GE Healthcare
Patient Monitor Network Configuration Guide May 2018
Network Configuration Guide
70 Pages
Preview
Page 1
Patient Monitoring Network Configuration Guide
Patient Monitoring Network English 2026339-007 (cd) 2026338-008E (paper) © 2012, 2013, 2014, 2015, and 2018 General Electric Company. All rights reserved.
The information in this manual applies to the software version and product models on the first page of the manual. Due to continuing innovation, specifications in this manual are subject to change without notice. For technical documentation purposes, the abbreviation GE is used for the legal entity name, GE Medical Systems Information Technologies, Inc., and GE Healthcare Finland Oy. GE, GE Monogram, APEX, APEXPRO, and CARESCAPE are trademarks of General Electric Company. 12RL, Aware, CIC Pro, DASH, DINAMAP, MARS, MUSE, SOLAR, TRAM, and UNITY NETWORK are trademarks of GE Medical Systems Information Technologies, Inc. Mobile Viewer is a trademark of GE Healthcare Finland Oy. Java Powered. Java and all Java based trademarks and logos are trademarks or registered trademarks of Oracle America, Inc. in the U.S. and other countries. All third party trademarks are the property of their respective owners.
2
Patient Monitoring Network
2000716-013E 2018-05-23
Contents 1
Introduction... 7 Overview... 7 Manual intended audience... 7 Intended use... 7 Ordering manuals ... 7 Revision history ... 7 Related documents ... 8 Responsibility... 8 Customer/network installer responsibility ... 8 Manufacturer responsibility... 8 Safety information ... 9 Safety statements ... 9 Dangers ... 9 Warnings ... 9 Cautions... 10 Notes... 10 Equipment symbols... 11
2
Patient Monitoring Network...13 Purpose... 13 Overview... 13 Patient Monitoring Network description... 13 VLAN... 14 Challenges for Patient Monitoring Network as an enterprise VLAN ... 15 Single MC VLAN ... 15 Performance, reliability and security ... 16 Requirements ... 17 Patient Monitoring Network client requirements ... 17 Patient Monitoring Network recommendations... 22 Equipment and topology ... 23 Installation ... 31 Maintenance... 32
2000716-013E
Patient Monitoring Network
3
Additional recommendations for enterprise VLAN ... 33 3
Checkout ...37 Checkout introduction ... 37 Design phase checkout ... 37 Network infrasturcture design requirements ... 37 Network infrastructure design recommendations... 38 MC/IX Network application requirements checkout ... 39 MC/IX Network application recommendations ... 40 Documentation recommendations checkout ... 41 Installation phase checkout ... 41 Installation recommendations ... 42 Installation commissioning checkout ... 43 Installed network infrastructure checkout ... 43 Data link (Layer 2) commissioning checkout ... 43 IP connectivity requirements... 44 MC/IX application commissioning... 46 MC application commissioning checkout description ... 46 MC application commissioning checkout procedures... 46 IX application commissioning checkout description ... 46 IX application commissioning checkout procedure... 46 Routed connectivity checkout description ... 47 Routed connectivity checkout procedure... 47 Performance and reliability requirements... 47 MC performance and reliability requirements checkout description ... 47 MC performance and reliability requirements checkout procedure ... 47 High priority VLANs ... 48 High priority VLANs checkout description ... 48 High priority VLANs checkout procedure... 48 Network management recommendations... 48 NTP checkout... 48 SNMP checkout ... 49 Protection checkout ... 49
4
Patient Monitoring Network
2000716-013E
Process checkout ... 49 Commissioning checkout ... 49 Resource utilization recommendation and baselining checkout... 49 Distribution switch resources checkout... 49 Access switch resources checkout ... 49 Customer responsibility checkout... 50 A
Definitions ...51 Acronym definitions ... 51 Term definitions... 52
B
Checkout form...55 Patient Monitoring Network checkout form ... 55 General information... 55 Design phase test results... 55 Installation phase test results... 58 Installed network infrastructure test results ... 59 MC/IX application test results... 60 Performance and reliability test results ... 60 Network management checkout results ... 60 Resource utilization test results... 61 Customer responsibility test results ... 61
C
Shared equipment and link data sheet example ...63 Shared equipment and link data sheet example ... 63 Closet ... 63 Access switch ... 63 Distribution switch ... 65 Switch configurations (copy output from the switches) ... 66 Hospital network topology diagram (big picture)... 66 Hospital network topology diagram showing Patient Monitoring Network data path ... 67
2000716-013E
Patient Monitoring Network
5
6
Patient Monitoring Network
2000716-013E
1
Introduction Overview Manual intended audience ●
Primary: Hospital IT departments and network administrators/designers.
●
Secondary: Biomedical engineers
●
Reference: Field service engineers
Intended use This network configuration guide is intended for hospital IT departments and network administrators/designers and GE network design consultants. Its purpose is to aid the hospital or hospital assigned entity in the designing, configuring and testing of a Patient Monitoring Network implemented as VLAN to the hospital enterprise network or implemented as its own network separate from the hospital enterprise network.
Ordering manuals A paper copy of this manual will be provided upon request. Contact your local GE representative and request the part number on the first page of the manual.
Revision history The part number and revision letter for this manual are at the bottom of each page. The revision letter changes whenever the manual is revised. The first letter shown in this revision history table is the first customer-released version of this document.
2000716-013E
Revision
Description
A
Initial release of this manual.
B
Updated to remove checkout and checkout form.
C
Updated recommendation and equipment.
Patient Monitoring Network
7
Introduction
Revision
Description
D
Updated the following sections: ● Cautions ● Symbols ● Design Control ● Performance ● Acronym definitions ● back cover
E
Updated the following sections: ● Warnings ● IP Addressing ● Speed and Duplex ● Renamed ATS to CTS ● Checkout form
Related documents ●
Patient Monitoring Network Approved Equipment List
●
CARESCAPE Network Router Supported Service Supplement
Responsibility Customer/network installer responsibility ●
Management of the network traffic, bandwidth, security and performance to support the patient monitor(s).
●
Management of network that ensures bandwidth and performance required for patient monitoring is met.
●
Maintenance and troubleshooting of the network.
●
Process management to coordinate planned network maintenance and outages and provision for unplanned outages.
●
Design and configure network connectivity for the patient monitoring network addressing network related issues.
●
In additional to the above responsibilities, GE recommends following the responsibilities outlined in IEC 80001-1:2010 Application of risk management for IT Networks incorporating medical devices.
Manufacturer responsibility
8
●
Provide installation and troubleshooting of the patient monitoring equipment under warranty or extended service contract.
●
Provide guidelines in designing and integrating the patient monitoring VLAN on a hospital enterprise network, or designing a segregated patient monitoring network, addressing issues related to patient monitoring products.
Patient Monitoring Network
2000716-013E
Introduction
●
Provide consultation services during initial configuration and verification per contract agreement.
●
Perform on-site checkout to check network is suitable for patient monitoring traffic, per contract agreement.
Safety information Safety statements The safety statements presented in this chapter refer to the system in general and, in most cases, apply to all aspects of the network. There are additional safety statements in other chapters which are specific to that chapter content. The terms danger, warning, and caution are used throughout this manual to point out hazards and to designate a degree or level of seriousness. The order in which safety statements are presented in no way implies the order of importance.
Dangers Danger statements identify an imminent hazard which, if not avoided, will result in death or serious injury. No danger statements apply to this system.
Warnings Warning statements identify a potential hazard or unsafe practice which, if not avoided, could result in death or serious injury. The following warning statements apply to this system.
2000716-013E
WARNING
LOSS OF MONITORING - The network design should provide resources for the Patient Monitoring Network clients; bandwidth, equipment CPU and memory should be available, not only during normal network activity, but also during periods of traffic bursts, compromised states of network and presence of unplanned traffic.
WARNING
LOSS OF MONITORING - The Patient Monitoring Network should extend only to hospital areas that require Patient Monitoring Network traffic. The Patient Monitoring Network VLAN should be defined only on network switches that host monitoring devices or are providing connectivity to monitoring devices.
WARNING
LOSS OF MONITORING - Do NOT allow non-patient monitoring data into the Patient Monitoring Network except for limited, specific traffic that is required for the operation of the monitoring devices and the maintenance of network equipment.
WARNING
ELECTRIC SHOCK - To avoid electric shock, the network equipment and its accessories must not be placed within the patient environment, which is a volume related to an object (bed, chair, table, treadmill, etc.) where a patient is intended to be diagnosed, monitored, or treated.
Patient Monitoring Network
9
Introduction
WARNING
LOSS OF MONITORING - Labeling prevents mishandling and misuse of equipment. The following labeling is required for the applicable equipment: ●
Network equipment should have a warning label to indicate it is used for patient monitoring.
●
Power cords for networking equipment should have warning labels indicating use for patient monitoring.
●
Network cables attached to the network equipment should have warning labels at both ends of the cable indicating use for patient monitoring.
●
Wall jacks used to connect patient monitoring devices should be clearly labeled to identify the Mission Critical (MC) and Information Exchange (IX) networks.
●
Contact your local sales or service representative to order additional label kits.
WARNING
LOSS OF MONITORING - Equipment used for network infrastructure should be verified by GE, the hospital or a hospital-appointed entity. GE has a list of equipment verified for functionality and performance.
WARNING
LOSS OF MONITORING - The network should implement a Quality of Service (QoS) policy that provides a prioritization scheme which allows the Patient Monitoring Network to consistently meet latency and packet loss requirements, and provides necessary bandwidth in case of network congestion. Bandwidth calculations are described in this document.
WARNING
LOSS OF MONITORING - All VLANs on the network should prevent intended or unintended communication loops by the use of a Spanning Tree protocol or other equally effective technology.
WARNING
LOSS OF MONITORING - Two access interfaces on switches in the same or different VLAN should not be cross-connected. This may lead to flooding of traffic from one network to another which may force the monitoring devices to reboot.
Cautions Caution statements identify a potential hazard or unsafe practice which, if not avoided, could result in minor personal injury or product/property damage. The following caution statements apply to this system. CAUTION
NETWORK INSTALLATION REQUIREMENTS- Failure to comply with the installation requirements as defined in this document can impact the performance and reliability of the network.
CAUTION
RESTRICTED SALE - U.S. Federal law restricts this device to sale by or on the order of a physician.
Notes Note statements provide application tips or other useful information.
10
Patient Monitoring Network
2000716-013E
Introduction
NOTE
The Unity Network has been renamed to the CARESCAPE Network. Not all references to the Unity Network will be changed immediately; Unity may appear in some places and CARESCAPE in others. It is important to understand that while the CARESCAPE Network replaces the Unity Network name, they refer to the same GE monitoring network.
Equipment symbols Manufacturer name and address.
European authorized representative.
2000716-013E
Patient Monitoring Network
11
Introduction
12
Patient Monitoring Network
2000716-013E
Patient Monitoring Network
2
Purpose The Patient Monitoring Network is a service offering that provides consultation and commissioning to help the customer meet the connectivity requirements of GE patient monitoring devices on the enterprise network. This service offering also helps the customer address the GE recommendations to achieve the network reliability, security and performance required for mission critical real-time data. The Patient Monitoring Network addresses the customer need to share hospital network resources with the GE patient monitoring devices. These resources include access switches, distribution switches, routers, copper cabling and fiber optic links for hospital-wide connectivity as well as network services and security servers for unified network management. The Patient Monitoring Network also addresses the need for customers to design their own patient monitoring network segregated from the enterprise network. The CARESCAPE Network as an enterprise VLAN has been renamed to the Patient Monitoring Network as an enterprise VLAN.
Overview Patient Monitoring Network description The Patient Monitoring Network designed by the customer to host GE monitoring devices should deliver the same performance and function as the CARESCAPE Network (a segregated network infrastructure designed and commissioned by GE to host GE patient monitoring devices). The CARESCAPE Network has its dedicated equipment separate from the hospital network infrastructure. The monitoring devices, that include bedside monitors, central stations, gateways and servers, are referred to as client devices to differentiate them from network equipment. The Unity Network has been renamed to the CARESCAPE Network. Not all references to the Unity Network will be changed immediately. Unity may appear in some places and CARESCAPE in others. It is important to understand that while the CARESCAPE Network replaces the Unity Network name, they refer to the same GE monitoring network. There are three types of data coming from GE monitoring devices: ●
2000716-013E
MC: Mission Critical, consists of real-time clinical traffic that includes: ■
Service discovery (RWhat)
■
Alarm broadcast
Patient Monitoring Network
13
Patient Monitoring Network
●
●
■
Alarm configuration
■
Waveform request/update
■
Parameter request/update
■
Time request/response/update
■
Admit/discharge
■
Trends
■
Graphs
IX: Information Exchange, consists of non-real-time clinical traffic that includes: ■
Full disclosure
■
Print data
■
Citrix data
■
HL7 outbound data
■
Patient data, including waveform and numeric data via the CARESCAPE Gateway High Speed Data Interface (HSDI)
■
Non-clinical data (such as InSite)
■
ADT inbound
RX: Real-time unprocessed telemetry data, that includes communication between Access Points (APs) and the ApexPro hosts that process data and determine alarm condition. The RX network is not allowed to share its network equipment with the hospital network.
Traditionally, monitoring devices that communicated to both the MC and IX networks required two network connections. Devices that only interface to the MC network, but have the ability to communicate to the IX network and hospital network are referred to as Inter-VLAN devices. Routing among the Patient Monitoring Network VLANs enable a network client to use a single interface to reach devices in other networks. The single interface has to be connected to MC so monitoring devices can listen to MC Network broadcasts that are not routed. The network may have controlled connectivity to the hospital network using the router function of the core/distribution layer equipment or using an existing IX router. The CARESCAPE Network MC network, IX network and RX network provide the connectivity for the exchange of MC data, IX data and RX data generated by MC clients, IX clients and RX clients, respectively. The Patient Monitoring Network provides connectivity for the exchange of MC and IX data as discussed in VLAN (14).
VLAN A VLAN is a logical network of client devices that runs on a physical network infrastructure of switches that could potentially be shared with other VLANs. VLANs in the same physical network behave as separate networks. Client devices in different VLANs cannot send unicast or broadcast to each other without using routers. The network that provides connectivity to MC client devices and the network that provides connectivity to IX client devices can be implemented as VLANs in the hospital network, together with hospital VLANs that carry data, voice or video traffic. Or they could be implemented as VLANs in their own network that is not shared with hospital VLANs that do not carry patient monitoring data.
14
Patient Monitoring Network
2000716-013E
Patient Monitoring Network
The network that provides connectivity to RX devices cannot share the hospital enterprise network infrastructure. The Patient Monitoring Network hosting MC client devices will be referred to as the MC network and the VLAN implementation of the MC network will be referred to as the MC VLAN throughout this document. The network hosting IX devices will be referred to as the IX network and the VLAN implementation of the IX network will be referred to as the IX VLAN throughout this document.
Challenges for Patient Monitoring Network as an enterprise VLAN Single MC VLAN When a hospital requires that all MC network devices communicate to each other, then all MC client devices must be in the same VLAN. This is a problem in an existing hospital enterprise network infrastructure where different clinical units with MC network client devices are connected by routers. VLANs are implemented mainly in network switches. Therefore, they are defined within interconnected switches and do not cross router boundaries. There could possibly be more than one MC and IX VLAN in a hospital enterprise network. The following figure shows VLAN boundaries in a hospital enterprise network. It also illustrates how there could be multiple MC VLANs: MC-1 and MC-2. Client devices in MC-1 VLAN are not able to communicate to client devices in MC-2 VLAN and vice versa.
2000716-013E
Patient Monitoring Network
15
Patient Monitoring Network
Performance, reliability and security The Patient Monitoring Network that exists as a VLAN on a hospital enterprise network infrastructure has to deliver the same reliability, security and performance as a CARESCAPE Network with a dedicated infrastructure. A CARESCAPE Network with a dedicated infrastructure is designed using proven topologies and qualified equipment and configurations. It is installed and verified to meet the networking needs of a known number of edge devices with known data payload and is mostly left unchanged after installation. Planned changes to the network are coordinated with all parties involved. In contrast, a Patient Monitoring Network as a VLAN on a hospital enterprise network is subject to the following challenges:
16
●
It competes with hospital enterprise network traffic for network resources, including bandwidth, network device CPU and memory.
●
It is affected by changes in the hospital enterprise network. The addition of switches and routers could increase scheduled downtime, affect traffic load and trigger spanning tree convergence.
