Beruflich Dokumente
Kultur Dokumente
Configuration Guide
Intellectual Property Statement
SHENZHEN MINDRAY BIO-MEDICAL ELECTRONICS CO., LTD. (hereinafter called
Mindray) owns the intellectual property rights to this Mindray product and this manual. This
manual may refer to information protected by copyrights or patents and does not convey any
license under the patent rights of Mindray, nor the rights of others.
©Copyright 2016-2018 Shenzhen Mindray Bio-Medical Electronics Co., Ltd. All rights
reserved
I
Manufacturer’s Responsibility
Contents of this manual are subject to changes without prior notice.
All information contained in this manual is believed to be correct. Mindray shall not be liable
for errors contained herein nor for incidental or consequential damages in connection with the
furnishing, performance, or use of this manual.
Mindray is responsible for safety, reliability and performance of this product only in the
condition that:
All installation operations, expansions, changes, modifications and repairs of this
product are conducted by Mindray authorized personnel; and
The electrical installation of the relevant room complies with the applicable national and
local requirements; and
This product is operated under strict observance of this manual
II
Warranty
THIS WARRANTY IS EXCLUSIVE AND IS IN LIEU OF ALL OTHER WARRANTIES,
EXPRESSED OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR ANY PARTICULAR PURPOSE.
Exemptions
Mindray's obligation or liability under this warranty does not include any transportation or
other charges or liability for direct, indirect or consequential damages or delay resulting from
the improper use or application of the product or the use of parts or accessories not approved
by Mindray or repairs by people other than Mindray authorized personnel.
III
Customer Service Department
Manufacturer: Shenzhen Mindray Bio-Medical Electronics Co., Ltd.
Address: Mindray Building,Keji 12th Road South,Hi-tech industrial
park,Nanshan,Shenzhen 518057,P.R.China
Website: www.mindray.com
E-mail Address: service@mindray.com
Tel: +86 755 81888998
Fax: +86 755 26582680
IV
Preface
Manual Purpose
This manual contains the instructions necessary to operate the product safely and in
accordance with its function and intended use. Observance of this manual is a prerequisite for
proper product performance and correct operation and ensures patient and operator safety.
This manual is based on the maximum configuration and therefore some contents may not
apply to your product. Features described in this manual cover a global release and may not
be applicable in the all markets the product is sold in. If you have any question, please
contact us.
Intended Audience
This manual is geared for clinical professionals who are expected to have a working
knowledge of medical procedures, practices and terminology as required for monitoring of
critically ill patients.
Illustrations
All illustrations in this manual serve as examples only. They may not necessarily reflect the
setup or data displayed on your patient monitor.
Conventions
Italic text is used in this manual to quote the referenced chapters or sections.
The terms danger, warning, and caution are used throughout this manual to point out
hazards and to designate a degree or level or seriousness.
V
FOR YOUR NOTES
VI
Contents
Intellectual Property Statement ............................................................................................. I
Preface ..................................................................................................................................... V
Contents ................................................................................................................................... 1
1
4.2.4 Assign privilege to user ...................................................................................... 4-8
4.3 Basic function of the MLDAP Server ............................................................................. 4-8
4.3.1 Login .................................................................................................................. 4-8
4.3.2 Add LDAP Server .............................................................................................. 4-8
4.3.3 Test the LDAP Server ......................................................................................... 4-8
4.3.4 Delete the LDAP Server ................................................................................... 4-10
4.3.5 Add Facility and Department ............................................................................4-11
4.3.6 Delete Facility and department ........................................................................ 4-12
4.3.7 Add Role .......................................................................................................... 4-13
4.3.8 Delete Role ....................................................................................................... 4-14
4.3.9 Assign Operates for the Role............................................................................ 4-14
4.3.10 Import User from AD ..................................................................................... 4-14
4.3.11 Import User group from AD ........................................................................... 4-15
4.3.12 Add LD User .................................................................................................. 4-16
4.3.13 Assign Roles for User..................................................................................... 4-17
4.3.14 Delete User ..................................................................................................... 4-17
4.3.15 Map the Clinician ID to another property of the User in AD ......................... 4-18
4.3.16 Change Password ........................................................................................... 4-20
4.3.17 Reset Password............................................................................................... 4-20
4.3.18 Import Permission File ................................................................................... 4-22
4.4 Troubleshooting ............................................................................................................ 4-23
4.4.1 AD User account cannot login on MLDAP Client ........................................... 4-23
4.4.2 Error message is shown when trying to import user from AD: "Over Maximum
number of users" ....................................................................................................... 4-23
4.4.3 On the client, the authentication is unsuccessful .............................................. 4-23
2
1 Safety
1.1 Safety Information
DANGER
Indicates an imminent hazard situation that, if not avoided, will result in death
or serious injury.
WARNING
Indicates a potential hazard situation or unsafe practice that, if not avoided,
could result in death or serious injury.
CAUTION
Indicates a potential hazard or unsafe practice that, if not avoided, could result
in minor personal injury or product/property damage.
NOTE
Provides application tips or other useful information to ensure that you get the
most from your product.
1-1
1.2 Dangers
There are no dangers that refer to the product in general. Specific "Danger" statements may
be given in the respective sections of this manual.
1-2
2 Planning Your Deployment
2.1 Overview
The MLDAP Server is responsible for importing the User Information from Windows Active
Directory(AD) to the Mindray Monitoring System. It is also responsible for managing the
access privilege of User to Mindray devices.
Restrict dataflow between the Mindray Monitoring Network and the Hospital Network to
only what is required for MLDAP Server to operate:
The TCP ports listed in the following table shall be allowed for MLDAP Server.
2-1
port used by MLDAP Service, it is
configurable in the MLDAP
Service configuration file.
TCP Any 389 MLDAP Server connect to the 389
port of Windows AD using
Kerberos
TCP Any 636 MLDAP Server connects to the
(default) 636 port of Windows AD using
LDAPS. This port is configurable
on the Windows AD.
Block all communications to/from IP addresses not in the specified list on the Mindray
Monitoring network.
Block application level broadcast communication between the hospital network and
Mindray Monitoring Network
MLDAP Server does not use UDP communication. Block multicast communication
between the Hospital Network and Mindray Monitoring Network
Two network diagrams are shown based on the number of network interfaces used by the
MLDAP Server.
For a signal network interface installation, the hospital Network is connected to the
Mindray Monitoring network via a router.
Hospital Network
(L2 and L3)
Windows AD
Mindray Monitoring
Network
Work Stations
Routing Infrastructure
MLDAP Server
Monitors
2-2
Hospital Network
(L2 and L3)
Windows AD
Mindray Monitoring
Network
Work Stations
Routing Infrastructure
MLDAP Server
Monitors
Item Requirement
Component Requirement
vRAM 4GB
Disk Free memory space of 10GB or above
2-3
NICs 100 Mbps
The following operating systems are supported in both the physical PCs and in the virtual
machines when install the CMS software:
Windows 7 Professional SP1 32bit
Windows 7 Professional SP1 64bit
Windows Server 2008 R2 Standard SP1 64bit
Windows 10 Professional SP1 64bit 1607
Windows Server 2012 R2
Windows Server 2016 Standard
2-4
3 Installing the MLDAP Server
MLDAP Server supports multiple installation methods:
■Integration with Central Station: When installing the central station, MLDAP Server
is installed by default.
■Install separately
In both installations, the software is the same and there are no functional differences. The
installation process of the central station refers to the central station manual. This chapter
only describes the steps for installing and using the MLDAP server separately.
In general, there is no need to install it separately. A separate installation is only required
when it affects the performance of the central station or the primary server.
Note
The installation should be performed under a user with administrator privilege.
Please preparea software license or hardware dongle before installation.
2. Choose the folder in which to install Mindray MLDAP Server if necessary, then click
"Next"
3-1
3. Choose the folder in which to save data for Mindray MLDAP Server if necessary, then
click "Install"
4. Wait the installation to be complete, and then click "Finish"., then reboot now.
3-2
3.2 Installing MLDAP Config Tool
The MLDAP configuration tool is integrated in the master server (MasterServerUIClient).
1. Double click the MasterServerUIClientSetup.exe, then select language
2. Click "Next".
3-3
3. Change the installation folder if necessary, then click "Install"
3-4
3.3 License
3.3.1 Import software license
1. Open the LicenseConfig tool
2. Click the import button to brower to the file path of the license file(.key file).
3. Click OK button.
3-5
3.3.2 Load Hardware license
1. Double click the MicroDogInstdrv.exe
2. click "Install Driver"
3-6
3.4 Configuring the IP Address to Connect to MLDAP
Service
1. Go to the master server installation directory and open the masterserver.ini file.
2. Modify the IP value of [MLDAP] to the IP address of the host where the MLDAP
Server service is installed.
installed
3-7
FOR YOUR NOTES
3-8
4 Configuring MLDAP Server
4.1 MLDAP System introduction
The MLDAP System is intended to authenticate and authorize users against the Windows
Active Directory.
4-1
connect to Windows AD to get all user information from AD and control the
privilege of each user.
MLDAP Config Tool– The MLDAP Config Tool is a tool to configure the MLDAP
Service.
4.1.2 User/Role/Unit
If this Operate is assigned to a Role, the user of this Role is possible to control the remote bed.
