2000716-013E Patient Monitoring Network Configuration Guide

Patient Monitoring Network
Configuration Guide

English
2026339-007 (cd)
2026338-008E (paper)
© 2012, 2013, 2014, 2015, and 2018
General Electric Company.
All rights reserved.
The information in this manual applies to the software version and product models on the first page of the manual. Due to continuing
innovation, specifications in this manual are subject to change without notice.
For technical documentation purposes, the abbreviation GE is used for the legal entity name, GE Medical Systems Information Technologies,
Inc., and GE Healthcare Finland Oy.
GE, GE Monogram, APEX, APEXPRO, and CARESCAPE are trademarks of General Electric Company.
12RL, Aware, CIC Pro, DASH, DINAMAP, MARS, MUSE, SOLAR, TRAM, and UNITY NETWORK are trademarks of GE Medical Systems Information
Technologies, Inc.
Mobile Viewer is a trademark of GE Healthcare Finland Oy.
Java Powered. Java and all Java based trademarks and logos are trademarks or registered trademarks of Oracle America, Inc. in the U.S.
and other countries.
All third party trademarks are the property of their respective owners.
2 Patient Monitoring Network 2000716-013E

2018-05-23
Contents
1 Introduction.................................................................................................. 7
Overview........................................................................................................ 7
Manual intended audience......................................................................... 7
Intended use................................................................................................ 7
Ordering manuals ....................................................................................... 7
Revision history ........................................................................................... 7
Related documents ..................................................................................... 8
Responsibility................................................................................................. 8
Customer/network installer responsibility ................................................. 8
Manufacturer responsibility........................................................................ 8
Safety information ........................................................................................ 9
Safety statements ....................................................................................... 9
Dangers ....................................................................................................... 9
Warnings ..................................................................................................... 9
Cautions....................................................................................................... 10
Notes............................................................................................................ 10
Equipment symbols..................................................................................... 11
2 Patient Monitoring Network.......................................................................13
Purpose.......................................................................................................... 13
Overview........................................................................................................ 13
Patient Monitoring Network description.................................................... 13
VLAN............................................................................................................. 14
Challenges for Patient Monitoring Network as an enterprise VLAN ........... 15
Single MC VLAN ........................................................................................... 15
Performance, reliability and security ......................................................... 16
Requirements ................................................................................................ 17
Patient Monitoring Network client requirements ...................................... 17
Patient Monitoring Network recommendations.......................................... 22
Equipment and topology ............................................................................ 23
Installation ................................................................................................... 31
Maintenance................................................................................................ 32
2000716-013E Patient Monitoring Network 3

Additional recommendations for enterprise VLAN ................................... 33
3 Checkout .......................................................................................................37
Checkout introduction .................................................................................. 37
Design phase checkout ................................................................................ 37
Network infrasturcture design requirements ............................................ 37
Network infrastructure design recommendations.................................... 38
MC/IX Network application requirements checkout ................................. 39
MC/IX Network application recommendations ......................................... 40
Documentation recommendations checkout ........................................... 41
Installation phase checkout ......................................................................... 41
Installation recommendations ................................................................... 42
Installation commissioning checkout ........................................................ 43
Installed network infrastructure checkout .................................................. 43
Data link (Layer 2) commissioning checkout ............................................. 43
IP connectivity requirements...................................................................... 44
MC/IX application commissioning................................................................ 46
MC application commissioning checkout description .............................. 46
MC application commissioning checkout procedures.............................. 46
IX application commissioning checkout description ................................ 46
IX application commissioning checkout procedure.................................. 46
Routed connectivity checkout description ................................................ 47
Routed connectivity checkout procedure.................................................. 47
Performance and reliability requirements................................................... 47
MC performance and reliability requirements checkout
description ................................................................................................... 47
procedure .................................................................................................... 47
High priority VLANs ....................................................................................... 48
High priority VLANs checkout description ................................................. 48
High priority VLANs checkout procedure................................................... 48
Network management recommendations.................................................. 48
NTP checkout............................................................................................... 48
SNMP checkout ........................................................................................... 49
Protection checkout .................................................................................... 49

Process checkout ........................................................................................ 49
Commissioning checkout ........................................................................... 49
Resource utilization recommendation and baselining checkout............... 49
Distribution switch resources checkout..................................................... 49
Access switch resources checkout ............................................................ 49
Customer responsibility checkout.............................................................. 50
A Definitions ....................................................................................................51
Acronym definitions ...................................................................................... 51
Term definitions............................................................................................. 52
B Checkout form..............................................................................................55
Patient Monitoring Network checkout form ................................................ 55
General information.................................................................................... 55
Design phase test results............................................................................ 55
Installation phase test results..................................................................... 58
Installed network infrastructure test results ............................................. 59
MC/IX application test results..................................................................... 60
Performance and reliability test results ..................................................... 60
Network management checkout results ................................................... 60
Resource utilization test results.................................................................. 61
Customer responsibility test results ........................................................... 61
C Shared equipment and link data sheet example .....................................63
Shared equipment and link data sheet example ........................................ 63
Closet ........................................................................................................... 63
Access switch .............................................................................................. 63
Distribution switch ...................................................................................... 65
Switch configurations (copy output from the switches) ........................... 66
Hospital network topology diagram (big picture)...................................... 66
Hospital network topology diagram showing Patient Monitoring
Network data path ...................................................................................... 67

Introduction
1
Overview
Manual intended audience
● Primary: Hospital IT departments and network administrators/designers.
● Secondary: Biomedical engineers
● Reference: Field service engineers
Intended use
This network configuration guide is intended for hospital IT departments and network
administrators/designers and GE network design consultants. Its purpose is to aid
the hospital or hospital assigned entity in the designing, configuring and testing of a
Patient Monitoring Network implemented as VLAN to the hospital enterprise network
or implemented as its own network separate from the hospital enterprise network.
Ordering manuals
A paper copy of this manual will be provided upon request. Contact your local GE
representative and request the part number on the first page of the manual.
Revision history
The part number and revision letter for this manual are at the bottom of each page.
The revision letter changes whenever the manual is revised. The first letter shown in
this revision history table is the first customer-released version of this document.
Revision Description
A Initial release of this manual.
B Updated to remove checkout and checkout
form.
C Updated recommendation and equipment.

Introduction
Revision Description
D Updated the following sections:
● Cautions
● Symbols
● Design Control
● Performance
● Acronym definitions
● back cover
E Updated the following sections:
● Warnings
● IP Addressing
● Speed and Duplex
● Renamed ATS to CTS
● Checkout form
Related documents
● Patient Monitoring Network Approved Equipment List
● CARESCAPE Network Router Supported Service Supplement
Responsibility
Customer/network installer responsibility
● Management of the network traffic, bandwidth, security and performance to
support the patient monitor(s).
● Management of network that ensures bandwidth and performance required for
patient monitoring is met.
● Maintenance and troubleshooting of the network.
● Process management to coordinate planned network maintenance and outages
and provision for unplanned outages.
● Design and configure network connectivity for the patient monitoring network
addressing network related issues.
● In additional to the above responsibilities, GE recommends following the
responsibilities outlined in IEC 80001-1:2010 Application of risk management for IT
Networks incorporating medical devices.
Manufacturer responsibility
● Provide installation and troubleshooting of the patient monitoring equipment under
warranty or extended service contract.
● Provide guidelines in designing and integrating the patient monitoring VLAN on a
hospital enterprise network, or designing a segregated patient monitoring network,
addressing issues related to patient monitoring products.

Introduction
● Provide consultation services during initial configuration and verification per

contract agreement.
● Perform on-site checkout to check network is suitable for patient monitoring traffic,
per contract agreement.
Safety information
Safety statements
The safety statements presented in this chapter refer to the system in general and, in
most cases, apply to all aspects of the network. There are additional safety statements
in other chapters which are specific to that chapter content.
The terms danger, warning, and caution are used throughout this manual to point out
hazards and to designate a degree or level of seriousness.
The order in which safety statements are presented in no way implies the order
of importance.
Dangers
Danger statements identify an imminent hazard which, if not avoided, will result in
death or serious injury. No danger statements apply to this system.
Warnings
Warning statements identify a potential hazard or unsafe practice which, if not
avoided, could result in death or serious injury.
The following warning statements apply to this system.
WARNING LOSS OF MONITORING — The network design should provide
resources for the Patient Monitoring Network clients;
bandwidth, equipment CPU and memory should be available,
not only during normal network activity, but also during
periods of traffic bursts, compromised states of network and
presence of unplanned traffic.
WARNING LOSS OF MONITORING — The Patient Monitoring Network

should extend only to hospital areas that require Patient
Monitoring Network traffic. The Patient Monitoring Network
VLAN should be defined only on network switches that host
monitoring devices or are providing connectivity to monitoring
devices.
WARNING LOSS OF MONITORING — Do NOT allow non-patient

monitoring data into the Patient Monitoring Network except
for limited, specific traffic that is required for the operation
of the monitoring devices and the maintenance of network
equipment.
WARNING ELECTRIC SHOCK — To avoid electric shock, the network

equipment and its accessories must not be placed within the
patient environment, which is a volume related to an object
(bed, chair, table, treadmill, etc.) where a patient is intended
to be diagnosed, monitored, or treated.

Introduction
WARNING LOSS OF MONITORING — Labeling prevents mishandling and

misuse of equipment. The following labeling is required for the
applicable equipment:
● Network equipment should have a warning label to
indicate it is used for patient monitoring.
● Power cords for networking equipment should have
warning labels indicating use for patient monitoring.
● Network cables attached to the network equipment should
have warning labels at both ends of the cable indicating
use for patient monitoring.
● Wall jacks used to connect patient monitoring devices
should be clearly labeled to identify the Mission Critical (MC)
and Information Exchange (IX) networks.
● Contact your local sales or service representative to order
additional label kits.
WARNING LOSS OF MONITORING — Equipment used for network

infrastructure should be verified by GE, the hospital or a
hospital-appointed entity. GE has a list of equipment verified
for functionality and performance.
WARNING LOSS OF MONITORING — The network should implement a

Quality of Service (QoS) policy that provides a prioritization
scheme which allows the Patient Monitoring Network to
consistently meet latency and packet loss requirements, and
provides necessary bandwidth in case of network congestion.
Bandwidth calculations are described in this document.
WARNING LOSS OF MONITORING — All VLANs on the network should

prevent intended or unintended communication loops by the
use of a Spanning Tree protocol or other equally effective
technology.
WARNING LOSS OF MONITORING — Two access interfaces on switches in

the same or different VLAN should not be cross-connected.
This may lead to flooding of traffic from one network to
another which may force the monitoring devices to reboot.
Cautions
Caution statements identify a potential hazard or unsafe practice which, if not
avoided, could result in minor personal injury or product/property damage.
The following caution statements apply to this system.
CAUTION NETWORK INSTALLATION REQUIREMENTS— Failure to comply
with the installation requirements as defined in this document
can impact the performance and reliability of the network.
CAUTION RESTRICTED SALE — U.S. Federal law restricts this device to

sale by or on the order of a physician.
Notes
Note statements provide application tips or other useful information.

Introduction
NOTE The Unity Network has been renamed to the CARESCAPE

Network. Not all references to the Unity Network will be
changed immediately; Unity may appear in some places and
CARESCAPE in others. It is important to understand that while
the CARESCAPE Network replaces the Unity Network name,
they refer to the same GE monitoring network.
Equipment symbols
Manufacturer name and address.
European authorized representative.

Introduction

2
Purpose
The Patient Monitoring Network is a service offering that provides consultation and
commissioning to help the customer meet the connectivity requirements of GE patient
monitoring devices on the enterprise network. This service offering also helps the
customer address the GE recommendations to achieve the network reliability, security
and performance required for mission critical real-time data.
The Patient Monitoring Network addresses the customer need to share hospital
network resources with the GE patient monitoring devices. These resources include
access switches, distribution switches, routers, copper cabling and fiber optic links
for hospital-wide connectivity as well as network services and security servers for
unified network management.
The Patient Monitoring Network also addresses the need for customers to design their
own patient monitoring network segregated from the enterprise network.
The CARESCAPE Network as an enterprise VLAN has been renamed to the Patient
Monitoring Network as an enterprise VLAN.
Overview
Patient Monitoring Network description
The Patient Monitoring Network designed by the customer to host GE monitoring
devices should deliver the same performance and function as the CARESCAPE
Network (a segregated network infrastructure designed and commissioned by GE
to host GE patient monitoring devices). The CARESCAPE Network has its dedicated
equipment separate from the hospital network infrastructure.
The monitoring devices, that include bedside monitors, central stations, gateways and
servers, are referred to as client devices to differentiate them from network equipment.
The Unity Network has been renamed to the CARESCAPE Network. Not all references to
the Unity Network will be changed immediately. Unity may appear in some places and
CARESCAPE in others. It is important to understand that while the CARESCAPE Network
replaces the Unity Network name, they refer to the same GE monitoring network.
There are three types of data coming from GE monitoring devices:
● MC: Mission Critical, consists of real-time clinical traffic that includes:
￭ Service discovery (RWhat)
￭ Alarm broadcast

￭ Alarm configuration
￭ Waveform request/update
￭ Parameter request/update
￭ Time request/response/update
￭ Admit/discharge
￭ Trends
￭ Graphs
● IX: Information Exchange, consists of non-real-time clinical traffic that includes:
￭ Full disclosure
￭ Print data
￭ Citrix data
￭ HL7 outbound data
￭ Patient data, including waveform and numeric data via the CARESCAPE Gateway
High Speed Data Interface (HSDI)
￭ Non-clinical data (such as InSite)
￭ ADT inbound
● RX: Real-time unprocessed telemetry data, that includes communication between
Access Points (APs) and the ApexPro hosts that process data and determine alarm
condition. The RX network is not allowed to share its network equipment with the
hospital network.
Traditionally, monitoring devices that communicated to both the MC and IX networks
required two network connections. Devices that only interface to the MC network, but
have the ability to communicate to the IX network and hospital network are referred
to as Inter-VLAN devices. Routing among the Patient Monitoring Network VLANs
enable a network client to use a single interface to reach devices in other networks.
The single interface has to be connected to MC so monitoring devices can listen
to MC Network broadcasts that are not routed. The network may have controlled
connectivity to the hospital network using the router function of the core/distribution
layer equipment or using an existing IX router.
The CARESCAPE Network MC network, IX network and RX network provide the
connectivity for the exchange of MC data, IX data and RX data generated by MC
clients, IX clients and RX clients, respectively.
The Patient Monitoring Network provides connectivity for the exchange of MC and IX
data as discussed in VLAN (14).
VLAN
A VLAN is a logical network of client devices that runs on a physical network
infrastructure of switches that could potentially be shared with other VLANs.
VLANs in the same physical network behave as separate networks. Client devices in
different VLANs cannot send unicast or broadcast to each other without using routers.
The network that provides connectivity to MC client devices and the network that
provides connectivity to IX client devices can be implemented as VLANs in the hospital
network, together with hospital VLANs that carry data, voice or video traffic. Or they
could be implemented as VLANs in their own network that is not shared with hospital
VLANs that do not carry patient monitoring data.

The network that provides connectivity to RX devices cannot share the hospital
enterprise network infrastructure.
The Patient Monitoring Network hosting MC client devices will be referred to as the MC
network and the VLAN implementation of the MC network will be referred to as the MC
VLAN throughout this document. The network hosting IX devices will be referred to as
the IX network and the VLAN implementation of the IX network will be referred to as
the IX VLAN throughout this document.
Challenges for Patient Monitoring Network as

an enterprise VLAN
Single MC VLAN
When a hospital requires that all MC network devices communicate to each other,
then all MC client devices must be in the same VLAN. This is a problem in an existing
hospital enterprise network infrastructure where different clinical units with MC
network client devices are connected by routers.
VLANs are implemented mainly in network switches. Therefore, they are defined
within interconnected switches and do not cross router boundaries.
There could possibly be more than one MC and IX VLAN in a hospital enterprise
network. The following figure shows VLAN boundaries in a hospital enterprise
network. It also illustrates how there could be multiple MC VLANs: MC-1 and MC-2.
Client devices in MC-1 VLAN are not able to communicate to client devices in MC-2
VLAN and vice versa.

Performance, reliability and security

The Patient Monitoring Network that exists as a VLAN on a hospital enterprise network
infrastructure has to deliver the same reliability, security and performance as a
CARESCAPE Network with a dedicated infrastructure.
A CARESCAPE Network with a dedicated infrastructure is designed using proven
topologies and qualified equipment and configurations. It is installed and verified to
meet the networking needs of a known number of edge devices with known data
payload and is mostly left unchanged after installation. Planned changes to the
network are coordinated with all parties involved. In contrast, a Patient Monitoring
Network as a VLAN on a hospital enterprise network is subject to the following
challenges:
● It competes with hospital enterprise network traffic for network resources, including
bandwidth, network device CPU and memory.
● It is affected by changes in the hospital enterprise network. The addition of
switches and routers could increase scheduled downtime, affect traffic load and
trigger spanning tree convergence.

● It is exposed to greater security risk because the hospital enterprise network

has more users, including guests, and is connected to the Internet, as well as
other intranets. This increases possibility of virus attack, denial of service attack,
unauthorized access and intrusion that could drain network resources.
These challenges are overcome through network planning, design and maintenance
that involves:
● Selection of high-quality network devices that have passed verification of
functional, performance and system requirements of the Patient Monitoring
Network. The hospital may select network devices that have been qualified by
GE or they may choose to check alternate devices, or appoint another entity to
manage the verification. The hospital may use its own resources or a third party to
check equipment.
● Design for Patient Monitoring Network using bandwidth and data-flow planning to
avoid congestion.
● Use of an overall Quality of Service (QoS) policy that ensures Mission Critical (MC)
traffic maintains the required level of service in the presence of unplanned traffic of
a compromised state of the network.
● Instituting management, maintenance and security policies that minimize Patient
Monitoring Network downtime.
A number of recommendations for successful integration of the Patient Monitoring
Network on a hospital enterprise network are simple, good networking practices.
This document discusses the requirements, recommendations and verification of
the Patient Monitoring Network. It also discusses recommendations that only apply
to an enterprise VLAN implementation.
Requirements
If a product is not listed in this section, consult the product manual for more
information on settings.
The Patient Monitoring Network (as an enterprise VLAN or as a segregated network)
must meet the requirements of GE monitoring products that are clients on the
network. Basic requirements of the MC Network clients and the IX Network clients
most affected by sharing network infrastructure are:
● Performance: Latency less than or equal to 250 ms.
● Reliability: Packet loss less than or equal to 5 per million packets
Factors affecting performance and reliability are discussed in Recommendations (22) .
Patient Monitoring Network client requirements

Connectivity requirements
The MC network client devices require IP v4 connectivity over Ethernet to send
broadcast and unicast messages to each other.
The IX network client devices require IP v4 connectivity over Ethernet to send unicast
messages to each other.
GE monitoring devices, including central stations, servers and gateways require
connectivity to the hospital network to perform specific services. For a list of GE

monitoring device services needing router connectivity to the hospital network, refer
to the appropriate documentation (e.g., CARESCAPE Network Router Supported
Service Supplement or the appropriate product documentation).
The RX network is not allowed to share its network equipment with the hospital
network. Also, the RX network is not connected to the hospital network.
Performance requirements
The MC application requires MC packet latency of less than 250 ms. Packet latency
from the ApexPro Telemetry Server (ATS)/CARESCAPE Telemetry Server (CTS) or bedside
to the CIC Pro Clinical Information Center (CIC Pro center)/CARESCAPE central station
must be less than or equal to 250 ms in order for the system to meet AAMI EC13
- 2002 Sections 4.2.8.4, 4.2.8.5, 4.2.8.6 Time to Alarm.
Reliability
The MC application requires MC packet loss of less than or equal to 5 packets per
million.
Packet loss referred to in the requirements is measured in one direction between two
specific endpoints. It is not the aggregate packet loss of the network as a whole.
Packet loss count is measured on a fully operational, properly configured network; it
does not include packets that did not reach the destination because of downtime on
the network.
IP addressing configuration requirements
The MC network requires to have its own network address that is different from the
IX network. This prevents confusion on devices(which have a dedicated MC and an
IX interfaces) regarding which interface to use. Some older devices do not support
classless subnets. If minimum of one device which operates on classful address is
present in the network, then classful IP addressing should be used. The IX network may
use subnets depending on whether all the IX clients support classless subnets. Solar
9500 has a dedicated MC & an IX interface, and it does not support classless subnets.
The following products do not recognize subnet masks or do not support classless
subnetting on both MC and IX:
● DASH
● Solar
● Unity ID
● ATS or CTS
● CIC
Addition to above mentioned reference list of devices, it is recommended to refer the
documentations shipped with the respective device to confirm if the device supports
classful or classless IP addressing.
In addition, it is required that all MC client devices that need to communicate with
each other are placed in one broadcast domain (single MC VLAN). This is because IP
broadcasting is used by MC client devices to discover services, announce alarms and
synchronize time.
Customers use their own IP addressing scheme. Devices are shipped with 126 or 172
MC IP addresses. However, it is recommended that public IP addresses, such as 126,
should not be used without proper authorization, and that all addresses should be
verified to be unique before installation.

All addresses should be verified to be unique before installation.

NOTE The following IP addresses are used internally by the
CARESCAPE Monitors B850, B650, B450 monitors. These IP
Subnets or IP Supernets to which overlap with the below
listed IP address below are restricted from being used on
the network:
● 192.168.249.0/24
● 192.168.250.0/24
● 192.168.251.0/24
● 192.168.252.0/24
● 192.168.253.0/24
● 192.168.254.0/24
Limit on number of CARESCAPE Network client devices

There must be no more than 48 access ports assigned to MC devices in a single
network device. This is to reduce the clinical impact of the loss of a network device.
The number of client devices on the MC Network is measured in terms of RWhats,
which is the service discovery packet broadcasted by the devices. Use the following
table for device count calculations.
Product Number of devices (RWHAT entries) it
represents
Bedside patient monitors, central stations, one
and servers
Telemetry servers (ATS/CTS and CDT LANs) up to 17 (one for the server and one for each
patient)
Unity Network ID one if used stand-alone
one if used with a Dash™ 3000/4000/5000
Patient Monitor (regardless if it is associated
with the DASH via a serial cable)
zero if used with a Solar™ 8000 M/i Patient
Monitor
The maximum size of the MC Network is typically 1023 RWhats, but may be larger
or smaller as determined by the most limiting device. Refer to the documentation
provided with the device that will be connected to the network for more information.
Some older devices have more limitations on network size, as shown in the following
table.
Device Configuration1 Number of patient Number of RWhats
views supported supported
CDT LAN Wired 10 per patient, but 1023
no more than 50 per
tower total
Eagle Wired 10 800
Wireless 5 500
1. The wireless information is provided for comparison purposes only.

Speed/duplex access port configuration

Speed and duplex settings are defaulted to auto-negotiate in the standard switch
configuration. This setting is correct for a majority of CARESCAPE Network client
devices.
Client device configuration Switch configuration Negotiated speed/duplex
AUTO Negotiate (10/100) AUTO Negotiate 100 Mbps/Full Duplex
10 Mbps/Half Duplex AUTO Negotiate 10 Mbps/Half Duplex
100 Mbps/Full Duplex AUTO Negotiate 100 Mbps/Half Duplex
(mismatch)
100 Mbps/Half Duplex AUTO Negotiate 100 Mbps/Half Duplex
The qualified switches are able to negotiate correctly with client devices configured
to auto negotiate.
Qualified switches are also able to default to correct settings with client devices fixed
at 10 Mbps/Half duplex.
However, the switch is unable to negotiate or default to correct duplex setting with
client devices fixed at 100 Mbps/Full Duplex.
Refer to the following table for speed/duplex settings on CARESCAPE Network client
devices.
If a product is not listed in the table, consult the product manual for speed/duplex
settings.
Device Port name Default Maximum speed Recommended
speed/duplex and duplex switch port
setting on the supported by setting
device NIC the client device
Central station platforms
Bedrock MC Auto-negotiate 100 Mbps/Full Auto-negotiate
Nightshade IX Auto-negotiate 100 Mbps/Full Auto-negotiate
BCM
MP100 MC Auto-negotiate 100 Mbps/Full Auto-negotiate
IX Auto-negotiate 1000 Mbps/Full Auto-negotiate
MP200 MC Auto-negotiate 1000 Mbps/Full Auto-negotiate
Telemetry Server platforms
Bedrock RX Auto-negotiate 100 Mbps/Full Auto-negotiate

Nightshade MC Auto-negotiate 100 Mbps/Full Auto-negotiate
BCM
MP100 RX Auto-negotiate 100 Mbps/Full Auto-negotiate
MC Auto-negotiate 100 Mbps/Full Auto-negotiate

Bedside patient monitors

Dash MC 10 Mbps/Half 10 Mbps/Half Auto-negotiate 2
3000/4000/5000
Patient Monitor
Solar 8000 M/i
Patient Monitor
Dash 2500
CARESCAPE MC Auto-negotiate 100 Mbps/Full Auto-negotiate
Monitor B850
Monitor B650
PROCARE MC Auto-negotiate 100 Mbps/Full Auto-negotiate
Monitor B40
Monitor B30
Monitor B20
Server products
Gateway, Aware
Gateway IX Auto-negotiate 1000 Mbps/Full Auto-negotiate
iLO Auto-negotiate 1000 Mbps/Full Auto-negotiate
NOTE Speed and duplex settings may vary depending on the Device
version. Refer to product documentation shipped with the
device to confirm the speed and duplex settings supported
by the device.
QoS access port configuration

The QoS setting depends on the type of CARESCAPE Network client device.
Ports connected to network devices with DSCP markings in their packets are
configured to use DSCP marking of incoming packets. Otherwise, ports are configured
to assign a CoS marking to incoming frames; the CoS markings are converted to
DSCP markings applied to the IP header.
The following table shows the CoS markings applied by the switch on frames of
CARESCAPE Network client devices with no DSCP markings.
CARESCAPE Network Client Device CoS marking
MC client device 2
IX client device 0
The following table shows the CARESCAPE Network client devices that apply DSCP
markings on the packets. Products not listed do not mark traffic.
2. If client device is fixed at full duplex, the switch port must be set to the same speed and duplex setting as the client device. If client device
is fixed at half duplex, the switch port is kept in the default configuration of auto-negotiate so the switch port can default to half duplex
but will detect and match client speed.

The wireless information is provided for comparison purposes only.

CARESCAPE Network Client Device DSCP on wired
Dash Patient Monitor V6 26 – all traffic
Dash Patient Monitor V7 26 – all traffic
CARESCAPE Monitor B850 26 – Real-time clinical traffic
8 – Non-real-time clinical traffic
0 – Everything else
CARESCAPE Monitor 26 – Real-time clinical traffic
B650 8 – Non-real-time clinical traffic
0 – Non-real-time
PROCARE Monitor B40 26 – Real-time clinical traffic
CARESCAPE Gateway 26 – Real-time clinical traffic, network
services (e.g., NTP)
0 – Everything else
NOTE Please refer to Wireless LAN Network Configuration Guide for

Wireless markings & configurations.
Patient Monitoring Network recommendations

These recommendations apply to both the Patient Monitoring Network as an
enterprise VLAN and as a segregated network unless stated otherwise.
Recommendations are based on mitigations of possible causes of hazards as
determined by GE during the risk analysis of the CARESCAPE Network.
Hazards considered include the following:
● Loss of monitoring (greater than 30 seconds)
● Intermittent loss of monitoring
● Missed alarms
● Impaired operation of patient monitor and other network clients
● Incorrect parameter data
● Incorrect real-time waveforms and parameters
● Falling object
● Sharp object
● Hot object/fire
● High and low voltage equipment
● Unsecured cables that can cause tripping

● System not used as intended

● Documentation not adequate to configure and operate the system
Causes considered include the following:

● Power outage
● Equipment failure
● Equipment limitations in terms of resources and functions
● Incompatibility of equipment and configuration
● Faulty cabling
● Design error
● Configuration errors
● Installation errors
● Broadcast storms
● Packet flooding
● Congestion due to high number of devices
● Congestion due to high bandwidth devices
● Congestion due to rogue devices on the network
● EMI and other environmental interference
● Denial of service attacks, viruses, unauthorized use of network
● Disasters, such as fire and flood
● Network maintenance (planned and unplanned effects)
● Lack of documentation
● Lack of network monitoring
Equipment and topology

Qualified network equipment
WARNING ELECTRIC SHOCK — To avoid electric shock, the network
equipment and its accessories must not be placed within the
patient environment, which is a volume related to an object
(bed, chair, table, treadmill, etc.) where a patient is intended
to be diagnosed, monitored, or treated.
High-quality network devices selected by the hospital for its infrastructure and
selected to host the Patient Monitoring Network should pass functional and system
testing under design control. The hospital may select network devices that have been
qualified by GE or they may choose to check alternate devices, or appoint another
entity to manage the verification.
Qualified network equipment testing requirements
Requirements to be met during testing come from different sources, including the
following:
● Network client requirements, in terms of function, performance and reliability.
See Requirements (17) .
● User requirements, in terms of ability to configure and manage the network and
availability of documentation.

●Risk mitigations, for example:

￭ Loop prevention
￭ Quality of service
￭ Access control lists
￭ Redundancy
￭ Network monitoring
● Country safety, emission standards and language requirements, for example:

￭ UL 60950-1
￭ Labels in English
Qualified network equipment risk analysis

The risk analysis performed on the Patient Monitoring Network is the basis of the risk
mitigations that become part of the requirements in the design and testing of the
network. The hospital should execute its own risk analysis of the network according to
hospital policies and procedures. The hospital can base its analysis on the manner
they use the monitoring devices on the network.
Qualified network equipment verification
The recommended verification of the Patient Monitoring Network has two phases:
Functional and System verification.
Functional verification includes the following:
● Equipment conformance to country safety and emission standards
● Equipment conformance to technology standards, such as IEEE 802.3, etc.
● Equipment reliability (MTBF shared by vendors)
● Equipment maintenance, for example:
￭ Configuration download, upload
￭ OS download
￭ SNMP, NTP
￭ Password protection
￭ Banner
￭ Access, such as SSH, Telnet
● Functional capability and performance, for example:

￭ VLANs
￭ Spanning tree (Multiple Spanning Tree)
￭ Packet priority marking, recognition and handling
￭ Stacking
￭ Link aggregation
￭ Routing
￭ Access control lists
￭ Throughput
￭ Resource utilization (CPU, memory)
● Network topology, configuration testing, for example:

￭ Connectivity

￭ Latency and packet loss

￭ Redundancy
System verification tests the network using actual monitoring devices, including
bedside monitors, central stations, servers and gateways. Bedside simulators are
used to attain the maximum number of monitoring devices allowed on the network.
It verifies the following:
● Monitoring device auto-negotiation of speed/duplex
● Network functions with maximum monitoring devices on the network
● Network functions with maximum monitoring devices, plus 40% noise traffic on
trunks
● Network functions with maximum monitoring devices, plus 80% noise traffic on
trunks
● Network functions with maximum monitoring devices, plus 40% after power cycle
of whole network
● Network functions with maximum monitoring devices, plus 40% after running
the network for 24 hours
● Device services across networks
Qualified network equipment role and limitations of use
The limitations on the use of network equipment as determined during functional
verification should be followed. For the list of GE verified equipment, refer to the
Patient Monitoring Network Approved Equipment List.
● Switches qualified as access switches are deployed as access switches.
● Switches qualified as distribution switches are deployed as distribution switches.
● Switches qualified as aggregator (also called closet distribution) switches are
deployed as aggregators interconnecting access switches.
● Switches approved for use only in redundant configuration are deployed as
redundant.
A switch approved for use at the access layer satisfies the redundancy requirement
with dual uplinks to a redundant distribution, at a minimum. Redundancy of switches
may be required, based on reliability metric for particular switch models. A switch
approved for use as distribution satisfies the redundancy requirement with the
following:
● Use of two independent units in a Spanning Tree Root/Broot configuration or in a
configuration that makes two units act like single unit as in stacked configurations.
● Use of a single chassis-based unit with redundant CPU, redundant power supply
and redundant interface modules. A single unit with redundant components is
deployed in the topology like a stacked switch.
Qualified network equipment bandwidth and network resources
The Patient Monitoring Network should be provisioned with sufficient bandwidth as
calculated using methods described in the following sections. Networking device
resources, such as memory and processor loading, should be considered in the overall
design to ensure deterministic and reliable network performance.
Switch resources should not exceed:
● 80% average CPU utilization

● 80% average memory utilization

● 80% average port bandwidth utilization on links between switches
● 80% average port bandwidth utilization on failure condition when links take
additional load from failed links
The average utilization measurement is taken over a one-day period. The requirement
is met if the average over the one-day period is within the limit and the limit is not
exceeded continuously over any 15-minute period.
The bandwidth average applies to each of the input and output utilization of a full
duplex port; it applies to the sum of the input and output utilization of a half duplex
port.
As a recommendation, measure a device CPU and memory utilization under typical
load, by taking a 15-minute average. If the average exceeds 40% over any 15-minute
period, implement a proactive method to monitor the device resources. If that
average exceeds 80% over any 15-minute period, re-architect the network or deploy
more capable network devices.
Bandwidth calculations for CARESCAPE Network client devices
The CARESCAPE Network is designed to have the resources needed to handle the
network activities of its clients. As a rule, the trunk ports average bandwidth utilization
should not reach 80%. In a 100 Mbps network, the periodic transmission should not
raise the floor of the bandwidth utilization graph to more than 40% to allow for
unexpected bursts of data, such as in Full Disclosure and file transfer.
The average utilization measurement is taken over a one-day period. The requirement
is met if the average over the one-day period is within the limit and the limit is not
exceeded continuously over any 15-minute period.
Bandwidth calculations are used when determining the number and type of devices
that could share network equipment and links.
The following table can be used for estimating bandwidth utilization.
Incoming Outgoing
RWhat broadcasts per 107.2 bps
device (Central station,
bedside, telemetry bed, etc.)
Alarm broadcast per patient 520 bps
monitor
Patient monitor 50 Kbps 100 Kbps
Telemetry server (CTS) 3.4 Kbps 1600 Kbps
Central station MC network 1.65 Mbps 5.4 Kbps
Central station IX network 2 Mbps max 2 Mbps max
CARESCAPE Gateway 20 Mbps 24 Mbps/High Speed Data
(acquiring from 512 beds) Interface (HSDI) client
These numbers are generalized and will vary widely depending on use model of the
devices. Refer to the following sections for detailed calculations.
CARESCAPE Network RWhat broadcast
The frequency of RWhat packets depends on the number of bedside monitors
connected in the CARESCAPE Network.

Number of CARESCAPE RWhat packet frequency bps per device

Network client devices (134 bytes/packet)
1-99 1 per 10 sec 107.2
100 - 149 1 per 15 sec 71.47
150 - 249 1 per 25 sec 42.88
250 and greater 1 per 28 sec 38.29
The bandwidth of RWhat broadcast for 1023 devices: 1023 devices* 38.29 bps per
device = 39170 bps, 39 Kbps RWhat.
CARESCAPE Network alarm broadcast
The frequency of alarm broadcast packets is one packet every two seconds while the
device is in an alarm state. The size of an alarm broadcast is 130 bytes.
Even if there are two alarms active in a bedside monitor, only one Alarm Broadcast
packet is sent.
The bandwidth of alarm broadcast for 1023 devices: 1023 devices * 130 bytes/2 sec
per device = 66495 bytes per sec = 531960 bps = 532 Kbps.
Bandwidth of GE bedside patient monitors
A typical patient monitor has one waveform stream (referred to as patient view in this
document) required for display on the CARESCAPE Central Station and one waveform
stream required for Full Disclosure. For each patient view, 40 Kbps is required. This
amounts to 80 Kbps waveform traffic per patient monitor.
To account for the rest of CARESCAPE Network traffic (alarms, RWhats, graphing,
histories, trends, etc.), assume that the waveform traffic is 80% of the total.
The remaining traffic will amount to approximately 20 Kbps, totaling 100 Kbps per bed.
This number can vary significantly depending on the use model. For example,
configuring a bedside patient monitor to Auto View on Alarm (AVOA) can cause a
sudden increase in bandwidth generated by the alarming bedside because each view
requires approximately 50 Kbps.
Bandwidth of CTS
The CARESCAPE Telemetry server (CTS) outgoing traffic to the MC VLAN is calculated
as follows (assuming each of the 16 patients is viewed once and full disclosed):
16 patients * 100 Kbps = 1600 Kbps
The CTS incoming traffic from the network to the MC VLAN is calculated as follows:
((16 patients * 108 bytes parameter requests/10 sec) + (16 patients * 108 bytes
waveform request/10 sec)) * 125% for rest of traffic = 3.4 Kbps.
The CTS can source up to 40 views per patient, meaning the maximum outgoing
bandwidth for an CST be up to 16 patients * 40 views * 50 Kbps = 32 Mbps.
Bandwidth of Central station
The bandwidth of central station incoming MC traffic is 1.65 Mbps; outgoing on MC
traffic is 5.4 Kbps; outgoing/incoming on IX during transmission: depending on usage,
when not limited by bandwidth, full disclosure retrievals can result in short bursts of
2 to 12 Mbps.

Bandwidth calculation for a device is based on maximum utilization. The following

bandwidth calculations are based on maximum utilization of the central station.
Central station incoming traffic on MC VLAN is calculated as follows:
((16 patients view + 16 patients being full disclosed + single viewer open) * 40
Kbps/view * 125% for the rest of traffic including graph, histories, trends) = 1.65 Mbps.
Central station outgoing traffic on MC VLAN is calculated as follows:
((17 patient view * 108 bytes parameter request/10 sec) + (33 patient view * 108 bytes
waveform request /10 sec)) * 125% for the rest of traffic = 5.4 Kbps.
Do not include both central station incoming and patient monitoring outgoing. It is
the same network traffic.
Bandwidth of CARESCAPE Gateway
The following factor is a major contributor to the MC Network load on the inbound side
from the monitoring devices to the CARESCAPE Gateway application:
● A = Total number of monitors on the CARESCAPE Network MC for a given
CARESCAPE Gateway.
CARESCAPE Network MC inbound to CARESCAPE Gateway (Mbps) =
(40kbps/bed/1000)*A
The following factors contribute to the CARESCAPE Network IX load on the outbound
side from the CARESCAPE Gateway application:
● A = Total number of monitors on the CARESCAPE Network MC for a given
CARESCAPE Gateway
● C = Total HSDI Clients requesting data from the CARESCAPE Gateway
CARESCAPE Network IX Traffic from CARESCAPE Gateway (Mbps) = (47 kbps/MC bed
*A) * C/1000
Guidance in populating switches
Assigning bedside patient monitors, central stations, servers and ATS/CTS hosts to
switches must take into consideration available bandwidth, the ability to handle loss
of monitoring on switch failure among others.
Switch use case 1
A recommended use of a 24-port access switch is to connect 16 patient monitors
and two central stations.
● One central station gets data from patient monitors in the same switch.
● One central station gets data from patient monitors across the network.
● 16 patient monitors report data to one central station in the same switch and to
another central station across the network.
● These same 16 patient monitors are also each viewing one other bedside from
across the network (results in 16 * 50 Kbps = 800 Kbps incoming).
For calculation purposes, assume there are 1023 client devices in the network
and 100% have alarms amounting to approximately 571 Kbps broadcast. No full
disclosure actively exchanged between central stations.

Uplink port MC network traffic

traffic
Broadcast Central Central 16 monitors Total
station-1 station-2 (average
traffic)
Incoming 562 Kbps negligible 1.65 Mbps 803.4 Kbps 2.6 Mbps
Outgoing 9 Kbps negligible 5.4 Kbps 1600 Kbps 1.6 Mbps
The switch trunk port with 100 Mbps bandwidth, full duplex, could easily handle an
additional full disclosure traffic (Depending on usage, when not limited by bandwidth,
full disclosure retrievals can result in short bursts of 2 to 12 Mbps) on IX network.
Recommendation
Mixing patient monitors with central stations in the same switch is a good way to
utilize available uplink bandwidth; central stations use incoming link; patient monitors
use outgoing link.
Also, having a central station view patient monitors on the same switch allows for
monitoring of 16 patients simultaneously in case of distribution switch failure.
Switch use case 2
Another possible use of a 24-port access switch is to host central stations in a
monitoring center. Assuming there are eight central stations getting data from across
the network, eight central stations occupy eight MC ports and eight IX ports in a
24-port switch; eight ports are Admin and spares. The following is the estimated
bandwidth usage on the switch uplink trunk port.
Uplink port traffic Broadcast Eight central Total (average
stations traffic)
Incoming 566 Kbps 1.65 x 8 = 13.8 Mbps
13.2 Mbps
Outgoing 5 Kbps 5x8= 45 Kbps
40 Kbps
Access switches are connected to the distribution switch using at least 100 Mbps,
full duplex link.
Switch use case 3
Use a 24-port access switch to host ApexPro hosts in a closet.
The ApexPro host uses approximately 1.6 Mbps to send two views for each of 16
patients (one for viewing on a central station, and one for full disclosure). ApexPro v4.1
and later are updated to handle up to 40 waveform requests per patient. A single
ApexPro host could potentially send 64 Mbps of waveform data.
Recommendation
Use the calculated bandwidth usage to determine if adding an ApexPro host to a
switch will exceed uplink bandwidth. Do not concentrate the ApexPro hosts to one
switch unless there is a mitigation plan for loss of monitoring for the telemetry patients
affected when the switch becomes disconnected or non-operational.
There is no backup monitoring available for telemetry patients if the ApexPro host is
disconnected.
Qualified network equipment limit on number of clients in access switch

There should be no more than 48 access ports assigned to MC devices in a single

network device. This is to reduce the clinical impact of the loss of a single network
device.
Qualified network equipment topology
It is highly recommended that the Patient Monitoring Network topology be redundant.
In addition, the hospital network should implement a loop prevention method to
prevent looping of packets that can cause network congestion. Multiple spanning tree
(MSTP) is recommended. Low bandwidth MC devices are forced to reboot when high
number of broadcast messages are recirculated on the MC network.
Qualified network equipment limited Patient Monitoring Network coverage
WARNING LOSS OF MONITORING — The Patient Monitoring Network
should extend only to hospital areas that require Patient
Monitoring Network traffic. The Patient Monitoring Network
VLAN should be defined only on network switches that host
monitoring devices or are providing connectivity to monitoring
devices.
The Patient Monitoring Network implemented as VLAN on the hospital enterprise

network should be limited to where it is needed to narrow the vulnerability to
equipment changes, spanning tree convergence and network maintenance.
Quality of Service (QoS)
QoS is used to prioritize traffic delivery in case of simultaneous burst of transmission
from different devices. It is used to meet the latency and jitter requirements of
time sensitive data, limit traffic to a specific bandwidth and, in case of congestion,
determine drop probabilities of data.
QoS is never intended to compensate for lack of bandwidth.
The hospital may implement its own QoS policy with its own COS and DSCP priority
marking scheme.
The MC and IX network data should fit into the hospital QoS scheme using the
following order:
Traffic Priority Drop Probability
Network control data (BPDU, Highest priority 0 drop
etc.),
Voice Over IP, Real time High priority Below limit - 0 drop;
media (bandwidth limited) Above limit - drop always or
lower priority to 1 or 0
Network MC Priority traffic 0 drop
Admin (telnet, SNMP)
Network IX, Hospital Low priority traffic Low drop probability
Hospital Lower priority traffic Low drop probability
Hospital, Guest Lowest priority Higher drop probability
The hospital may use the DSCP marking on packets from monitoring devices as a
basis for remarking packets. See QoS priority marking (21) .

MC and IX access ports for clients that implement DSCP markings should be
configured to trust DSCP markings of incoming packets. Ports for clients that do not
implement DSCP markings should be configured to apply markings to all incoming
packets according to hospital priority scheme.
Mappings between CoS and DSCP should be maintained consistently throughout
the network.
Installation
Cabling
Cabling must use the following:
● Category 5e at the minimum for speeds of 10, 100, 1000 Mbps and at least
category 6 or 6A for speed of 10 Gbps
● Fiber uplinks whenever there is possible electromagnetic interference (EMI) and
other environmental interference; the fiber may be multi mode (62.5/125 or 50/125
micron) or single mode depending on distance and optical transceiver used
The fiber runs must be tested and certified in accordance to ANSI/TIA/EIA-526-14A
standards.
The cabling must meet standards defined in ANSI/TIA/EIA-568-B.1-2001, -B.2-2001,
-B.3-2001 or later issue of the standards.
Network equipment protection
Network equipment protection is necessary in achieving the close to zero downtime
goal for the CARESCAPE Network. The following security measures are required:
● Network equipment must be in an area with restricted access such as a locked
closet or enclosed rack.
● Configurable network equipment must be protected with a password.
In addition, measures must be taken to protect network equipment from loss of power.
Network equipment must be connected to UPS (Uninterruptible Power Supply). It is
recommended that UPSs have SNMP v3 or v2 and have an RJ-45 Ethernet connection
for remote management.
It is strongly recommended that a backup power system (e.g., emergency power
supply) is available for network devices so communication is uninterrupted when
power is lost for a longer duration.
It is recommended that configurable network equipment display a warning message
before the login prompt to indicate it is used for patient monitoring; this is to prevent
unintentional changes to the configuration.
Labeling recommendations
Labeling prevents mishandling and misuse of equipment. The following labeling is
recommended for the applicable equipment:
● Network equipment should have a warning label to indicate it is used for patient
monitoring.

● Power cords for networking equipment should have warning labels to indicate that
they are used to power devices that carry patient data. It is recommended to place
the label near the plug to the power source.
● Network cables attached to the network equipment should have warning labels
at both ends of the cable to indicate that they carry patient data; segregated
networks may use color-coding to identify cables used exclusively for the Patient
Monitoring Network.
● Wall jacks used to connect patient monitoring devices should be clearly labeled or
marked to differentiate them from wall jacks of different networks.
Environment requirements
Equipment must be in an environment that meets equipment operating requirements
in terms of temperature, absence of interference (EMI) and other environmental
factors.
Operating ambient temperature range is between +0 °C to +35 °C (32 °F to 95 °F)
Storage ambient temperature range is between -25 ºC to +70 ºC (-13 ºF to +158 ºF)
Atmosphere up to 85% relative humidity
Normal office environment meets equipment operating requirements.
Maintenance
Process to coordinate planned downtime
The hospital should have a documented process to coordinate planned network
downtime and maintenance with the biomedical and clinical representatives.
Network design documentation and record
The network should have documentation of its design, installation, configuration
and commissioning. Documentation of the network includes but is not limited to
the following:
● Equipment list
● Interconnection matrix
● Topology drawing
● Closets and equipment in closet
● Cable run diagram
● Cable certification record
● Equipment configuration
● IP addresses (used and available)
● Commissioning record
Network monitoring
A good network management policy is one that is proactive. It monitors traffic
regularly, looking for changes in network usage. It uses network management tools
that notify administrators of change in link and network device status.

SNMP monitoring of the status of the switch, its modules and trunk ports is strongly
recommended, especially in chassis-based network equipment. It enables correction
of a non-catastrophic failure like fan failure before it causes a switch shutdown.
Network equipment should be time synchronized so a sequence of events could be
created using logs from the different equipment. NTP is the recommended protocol.
Additional recommendations for enterprise VLAN

Selective sharing of switches
Patient Monitoring Network client devices should share access switches with hospital
client devices that have deterministic bandwidth utilization. Sharing of network
devices with the Patient Monitoring Network VLAN should take the following criteria
into careful consideration:
● Devices on a shared access switch should be analyzed for network resource
consumption characteristics. If the consumption could at anytime go beyond what
was allocated and planned, as is the case with some file and video servers, then
the device should be placed on network equipment without MC network clients.
● Even though a properly designed QoS policy should manage times of congestion,
the design goal is to minimize risk and maximize predictability when carrying
life-critical traffic.
In the Patient Monitoring Network VLAN that uses spanning tree to prevent loops,
ensure the following:
● Distribution switches are configured as spanning tree roots for optimal traffic flow,
ensuring the most capable devices carry the heaviest traffic load and data flow
is predictable.
● If using redundant distribution switches, the other distribution switch becomes the
spanning tree root if the first root distribution switch fails.
Shared distribution switches could easily be the bottleneck in the network topology.
They should have sufficient resources for the planned traffic.
Shared distribution switches should be the spanning tree (STP) Root and backup Root
(for redundant topology) of the Patient Monitoring Network.
Controlled data path
Data flow should be established in the design phase and traffic bottlenecks identified
and resolved. The Patient Monitoring Network VLAN and associated data paths
should be carefully designed before implementation, taking into consideration the
following criteria:
● Minimization of the physical footprint of the Patient Monitoring Network by defining
the Patient Monitoring Network VLANs only on network devices hosting monitoring
devices, or providing the path to monitoring devices. The minimal set of devices
that carry the VLAN reduces downtime and risk, due to maintenance outages and
security vulnerabilities.
● Design deterministic data pathways for the Patient Monitoring Network traffic, by
configuring spanning tree instances, as an example, to optimize network resources,
minimize resource competition at network distribution devices and trunks, and
ensure predictive operation of the network in a compromised state due to link
or device outages.

● Utilize link aggregation between distribution switches and access-to-distribution

links when possible to increase the shared network resources, utilizing a sound
quality of service policy and bandwidth planning to ensure proper operation during
a compromised state due to link or device outages.
● Shared access switches should receive user traffic only on VLANs used by client
devices it supports. For example, an access switch with access ports in VLANs 1 and
2 must not receive broadcast and multicast of a hospital VLAN on its trunk ports.
The following figure shows an example of selective switch and link sharing. The
primary path of VLANs are identified by labels on the links.
● Access Switch 1 has unpredictable bandwidth servers connected to it so it is not
shared with Patient Monitoring Network client devices, especially bedside patient
monitors that also feed data to other nodes.
● A central station shares Access Switch 2 with hospital enterprise network
information browsers that are clients to both the hospital enterprise network’
video/picture server and patient data server. The browsers receive multicast high
bandwidth transmission from the picture server on the H-1 VLAN. This traffic has its
own uplink, separate from the Patient Monitoring Network uplink.
● Access Switch 3 is shared by bedsides, central stations and access points. The
number of APs and bedsides is limited by bandwidth of shared uplink.
The link between distribution switches should have high bandwidth as it could easily
be the bottleneck point.
Primary paths of VLANs are shown by labels on the links.

Assured bandwidth
The hospital network should implement a QoS policy that ensures MC and IX VLANs
are allocated enough bandwidth to meet or exceed the estimated calculated
bandwidth. As an example, if it is estimated through calculations that a particular link

will require 5 Mbps of MC bandwidth, the QoS policy for that link should ensure the MC
VLAN receives at least 5 Mbps even in the presence of higher priority traffic. Higher
priority traffic, like voice and video, may have preferential queuing, to minimize jitter,
but they should not starve the MC VLAN of bandwidth.
Limited access to Patient Monitoring Network
The hospital enterprise network should not route data in and out of the Patient
Monitoring Network, except for the limited specific data that is necessary for the
operation of the Patient Monitoring Network client devices.
If there is a route between the hospital VLAN and the Patient Monitoring Network, that
route should be controlled and access should be limited.
Cases when routing is enabled include the following:
● If there are Patient Monitoring Network client devices that communicate to devices
in the hospital network, then controlled routing should be implemented. See
Connectivity (17) .
● If there is a resource shared with the hospital, such as an NTP and SNMP server,
then routing is implemented to enable these services.
● Inter-VLAN routing between MC and IX networks is enabled to allow Inter-VLAN
devices on MC networks to communicate to devices in the IX networks.
● Limited one-way routing may be permitted from the MC network to third-party
devices.
Protection from virus, intrusion, denial of service attack recommendations
A hospital enterprise network that is open to many users and is connected to other
networks such as the Internet has increased chances of being brought down by
viruses and denial of service attacks.
The hospital enterprise network should have protection from virus, denial of service
attack and intrusion.
Due to varying protection levels of client devices, the overall network protection relies
on being in an isolated or protected network to avoid virus and denial of service
attacks.
The hospital network management is responsible for the selection, maintenance and
assessment of effectiveness of its network protection system.
Additional documentation recommendations
The Patient Monitoring Network documentation is in addition to hospital enterprise
network documentation. See Shared equipment and link data sheet example (63).
Documentation should include:
● List of shared network equipment and links and configurations
● List of additional network equipment and links and configurations
● Documentation of interconnections: spreadsheet and diagrams
● VLAN spanning tree root and backup root (if redundant)
● QoS scheme showing the Patient Monitoring Network with respect to hospital
VLANs
● Documentation of IP addresses used for Patient Monitoring Network

● Data path for each Patient Monitoring Network and VLANs sharing path with
● Current loading at trunk ports of shared network equipment for baseline purposes
Patient Monitoring Network management
The Patient Monitoring Network management should be part of the hospital network
management.
Management responsibility includes ensuring the network delivers the connectivity
and performance required by the applications running on the network.
GE recommends that the Patient Monitoring Network be commissioned by GE prior to
being used to ensure it meets monitoring product requirements.
Close to zero downtime
The equipment used for the Patient Monitoring Network has to be maintained with
a goal of zero downtime. Scheduled downtime due to changes or relocation of
equipment, etc., should be close to zero once monitoring is started.
As much as possible, hospital network expansion and maintenance should not cause
disruption of traffic on the Patient Monitoring Network.
Network changes policy
Additions and changes to the network equipment shared with the Patient Monitoring
Network should meet the applicable requirements specified in this guide.
Changes in Patient Monitoring Network and hospital traffic that goes through shared
equipment and changes in topology should meet applicable requirements specified
in this guide.
GE recommends following the responsibilities outlined in IEC 80001-1:2010 Application
of risk management for IT Networks incorporating medical devices. As part of a fully
risk-managed medical IT-Network, formal configuration and change management
policies are in effect, and include documentation of network changes as well as
verification of network functionality before go-live.
Changes to the network should initiate Risk management activities according to
hospital Risk policies.
Additionally, re-commissioning is recommended for areas of the network which carry
the Patient Monitoring Network VLANs for the following changes:
● Adding GE monitoring devices to existing edge/access switches
● Adding non-GE, bandwidth deterministic clients to existing edge/access switches
● Adding of an edge switch to an existing care area
● Network re-architecture to add capacity or modification of data flows
● New care area expansion
● Hardware upgrades to core switches
● Adding of new high priority VLANs (e.g., VoIP, video)
● Adding of new high priority devices

Checkout
3
Checkout introduction
The on-site checkout is specific to the Patient Monitoring VLANs on the hospital
infrastructure.
The requirements are marked as pass or fail in the checkout form.
If the recommendations pass the checkout, they are marked as implemented in the
checkout form. If the recommendations are not implemented, then are marked as
recommended in the checkout form.
Design phase checkout

These checkout procedures are performed during the design phase of the network.
Network infrasturcture design requirements

Network equipment and topology design checkout
1. Check the MC VLAN topology design to ensure shared switches form a flat network
that allows network client devices to receive broadcast messages from each other.
2. Check that the Telemetry (RX) VLAN does not share the hospital enterprise
network infrastructure.
Distribution switches design checkout
Perform the following.
1. If using inter-VLAN routing:
Check inter-VLAN routing is designed between the MC VLAN and the IX VLAN.
Connectivity of the MC and IX VLANs to hospital VLANs is limited by access control
list, as verified in the Router design checkout (38).
Examine the configuration of distribution switches and check that routing is
enabled between the MC VLAN and IX VLAN using different methods that include:
● Defining the MC VLAN interface and IX VLAN interface for inter-VLAN routing
(preferred method).
● Connecting the MC VLAN and IX VLAN via an external router.

Checkout
2. If NOT using inter-VLAN routing:

Check that the distribution switches are configured to deny data from flowing in
and out of the MC VLAN, except for permitted third-party device connectivity.
Examine the configuration of distribution switches, and make sure that no MC
VLAN interface and connection to router ports are defined. If there are, they
should be protected and controlled.
Router design checkout
The router can be implemented using the multi-layer Distribution switches or a
separate router device. This test applies to both implementations.
1. Check that the router is configured to permit only the data flow needed by GE
monitoring devices that are clients in the MC or IX network. Refer to the GE product
documentation (e.g., CARESCAPE Network Router Supported Service Supplement
or the appropriate product documentation) for product services data flow.
2. Determine the different GE products that will be in the MC and IX VLANs. For each
product, check to ensure that the services data flow described in the product
documentation is allowed in the configuration. All other data flows to the MC
and IX VLANs are denied.
Network infrastructure design recommendations

Network equipment and topology design recommendations checkout
WARNING LOSS OF MONITORING — The network design should provide
resources for the Patient Monitoring Network clients;
bandwidth, equipment CPU and memory should be available,
not only during normal network activity, but also during
periods of traffic bursts, compromised states of network and
presence of unplanned traffic.
1. Check that the network devices are qualified by GE or the hospital. Refer to the
Patient Monitoring Network Approved Equipment List for a list of equipments.
2. Check that the switches used as access switches, distribution and aggregator
switches for Patient Monitoring Network are qualified for those roles. Refer to the
Patient Monitoring Network Approved Equipment List.
3. Check redundancy on switches that are approved for use in redundant
configuration only. Refer to the Patient Monitoring Network Approved Equipment
List for redundancy requirements on GE qualified equipment.
4. Check that the roles & limitations of the network equipment are implementation
appropriately. For details of the defined roles & limitations, refer to the Patient
Monitoring Network Approved Equipment List.
5. Check if there is a loop prevention mechanism in the network design.
6. Check if no two access ports are directly connected.

Checkout
7. If spanning tree protocol (STP) is used to prevent loops, check the shared
distribution switches are the root and backup root (for redundant configuration) of
the STP for the Patient Monitoring Network.
The shared distribution switch designated as the root should be assigned the
lowest numeric STP priority for the Patient Monitoring VLAN. The backup root is
assigned the second lowest numeric priority.
8. Check that a redundant topology is implemented.
9. Check that the Patient Monitoring Network extend only to the sections of hospital
network servicing areas with patient monitoring devices.
10. Check that no more than 48 access ports per switch are assigned to the MC VLAN.
Access switches design recommendations checkout
1. Check that hospital devices sharing access switches with GE patient monitoring
devices have known average port bandwidth utilization:
The bandwidth referred to here is the theoretical bandwidth calculated or
historically known for a device, versus the actual bandwidth reading on the
access switch.
2. Check that, the sum of uplink bandwidth usage in the Patient Monitoring Network
is less than or equal to 80% of uplink bandwidth of 1 Gigabit per second, 40% of
uplink bandwidth of 100 Mbps or lower. The limit applies separately for input
and output in a full duplex link.
Estimate input and output bandwidth for shared uplink on each shared access
switch.
3. Check that shared access switches shall receive user traffic on its uplink only
on VLANs of its client devices.
Refer to Bandwidth calculations for GE monitoring devices (26) .
Data flow design recommendations checkout
1. Check that the data flow of the MC and IX VLANs are established in the design
phase and traffic bottlenecks are identified and resolved even before topology is
implemented.
QoS design recommendations checkout
1. Check that the hospital enterprise network’s priority scheme for QoS gives
preferential treatment to MC data according to the guidelines in this document.
2. Check that the hospital network assigns COS or DSCP priority to MC network and
IX network packets according to the priority order.
MC/IX Network application requirements checkout

1. Check that all MC Network client devices that want to communicate with each
other are in single Subnet. MC should have classful Subnet, if minimum of one
devices supporting only classful Subnet are on the network.
2. Check that all devices have a IP network address assigned for both MC network
and IX network. The assigned IP addresses on Both MC and IX should belong to
two different Subnet.

Checkout
3. Check that the number of network client devices planned to be on an MC network

follows the limit for the most limiting device. For MC network clients, refer to the
documentation shipped with the device. For legacy devices, refer to the specific
limits on Limit on number of MC Network client devices (19).
MC/IX Network application recommendations

1. Check that MC and IX IP addresses are private addresses and has no conflict with
point 3. If they are public addresses, check that the customer has the proper
authorization to use the addresses.
2. Check that MC Network and IX Network is not using same or overlapping IP
address range.
3. The following IP addresses are used internally by the CARESCAPE Monitors B850,
B650, B450 monitors. These IP Subnets or IP Supernets to which overlap with the
below listed IP address below are restricted from being used on the network:
● 192.168.249.0/24
● 192.168.250.0/24
● 192.168.251.0/24
● 192.168.252.0/24
● 192.168.253.0/24
● 192.168.254.0/24
4. Check if network has a device that can operating only in classful network. If yes,
check that MC network uses classful IP addressing and IX uses a different classful
IP addressing. The IX network may use subnets if it does not have a Solar 9500 or
some other IX device that does not recognize subnets. Refer to product manuals
and the CARESCAPE Network Configuration Guide for more information.
The following products do not recognize subnet masks or do not support classless
subnetting on both MC and IX.
● DASH
● Solar
● Unity ID
● ATS or CTS
● CIC 5.X
Addition to above mentioned reference list of devices, it is recommended to refer
to the documentations shipped with the respective device to confirm if the device
is classful or classless.
5. Check that VLANs are defined for each functional group. This includes MC and IX
networks. RX network is not included.
Connecting hospital devices not related to patient monitoring to the MC VLAN
is not recommended.

Checkout
6. Check QoS is configured.

● Check that client devices that put DSCP markings on the packets are attached
to access switch ports that use the incoming packet DSCP marking. These
ports have a default CoS of 0.
● Check that client devices that do not apply DSCP markings are attached to
ports that apply priority markings on incoming packets. The access port is the
closest device to mark packets from the source.
● Check that MC, IX and other data are assigned the correct priorities. See
Quality of Service (QoS) (30) .
● Check that unused ports have a default CoS of 0.
● Check that CoS to DSCP mappings and vice versa are consistent within the
MC and IX Networks.
● Check that QoS is configured to assure enough bandwidth to meet estimated
usage on MC and IX VLANs in an enterprise VLAN implementation.
Documentation recommendations checkout

Check that the design documents in the list exist.
● Documentation of equipment list
● Documentation of interconnection and topology
● Documentation of closet with racks and equipment
● Documentation of equipment configuration
● Documentation of cable run and cable certification
● Documentation of IP addresses used for MC and IX VLANs
Check additional documentation for enterprise VLAN implementation.
● List of shared hospital network equipment and links and configurations.
● List of additional network equipment and links and configurations.
● Spreadsheet and diagrams showing the designed data path for MC and IX VLANs
and hospital VLANs sharing the path.
● Documentation for loop prevention including spanning tree root if the spanning
tree protocol is deployed.
● QoS scheme showing MC and IX VLAN traffic priorities with respect to hospital
VLAN priorities.
● Current loading at trunk ports of shared network equipment.
Installation phase checkout

These on-site checkout procedures are performed during the installation phase of
the network.

Checkout
Installation recommendations
Cable installation recommendations checkout
1. Check that cables used are:
● Category 5e or higher for speeds of 10, 100, or 1000 Mbps and at least 6 or 6A
for a speed of 10 Gbps.
● 62.5/125 micron or 50/125 micron multi-mode fiber, or single mode fiber for
uplinks, whenever there is possible EMI or other environmental interference.
This can be based on data furnished by the installer or site IT department.
2. Check cabling meets applicable standards based on cable type defined in
ANSI/EIA/TIA -568-B1-2001, 568-B2-2001 and 568-B3-2001. This can be checked
based on data provided by the installer or site IT department.
3. Check that fiber runs are tested and certified in accordance to
ANSI/TIA/EIA-526-14A. This can be checked based on testing performed by the
installer or other qualified individuals. A copy of the certification record is kept as
part of the network documentation.
4. Check that the network cables are identified as Patient Monitoring Network. The
segregated CARESCAPE Network may use color coding instead of warning labels
to identify cables used exclusively for the Patient Monitoring Network.
5. Check that wall jacks are clearly labeled or marked to differentiate them from
wall jacks of other networks.
Network equipment installation recommendations checkout
1. Check that the network equipment is in an area with restricted access.
2. Check that the network equipment is connected to UPS.
3. Check that there is a backup power supply (e.g., emergency power system)
available in case of power outage. If not, check that the use of backup power
was recommended to the customer.
4. Check that N+1 network equipment is installed per closet.

Checkout
5. Check that the network equipment environment meets the equipment operating
requirements. The following are the requirements for GE qualified equipment:
● Operating ambient temperature range is between +0 °C to +35 °C (32 °F to
95 °F)
● Storage ambient temperature range is between -25 ºC to +70 ºC (-13 ºF to
+158 ºF)
● Atmosphere up to 85% relative humidity
Normal office environment meets network equipment operating requirements.
6. Check that the network equipment has the appropriate Warning label.
7. Check that the network equipment power cord has the appropriate Warning label.
Installation commissioning checkout

1. Check that the network equipment “running configuration” and the “documented
configuration” are the same.
Display network equipment “running configuration” and compare to the
documented configuration. If they are not the same, then update either the
running configuration or the documentation, whichever is the latest.
2. Check configurable network equipment is password protected.
3. Check that configurable network equipment displays a warning message to
indicate it is used for patient monitoring.
4. Check that the network equipment is interconnected per the topology diagram
or spreadsheet of the design.
● Observe the link light for indication of link up or down. If the port is connected
to a device the link light should be on.
OR
● Display interface status on the network equipment.
Installed network infrastructure checkout

These on-site checkout procedures are for the installed network infrastructure.
Data link (Layer 2) commissioning checkout

1. For the network that uses spanning tree protocol, perform the following tests to
determine the data path. Otherwise, use the procedures and data applicable
to the chosen loop prevention protocol to determine the data path. Check MC
network data path is as designed:
● On each access switch where MC VLAN is defined, query the switch for the
Spanning Tree root switch, root port and blocked ports for MC VLAN.
● Query the distribution switch for the Spanning Tree root switch for MC and the
ports that are forwarding MC data.
● Use the collected information to draw a diagram of the MC packet data path
from each access switch to the distribution switch, by following the root port to
the root switch.

Checkout
2. Check the MC network data path does not form a loop.

● On the MC data path diagram drawn (See step 1), mark the blocked port(s)
on each switch.
● Any loop on the data path diagram should be broken by a blocked port.
3. On a redundant topology, check that the MC data takes a designed alternate
path in case of link failure. In most cases, the MC alternate path is the IX path.
Repeat this procedure on all shared access switches with more than two paths
to distribution switch:
● Disconnect the active link.
● Find the new root port and the blocked ports for MC VLAN.
● Draw the alternate path diagram, recording the link, new path and blocked link.
● Restore connection of disconnected link.
4. Repeat steps 1 to 3 for the IX VLAN and create a data path diagram for the IX
network.
5. Check that only allowed hospital VLANs share data path with MC network.
● On each shared access switch where MC VLAN is defined, query the switch for
the hospital VLANs that share a root switch and root port with MC. Make sure
that these VLANs are allowed to share links with MC.
● Record on the data path diagram which hospital VLANs are sharing a data
path with MC network.
IP connectivity requirements
IP connectivity requirements checkout description
The testing requires two computers used as client devices.
A computer can be a laptop, central station, server or network client device that is
configurable with an IP address and gateway and is able to ping.
IP connectivity requirements checkout procedure
1. Check IP connectivity on the administration network.
a. Configure a computer with an Administration VLAN IP address.
b. Connect to an Administration port.
c. Ping the IP addresses of all the switches from the computer.
d. If the pings are successful, pass the test.
2. Check the IP connectivity on the MC network.
a. Configure two computers with MC IP addresses.
b. Connect the computers to MC ports of different access switches.
c. Check the computers are able to ping each other.
d. Test other access switches by moving the computers to different access
switches and repeat ping.
e. If the pings are successful, pass the test.

Checkout
3. Check the IP connectivity on the IX network.

a. Configure two computers with IX IP addresses.
b. Connect the computers to IX ports of different access switches.
c. Check to confirm the computers are able to ping each other.
d. Test other access switches by moving the computers to different access
switches and repeat ping.
e. If the pings are successful, pass the test.
4. No Inter-VLAN design test: Check there is no IP connectivity between MC VLAN
and other networks, unless allowed by design.
a. Configure two computers, one with MC IP address and gateway, and the other
with IX IP address and gateway.
b. Connect the computers to corresponding VLAN ports at different access
switches.
c. Check to confirm the computers are NOT able to ping each other.
d. Configure two computers, one with MC IP address and gateway, and the other
with hospital IP address and gateway.
e. Connect the computers to corresponding VLAN ports at different access
switches.
f. Check to confirm the computers are NOT able to ping each other.
g. If all pings are unsuccessful, pass this checkout.
5. Inter-VLAN design test: Check IP connectivity between MC VLAN and IX VLAN.
a. Configure two computers, one with IX IP address and gateway, and the other
with MC IP address and gateway.
b. Connect the computers to corresponding VLAN ports at different access
switches.
c. Check to confirm the computers are able to ping each other.
6. Inter-VLAN design test: If routing to the hospital is enabled, check IP connectivity
between MC VLAN and hospital VLAN.
a. Configure two computers, one with MC IP address and gateway, and the other
with hospital IP address and gateway. Select addresses that are permitted to
send pings to each another.
b. Connect the computers to corresponding network ports at different access
switches.
d. Next, use one computer to send a communication that is not permitted by the
network (e.g., telnet), to the other computer.
e. Check that the computer communication fails.
f. If all tests are successful, pass this checkout.

Checkout
7. If routing to the hospital is enabled, check the IP controlled connectivity between

IX VLAN and hospital VLAN.
a. Configure two computers, one with IX IP address and gateway and the other
with hospital IP address and gateway. Select addresses that are permitted to
send pings to each another.
b. Connect the computers to corresponding network ports at different access
switches.
d. Next, use one computer to send a communication that is not permitted by the
network (e.g., telnet), to the other computer.
e. Check that the computer communication fails.
MC/IX application commissioning

MC application commissioning checkout description
These procedures verify that client devices on the MC network have the required IP
connectivity across the network. It requires at least two bedside monitors (bedside-1
and bedside-2) and one central station on the MC network and I/O simulators.
MC application commissioning checkout procedures

1. Check that the bedside-1 is able to view bedside-2.
2. Check that the central station is able to view both monitors.
3. Check that the alarms, parameters and waveforms from bedside-2 show on the
central station and bedside-1.
4. Move bedside-2 to different access switches. Repeat steps 1 through 3 for each
move.
IX application commissioning checkout description

These procedures confirms that client devices on the IX network have the required IP
connectivity across the network. It requires at least one GE bedside patient monitor
with I/O simulators on the MC network and either:
● Two central stations on both the MC and IX network
OR
● One central station and one printer on the IX network
IX application commissioning checkout procedure

Check central station is able to print to a printer on IX network.
OR
1. Configure central station-1 to collect full disclosure data from a bedside monitor.
2. Check that central station-2 is able to display full disclosure, which comes from
central station-1 over IX network.

Checkout
Routed connectivity checkout description

These procedures check that client devices on the IX and MC networks have the
required IP connectivity to the hospital network. Required equipment is based on the
GE client devices that are on the network and their communication partner on the
hospital network. Consult GE product documentation for product services data flow
(e.g., CARESCAPE Network Router Supported Service Supplement or the appropriate
product documentation).
Routed connectivity checkout procedure

1. Determine the different GE products that will be in the MC and IX VLANs.
2. For each product, check that the services data flows that apply to this site are
allowed. All other data flows to the MC and IX VLANs are denied.
Testing of selected data flow needs to be carried out through inspection during
design phase.
Performance and reliability requirements

description
This test measures latency and packet loss of UPD/IP packets to check they meet
MC/IX application requirements of less than 250 msec packet latency and less than 5
packet drop per million packets sent. Use a traffic generator tool to generate packets
and measure latency and packet loss of UDP/IP conversation between two nodes
called endpoints; endpoint-1 generates 1.65 Mbps traffic directed to endpoint-2 that
simulates a central station receiving data at full load.

procedure
1. Check that latency on the MC network for UDP/IP packet with priority of CoS 2 or 3
is less than 250 msec and the packet drop is less than or equal to 5 per 1,000,000
packets sent.
Select endpoint locations connected by the longest and/or most congested path
on the network. Generate 1.65 Mbps, 970 byte size UDP/IP packets with CoS 2
marking on the MC network from endpoint-1 to endpoint-2. Run the test long
enough so there are at least 1,000,000 packets sent by endpoint-1. Measure
latency and packet loss.
2. If an access switch has a redundant connection to the distribution switch, then
repeat step 1 with the primary link taken down.

Checkout
High priority VLANs

High priority VLANs checkout description
Check that high priority VLANs, such as voice and streaming video that share a link
and access switch with MC VLAN, are allocated a limited amount of bandwidth and
do not interfere with MC VLAN.
If there are no high bandwidth VLANs with higher priority than MC VLAN, this test
is not applicable.
High priority VLANs checkout procedure

1. Check that voice traffic above the allocated bandwidth is dropped and that there
is no increased drop or delay in the MC traffic. Create 2 traffic pairs that are run
simultaneously.
a. Generate 1.65 Mbps, 970 byte size UDP/IP packets on the MC network from
endpoint-1 to endpoint-2, simulating the addition of 1 central station at the
endpoint-2 location. Run this test until at least 1 million packets are sent.
Measure the latency and packet loss.
MC traffic is assigned priority markings of COS2 at the switch port.
b. Start a Voice over IP (VoIP) conversation at a rate 0.5 Mbps higher than
allocated for voice from endpoint-1 to endpoint-2. Assign the voice traffic the
priority COS marking for voice as determined by the hospital; this could be
performed at the switch port.
If there is communication on the network that could be affected by this test,
assign a temporary low limit of 1 Mbps for VoIP at the uplink of the switch
where endpoint-1 (sender) is connected. Determine latency and packet loss.
Do not forget to restore the original VoIP limit of the switch uplink.
2. Check that when streaming video traffic goes beyond its allocated bandwidth, it is
dropped and there is no drop or delay in the MC traffic.
The procedure is similar to the previous step, except the conversation between
endpoints 1 and 2 is a streaming video with COS marking determined by the
hospital enterprise network.
Do not forget to restore the original VoIP and video limits on the switch uplink.
Network management recommendations

NTP checkout
Check network services are operational, specifically NTP. Check network equipment
time is synchronized using NTP.
1. Query network equipment for its time and its NTP time master.
2. Compare equipment time to that of time master.
3. Check that network equipment time is similar to the time master time.

Checkout
SNMP checkout
Check SNMP monitoring of the network, in particular the status of a chassis-based
switch, its component modules and its trunk ports.
Protection checkout
Check that the hospital network has some form of protection from viruses, as well as
denial of service for attacks and intrusions.
Process checkout
Check that the hospital has a documented process to coordinate implementation of
changes to the Patient Monitoring Network among the parties affected, including
biomedical and clinical staff.
Commissioning checkout
Check that it was recommended that GE perform commissioning of the Patient
Monitoring Network prior to using the network after installation or upgrade.
Resource utilization recommendation and

baselining checkout
This check out process is performed on an operational network over a period of
24 hours. It checks that bandwidth and the distribution switch resource utilization
recommendations are followed. At the same time, baseline measurements of major
trunk ports are taken to be used for comparison to future measurements.
Distribution switch resources checkout

1. Use a verified network monitoring tool to measure network resource utilization
(bandwidth, CPU, memory) over a period of 24 hours. Check that average
utilization in the 24 hour period does not exceed the limit and the limit is not
continuously exceeded over a 15 minute period.
2. Check that distribution switches do not exceed 80% average CPU utilization.
3. Check that distribution switches do not exceed 80% average memory utilization.
4. Check that the link between redundant distribution switches does not exceed
80% average utilization.
5. Check that distribution switches do not exceed 80% average port bandwidth
utilization on failure condition when links take additional load from failed links.
Keep a record on distribution switch CPU utilization and memory utilization.
Access switch resources checkout

Check that the uplink of a shared access switch does not exceed 80% average
utilization on a 1 Gbps link or higher or 40% average on 100 Mbps link or lower.
Use a verified network monitoring tool to measure bandwidth utilization over a period
of 24 hours. Check that the average utilization in the 24 hour period does not exceed
the limit and the limit is not continuously exceeded over a 15 minute period.

Checkout
Customer responsibility checkout

Check that the customer understands and accepts the following maintenance
responsibilities.
1. The customer is responsible for management of the Patient Monitoring Network.
2. The Patient Monitoring Network should be maintained with the goal of close to
zero downtime.
3. Changes to the Patient Monitoring Network should be done according to
the hospital risk management policy and may require an update to the risk
management file.
4. Additions and changes to the network equipment shared with the Patient
Monitoring Network shall meet all requirements in this document.
5. Increase in the Patient Monitoring Network and hospital network traffic that goes
through shared equipment and changes in topology shall meet the requirements
in this document.
6. After changes are made, the Patient Monitoring Network should be re-tested at
the site for basic connectivity, functionality, and performance. This ensures that
old functions still work as well as new ones.
7. Whenever changes are made, the Patient Monitoring Network documentation
should be updated.
8. The hospital IT department should log configuration changes in the Patient
Monitoring Network switches and routers.

Definitions
A
Acronym definitions
Acronym Definition
AAMI American Association for the Advancement
of Medical Instrumentation
ACL Access Control List
AGS Aware Gateway Server
ANSI American National Standards Institute
ARP Address Resolution Protocol
ATS ApexPro Telemetry Server
BDPU Bridge Protocol Data Unit
CTS CARESCAPE Telemetry Server
CNI CARESCAPE Network Infrastructure
CoS Class of Service
DSCP Differentiated Services Code Point
DHCP Dynamic Host Configuration Protocol
EIA Electronic Industries Alliance
HSDI High Speed Data Interface
HSRP Hot Standby Router Protocol
IOS Internetwork Operating System
IP Internet Protocol
IX Information Exchange
Kbps Kilobits per second
LAN Local Area Network
MAC Media Access Control
Mbps Megabits per second
MC Mission Critical
msec millisecond
ND & I Network Design and Integration team

Definitions
NETBIOS Network Basic Input Output System

NTFS NT File System
NTP Network Time Protocol
OSPF Open Shortest Path First
PDS Patient Data Server
PV Patient Viewer
QoS Quality of Service
RIP Routing Information Protocol
RX real-time, unprocessed telemetry data
SNMP Simple Network Management Protocol
STP Spanning Tree Protocol
TACACS Terminal Access Controller Access Control
System
TFTP Trivial File Transfer Protocol
TIA Telecommunications Industry Association
UDP User Datagram Protocol
UTP Unshielded Twisted Pair
VLAN Virtual Local Area Network
VOIP Voice over IP
VRRP Virtual Redundant Router Protocol
WAN Wide Area Network
Wi-Fi Wireless Fidelity
Term definitions
Term Definition
Access switches Switches with ports that connect to edge
devices.
CARESCAPE Network The network infrastructure designed and
commissioned by GE to host GE patient
monitoring devices.
CARESCAPE Network protocol The application layer protocol that defines
the rules of communication among
CARESCAPE Network patient monitors,
central stations, data servers and other
supporting devices.
Central Station CIC Pro Clinical Information Center and/or
CARESCAPE Central Station
Data link Layer two of the seven layer OSI network
model.
Distribution switches (DS) Switches with mostly trunk ports that
connect to access switches.

Definitions
Term Definition
Edge devices PCs, medical devices, servers, etc., connected
to the network.
Information exchange (IX) Non-real-time clinical data.
IX Network The network for non-real-time, information
exchange data.
Jitter Variation in latency.
Latency Time it takes for a packet to travel from
source to destination.
MC Network The network for real-time mission critical
data.
Mission critical (MC) Real-time patient data.
Quality of Service (QoS) The preferential delivery of data based
on priority markings.
Shared links Hospital network links that carry Patient
Monitoring Network traffic.
Shared switches Hospital switches that allow Patient
Monitoring Network in their trunk ports to
have ports belonging to Patient Monitoring
Network.
Inter-VLAN devices Monitoring devices that only need an
interface to the MC network to send
messages to MC, IX and hospital networks.
Unity Network The Unity Network has been renamed to
the CARESCAPE Network. Not all references
to the Unity Network will be changed
immediately; Unity may appear in some
places and CARESCAPE in others. It is
important to understand that while the
CARESCAPE Network replaces the Unity
Network name, they refer to the same GE
monitoring network.

Definitions

Checkout form
B
Patient Monitoring Network checkout form
This form should be complete during the installation and inspection of Patient
Monitoring Network. See Chapter 3 (37).
General information
Site: ________________________________________________________________
Date: _______________________________________________________________
GE Representative: _____________________________________________________
Site Representative: _____________________________________________________
Design phase test results

Network infrastructure design requirements
Category Test description Numerical Pass/
results (if Fail
applicable)
Network equipment and Flat network
topology
RX VLAN does not share hospital
infrastructure
Distribution switches for Limited access to MC VLAN and IX VLAN
inter-VLAN routing from hospital VLANs
Routing is enabled between MC VLAN
and IX VLAN
Distribution switches for MC VLAN on selected links only
NO inter-VLAN routing
Limited access to MC VLAN from hospital
VLANs
Router Permits only the data flow needed by GE
monitoring devices that are clients in MC
or IX network
Services data flow described in product
documentation is allowed for each
product

Checkout form
Network infrastructure design recommendations

Category Test description Numerical Recommended/
results (if Implemented
applicable)
Network equipment and Qualified devices
topology
Switches qualified for the roles
Redundancy, if applicable on switch
Limitations are followed
Loop prevention in design
Root and backup root for spanning tree
Two access interfaces on the switches
in same or different VLAN should not be
cross-connected
Shared links fit into topology design
Patient Monitoring Network limited to
areas with patient monitoring devices
Limit of 48 access ports for MC VLAN
Access switches Low average port bandwidth utilization
Uplink bandwidth less than or equal to
80% for 1 Gb, 40% for 100 Mbps or lower
Limited hospital VLANs defined
Data Flow Data flow is established
QoS Priority scheme gives MC data
preferential treatment
Hospital network assigns a COS or DSCP
to MC and IX network packets
MC/IX Network application requirements

results (if Fail
applicable)
MC/IX Network application MC devices should be in a single subnet
MC and IX are in separate subnets
Limit on number of client devices

