Page tree
Skip to end of metadata
Go to start of metadata

This document applies to OnePacs Gateway version 3.0+.

What is the OnePacs Gateway?

The OnePacs Gateway is software that receives DICOM images from an imaging device or archive, then compresses and securely transfers them to OnePacs.

Where does it run?

The OnePacs Gateway runs on a Windows-based computer on the local network of an imaging facility or hospital.  The computer may be a physical server or a virtual machine.  The OnePacs Gateway runs as a system service on the computer and does not require a user to be logged in.

Does it require a VPN?

No.  The OnePacs Gateway uses transport layer security (TLS) to securely communicate with the OnePacs Cloud over the internet.

Recommendations

It is recommended that the OnePacs Gateway server be used solely for the purpose of transmitting studies to OnePacs, and facilitating OnePacs EMR integration. Installing any unrelated software packages increases the risk of issues and may impact performance.

Requirements


Hardware, software and bandwidth requirements:
ComputerA physical server, PC, or virtual machine.
Operating SystemWindows 10, 11, or Windows Server 2016 through 2022 (64 bit)
ProcessorHigh-end multicore modern processor required
Memory16 GB or more recommended (required w/ HL7 interface), 8 GB minimum
Disk Space2+ TB recommended, minimum 1 TB required
Internet ConnectivitySufficient upload bandwidth required to handle the anticipated case transmission load. Generally, 20+ mbps upload bandwidth is recommended.  Less than 5 mbps upload bandwidth is not supported.
Software Environment

The computer should be used exclusively for the purpose of running the OnePacs Gateway software.

Network Requirements:

The OnePacs Gateway does not require a public IP address or any inbound ports to be opened in your organization's firewall.  A static private IP address on a secure local area network is required to provide a fixed target for your DICOM devices to communicate with.  Inbound DICOM traffic is received on the local network port 4104 (configurable), and the Gateway communicates with the OnePacs Cloud on a *.onepacs.com domain on port 443 using TLS. Please ensure your firewall allows this outgoing traffic.

Installation Requirements:
User AccountA local Administrator Windows user account is required to perform the installation.  It must be a local account - not a domain user.
AE Title

You must obtain a licensed AE title from OnePacs prior to installing the OnePacs Gateway as it will be required during the installation setup.

Host NameThe Windows computer name must not contain the underscore (_) character
Internet security permissionsEnsure internet security settings allow localhost applications - pgadmin opgateway
Whitelistings

Whitelist *.OnePacs.com, xonepacsdep-downloads.s3.amazonaws.com, and Amazon's us-east-01 IP range.

Additional Requirements For Interfaces:

Security

Encryption in-flight 

All information transmitted to the cloud platform is encrypted using using transport layer security (TLS) with a minimum of 128-bit Advanced Encryption Standard (AES) public key encryption utilizing a SHA-2 hash algorithm.

Physical Access Controls and Disk Encryption

The OnePacs license agreement requires physical access restrictions limiting physical access to the gateway computer to authorized personnel with a legitimate need to access the equipment and/or the use of whole hard disk encryption (e.g. BitLocker).

Anti-Virus

It is recommended that an anti-virus with a current subscription be in place on the Gateway PC. To ensure proper operation of the Gateway exclude the following directories from the anti-virus scans:

  1. C:\Program Files\OnePacs
  2. C:\Program Files\PostgreSQL
Segregation of Data

The OnePacs Gateway should not be configured to support storage of DICOM images from multiple unrelated organizations.

Secure Local Network

By default, the OnePacs Gateway is configured to receive DICOM images from a local PACS or local imaging modalities on a secure local area network (LAN).  It is not recommended to store images to the gateway on an untrusted network unless TLS is enabled on the DICOM listener.  All outbound DICOM image transmissions to the OnePacs Cloud uses mandatory TLS encryption by default.

  • No labels