Patient Monitoring Network
2000716-013E
Patient Monitoring Network
●
It is exposed to greater security risk because the hospital enterprise network has more users, including guests, and is connected to the Internet, as well as other intranets. This increases possibility of virus attack, denial of service attack, unauthorized access and intrusion that could drain network resources.
These challenges are overcome through network planning, design and maintenance that involves: ●
Selection of high-quality network devices that have passed verification of functional, performance and system requirements of the Patient Monitoring Network. The hospital may select network devices that have been qualified by GE or they may choose to check alternate devices, or appoint another entity to manage the verification. The hospital may use its own resources or a third party to check equipment.
●
Design for Patient Monitoring Network using bandwidth and data-flow planning to avoid congestion.
●
Use of an overall Quality of Service (QoS) policy that ensures Mission Critical (MC) traffic maintains the required level of service in the presence of unplanned traffic of a compromised state of the network.
●
Instituting management, maintenance and security policies that minimize Patient Monitoring Network downtime.
A number of recommendations for successful integration of the Patient Monitoring Network on a hospital enterprise network are simple, good networking practices. This document discusses the requirements, recommendations and verification of the Patient Monitoring Network. It also discusses recommendations that only apply to an enterprise VLAN implementation.
Requirements If a product is not listed in this section, consult the product manual for more information on settings. The Patient Monitoring Network (as an enterprise VLAN or as a segregated network) must meet the requirements of GE monitoring products that are clients on the network. Basic requirements of the MC Network clients and the IX Network clients most affected by sharing network infrastructure are: ●
Performance: Latency less than or equal to 250 ms.
●
Reliability: Packet loss less than or equal to 5 per million packets
Factors affecting performance and reliability are discussed in Recommendations (22) .
Patient Monitoring Network client requirements Connectivity requirements The MC network client devices require IP v4 connectivity over Ethernet to send broadcast and unicast messages to each other. The IX network client devices require IP v4 connectivity over Ethernet to send unicast messages to each other. GE monitoring devices, including central stations, servers and gateways require connectivity to the hospital network to perform specific services. For a list of GE
2000716-013E
Patient Monitoring Network
17
Patient Monitoring Network
monitoring device services needing router connectivity to the hospital network, refer to the appropriate documentation (e.g., CARESCAPE Network Router Supported Service Supplement or the appropriate product documentation). The RX network is not allowed to share its network equipment with the hospital network. Also, the RX network is not connected to the hospital network.
Performance requirements The MC application requires MC packet latency of less than 250 ms. Packet latency from the ApexPro Telemetry Server (ATS)/CARESCAPE Telemetry Server (CTS) or bedside to the CIC Pro Clinical Information Center (CIC Pro center)/CARESCAPE central station must be less than or equal to 250 ms in order for the system to meet AAMI EC13 - 2002 Sections 4.2.8.4, 4.2.8.5, 4.2.8.6 Time to Alarm.
Reliability The MC application requires MC packet loss of less than or equal to 5 packets per million. Packet loss referred to in the requirements is measured in one direction between two specific endpoints. It is not the aggregate packet loss of the network as a whole. Packet loss count is measured on a fully operational, properly configured network; it does not include packets that did not reach the destination because of downtime on the network.
IP addressing configuration requirements The MC network requires to have its own network address that is different from the IX network. This prevents confusion on devices(which have a dedicated MC and an IX interfaces) regarding which interface to use. Some older devices do not support classless subnets. If minimum of one device which operates on classful address is present in the network, then classful IP addressing should be used. The IX network may use subnets depending on whether all the IX clients support classless subnets. Solar 9500 has a dedicated MC & an IX interface, and it does not support classless subnets. The following products do not recognize subnet masks or do not support classless subnetting on both MC and IX: ● DASH ● Solar ● Unity ID ● ATS or CTS ● CIC Addition to above mentioned reference list of devices, it is recommended to refer the documentations shipped with the respective device to confirm if the device supports classful or classless IP addressing. In addition, it is required that all MC client devices that need to communicate with each other are placed in one broadcast domain (single MC VLAN). This is because IP broadcasting is used by MC client devices to discover services, announce alarms and synchronize time. Customers use their own IP addressing scheme. Devices are shipped with 126 or 172 MC IP addresses. However, it is recommended that public IP addresses, such as 126, should not be used without proper authorization, and that all addresses should be verified to be unique before installation.
18
Patient Monitoring Network
2000716-013E
Patient Monitoring Network
All addresses should be verified to be unique before installation. NOTE
The following IP addresses are used internally by the CARESCAPE Monitors B850, B650, B450 monitors. These IP Subnets or IP Supernets to which overlap with the below listed IP address below are restricted from being used on the network: ● 192.168.249.0/24 ● 192.168.250.0/24 ● 192.168.251.0/24 ● 192.168.252.0/24 ● 192.168.253.0/24 ● 192.168.254.0/24
Limit on number of CARESCAPE Network client devices There must be no more than 48 access ports assigned to MC devices in a single network device. This is to reduce the clinical impact of the loss of a network device. The number of client devices on the MC Network is measured in terms of RWhats, which is the service discovery packet broadcasted by the devices. Use the following table for device count calculations. Product
Number of devices (RWHAT entries) it represents
Bedside patient monitors, central stations, and servers
one
Telemetry servers (ATS/CTS and CDT LANs)
up to 17 (one for the server and one for each patient)
Unity Network ID
one if used stand-alone one if used with a Dash™ 3000/4000/5000 Patient Monitor (regardless if it is associated with the DASH via a serial cable) zero if used with a Solar™ 8000 M/i Patient Monitor
The maximum size of the MC Network is typically 1023 RWhats, but may be larger or smaller as determined by the most limiting device. Refer to the documentation provided with the device that will be connected to the network for more information. Some older devices have more limitations on network size, as shown in the following table.
1.
Device
Configuration1
Number of patient views supported
Number of RWhats supported
CDT LAN
Wired
10 per patient, but no more than 50 per tower total
1023
Eagle
Wired
10
800
Wireless
5
500
The wireless information is provided for comparison purposes only.
2000716-013E
Patient Monitoring Network
19
Patient Monitoring Network
Speed/duplex access port configuration Speed and duplex settings are defaulted to auto-negotiate in the standard switch configuration. This setting is correct for a majority of CARESCAPE Network client devices. Client device configuration
Switch configuration
Negotiated speed/duplex
AUTO Negotiate (10/100)
AUTO Negotiate
100 Mbps/Full Duplex
10 Mbps/Half Duplex
AUTO Negotiate
10 Mbps/Half Duplex
100 Mbps/Full Duplex
AUTO Negotiate
100 Mbps/Half Duplex (mismatch)
100 Mbps/Half Duplex
AUTO Negotiate
100 Mbps/Half Duplex
The qualified switches are able to negotiate correctly with client devices configured to auto negotiate. Qualified switches are also able to default to correct settings with client devices fixed at 10 Mbps/Half duplex. However, the switch is unable to negotiate or default to correct duplex setting with client devices fixed at 100 Mbps/Full Duplex. Refer to the following table for speed/duplex settings on CARESCAPE Network client devices. If a product is not listed in the table, consult the product manual for speed/duplex settings. Device
Port name
Default speed/duplex setting on the device NIC
Maximum speed Recommended and duplex switch port supported by setting the client device
Central station platforms Bedrock Nightshade BCM
MC
Auto-negotiate
100 Mbps/Full
Auto-negotiate
IX
Auto-negotiate
100 Mbps/Full
Auto-negotiate
MP100
MC
Auto-negotiate
100 Mbps/Full
Auto-negotiate
IX
Auto-negotiate
1000 Mbps/Full
Auto-negotiate
MC
Auto-negotiate
1000 Mbps/Full
Auto-negotiate
IX
Auto-negotiate
1000 Mbps/Full
Auto-negotiate
MP200
Telemetry Server platforms
20
Bedrock Nightshade BCM
RX
Auto-negotiate
100 Mbps/Full
Auto-negotiate
MC
Auto-negotiate
100 Mbps/Full
Auto-negotiate
IX
Auto-negotiate
100 Mbps/Full
Auto-negotiate
MP100
RX
Auto-negotiate
100 Mbps/Full
Auto-negotiate
MC
Auto-negotiate
100 Mbps/Full
Auto-negotiate
IX
Auto-negotiate
1000 Mbps/Full
Auto-negotiate
Patient Monitoring Network
2000716-013E