Load balancing Sectra Medical Systems
About Sectra Medical Systems
Sectra provide a suite of different medical systems covering a wide array of modern medical imaging and eHealth needs.
Sectra Radiology PACS is a picture archiving and communications system (PACS) suite which provides an integrated DICOM-compliant radiology information system (RIS) in certain markets. Its backend is referred to as Sectra Healthcare Server (SHS), the core application providing PACS and database functionality. The viewer service is referred to as IDS7, a secure Microsoft Windows-compatible DICOM image viewer component which supports Microsoft Edge and Internet Explorer.
Sectra UniView is an integrated web application for medical image viewing combined with imported electronic medical record (EMR) data. It allows for viewing images across multiple PACS platforms, including via the IDS7 viewer.
Sectra Digital Pathology Solution is an integrated application for histopathology and cytopathology image review which connects with radiology PACS and RIS, including from other vendors.
There is a high availability (HA) load balancing requirement for the Sectra applications due to their mission-critical nature in healthcare settings. The volume of traffic received by Sectra PACS, UniView, and Pathology Server in a busy clinical environment can exceed the availability provided by a single real server. Additionally, having multiple real servers allows for redundancy in the event of a server issue, either with the host itself or the Sectra application that is installed. It has been observed that Sectra PACS performs substantially better in a load balanced configuration.
Key benefits of load balancing:
In an industry where uptime saves lives, our extensive experience means we can design unbreakable solutions to enterprise imaging’s unique challenges. Learn how to load balance Sectra PACS for a solution that is:
- highly available
How to load balance Sectra Medical Systems
A Layer 7 SNAT mode deployment is recommended for Sectra Radiology PACs, UniVew, and Digital Pathology:
Layer 7 SNAT mode uses a proxy (HAProxy) at the application Layer. Inbound requests are terminated on the load balancer and HAProxy generates a new corresponding request to the chosen Real Server. As a result, Layer 7 is typically not as fast as the Layer 4 methods.
Layer 7 is typically chosen when either enhanced options such as SSL termination, cookie based persistence, URL rewriting, header insertion/deletion etc. are required, or when the network topology prohibits the use of the Layer 4 methods.
Because Layer 7 SNAT mode is a full proxy, any server in the cluster can be on any accessible subnet including across the Internet or WAN.
Layer 7 SNAT mode is not transparent by default, i.e. the Real Servers will not see the source IP address of the client, they will see the load balancer’s own IP address by default, or any other local appliance IP address if preferred (e.g. the VIP address). This can be configured per Layer 7 VIP. If required, the load balancer can be configured to provide the actual client IP address to the Real Servers in 2 ways. Either by inserting a header that contains the client’s source IP address, or by modifying the Source Address field of the IP packets and replacing the IP address of the load balancer with the IP address of the client.
Layer 7 SNAT mode can be deployed using either a one-arm or two-arm configuration. For two-arm deployments, eth0 is normally used for the internal network and eth1 is used for the external network although this is not mandatory.
Layer 7 SNAT mode requires no mode-specific configuration changes to the load balanced Real Servers. Port translation is also possible with Layer 7 SNAT mode, e.g. VIP:80 → RIP:8080 is supported.
Note, you should not use the same RIP:PORT combination for Layer 7 SNAT mode VIPs and Layer 4 SNAT mode VIPs because the required firewall rules conflict.
Here is the deployment concept: