«MEDUSA DELIVERABLE D2.2.3 Demonstrator platform ...»
D2.2.3 Demonstrator platform
Project number: ITEA 10004
Document version no.: 1.0
Edited by: Henk van den Brink c.s.
ITEA Roadmap domains:
Major: Content & Knowledge
ITEA Roadmap categories:
Minor: Network & computing This document is public and available on the website MEDUSA ITEA 10004 WP2 Deliverable 2.2.2 Page 2 of 22 Table of Contents
1.1 Document overview
1.2 Medusa overview
1.3 References, Acronyms
2.1 Medusa Framework
2.1.2 Main innovations
2.2 Component User Management
2.2.2 Main innovations
2.3 Component Security
2.3.2 Main innovations
2.4 Infrastructure as a Service (IaaS)
2.4.2 Main innovations
2.5 Component Cloud management
2.5.2 Main innovations
2.6 Component Imaging Client
2.6.2 Main innovations
2.7 Image Analysis Platform
2.8 Video Conferencing
2.9 Advanced image processing algorithms for stroke patients............. 14 2.9.1 Functionality
2.9.2 Main innovations
2.10 Application for the computer-assisted in-vitro diagnostic................. 15 2.10.1 Functionality
2.10.2 Main innovations
2.11 Component Contouring for Oncology
2.12 Decision Support
2.12.2 Main innovations
4. USER GUIDE
1.1 Document overview This document describes the release of the Medusa demonstrator platform.
The Medusa system is used for demonstrations in hospitals in both France and the Netherlands.
These demonstration session are run by Medusa workpackage 1.
Chapter 2 gives a brief overview of the Medusa system. Chapter 3 decribes the functionality of the different components. Chapter 4 describes the steps necessary to configure Medusa on a client system, and the last chapter describes the steps to get started with Medusa.
Input for this document was provided by all consortium partners, especially for chapter 3.
1.2 Medusa overview Medusa provides a scalable cloud based solution for distributed utilization of medical services and applications, like imaging, decision support, etc.
Figure 1 provides an overview of the system. Medusa consists of a lot of independently running, cloud based medical applications. These applications work together in the Medusa context, and provide a collaboration environment for users. Users can work on applications simultaneously, and discuss the situation of a patient.
Because of the medical data, the environment is highly secure, and all access to data is authorized.
Medusa offers a combination of medical and supporting generic services. The
medical applications are:
• Imaging platform (Philips)
• Imaging algorithms (AMC)
• InVitro analysis (ImStar)
• DosiSoft (DosiSoft)
• ComaSoft (PSP)
• Decision support (based on medical data)
These are supported by a couple of generic services:
• Video conferencing
• Audit trail
• Cloud resource management
• User management
1.3 References, Acronyms Referenced documents Reference Title FPP Medusa Full Project Proposal D111 Use case scenarios and User requirements D211-221 Medusa Architecture and Interface specifications D543 Reference implementation of components
2. Components Medusa is built up from the components listed in this chapter. Main functionality and innovations are described in the next paragraphs.
2.1 Medusa Framework The Medusa framework is developed by Technolution 2.1.1 Functionality The Medusa framework is the ‘glue’ between all applications in the Medusa domain.
The Medusa Web client shows all Medusa applications in a browser environment.
The framework backend is taking care of the synchronization between all the different applications: user management, video conferencing, cloud resource management, decision support, audit trail, and all the medical applications.
2.1.2 Main innovations The framework provides a highly scalable mechanism which makes it possible that independent applications are working together in a completely distributed cloud environment. Applications do have specific responsibilities, varying from imaging to user management to decision support. The framework brings these applications together, and provides a platform to work seamlessly together.
The framework is used in the medical domain, but the architecture is reusable, and can be applied to any domain, for example traffic management, energy management, etc.
2.2.1 Functionality The User Management (UM) module provides services to deals with users accounts and access right.
2.2.2 Main innovations The UM module was designed to be flexible and customizable; therefore it provides interfaces to manage the configuration/customization of the application.
The possible configurations are to:
• manage password policies,
• customize Manager interfaces (language, terminology, dictionaries ),
• manage organizational units,
• manage technical accounts,
• manage templates to make easier the creation of users with default value.
It also provides a full bench of provisioning connectors already included in the solution that could be used to provision the Information System Applications.
2.3 Component Security The security component is provided by BULL, IMT and Cassidian.
2.3.1 Functionality The security and transmission component provides all security services needed to offer a secure access to Medusa.
It is composed of five modules:
• The authentication module which aims at authenticating Medusa users and providing access to Medusa application without forcing the users to re-authenticate themselves on each one.
• The access control module which aims at enforcing access control for Medusa application. The module provides a role- and organization-based access policy to resources.
• The ciphering module which aims at protecting data transmitted over the network in confidentiality and integrity.
• The fingerprinting and watermarking module ensuring that the medical images have not been corrupted over time or in transit on MEDUSA network.
