leicabiosystems com Switzerland Tel 0080052700527 toll free In country Tel 41 71 726 3434 Email support ch leicabiosystems com United Kingdom Tel 0080...

Page 10: ... multiple Aperio GT 450 scanners and runs the SAM Client Application Software SAM Client Application Software The Scanner Administration Manager SAM client application software enables IT implementation PIN configuration and service access of multiple scanners from a single desktop client location for IT professionals Aperio Viewing Station The viewing station includes monitor s and a workstation ...

Page 11: ... s including how to add user accounts to SAM and configure access PINs for each scanner Tasks that are only available to Leica Support personnel are beyond the scope of this manual For information on specific tasks use the following table Task See Learn how the GT 450 scanners and the Scanner Administration Manager SAM server fit into your network Aperio GT 450 Network Architecture on page 16 Lear...

Page 12: ...een provide instructions for basic scanning tasks such as loading and unloading racks For additional information on operating the Aperio GT 450 scanner refer to the following documents Aperio GT 450 Quick Reference Guide Get started with the Aperio GT 450 Aperio GT 450 User s Guide Learn more about the Aperio GT 450 Aperio GT 450 Specifications Detailed specifications on the Aperio GT 450 Aperio G...

Page 13: ...plication Software Aperio Viewing Station Aperio GT 450s Log Into SAM After the Aperio GT 450 system is installed and configured the next step is to use the Scanner Administration Manager SAM to manage the Aperio GT 450 scanners and users 1 Open an Internet browser and enter the address of the SAM server The Leica installation representative provides this address to the IT representative at the fa...

Page 14: ...the scanner list is shown below Note that users with the Operator role will not see the Configuration icons The four general areas of the page are described below Scanner List This list displays each scanner in the system including the custom or friendly name and the scanner model Lab Admin users can click a scanner name in this area to display the Edit Scanner options ...

Page 15: ...atus of each scanner User Login This displays the user name for the current SAM user Select your login name to display links for changing the password and logging out Commands Area The icons used to display System Information Event Log and Configuration pages are included in this area Note that the Configuration icons are only available to users with the Lab Admin role ...

Page 16: ...n Logging and messaging services for events and errors DICOM server to convert the DICOM image files to SVS and transfer them to the image storage system General Information The following guidelines apply The network share where images are stored DSR can exist on the same server as the Aperio eSlide Manager or it may reside elsewhere on the local network Messaging includes an instance of Mirth Con...

Page 17: ...server SAM also manages scanner configuration settings and manages messaging using Mirth connections Digital Slide Repository DSR Server This server also known as an Image Storage System server contains the whole slide images from the scanner and the infrastructure to manage them The repository may be a network share available through a server on your network or may reside on an optional Aperio eS...

Page 18: ...components may be installed on the same physical server depending on your specific laboratory configuration The following diagram shows a standard secure configuration for the Aperio GT 450 system connected to a SAM server and a DSR server that is running Aperio eSlide Manager Other configurations may apply to your specific network and use case This diagram is intended to be used to help you visua...

Page 19: ...Image Metadata Port 44386 Aperio GT 450 Scanner Event Data Ports 6662 6663 SAM DataServer Mirth DICOM Converter SQL Server Database SAM Server File System Log Data Events Events Config Data Secured Port 443 SAM Web Page Image Metadata Port 44386 Image Data UDP 137 138 TCP 139 445 Aperio eSlide Manager DataServer Image Server File System DSR Server SAM Server Time Synchronization Port 123 ...

Page 20: ... between SAM and Multiple Scanners is maintained using network time protocol UDP 123 Image Metadata The Scanner sends Image Metadata to the SAM DataServer The data is sent using TLS encryption Communication between the scanner and the SAM DataServer is configured on the scanner 44386 The SAM DataServer sends image metadata to the Aperio eSlide Manager DataServer located on the DSR The data is sent...

Page 21: ...nfiguration settings but cannot change them Some of the configuration settings define how the scanner communicates with SAM such as the Mac Address and Hostname The Serial Number uniquely identifies the scanner Calibration settings define how the scanner operates These settings can only be changed by Leica Support personnel and are displayed in shaded fields There are three sets of scanner configu...

Page 22: ...ner until the edit symbol appears then click the scanner name 3 Customize the available settings as needed Enter a Name to identify the scanner for your facility The name is shown on the main page Select a new language for the scanner control panel messages if you wish Refer to Appendix B Summary of Scanner Setting and Configuration Options on page 42 for additional information on each option 4 Cl...

Page 23: ... icon in the banner is selected and the page shows the list of scanners Click the Scanners icon to display the list if necessary 2 Click the System Information icon to the right of the scanner you want to review 3 Click Info in the side menu Use the System Information Info page to review the scanner settings You cannot make changes on this page The Firmware and Hardware versions are automatically ...

Page 24: ...hen the scanner is installed However you may be asked to check the settings during a troubleshooting procedure If a change must be made you will be given specific instructions by a Leica Biosystems technical representative Never make changes to these settings except when directed to do so by a Leica Biosystems technical representative To use the System Information Settings page to view or edit set...

Page 25: ...shooting procedure You may also need to change settings if there are changes to your network that impact one or more of the communication settings Only a user who is assigned the Lab Admin role can make configuration changes There are five Configuration pages one each for Images DICOM Converter DSR Event handling PIN Management and time zone settings The Images settings control communication with ...

Page 26: ...canner To use the Configuration pages to view or edit settings 1 Confirm that the Scanners icon in the banner is selected and the page shows the list of scanners 2 Click the Configuration icon to the right of the scanner you want to configure The Images configuration page displays 3 Enter the configuration settings for DICOM DSR and Event Handling Click Images DSR Event Handling or Time Zone in th...

Page 27: ...ttings for The location where the scanned images are sent including server name and file location The Title and Scan Scale Factor fields are for internal use You should not change these unless directed to do so by Leica Biosystems Technical Support The image file name format see below Barcode management see below The Lab Admin can click the Edit button to modify the settings on this page ...

Page 28: ...entify which barcode will be associated with the scanned image and displayed in the eSlide management system To do this enter a search string in regular expression format in the Barcode Value Identifier field A regular expression regex or regexp is a sequence of characters that define a search pattern For example d 6 specifies that a barcode with six digits in a row will be used If you are not fam...

Page 29: ...ve at least one PIN for each scanner and PINs are specific to a scanner You can assign either the same or different PINs to each scanner in the system depending on what is best for the workflow at your facility A PIN does not limit the features that an operator can access on the scanner When configuring the Login Timeout choose a time that is convenient for operators without being so long that it ...

Page 30: ...ive digits PINs can only contain digits and may not contain alphabetical or special characters From the Login Name drop down list select a user This list only shows users who do not have a PIN For information on adding users see Chapter 5 User Management on page 33 Optionally add a Description to identify the user who will be using this PIN Click Save to return to the list of PINs ...

Page 31: ...display the Edit Scanner dialog box or Click System Information for the scanner and then click Info from the side menu Scanner Firmware Version Click System Information for the scanner and then click Info from the side menu Scanner Hardware Version Scanner Installation Date DICOM Server Settings Click Configuration for the scanner and then click Images from the side menu DSR Server Settings Click ...

Page 32: ... selected and the page shows the list of scanners 2 Click the Event Logs icon to the right of the scanner The screen displays all of the errors and events since the screen was last cleared From this screen you can do the following Click the Download All Logs button to save a zip file in the SAM server Downloads folder that contains a set of diagnostic logs User login events are contained in these ...

Page 33: ...you want to assign a PIN to a user to access a scanner you must first add the user on SAM Understanding Roles There are three user roles Operator Role Lab Admin Role Leica Support Role Role Description Operator Role This is a general purpose role appropriate for most users Users with the Operator role can view most of the system settings and do the following y View the status of each scanner y Vie...

Page 34: ... of Leica Admin cannot be deleted from the system It is used by Leica Support Representatives for troubleshooting maintenance and repair functions and also provides the ability to add and delete scanners from the system Adding Editing and Deleting Users Only those users with the Lab Admin role can view or modify the list of users or modify existing user accounts Add a User 1 Select Users from the ...

Page 35: ...ccount 4 Click Save Delete a User 1 Select Users from the top ribbon on the main page 2 Click Delete next to the name of the user you want to remove 3 Confirm that you want to delete the user or click Cancel Unlock a User Account After three unsuccessful attempts to log into the SAM server SAM locks that user out A user with the Lab Admin role can unlock operator accounts A LeicaAdmin user can unl...

