DICOM node architecture and security

the rapmed dicom node allows uploading files directly from your pacs into rapmed setup the rapmed dicom node gets installed inside your network, usually in a virtual machine provided by the it service the software is packaged as a container, so any linux virtual machine that can run docker or any other container runtime is able to run the dicom node rapmed is in charge of monitoring the dicom node and keeping it up to date once the dicom node is up and running, rapmed will configure it so that files uploaded through the node show up in the customer's rapmed account setting up and configuring the node will require either remote access to the virtual machine (eg via ssh) or cooperation with the it service minimum technical requirements 1 cpu 1gb ram 10gb storage any linux distribution that can run a container runtime a fixed internal ip address network inbound access port 8104/tcp from the internal network (so that the pacs can connect to the dicom server) network outbound access none to the internal network (besides allowing established connections) unrestricted access to the internet dicom node operation the rapmed dicom node is in charge of three operations receiving files sent from the pacs over the dicom protocol (dicom store scp) anonymizing the received files locally uploading the anonymized files to rapmed receiving files from the pacs the rapmed dicom node supports the dicom store scp files that are received get stored in a temporary space on the local disk, before the anonymization is complete securing the communication between the pacs and the dicom node communication with the dicom server can be secured in various ways firewall rules so that only the pacs server is allowed to reach the dicom node on port 8104 mtls encryption/authentication between the pacs and the dicom node file anonymization the anonymizer used by the dicom node is the same as the one used when uploading files to rapmed using the regular web application it follows the dicom standard attribute confidentiality profiles to ensure all private or personal information is removed from the files before anything is uploaded to rapmed file upload to rapmed once the files received from the pacs have been anonymized, they get uploaded to rapmed's storage all communication happens over https, using modern tls profiles the security of the upload is the same as when uploading files through the regular web application the data is stored inside europe according to our data protection notice using files sent through the dicom node users will require a regular rapmed account to interact with files sent through the dicom node their account will also need access to the rapmed "space" (storage space) where the dicom node is uploading the files files uploaded through the dicom node behave exactly as files uploaded through the regular web application architecture diagram