If the user does not have this Operate privilege, then the user cannot change the settings of
the remote bed, and only can view the remote bed. For example, if the user want to change
the patient demographic of the bed on WorkStation, he(or she) should first have the Remote
bed control privilege.
4-2
Remote Alarm Pause/Reset:
If this Operate is assigned to a Role, the user of this Role can pause the Alarm and reset the
Alarm remotely. For example, the user of this Role has this operate privilege can pause the
alarm of the online patient in the Central Station.
If this Operate is assigned to a Role, the user of this Role can set the Care Group settings on
the Central Station.
System Setup
Send Data to EMR: If this Operate is assigned to a Role, the user of this Role can send vital
sign data to EMR on Vital Sign monitors.
Export EMR: If this Operate is assigned to a Role, the user of this Role can export 12-lead
report to EMR.
If this Operate is assigned to a Role, the user of this Role can export historical data of
discharged patient.
If this Operate is assigned to a Role, the user of this Role can view patient on CMSViewer
and Mobile Viewer.
If this Operate is assigned to a Role, the user of this Role can view and modify the
Arrhythmia Alarm Settings remotely. For example, the user of this Role can change the
Arrhythmia Alarm Settings of the online patient from Central Station.
If this Operate is assigned to a Role, the user of this Role can view and modify the Alarm
Settings remotely. For example, the user can change the Alarm Settings of the online patient
from Central Station.
4-3
Arrh. Alarm Settings
If this Operate is assigned to a Role, the user of this Role can view and modify the
Arrhythmia Alarm Settings locally. For example, the user can change the Arrhythmia Alarm
Settings on the monitors.
Alarm Settings
If this Operate is assigned to a Role, the user of this Role can view and modify the Alarm
Settings locally. For example, the user can change the Alarm Settings on the monitors.
User Maintenance
Device Management
If the device management privilege is assigned to some role, users under this role can view
the device information at the server.
Configuration Management
If the configuration management privilege is assigned to some role, users under this role can
upload one patient monitor’ configuration files to the master server. These configuration files
can be synchronized to other patient monitors via the master server.
If the version upgrade privilege is assigned to some role, users under this role can upload one
patient monitor’s version upgrade files to the master server. These version upgrade files can
be used to upgrade other patient monitors collectively via the master server
Export Log
If a role is already assigned the device management privilege, then assign the export log
privilege to this role, users under this role can export logs of patient monitors and the CMS
via the master server
If the service address management privilege is assigned to some role, users under this role
can configure the MLDAP address and ADT server address. These addresses can be
synchronized to patient monitors and the CMS via the master server
4-4
Score System Management
If the score system management is assigned to some role, users under this role can configure
and export the EWS scoring protocol. This protocol can be synchronized to patient monitors
via the master server.
You can create the User in Local Directory (LD) of MLDAP Server, and also can import
Users from Active Directory. The differences of these two sources are:
1) The User from LD is changeable, you can edit them;
Facility\Department,
User,Password, Operate
1. When the user want to access the protected UI of MLDAP Client, then the login dialog
will popup to make the user input the User Name and Password.
4-5
2. The MLDAP Client will connect to MLDAP Server, and send the following information to
MLDAP Server:
Location information: Facility, Department
Account: User Name, Password
Operate: If the user wants to access a protected UI, then he must have the
appropriate privilege to access the UI.
3. The MLDAP Server will then authenticate the user, and authorize the user if the
authenticate is successful.
1) Authentication: The MLDAP Server will first determine if the user is from the LD or
AD. If the user is an LD User, then the MLDAP Server will find the user in the LD,
and check the User Name and Password for a match; If the user is an AD User, the
MLDAP Server will send the User Name and Password to the AD, and return the
AD authenticate result.
2) Authorization: First the MLDAP Server will find the appropriate Unit based on the
location information from the MLDAP Client. It will then look to see if the user has
been assigned a role in the Unit. If the user has a role in the Unit, it will then
determine if the role has the privilege that the user is requesting. If the role has the
privilege the MLDAP client is notified that the user can perform the requested
action, if not the actions is denied.
4-6
4.2 Configuring the MLDAP Server
To configure the MLDAP system, the Hospital IT department first needs to add the OUs and
Groups in the AD Domain. Please contact the IT department before installing the MLDAP
System.
4-7
4.2.4 Assign privilege to user
1. Create hospitals and departments, refer to section 4.3.5
2. Create a role, refer to section 4.3.7
3. Assign the operation rights to the role, refer to section 4.3.9
4. Import the user or user group; refer to sections 4.3.10 and 4.3.11
5. Assign roles to users, refer to section 4.3.13
Input the User Name and Password. For the first installation, you should use the
administrator account to login and initialize the system.
User name administrator
Password Mindray99!
Click the button "Login"
NOTE
Be sure this user accounts is set to Password Never Expires in the AD Domain.
Otherwise future synchronization will fail when the password expires.
4. Choose the Sync Time. The MLDAP Server will synchronize with the AD once every 24
hours. You should choose the time that the hospital has least MLDAP Clients connect to
the MLDAP Server.
5. Click "OK"
4-8
3. Click the "Network Test" button to test the connection between the MLDAP Server and the
AD Server
4-9
4. If connection is good, the success message will be shown. If an error happens, please
check with the IT department of the hospital to confirm the Server Address, User Name
and Password are correct.
CAUTION
When the LDAP Server is deleted, the user from this LDAP Server will be
deleted from the MLDAP Server, and these users will no longer be able to use
any MLDAP Client device.
4-10
4.3.5 Add Facility and Department
1. Click the "Dept. Management"
NOTE
Please check "Default" if all the MLDAP clients locate in the hospital.
4-11
4. Click the "Dept. Management" to view all Facility and department.
4-12
3. Click "OK" in the popup warning dialog
4-13
4.3.8 Delete Role
1. Click the "Role Management"
Select the Role you want to delete, then click "Delete" button.
Click "OK" in the warning dialog.
2. Select the Role, and then check the Operates on the right panel. You can assign different
operates to this Role in different Units.
In the above example, the Nurse has been assigned three operates ( alarm setup, remote view
patient and send Data to EMR/Export EMR)
4-14
to.
Following steps are for importing a single user from AD.
Click "Users Management", click the "Add " button.
1. Select the source as "LDAP", and enter the user name, then click the search button. If you
do not know the exact name of the user, enter the part you know and the MLDAP Server
will return all the users that contain that text.
Note: the Source of the item in the search result is the IP address of the Windows AD.
4-15
3. Check the user group, then click "Import" button. All users belong to user group can be
imported automatically.
Note: the Source of the item in the search result is the IP address of the Windows AD.
2. Enter the User Name, First Name, Last Name, Clinical ID, and select the Unit that this user
belongs to. Click the "Confirm" button.
Note: The default password for the user in LD is "888888", the user should login and change
the password to a secure one.
4-16
4.3.13 Assign Roles for User
Click "Users Management"
1. Select the user, and check the role in the Unit.
In this example, we have assigned the Nurse role in the NashanHospital\ICU to J.Born.
J.Born now has all the operate privilege of the Nurse role in the NashanHospital\ICU.
.
4-17
3. Click "OK" in the Warning dialog.
AD
By default, the Clinical ID in MLDAP Server will use the value of displayName attribute of
the User in AD. This can be changed to meet the users need.
1. Open the MLDAP Service installation folder; find the config file named "MLDAPCfg.ini".
2. Open this config file with Notepad, and then change the value of Clinical ID to any attribute
of the User in AD.
4-18
3. Restart the MLDAP Service.
1. In the command line window, input the services.msc, and enter.
2. In the Services, right click the MLDAPServerServiceCtrl, then click "Restart"
4-19
4.3.16 Change Password
Only the User in the LD can change the password.
1. Open the MLDAP Config Tool
2. Login by entering the User Name and Password
If you have forgotten the password, please ask the MLDAP administrator who has been
assigned the role ("administrators" or "Department administrators") to reset the
password.
4-20
3. Click the "Reset Password" button. The password will be reset to the default password
"888888".
4-21
4.3.18 Import Permission File
If users need to add new operation permission, the users need to import the permission file.
1. Click "Advanced Settings" icon
2. Click "…" button select the file from Mindray Company
3. Click "import" button, the message display when import successfully and fail
4-22
4.4 Troubleshooting
4-23
FOR YOUR NOTES
4-24
5 Password and folders
5.1 User and Password
When the MLDAP Service is installed successfully, the following user will be create:
User Password
administrator Mindray99!
5-1
5.3.1 MLDAP Service Configuration File
Any changes to this configuration file need to restart the MLDAP Service for the changes to
take effect.
MDListenPort: Mindray Devices use the MD Protocol. The TCP port used by MLDAP
Service. If you change this port to other value, all the MLDAP Client and MLDAP Web
connect to this service need to be set the right TCP port accordingly.
MD2ListenPort: Mindray Devices use the MD2 Protocol. The TCP port used by MLDAP
Service. If you change this port to other value, all the MLDAP Client and MLDAP Web
connect to this service need to be set the right TCP port accordingly.
Clinical ID: By default, the Clinical ID in MLDAP Server will use the value of
displayName attribute of the User in AD. This can be changed to meet the users need.
DBPATH: The path of MLDAP database。
FIREWALL: MLDAP Server MD Listen=6664, MLDAP Server MD2 Listen=6665 和
MLDAP Server can be added the firewall after the MLDAP Server has been installed.
5-2
PN: H-046-013840-00 (1.0)