Page 36: ...n change his or her password 1 Select the user name shown in the upper right hand area of the main page 2 Click the Change Password link 3 Enter a new password Password requirements are At least 8 characters At least one uppercase letter and one lowercase letter At least one number At least one special character or _ Different from the previous 5 passwords 4 Confirm the password and then click OK ...

Page 37: ...ems such as SSL certificate credentials SAM server disk encryption key and so on The customer assumes ownership of these items and it is the customer s responsibility to safeguard this information Aperio GT 450 and SAM Cybersecurity Features Cybersecurity features included in the Aperio GT 450 product protect critical functionality despite cybersecurity compromise These include To reduce cybersecu...

Page 38: ... to protect it Be aware that workstations are susceptible to malware viruses data corruption and privacy breaches from physical media such as CDs DVDs or USB drives To reduce the risk of data corruption or unauthorized setting changes only use physical media that are known to be free from viruses or malware To protect workstations from malware intrusion use caution when inserting USB drives and ot...

Page 39: ... from on access scanning as these files can be very large and are accessed continually as they are being scanned and users are viewing the digital slides Virus scans should be configured to run during non peak hours as they are very CPU intensive and can interfere with scanning In rare circumstances third party applications such as virus or security software may prevent Aperio software from connec...

Page 40: ...e Administrator After update new features are not available in the SAM User Interface Application is cached in the browser Exit SAM and then clear the browser cache Scanner is on and connected to SAM retrieves its settings but SAM shows the scanner as offline and no statistical data is being reported number of scans etc Mirth on the SAM server is not running See Verify Mirth is Running on page 41 ...

Page 41: ...ram Files x86 Aperio DataServer Logs Verify Mirth is Running On the server ensure the Mirth Connect server is running If it is running ensure the Configuration Map Settings are configured to point to the correct DataServer Host SAM_Host and Port SAM_Port and are using the correct SSL or non SSL connection SAM_UriSchema If the Dashboard in Mirth Connect is reporting errors on ScannerEventProcessor ...

Page 42: ...m Information page Any setting displayed in a gray box cannot be changed by a Lab Administrator or Operator Setting Description View Edit Admin Operator Mac Address Specified during installation View None Hostname Specified during installation View None Name Description for the scanner displayed on the Scanners home page View Edit None Model Aperio GT 450 View None Serial Number Specified during i...

Page 43: ... network where converted SVS files are stored View Edit None DSR Configuration Hostname Hostname of the server where the metadata will be stored The File Location option above is the file share where the images are stored View Edit None Port The secured port used for the DSR The default is 44386 View Edit None Event Handling Configuration Hostname Name of the server where the Mirth Connect Server ...

Page 44: ...Option Description View Edit Admin Operator Edit Settings PIN A 5 digit code to unlock the scanner Numbers only View Edit None Edit Settings Description Identifying information for the PIN This is a general description field and can contain numbers letters and punctuation characters View Edit None Time Zone Scanner time zone Set by SAM administrator View Edit None ...

Page 45: ...e safeguards 38 DSR protecting 39 IT standards 38 physical safeguards 38 whitelisting 38 D data communication pathways 18 diagram 19 deployment 12 DICOM 20 Digital Slide Repository DSR server 17 documents 12 DSR 17 25 settings 26 31 43 E event handling settings 26 31 43 event logs 25 32 events 25 F file name format 28 H hostname basic scanner setting 42 DICOM converter 43 Mirth Connect server 43 s...

Page 46: ...nts 12 roles 33 S SAM 10 features 10 home screen 14 logging in 13 network configuration 17 troubleshooting 40 user management 33 scanner configuration 15 25 event logs 32 information 15 23 list 14 settings 22 25 statistics 32 statistics printing 32 status 15 time zone 26 SSL 17 statistics display 32 system components 12 system information 31 Info page 23 Settings page 24 T timeout 29 time zone 26 ...

Page 47: ...Aperio GT 450 IT Manager and Lab Administrator Guide Revision E Leica Biosystems Imaging Inc 2022 47 Index ...

Page 48: ...LeicaBiosystems com Aperio ...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands