Stryker Operating Room Information System - Appendix C: Remote Device Management Network Security SORN

To Next Page

To Previous Page

Appendix C: Remote Device Management Network Security SORN

Stryker oers Remote Device Management with its product line through SORN. Previous methods

of remote device management were connected via VPN's, proprietary networks, or dedicated phone

lines. Stryker's solution, SORN, does not require any special connections, rewall, or proxy server

modications. SORN is designed to use existing infrastructure and is fully compliant with all existing

rewall and security policies. For tightly restricted networks, a port 443 is required to open for one

specic URL.

• No VPN requirements

º Service agent initiates communication compliant with Secure Computing environment

º Stryker only requires an internet connection and uses port 443

• Secure Data Transmission

º Password authentication

º 128-bit Secure Socket Layer (SSL) protocol

º Bi-direction digital certicates can also be used

• Secure Data Collection

º Only machine performance data is collected

º No access to patient or case information

º Data packets are small, typically 50K or less

• Remote Access is secure

º Connection driven from the client end

º All interactions are logged for audit purposes

º Access to our enterprise server is secure and only available to authorized technical personnel

via login and password control

º Connection can only be made to the URL address of our enterprise server

º URL of the Production Server: https://access-ws.Stryker.com/a2b

Virus Protection

Stryker Communications equipment runs either on a dedicated microcontroller from rmware or

runs windows embedded XP. e Windows XP Embedded operating system allows the addition and/

or removal of components of the operating system based upon the needs of the device and application.

is functionality provides the ability make the operating system as secure and reliable as possible. e

operating system is specically customized to meet the needs of the SwitchPoint Innity application

and the Stryker Operating Room Network.

ough the SwitchPoint Innity is based upon an embedded PC architecture, it does not function as

a full PC, server, or workstation. e SPI application and OS perform only specic tasks within the

device related to the routing and switching of s-video, RGBHV and audio and communication of those

signals to another SPI device or the Stryker ORIS video hub.

e SwitchPoint Innity operating system is considered a "hardened" embedded OS. e hardening of

the OS includes application of local security policies governing communication, allowed executables,

user rights, and user names, the use of an internal rewall preventing communication with anything

other than expected devices, deafening of ICMP (ping) responses, disabling of all unnecessary services

including but not limited to server, workstation, computer browser, le and print, messenger, and

SNMP.

Related product manuals