Welch Allyn PartnerConnect gives you the tools you need to proactively

Welch Allyn PartnerConnect gives you the tools you need to proactively
Welch Allyn PartnerConnect® gives you the tools you need to proactively
manage your devices and systems, improving efficiency and overall costs.
Welch Allyn PartnerConnect is an innovative feature of the Welch Allyn Partners in Care Services program that enables remote diagnostics and management of devices and systems. Software installations, updates, and upgrades can all be delivered and performed
remotely. PartnerConnect also enables pre-emptive service capabilities on the Welch Allyn platform, allowing our Partners in Care
Technical Support Center to remotely view your devices and system configurations via the Internet to provide:
• Device and system operational support • Enhanced troubleshooting • Software updates and enhanced options • Installation assistance
• License delivery Why Welch Allyn PartnerConnect?
PartnerConnect enables remote troubleshooting and diagnostics with minimal time and effort on your part. Automated devicerelated data transfers supply our support technicians with near real-time information, expediting problem resolution.
PartnerConnect:
• Helps you schedule required maintenance to ensure device availability with maximum up-time
• Helps optimize device deployment and reduces total cost of ownership
•Lets you install firmware and software upgrades/updates at your convenience to reduce patient care disruption
•Enhances troubleshooting and installation assistance from our Technical Support Center and
your IT/biomed department
• E nhances learning through troubleshooting and quick issue resolution
via screen-sharing capability
Requirements for Welch Allyn PartnerConnect
• PartnerConnect is compatible with PCs running Microsoft® Windows® Server 2003, 2008, 7, XP, or Vista®
• An existing Internet connection
• Your equipment to allow access to the Internet on port 443 (SSL), see Access Control List
For more information or questions, please contact:
Welch Allyn Technical Support at 1.800.535.6663
Welch Allyn Corporate Headquarters
4341 State Street Road, P.O. Box 220, Skaneateles Falls, NY 13153-0220 USA
(p) 800.535.6663 (f) 315.685.3361 www.welchallyn.com
© 2013 Welch Allyn MC10279
MC10279SS_CVSM_RMS_PartnerConnect_4PG.indd 2-3
8/7/13 4:11 PM
Device Data Flow
PartnerConnect Data Center
Welch Allyn Enterprise
FIREWALL
INTERNET
Two-Way Communication
(Firewall Friendly™)
CUSTOMER FIREWALL
Device Data Flow
Delivery of RemoteTechnical Support
Highly Secure
Included with PartnerConnect is our remote technical service capability. Welch Allyn
service technicians have the ability to remote into your systems to help perform
upgrades, troubleshoot an issue or check performance. These connections allow realtime diagnostics of non-patient device data to help Welch Allyn technical support:
Welch Allyn recognizes that security is one of your primary concerns. Welch Allyn
PartnerConnect protects against viruses and hackers and extends your current
network security model out into the cloud environment, ensuring that critical
certification and compliance requirements are met. The system offers intentional
granular attended, unattended or one-time control over user access, and can
offer easy-to-use audit and tracking capabilities. It is important to note that the
PartnerConnect Cloud solution is delivered via our ISO 27001 certified and
SSAE 16/SOC 2 audited on-demand datacenters.
Outbound Information
PartnerConnect is non-invasive and never enters your network. The PartnerConnect
Agent, installed locally, only sends device-relevant service data, never patient data,
out of your network—so you’ll never have to accept any outside connections for
PartnerConnect to operate—and addresses are never revealed outside the network.
PartnerConnect Agents are configured with FIPS mode enabled, which imposes
the stricter security standards that are often required in government settings.
The PartnerConnect Agent functionality along with our remote technical support
sessions capabilities (described below) create a full service support offering.
•Deliver the appropriate service level, while ensuring that all security measures are in place
• Access system event and error logs to define conditions
• Observe workflow to help isolate issues more quickly
Remote Technical Support Session
connection detail
Welch Allyn
Support Technician
Welch Allyn wants to connect
to Facility Remote Accessclient sends the connect
command to a Master Server.
1
2
Encryption and Authentication
CUSTOMER
Just like a browser accessing a website,
PartnerConnect remote access software
communicates with the PartnerConnect server
using your existing network connection—with
the Internet access and network security that’s
already in place, so there’s no impact to your
existing IT infrastructure.
PartnerConnect works with a complete encryption based on RSA public/private key
exchange and AES (256 Bit) session encoding. As the private key never leaves the
client computer, it is ensured by this procedure that interconnected computers—
including any routing servers—cannot decipher the data stream. Each PartnerConnect
client has already implemented the public key of the master cluster and can thus
encrypt messages for the master server and check the signature of the master,
respectively. The PKI (Public Key Infrastructure) effectively prevents “Man-in-themiddle-attacks.” Despite the encryption, the password is never sent directly but only
through a challenge-response procedure and is only saved on the local computer.
The connection IDs are automatically generated by the service itself based on
hardware characteristics. The Master servers check the validity of the ID before every
connection so that is not possible to generate and use fake IDs.
Welch Allyn receives back an IP from
one of approximately 500 worldwide
routers. A router in the area responds
back with an IP and a Session-ID.
The connection to the router is via
TCP on Port 5938/443 (or with HTTP).
Worldwide Router
Network
Facility will be notified by a
Welch Allyn TechSupport that a
Remote Access-client wants to
connect. This message contains
the IP-Address of the connection
router and the Session-ID. The
client connects to the router.
3
4
The router connects these two
clients with each other. He will
forward the data streams directly
to the clients. As this stream is
encrypted, the router is not able to
understand the data stream.
Creation of a Remote Support
Sesion and Types of Connections
Remote connections may be configured to allow automatic
approval, or only established upon your request and approval,
and will always be limited locally at your site. Multiple remote
connections can be opened to allow other Welch Allyn subject
matter experts to connect instantly along with Welch Allyn
technical support.
When creating a session, our remote service determines
the optimal type of connection. After the handshake, a direct
connection is typically established via either UDP or TCP is
(even behind standard gateways, NATs and firewalls).
The remote service will work if surfing on the Internet is
possible. Hence, no firewall configuration is required. As
an alternative to port 80 HTTP, port 443 HTTPs is also being
checked. In addition, it is also possible to open only port 5938
TCP on the outgoing side. Data traffic should then be able to
pass through on this port without any problems. In some cases
port 17001 may be used for remote access to your systems,
contingent upon the specific application being used for
connections.
Application/Service
Port #
Protocol
Connection
PartnerConnect Agent
80/443
TCP(HTTPS)
External
TeamViewer® Remote
Support Session
80/443
& 5938
TCP
External
Welch Allyn RSDS
Gateway
3011
& 3030
TCP
Local
5920
TCP/UDP
Local
443/17002,
80/17001
TCP
External
Welch Allyn Service
Monitor
283
TCP
Local
Welch Allyn Service
Tool
5094/5095
TCP
External
Axeda® Desktop Server
Facility
After the connection with the router, clients will check if a direct UDP connection is
possible. UDP hole punching will be used to overcome Router/Firewalls
Axeda® Remote
Desktop
• If this direct connection is not possible, (for example strong firewall policies) the
whole data stream will go over one of TeamViewer routers.
• If this direct connection is possible, the whole data stream will go over this
connection. The connection to the routers will remain opened in order to have a
fallback in case of failure of the direct connection, but again no data steams will
be forwarded.
MC10279SS_CVSM_RMS_PartnerConnect_4PG.indd 4-5
8/7/13 4:11 PM
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement