Welch Allyn Connex
Network installation
®
Best practices overview
Radio software version 3.00.01 and later
ii Welch Allyn Network installation
© 2013 Welch Allyn. All rights are reserved. To support the intended use of the product described in this publication, the purchaser of
the product is permitted to copy this publication, for internal distribution only, from the media provided by Welch Allyn. No other use,
reproduction, or distribution of this publication, or any part of it, is permitted without written permission from Welch Allyn
Welch Allyn assumes no responsibility for any injury to anyone, or for any illegal or improper use of the product, that may result from
failure to use this product in accordance with the instructions, cautions, warnings, or statement of intended use published in this
manual.
For patent information, please visit www.welchallyn.com/patents.
For information about any Welch Allyn product, or to contact your nearest Welch Allyn representative, go to
www.welchallyn.com/about/company/locations.htm.
Manual DIR 80018295 Ver B
Welch Allyn Protocol, Inc.
8500 SW Creekside Place
Beaverton, OR 97008-7101 USA
www.welchallyn.com
Welch Allyn Limited
Navan Business Park
Dublin Road, Navan
County Meath, Republic of Ireland
Contents
1 - Introduction .............................................1
2 - Best practices............................................3
iii
About this document ..............................................1
Systems overview ................................................1
Required network settings and configurations ...........................3
Recommended network settings and configurations ......................4
General network settings and configurations ............................5
iv Contents Welch Allyn Network installation
1
Introduction
About this document
This document lists required, recommended, and basic settings and configurations for
networks using Welch Allyn medical devices and systems. For vendor-specific required,
recommended, and basic settings and configurations, go to the following web site:
www.welchallyn.com/networkbestpractices.
Systems overview
It is up to you to conduct a hazards analysis per IEC 80001 to determine if any issues exist
that should be mitigated to ensure patient safety.
Implementation of a stable and usable integrated network is the sole responsibility of the
customer. This requirement is found in IEEE Standard 11073-00101, which states:
Ultimately, the responsibility of ensuring that both medical devices and RF
wireless technologies conform to specifications that satisfy necessary and
sufficient QoS requirements (conformance) as well as interoperate in a
satisfactory way on a shared network system(s) (interoperability) is the
responsibility of the end user.
Although it is ultimately your responsibility, Welch Allyn endeavors to participate in your
successes with these best practices.
2 Introduction Welch Allyn Network installation
2
Best practices
Required network settings and configurations
These configurations and settings are required to establish a durable connection between
Welch Allyn devices and the wireless network. Failure to comply with these requirements
will result in a failure to connect to the network, repeated disconnects or extended loss of
telemetry data. Requirements in this section can be modified by requirements listed in
the appropriate vendor-critical requirements documents.
Critical for all Connex products
Best practice Affected types Without best practice
Authentication/encryption WEP 64 and 128, WPA2 Personal,
WPA2 Enterprise (EAP-TLS, EAP-TTLS, EAP-PEAP [MSCHAPv2])
Channel advertisement WLANs using DFS channels must
broadcast their SSID
Channel Switch Announcement (CSA) Disable Wireless When CSA is enabled, data loss when changing
DHCP leases Must be renewable Wireless and
Interference Signal to Noise Ratio (SNR) 15dB Wireless High noise level causes dropped packets.
IP address assignment Must be performed through DHCP (DHCP
fixed to MAC is acceptable)
Signal strength First wireless signal: RSSI Value
-65dBm for (802.11a APs set to 25mW)
SSID name Maximum length of 16 characters Wireless The radio cannot be configured.
Wireless Other encryption methods not supported. No
Wireless The radio will not connect to DFS channels if the SSID
wired
Wireless and
wired
Wireless Dropped packets and loss of connectivity due to poor
connectivity.
is hidden.
channels may occur.
Connections are lost when the lease expires (forced
reconnect).
The device cannot connect to the network without an
IP address.
wireless coverage.
4 Best practices Welch Allyn Network installation
Critical for Connex CS and Connex RMS
Best practice Affected types Without best practice
Ports allowed
• TCP: 281, 283
• UDP: 291, 7711-7719, 44435-44436 (only if Spot LXi is used
with Connex)
Rendezvous Perform at least one of the following:
• Allow UDP broadcasts on ports 7711-7719, or 44435-44436
(only if Spot LXi is used with Connex)
• DNS name resolution for Connex servers using a locally
configured name
• Configure the device with a fixed IP address of the Connex
server
SSID/Radio settings
• a band Only
Wired Connections cannot be established.
Wired Connections cannot be established from the Welch
Allyn VLAN to the server.
Wireless Loss of connection and data, patient monitor will not
connect.
Best practices Best practices 5
Recommended network settings and configurations
The best practices and configuration settings listed in the following table are
recommended for best performance. Increased data packet loss or occasional
disconnects are likely if these recommendations are not followed. Recommendations in
this section can be modified by requirements listed in the appropriate vendor-critical
requirements documents.
Best practice Affected types Without best practice
Data Keep patient data and general IT data separated using a
Stateful Firewall. Rules, policies, and roles should be separated
from rules, policies, and rules used for other IT data.
802.1X Authentication When using EAP (certificates) for
authentication, enable OKC (opportunistic key caching) on the
controller
Priority Welch Allyn data should have priority over other data.
Welch Allyn data is configured for 802.11e Access Category Voice.
QoS Hardware Quality of Service (QoS) support should be
configured to map 802.11e QoS bits to a hard-wired tag
Roaming across subnets Keep the Welch Allyn wireless VLAN
flat (no roaming across subnets)
Rules/Firewall Use separate rules and roles for Welch Allyn
patient data and other IT data. Rules and roles should be identified
using Welch Allyn specific names.
Signal strength Second wireless signal: RSSI Value -70dBm for
(802.11a APs set to 25mW)
Separate VLAN Keep Welch Allyn patient monitors on their own
VLAN and SSID
Wireless and
wired
Wireless Increased chance of disconnect during roaming.
Wireless and
wired
Wired Increased probability of dropped patient data packets
Wireless Success for roaming across subnets depends on the
Wireless IT changes tothe wireless controller that inadvertently
Wireless Dropped packets and loss of connectivity due to poor
Wireless and
wired
IT changes to the firewall policies that inadvertently
affect patient monitoring are more likely. Patient data
subject to issues on wired network such as broadcast
storms. Shorter battery life for patient monitors.
Mixing of IT and patient data priority may result in lost
data.
on busy wireless networks.
hospital’s Layer-3 network. Hospital is responsible for
validation of proper roaming across subnets.
affect Welch Allyn patient monitoring are more likely.
Patient data subject to issues on wired network such
as broadcast storms. Shorter battery life for patient
monitors.
wireless coverage.
IT changes tothe wireless controller that inadvertently
affect patient monitoring are more likely. Patient data
subject to issues on wired network such as broadcast
storms. Shorter battery life for patient monitors.
Wireless Multimedia (WMM) Enabled Wireless Monitors will disconnect during movement.
6 Best practices Welch Allyn Network installation
General network settings and configurations
The following best practices should be followed to maintain a robust system suited for
medical patient monitoring.
Best practice Affected types Without best practice
1
Bandwidth
Welch Allyn virtual APs/Packet-Shaping
7% Proportional Bandwidth allocation for APs and
Wireless Increased probability of dropped patient data
packets on busy wireless networks.
Controller redundancy Wireless controller hardware should include
controller redundancy, either one to one or one to many (1:1 or N:1)
Critical IT support The customer shall provide 24/7, mission-critical
support for their network
DFS DFS channels should not be used with life-critical medical
devices
DHCP Information
• Primary DHCP Server = Primary server IP address
• Secondary DHCP Server = Secondary server IP address
Jitter Packet-to-Packet jitter shall be 400ms Wireless and
Labeling Welch Allyn VLAN ports should be clearly marked on the
physical switches
Network latency Round-trip peak network latency between a server
and its patient monitor 800ms
Packet transport Packets should be passed through switches and
routers in cut-through mode, or hardware based switching, not storeand-forward-only mode (applicable to older switches/hubs)
Power redundancy All network equipment used for patient
monitoring should have a continuous power supply and emergency
power
SNMP read-only access Welch Allyn servers shall have SNMP
read-only access to wireless controllers to log performance data and
generate alerts
Wireless Failure of a non-redundant controller would cause
Wireless and
wired
Wireless Unexpected network outages.
Wireless Loss of connection and data.
wired
Wireless and
wired
Wireless and
wired
Wired Dropped packets and data loss.
Wireless and
wired
Wireless and
wired
the entire system to fail.
Possible extended downtime if network support
cannot be reached.
Dropped packets, data loss and dropped
connections.
Harder to debug system issues. Mixing of IT and
patient data could result in loss of data due to
broadcast storms.
Dropped packets and data loss.
Data loss and downtime due to power outages.
Limited ability to proactively respond to system
issues. Debugging by Welch Allyn Remote
Technical may not be possible. Extended
troubleshooting times.
Spanning Tree Protocol (STP) STP should not run on the Welch
Allyn segment of the network. Preferably, use resilient links.
SSID/Radio settings
• Radio Beacon Interval set to =100 msec
• DTIM set to 10
• Enable short preamble
• Disable channel 165
VoIP traffic Limit VoIP traffic on 802.11a to no more than three open
connections per AP
Wired connection Interconnects between all switches and all
WLAN controllers with gigabit Ethernet
1. The 7% bandwidth allocation will support up to 20 connected Welch Allynpatient monitors per AP. If no Welch Allynpatient monitors are associated with the
AP the bandwidth is free to be used by other devices.
Wireless and
wired
Wireless Loss of connection and data, patient monitor will
Wireless Having more than three connections per AP has the
Wired With only 100Mbs connections dropped packets
Dropped connections.
not connect.
potential to increase patient data loss.
and data loss can occur.
Loading...