OnePacs Forums

Hello guys.
We have a prospect we are trying to connect with.
They told us they have two options: DICOM (SCU-SCP) Versus DICOM-TLS (SCU-SCP)
As far as I understand DICOM-TLS y encripted channel and DICOM is clear channel.

They give us :
IP Number
Port Number
No certificate checking
TLS anonymous (-tla)
If needed they can give us the certificate file pem

Both (local gateway and prospect AE) are connected to internet via a NAT device.

My questions:
- Te only way to SEND DICOM info is via the local gateway. I understand it is only possible to pull info from the central OnePacs Node.
Then if I want to send a study to my prospect the only way is to generate a new AE asosiation on the gateway and send it to OnePacs Central and also to the prospect system.
- How do I have to configure it on the gateway? I checked the info on the AE menu but I don't know what info to configure.
- How do I configure to send every study to OnePacsCentral and anothe AE simultanously?
- How do I configure to send ONLY some studies (with InstitutionName=INSTITUTION) to the AEinstitution and to OnePacsCentral?

I think that's all for the moment.
Thank you for any suggestion

Hi Hilario -

It is possible to send to a destination via TLS as that is how the gateway forwards to the OnePacs server. If they allow a regular DICOM channel then that is simpler.
More information about how to configure a TLS configuration is available at.
http://www.dcm4che.org/confluence/displ ... encryption
As there would need to be two different TLS configurations and passwords it would require more steps than just listed above. They probably need to create the jks file you.

It is also possible to configure additional forwards. (And it is also possible to have those forwards based on rules like calling ae title, or parts of the DICOM header) You are also welcome to send the the study to the additional destination from the same source that you send to the gateway from or if you use the OnePacs workstation it also has the ability to send a study to an additional destination.

You may find the following documentation helpful.
http://wiki.onepacsforums.com/doku.php?id=gatewayrouter
http://www.dcm4che.org/jira/browse/DCMEE-320
http://forums.dcm4che.org/jiveforums/th ... sageID=858
http://www.dcm4che.org/confluence/displ ... rd+Service
http://www.dcm4che.org/confluence/displ ... d+Service2

Regards,
Jeremy

Hilario -

I guess it also depends on what your prospect wants to do with the study and if they are willing to install some OnePacs components. If they need a copy of the study sent to their SCP (server) for a particular reason then the last post may be used. If however, they need a copy of the study then you could also setup a OnePacs user account for them and use user facility permissions and/or user filter to control what they may see (By DICOM institution name or Facility for example)

http://wiki.onepacsforums.com/doku.php? ... []=folders (See section "Access tab")

Next they could use the study downloader and/or the workstation (if all they want to do is view the study) and receive a copy of the study as well with no forwarding required. The study downloader could then be setup to then store the study to their SCP (server) using the destinations tab as well if they do need it on their SCP.

http://wiki.onepacsforums.com/doku.php? ... downloader

Regards,
Jeremy

Thank you Jeremy.
I'll try to configure everything with the info you provide and we will see how things progress.
Regards
Hilario

OK I make some tests with all the info I was able to read without success.

My client tell me they use following command to test their system:

storescu-tls -v +tla -ic --propose-lossless X.X.X.X 444 *.MR

With this info, could you be more specific about how to configure the gateway to do these function with the images?

Regards

Hilario -

From the command given (though I am unfamiliar with what application your clients are attempting to use) they appear to be trying to store images to the gateway via TLS rather than have the gateway forward to their system. Is that correct?

Regards.

You are absolutly right.
This command they gave me (from dcmtk - http://dicom.offis.de/dcmtk.php.en)
does the storing manualy.
What we have to do is the same thing using the onepacs gateway.
Studies having a known facility have to be routed to this system with this kind of protocol/procedure.
Regards

Hilario -

Is the client opposed to installing the OnePacs study retriever on their local network that would in turn store a copy of the study to their local SCP without the need to TLS? A new user could be created for them that is restricted to a particular facility.

http://wiki.onepacsforums.com/doku.php? ... downloader

Regards

Hello Jeremy.
This was the first approach. But the company is "very strict" on what we can do on their system.
In fact they only gave us a document telling what I indicate you about TLS.
We don't want to discuss to much because they are till prospects and we don't want to appears as a company don't knowing how to fit in their policies (they have others providers and we are trying to become an alternative provider)

they only allow us :
DICOM SCU-SCP on port 443
DICOM SCU-TLS on port 444
They filter on the origin IP.

Perhaps we could try something if you think you can configure SCU-SCP or SCU-TLS to an IP address I will guive you then we will avoid to configure from gateway to gateway.
But after communication we should configure in order OnePacs Server PUSH the Stuides with a defined Facility to this system.
Is this a solution?

Hilario -

Using the study retriever is the easiest supported configuration to get your studies sent over a secure connection to a remote site.

Using the gateway to forward using TLS is not something that OnePacs supports. You can configure the gateway to forward to additional destinations using DICOM, but a VPN should be used. At a high level you would need to add their AE title information to the gateway and then configure that AE as a forward destination.

http://wiki.onepacsforums.com/doku.php?id=gatewayrouter

Hamachi provides a nice VPN that could be setup if allowed by the client.
https://secure.logmein.com/products/hamachi/


As a rather complicated option you could use the study retriever on a separate computer (then the gateway) on your own local network to filter studies based on a user (by facility) and add a destination to the study downloader to store to a separate archive SCP which allows forwards via TLS. Dcm4chee is one such archive that would allow such configuration.

http://www.dcm4che.org/confluence/displ ... he+Project
http://www.dcm4che.org/confluence/displ ... encryption

Additional questions about the configuration of Dcm4chee can be found using their forum
http://forums.dcm4che.org/jiveforums/index.jspa

Regards