2.3.2 Main innovations
The security module provides Cloud based secure transmission including:
• Multi level encryption
Central IAM (Identity & Access Management) solution with complex right • modeling and certificate deployment Deployment of an Identity based Firewall to authenticate user on each • security equipment Single Sign On from the user device to Medusa service.
• It also provides two innovative content traceability and integrity proof
technologies to medical uses:
• Watermarking: identifying the owner and the information leaking source
• Fingerprinting: automatic tracking of unauthorized distribution
2.4 Infrastructure as a Service (IaaS) As described in the D211 ” Medusa architecture and interfance specification ” and D543 “Reference implementation of components”, the IaaS provided by Bull is
comprised of two layered subcomponents :
- The physical infrastructure : comprises compute nodes, physical storages, and network components.
- The Cloudificator and Cloud Management (OpenStack): transfoms the physical infrastructure in Cloud services, and provides management functions of those services.
Figure 2. Medusa IaaS This infrastructure is composed of two sub-infrastructures: the virtualized infrastructure and the baremetal infrastructure.
The next section describes the functions of these infrastructure as a service.
The physical infrastructure provides following features as services:
- The virtualized infrastructure: a set of computing nodes with high frequency CPU, 48 GB of RAM, and high rate Tera Bytes disks. These nodes dedicated to non-graphical computing applications are connected via Ethernet of 1 Gb/s, thus absorbing business and control flows. In the Medusa system, a virtual machine is assigned to each application, then each couple application/virtual machine is deployed by the PaaS layer tools.
- The Baremetal infrastructure: is a non-virtualized environment composed of nodes equipped with high frequency CPU and GPU. These nodes are connected by a network interconnect Infiniband of 40Gb/s. Operating systems are pre-installed manually on these nodes dedicated to applications requiring graphical calculation.
Remote storage: both Virtualized and Baremetal infrastructures are sharing a high performance remote storage of tens of Tera Bytes through an infiniband network.
On the other hand, the Cloudificator and Cloud management component provides
the following fucntions:
- Self-service automated provisioning
- Service catalog
- Charge Back, relying on metering from Ceilometer
- Capacity management
- Performance management
- Configuration and change management
- Lifecycle management
- Orchestration of deployment 2.4.2 Main innovations The main innovation of Medusa IaaS is the ability to fit heterogeneous requirements of application, in terms of networking, computing, storage, and management, thus fulfilling requirements of the demonstrators.
For example, application requiring GPU computation would dynamically be deployed on nodes equipped with GPU.
Operating system requirements are also met dynamically on deployment time.
Moreover, the IaaS dynamically and transparently adapts to changes in application requirements at running time.
2.5 Component Cloud management The Cloud management component is provided by Prologue.
2.5.1 Functionality All software components composing the MEDUSA system are deployed on a Cloud infrastructure. Their deployment is managed by the Cloud management layer, which runs as a back-end service.
The Cloud management platform orchestrates the allocation and release of resources on the Cloud provider’s infrastructure, and acts as an intermediary between the client environment and the Cloud resources. It also oversees the lifecycle of the deployed resources, ensures their availability and scalability, and links the legacy applications from the virtualization server back to the collaboration framework’s client environment, all that in a security-aware implementation.
At the core of the Cloud management layer lies the Cloud broker component that selects Cloud resources and services according to customer requirements (technical, operational, regulatory). The Cloud management engine can provide
monitoring functionalities and reporting derived from the logs of events, warnings, and errors generated during operation.
2.5.2 Main innovations The main innovation of this component reside in the fact that it can translate technical requirements for computing, storage, network, and security resources identified for each MEDUSA application into machine-readable code used by UiC-B engine to provision resources. In addition, business, and policy requirements of applications can be defined, and the definition of requirements is in a general-purpose, extendible, and reusable format. Adding or customizing an application in the MEDUSA system is therefore a simple procedure.
In addition, Cloud management seamlessly manages custom scalability and lifecycles of virtualized legacy applications that are initially implemented for single user/single machine operation.
The Cloud management platform is designed according to the Service-Oriented Architecture model, and invoking functionalities on this platform is possible through the REST API that it offers.
2.6 Component Imaging ClientThe Imaging Client component is provided by IMT.
2.6.1 Functionality Imaging Client component provides three independent functionalities.
First, it is a kind a glue allowing for legacy, non-cloud developed applications to included into the MEDUSA framework; actually, the Imaging Client main functionality is to ensure the virtualization in cloud of any legacy application, without either additional development or modification of their codes.
Secondly, it provides the collaboration functionality over non-collaboration applications; here again, the codes of the non-collaborative applications is not changed; instead, a collaboration layer, independent with respect to the application but including the medical best practices is featured. This virtualization layer deals with both collaboration message exchanges and application personalization according to the actual user profile/role.
Finally, the Imaging Client also ensures the multi-terminal access to legacy application.
legacy application, without any restriction in its operating system or typology and imposing any constraint on the user device. Finally, note the technical gains (bandwidth and CPU saving) with respect to state-of-the art competitors (as assessed in the related MEDUSA deliverables in WP5).
2.7 Image Analysis Platform The Medusa Image Analysis Platform is developed by Philips.