Checkout form
MC/IX Network application recommendations

applicable)
MC/IX Network application MC and IX have private IP addresses,
isolated network exempt
If public IP addresses, proper
authorization, isolated network
exempt
Restricted IPs mentioned should not be
used in the network
Functional group VLANs defined (shared
network only)
QoS (for shared network only) - use
application DSCP marking when present
QoS (for shared network only) - apply
CoS marking, if none applied, at port
closest to source
QoS (for shared network only) - correct
priorities assigned
QoS (for shared network only) - default
CoS marking is 0
QoS (for shared network only) -
consistent CoS to DSCP mappings
QoS (for shared network only) -
configured to assure enough bandwidth
Documentation recommendations
applicable)
Documentation Equipment list
Interconnection and topology
documented
Closet with racks and equipment
documented
Equipment configuration
Cable run and cable certification
IP addressing

Checkout form

applicable)
Additional documentation List of shared equipment, links and
for enterprise VLAN configurations
implementation
List of additional equipment, links and
configurations
Interconnections
Loop prevention including spanning
tree, if used
QoS scheme
Baseline data - load
Installation phase test results

Installation recommendations
applicable)
Cables Appropriate cables used
Termination requirements
Fiber runs tested and certified
Cable warning labels
Wall jack warning labels
Network equipment Secure locked closet
Connected to UPS
Backup power supply
N+1 network equipment
Environmental requirements
Equipment warning labels
Power cord warning labels
Installation commissioning
results (if Fail
applicable)
Installation commissioning Installed configuration is the same as
documentation
Configurable network equipment is
password protected

Checkout form

results (if Fail
applicable)
Configurable network equipment
displays banner indicating used for
patient monitoring
Interconnected as specified
Installed network infrastructure test results

Data link (layer 2) commissioning
results (if Fail
applicable)
Data Link MC data path is as designed
MC data path does not loop
Alternate MC path for redundant
topology
IX data path is as designed
IX data path does not loop
Alternate IX path for redundant
topology
Shared with allowed hospital VLANs
IP connectivity requirements
Results (if Fail
applicable)
IP connectivity IP connectivity on Administrator
network
IP connectivity on MC network
IP connectivity on IX network
IP controlled connectivity between IX
VLAN and hospital VLAN
IP connectivity for no No IP connectivity between MC VLAN
Inter-VLAN design and other networks
IP connectivity for IP connectivity between MC VLAN and
Inter-VLAN design IX VLAN
IP connectivity between MC VLAN and
hospital VLAN

Checkout form
MC/IX application test results

MC/IX application commissioning
Category Test Description Numerical Pass/
Results (if Fail
applicable)
MC Bedside1 can view bedside 2
central station can view both bedsides
Alarms, parameters and waveforms
IX Full disclosure collection
Full disclosure retrieval or network
printing
Routed connectivity Services data flows that apply to this
site are allowed
Performance and reliability test results

Performance and reliability requirements
results Fail
(applicable)
MC performance and MC Latency
reliability
MC Packet Loss
MC Latency with primary link down
High priority VLANs

results (if Fail
applicable)
High priority VLANs Limited voice traffic
Limited video traffic
Network management checkout results

Network management recommendations
applicable)
NTP Network equipment time is similar to
NTP time master time
SNMP SNMP monitoring of network, especially
chassis-based switches, its component
modules and trunks

Checkout form

applicable)
Protection Virus
Denial of service
Intrusion
Process Process to coordinate maintenance
activities
Commissioning Recommended for GE commissioning
before using the Patient Monitoring
Network
Resource utilization test results

Resource utilization recommendations and baselining
results Implemented
(applicable)
Distribution switch (DS) Less than or equal to 80% average CPU
resource utilization
Less than or equal to 80% average
memory utilization
Link between DS less than or equal to
80% average bandwidth utilization
Access switch resources Less than or equal to 80% average
utilization for a 1 Gbps link or 40%
average for 100 Mbps link or lower
Customer responsibility test results

Customer responsibility
results Implemented
(applicable)
Customer responsibility Customer is responsible for Patient
Monitoring Network management
Close to zero downtime
Risk assessment according to hospital
policy
Changes in equipment meet
requirements
Traffic and topology changes meet
requirements
Insection after changes implemented

Checkout form

results Implemented
(applicable)
Documentation of changes
Configuration changes logged
All testing and results are subject to the terms and conditions set forth in the
agreement between the parties with respect to these services.
● Completion of the above tests with passing results confirms that Patient Monitoring
Network, as currently configured, is suitable for carrying Patient Monitoring
Network traffic.
● The testing performed, as specified in this document, does not constitute a
guarantee of Patient Monitoring Network, the equipment on the network, the
network itself, or the performance of the network. The hospital understands
and agrees that many factors can affect both the equipment, as well as the
performance of the network.
● The hospital understands and agrees that the confirmation is for the Patient
Monitoring Network configuration and usage at the time of the test, and does not
guarantee future performance of Patient Monitoring Network. Among other things,
changes to the configuration of Patient Monitoring Network or additional traffic
volume could negatively impact the performance of Patient Monitoring Network,
possibly resulting in lost data.
● The hospital understands and agrees that it is responsible for the risk and function
of the Patient Monitoring Network and is responsible for the maintenance of the
Patient Monitoring Network configuration, the equipment on the network and
the network itself.
● The hospital understands the risk in exceeding the 48 port limit for MC in a single
network device and agrees to have a mitigation plan in case it exceeds the limit
and there is a loss of the network device.
Signatures
GE representative:_____________________________________________________
Site representative:_____________________________________________________

Shared equipment and link data
C
sheet example
Shared equipment and link data sheet example

This is provided as only an example.
Closet
The following information should be provided for each closet that has network
equipment used for Patient Monitoring Network data traffic.
Hospital: ____________________________________________________________
Address: ____________________________________________________________
Location (building/floor/closet): ___________________________________________
Admin VLAN: ________________________________________________________
Admin Subnet: _______________________________________________________
Equipment Model Number of ports Shared with Admin
type/name Patient Monitoring
Network?
Switch205 Cisco 2960 24 10/100 BaseTx Yes
2 1000Base Sx
Switch209 Cisco 2950 24 10/100 BaseTx No
2 1000Base Fx
... ... ... ...
Access switch
The following information should be provided for each shared access switch or
additional switches for Patient Monitoring Network.
Hospital: ____________________________________________________________
Address: ____________________________________________________________
Location (building/floor/closet): _________________________________________
Switch:
● Model: __________________________________________________________

● Name: ___________________________________________________________
● Admin VLAN: ____________________________________________________
● Admin IP: ________________________________________________________
Access ports
Switch port Hospital VLAN(s) QoS,DSCP/CoS1Bandwidth Bandwidth Bandwidth
device avg/max avg/max (broadcast/
(current or (ingress) (egress) multicast)
planned)
Hospital
device
Hospital
device
...
Switch port Patient VLAN(s) QoS, Bandwidth Bandwidth Bandwidth

Monitoring DSCP/CoS2 avg/max avg/max (broadcast/
Network (ingress) (egress) multicast)
client device
(current or
planned)
CARESCAPE
Network MC -
central
station
CARESCAPE
Network MC -
DASH
...
Trunk ports
Switch port VLAN(s) Device to QoS setting Bandwidth Bandwidth Bandwidth
which trunk (trust or avg/max avg/max (broadcast/
is connected assign CoS)3 (ingress) (egress) multicast)
24 AP1
24 Switch 205
... ...
1. DSCP or CoS markings of packets, marked by an application or by a switch port.

2. DSCP or CoS markings of packets, marked by an application or by a switch port.
3. QoS setting of trunk port with respect to CoS or DSCP.

VLANs
VLAN Subnet STP Root STP Root Port5 Bandwidth Bandwidth
Switch4 (broadcast)6 (multicast)7
Distribution switch
The following information should be provided for each shared distribution switch.
Switch model: ________________________________________________________
Name: ______________________________________________________________
Admin IP: ___________________________________________________________
CPU Utilization: ______________________________________________________
Memory Utilization: ___________________________________________________
Trunks
Switch port VLAN(s) Device QoS setting8 Bandwidth Bandwidth Bandwidth
connected avg/max avg/max (broadcast/
(ingress) (egress) multicast)
1 Switch 101
2 Switch 205
... ...
4. Spanning tree root switch and root port.

6. Broadcast/multicast coming from the VLAN, calculated or measured.
8.
QoS setting could be trust or assign new CoS.

VLANs
VLAN Subnet STP Root STP Root Port10 Bandwidth Bandwidth
Switch9 (broadcast)11 (multicast)12
Switch configurations (copy output from the switches)
Hospital network topology diagram (big picture)


Hospital network topology diagram showing Patient

Monitoring Network data path


content
GE Medical Systems GE Medical Systems
Information Technologies, Inc. Information Technologies GmbH
8200 West Tower Avenue Munzingerstrasse 5
Milwaukee WI 53223 USA 79111 Freiburg
Tel: + 1 414 355 5000 Germany
1 800 558 5120 (US only) Tel: + 49 761 45 43 - 0
GE Medical Systems Information Technologies, Inc., a General Electric Company, doing business as GE
Healthcare.
www.gehealthcare.com

2000716-013E Patient Monitoring Network Configuration Guide

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

2000716-013E Patient Monitoring Network Configuration Guide

Hochgeladen von

Copyright:

Verfügbare Formate

Patient Monitoring Network

Patient Monitoring Network

2 Patient Monitoring Network 2000716-013E

2000716-013E Patient Monitoring Network 3

4 Patient Monitoring Network 2000716-013E

2000716-013E Patient Monitoring Network 5

2000716-013E Patient Monitoring Network 7

8 Patient Monitoring Network 2000716-013E

● Provide consultation services during initial configuration and verification per

WARNING LOSS OF MONITORING — The Patient Monitoring Network

WARNING LOSS OF MONITORING — Do NOT allow non-patient

WARNING ELECTRIC SHOCK — To avoid electric shock, the network

2000716-013E Patient Monitoring Network 9

WARNING LOSS OF MONITORING — Labeling prevents mishandling and

WARNING LOSS OF MONITORING — Equipment used for network

WARNING LOSS OF MONITORING — The network should implement a

WARNING LOSS OF MONITORING — All VLANs on the network should

WARNING LOSS OF MONITORING — Two access interfaces on switches in

CAUTION RESTRICTED SALE — U.S. Federal law restricts this device to

10 Patient Monitoring Network 2000716-013E

NOTE The Unity Network has been renamed to the CARESCAPE

European authorized representative.

2000716-013E Patient Monitoring Network 11

12 Patient Monitoring Network 2000716-013E

2000716-013E Patient Monitoring Network 13

14 Patient Monitoring Network 2000716-013E

Challenges for Patient Monitoring Network as

2000716-013E Patient Monitoring Network 15

Performance, reliability and security

16 Patient Monitoring Network 2000716-013E

● It is exposed to greater security risk because the hospital enterprise network

Patient Monitoring Network client requirements

2000716-013E Patient Monitoring Network 17

18 Patient Monitoring Network 2000716-013E

All addresses should be verified to be unique before installation.

Limit on number of CARESCAPE Network client devices

1. The wireless information is provided for comparison purposes only.

2000716-013E Patient Monitoring Network 19

Speed/duplex access port configuration

Bedrock RX Auto-negotiate 100 Mbps/Full Auto-negotiate

20 Patient Monitoring Network 2000716-013E

Bedside patient monitors

QoS access port configuration

2000716-013E Patient Monitoring Network 21

The wireless information is provided for comparison purposes only.

NOTE Please refer to Wireless LAN Network Configuration Guide for

Patient Monitoring Network recommendations

22 Patient Monitoring Network 2000716-013E

● System not used as intended

Causes considered include the following:

Equipment and topology

2000716-013E Patient Monitoring Network 23

●Risk mitigations, for example:

￭ Access control lists

● Country safety, emission standards and language requirements, for example:

Qualified network equipment risk analysis

￭ Access, such as SSH, Telnet

● Functional capability and performance, for example:

￭ Spanning tree (Multiple Spanning Tree)

￭ Packet priority marking, recognition and handling

￭ Access control lists

￭ Resource utilization (CPU, memory)

● Network topology, configuration testing, for example:

24 Patient Monitoring Network 2000716-013E