Elekta IntelliMax™ (2.

x)
security information
Elekta IntelliMax™ Security Information

Contents

Document no. 4513 371 0831 09:10 © 2010 Elekta. All mentioned trademarks and registered trademarks are the property of the Elekta Group. All rights reserved. No part of this document may be reproduced in any form without written permission from the copyright holder.
Purpose and Scope. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Security Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Access Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Attended Remote Access Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Audit Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Remote Monitoring Data Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Data Transfer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Security Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Firewall Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Virus Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Microsoft Hotfixes and Patches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Elekta IntelliMax Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
IntelliMax Connect Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
User Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Questions & Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
File Transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Technical Safeguards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Application Maintenance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Remedies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Appendix A – Hospital Pre-requisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Appendix B– Feedback Form. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

www.elekta.com Human Care Makes the Future Possible

Corporate Head Office: Regional Sales, Marketing and Service:
Elekta AB (publ) North America Europe, Middle East, Africa, Asia Pacific
Box 7593, SE-103 93 Stockholm, Sweden Eastern Europe, Latin America
Tel +46 8 587 254 00 Tel +1 770 300 9725 Tel +46 8 587 254 00 Tel +852 2891 2208
Fax +46 8 587 255 00 Fax +1 770 448 6338 Fax +46 8 587 255 00 Fax +852 2575 7133
info@elekta.com info.america@elekta.com info.europe@elekta.com info.asia@elekta.com
Purpose and Scope

Document no. 4513 371 0831 09:10 © 2010 Elekta. All mentioned trademarks and registered trademarks are the property of the Elekta Group. All rights reserved. No part of this document may be reproduced in any form without written permission from the copyright holder.
This document describes the security configuration and required setup for hospitals before Elekta IntelliMax™ can be installed. It
is intended to be used by Elekta employees, hospital staff and IT departments as a guide to answer questions and concerns before
IntelliMax is introduced into the hospital environment.

This document covers IntelliMax Agent 2.1 or later and IntelliMax Connect 1.3 or later only. Earlier releases of the Elekta IntelliMax
products may use a different configuration than specified here and should be upgraded to the latest available release.

Introduction

Elekta has an obligation under international regulations to ensure that Elekta products connecting to a network can do so without
compromising the integrity of the Elekta product, safety of patient or health information.

IntelliMax is a service tool. Using the definition within the NB-MED/2.2/Rec4 – Software and Elekta products, the IntelliMax Agent and
IntelliMax Enterprise have each been categorized as non-Elekta products.

Elekta IntelliMax is a suite of services for the remote support of Elekta products.

IntelliMax Connect is a software program for remote desktop sharing, text-based chat, and file transfer. IntelliMax Connect is used by
two users at the same time through an Internet Connection. They will be referred to as:
• The hospital-based user: the user who operates the Elekta product in a hospital. They can be a Clinical User or a Service User.
• Elekta IntelliMax support user: an Elekta approved user who can give support for one or more Elekta products. They are not at the
hospital.
IntelliMax Connect can only be run from the Elekta product. This is to make sure that the hospital-based user is in front of the Elekta
product during the session.

IntelliMax Agent is a software program that is installed on a dedicated computer in the hospital. IntelliMax Agent is the only access
point for IntelliMax Connect sessions from supported Elekta products out of the hospital network. IntelliMax Agent collects machine
data from supported Elekta products, which it sends to IntelliMax Enterprise on a secure Internet connection. IntelliMax Agent does not
collect patient data.

IntelliMax Enterprise is used for the analysis of data collected by IntelliMax Agent, and is also used to administer IntelliMax Connect
sessions to connected Elekta products. Approved users can get access to IntelliMax Enterprise through a web-based interface.

The IntelliMax Enterprise is hosted by Axeda in the USA and utilizes Axeda technology. Further information can be found at http://
axeda.com. There will be no need for Elekta customers to contact Axeda directly. All information or queries relating to Axeda or
IntelliMax Enterprise will be made via the Elekta support organization. For the latest IntelliMax compatibility with remote monitoring
and remote access, please refer to the IntelliMax Agent Configuration application on the IntelliMax Agent computer. Alternatively there
is an up-to-date compatibility matrix available from www.elekta.biz or from your local Elekta Service representative.

Page 3
Security Overview

Document no. 4513 371 0831 09:10 © 2010 Elekta. All mentioned trademarks and registered trademarks are the property of the Elekta Group. All rights reserved. No part of this document may be reproduced in any form without written permission from the copyright holder.
Communication between the IntelliMax Agent and the IntelliMax Enterprise is achieved using 128 bit AES encryption over a Secure
Socket Layer (SSL) connection through TCP port 443. Using SSL allows data to be encrypted and transported securely from the IntelliMax
Agent to the IntelliMax Enterprise.

IntelliMax Enterprise utilises an SSL certificate signed by Equifax. The IntelliMax Agent must first authenticate with the IntelliMax
Enterprise before communication can be established.

IntelliMax Connect sessions are routed through the IntelliMax Agent and use the IntelliMax Agents internet connection. All IntelliMax
Connect sessions are audit logged including the Elekta IntelliMax Support user and computer involved in the session. All file transfer
activity performed when in an IntelliMax Connect session is also Audit logged.

The IntelliMax Enterprise has a web browser-based user interface and utilizes SSL 256 bit AES encryption for communication between
the IntelliMax Enterprise server and web browser. Java 1.6 or above is required for IntelliMax Connect sessions and charting functions.

The IntelliMax Agent initiates all communication to both the Elekta medical product and the IntelliMax Enterprise. The IntelliMax Agent
polls the IntelliMax Enterprise for any requests. If the IntelliMax Agent is turned off, no communication attempts are possible towards
the Elekta products or the IntelliMax Enterprise server.

Access Control
Access control to the IntelliMax Enterprise and connected Elekta products is based on membership of user groups; this enables
hierarchies of users to be easily created and managed. User group membership is defined in IntelliMax Enterprise. Privileges for each
user group are also defined in the IntelliMax Enterprise. Only administrative users have the ability to assign and create the user and
privilege groups.

Attended Remote Access Sessions

When using IntelliMax Connect, remote access has to be initiated and permission granted from the hospital-based user of the Elekta
medical product. It is not possible to start a session remotely.

A visual indication is displayed on the Elekta product screen to indicate when the IntelliMax Connect is running and that an attempt to
connect is possible.

Elekta’s procedures state that telephone communication must be maintained between the remote and hospital-based users for the
duration of an IntelliMax Connect session performed on a Elekta product.

Page 4
Audit Log
The audit log contains all information pertaining to users and device activity and is time stamped with the start and end time of each

Document no. 4513 371 0831 09:10 © 2010 Elekta. All mentioned trademarks and registered trademarks are the property of the Elekta Group. All rights reserved. No part of this document may be reproduced in any form without written permission from the copyright holder.
session. Audit log data cannot be removed from the system. IntelliMax Enterprise users can see the audit log for the Elekta products
they have visibility of.

If a user or Elekta product is removed from the system all data pertaining to the user or Elekta product will continue to be stored in the
Audit log indefinitely.

When using IntelliMax Connect, user interface activity is not recorded in the audit log. Any actions using the File Transfer function are
fully audited including the direction of transfer and the file name, size and location.

Records of any changes made to an Elekta product using remote access should be done using applicable existing methods for the Elekta
product.

All files collected by the IntelliMax Agent are also recorded in the audit log and any files downloaded by a user from the IntelliMax
Enterprise are also recorded in the audit log.

Remote Monitoring Data Collection

The following data types may be collected by the IntelliMax Agent from attached Elekta products:
• Real-time configuration and system data (Item Part Values) from LCS (Linac Control System) Operating System
• Microsoft Windows® registry information for system status and Elekta product license options (HKLM\Software\Elekta Oncology
Systems Ltd)
• Microsoft Windows® Application/System events
• Elekta software log files.

The collected data is used for but not limited to the following purposes:
• Machine diagnostics/monitoring
• Reporting (system performance and statistical)
• To provide proactive/predictive service information/assistance.

No Protected Health Information (patient or person identifiable information) is collected by or accessible from the IntelliMax Agent.

Data Transfer
All data transmitted between IntelliMax Agent and the IntelliMax Enterprise and Global Access Servers (GAS) is compressed before being
encrypted using 128bit SSL encryption. Once the data has arrived at the IntelliMax Enterprise it is un-encrypted and decompressed. The
data is then processed in order to trigger notifications or alarms, before being discarded or stored in the database.

GAS are used to route screen sharing traffic from IntelliMax Connect sessions, separating the screen sharing traffic from the session
setup and auditing. The GAS are located in Japan, the United Kingdom and two in the USA. A single specified GAS can be tied to Elekta
products if there is a demand for data to take a particular route or to not travel via a certain route. Please notify the Elekta Technical
Helpdesk if this is required stating the desired GAS.

Page 5
Security Requirements

Document no. 4513 371 0831 09:10 © 2010 Elekta. All mentioned trademarks and registered trademarks are the property of the Elekta Group. All rights reserved. No part of this document may be reproduced in any form without written permission from the copyright holder.
Firewall Rules
a) IntelliMax Agent to IntelliMax Enterprise (out of the hospital)

From the IntelliMax Agent to the IntelliMax Enterprise (outbound over the Internet), access to the following domain names and
ports:
IntelliMax Enterprise1: elekta.axeda.com 209.202.157.188 TCP port 443
GAS Japan: ghjap1.axeda.com 124.40.23.210 TCP port 443
GAS USA: ghsj1.axeda.com 198.66.245.39 TCP port 443
GAS USA: ghsom1.axeda.com 209.202.157.179 TCP port 443
GAS UK: ghuk1.axeda.com 89.234.8.217 TCP port 443
1
sgi.elekta.com, TCP port 443 is also used until IntelliMax Agent 2.1/Desktop Pro R7.01SP2

Please notify the Elekta Technical Helpdesk if all GAS servers are not available from the hospital.

The application on the IntelliMax Agent that will attempt to access the internet is located in C:\Axeda\Gateway\xgate.exe.
(C:\Axeda\Gateway_53\xgate.exe is used for IntelliMax Agent 2.0 and 2.1 also). Some software firewall products may need to
exclude the application from being blocked.

b) IntelliMax Agent to Elekta products for Remote Monitoring:

COM/IP® is used by the IntelliMax Agent to collect Item Part Values from the LCS.

The COM/IP® COM Port Redirector creates virtual COM ports and software modems for modem applications to use TCP/IP
networks (including the Internet) instead of modem hardware and telephone connections.

The IntelliMax Agent uses Windows® File and Print sharing to access the registry and to upload files from Elekta products.

Between the IntelliMax Agent and LCS (inside hospital) the following ports are used:
For Com IP (LCS only): TCP port 23
For Microsoft File & Print sharing: UDP ports from 135 through 139
For Microsoft File & Print sharing: TCP ports from 135 through 139
For Microsoft File & Print sharing: UDP port 445 TCP port 445
For IntelliMax Connect: TCP ports 5900, 5920 8330 and 8331

Page 6
c) Elekta product to IntelliMax Agent for IntelliMax Connect:

Document no. 4513 371 0831 09:10 © 2010 Elekta. All mentioned trademarks and registered trademarks are the property of the Elekta Group. All rights reserved. No part of this document may be reproduced in any form without written permission from the copyright holder.
Between IntelliMax Agent and Elekta products with IntelliMax Connect 2.x installed (inside hospital) the following ports are
used:
TCP ports 5900, 5920 8330 and 8331
The above ports will be opened automatically on the Elekta product firewall during IntelliMax Connect installation

Virus Protection
It is the responsibility of the hospital to ensure that virus protection is installed and up-to-date on the IntelliMax Agent computer.
Elekta recommend virus protection is present and running prior to the IntelliMax Agent software being installed. The installed Anti virus
software must allow the application access to the internet as defined in the Firewall Rules section of this document.

The computer must be dedicated for the purpose of Elekta IntelliMax™ and not used for any other purpose, in order to maintain
the integrity of the IntelliMax Agent software and its functions, and to reduce the likelihood of any additional threat to the machine
introduced by misuse, including web surfing.

Due to the unidirectional upload of files and data from the Elekta products towards the IntelliMax Enterprise, there is minimum risk
of virus infection onto the Elekta products connected to the IntelliMax Agent. Only the explicit ports required for communication are
opened on the inbuilt firewalls.

At the time of writing this document, no Elekta products have been infected by viruses as a result of having an IntelliMax Agent
connected.

If the Elekta Network Security Solution (NSS) is installed, it is provided with a Virtual Machine for the use of IntelliMax Agent. This
Virtual Machine is provided with an antivirus solution.

Microsoft Hotfixes and Patches

The current IntelliMax Agent has been tested with Windows XP Service Pack 3.

Elekta recommend that all Microsoft security hotfixes are applied to the operating system. If desired Microsoft automatic update may
be left on and updates applied daily.

If the hospital IT maintain their own updates, Elekta recommend only Microsoft updates and Anti virus updates are applied.

PRT 0052 contains the latest information regarding the computer specification and Operating system software requirements and is
available form www.elekta.biz or from your local Elekta Service representative.

Page 7
Elekta IntelliMax overview

Document no. 4513 371 0831 09:10 © 2010 Elekta. All mentioned trademarks and registered trademarks are the property of the Elekta Group. All rights reserved. No part of this document may be reproduced in any form without written permission from the copyright holder.
Medical Facility
IntelliMax Enterprise
(Hosted with Axeda)
IntelliMax
Agent 2.1+

elekta.axeda.com 209.202.157.188: 443

• Remote monitoring of machine data

Internet and all remote access communication
Hospital User
from within the hospital is routed out
of the hospital via the IntelliMax Agent
computer to https://elekta.axeda.com
using 128 bit SSL connection.
• Once the session is set up, screen
sharing traffic is sent via one of the
four Global Access Servers during an
IntelliMax Connect session on port 443.
Devices: LCS, iView, XVI,
iGuide, etc

Axeda Global Access

Server (x4)

Elekta Support Personnel

ghjap1.axeda.com 124.40.23.210: 443

ghsj1.axeda.com 198.66.245.39 : 443
ghsom1.axeda.com 209.202.157.179 : 443
ghuk1.axeda.com 89.234.8.217 : 443

Page 8
IntelliMax Connect Overview

Document no. 4513 371 0831 09:10 © 2010 Elekta. All mentioned trademarks and registered trademarks are the property of the Elekta Group. All rights reserved. No part of this document may be reproduced in any form without written permission from the copyright holder.
With the Current IntelliMax Connect implementation, only attended sessions are permitted. For all attended sessions a user has to be
present at the Elekta product.

The IntelliMax Connect session uses 128bit SSL encryption over the internet to ensure only the intended recipient can see the shared
screen.

Hospital Network Internet

Hospital user Device Agent Global Access Server Enterprise Elekta Support Personnel

Request Support

Log on to Enterprise

Find device

Ask Hospital user to Start IntelliMax Connect

Starts IntelliMax Connect Start Desktop Session

Session Request flagged ready for Agent to next poll Enterprise

Agent polls Enterprise and Acknowledges Session reguest

Request sent to Device if available

Agent requests connection to GAS

Path established between GAS and Agent

Path Established between Agent and Device

Accept or Reject Dialog displayed

User Accepts Session

User now in session Elekta Support now in session with Device

Enterprise Audits Agent for Session status and File Transfer

An audit log is created every time a remote access session is attempted. The audit log also contains information about which Elekta
product a user is trying to access, successful or failed attempts, and any file transfers that occur during the session.

To initiate an IntelliMax Connect session, the IntelliMax Connect application must be started by the hospital-based user. The IntelliMax
Connect application listens for connection requests on port 5920 (or 5900 for Desktop Pro R7.01 SP2). Ports 8330 and 8331 are used for
auditing1.

1
IntelliMax Connect 1.2 uses a direct connection to sgi.elekta.com on port 443. This version will be phased out from the end of 2010.

Page 9
The Elekta IntelliMax Support user will then attempt an IntelliMax Connect session to the Elekta product, using the IntelliMax
Enterprise. A connection from the IntelliMax Enterprise is proxied by the IntelliMax Agent the Elekta product is attached to.

Document no. 4513 371 0831 09:10 © 2010 Elekta. All mentioned trademarks and registered trademarks are the property of the Elekta Group. All rights reserved. No part of this document may be reproduced in any form without written permission from the copyright holder.
When starting a session on an Elekta product with access to the Windows Start bar, the IntelliMax Connect application displays a dialog
that prompts the hospital user to accept or reject the session. After a fixed time (normally 30 seconds) this will automatically reject the
session if no choice is made.

Elekta processes and user documentation specify that the session must be ended from the Elekta product. This is to ensure the Hospital
based user is sure the session has ended. If the session is ended from the remote end in error, no user will be able to access the Elekta
product without the Hospital based user accepting an additional connection attempt. The Hospital based user will still see a dialog
indicating that the Connect application is still active until the session is ended locally.

User Authentication

1. The user browses to either directly to http://elekta.axeda.com or http://intellimax.elekta.com which will redirect the user to the
IntelliMax Enterprise.
2. The site certificate is checked by the browser to ensure it is valid.
3. The IntelliMax Enterprise server presents an authentication page
4. The user types in their credentials and submits the information
5. The IntelliMax Enterprise Server confirms that the user is authorized
• if the user is authorized the IntelliMax Enterprise creates a session and the user’s home page is shown. The information
visible is dependant on the user’s rights and association groups.
• if the user is not authorized, a failure message is returned and the user has to attempt the log in again.
• After five failed logins, the user is locked out for 30 minutes.
• Users who have been locked out are listed in the server application log.

Page 10
Questions & Answers

Document no. 4513 371 0831 09:10 © 2010 Elekta. All mentioned trademarks and registered trademarks are the property of the Elekta Group. All rights reserved. No part of this document may be reproduced in any form without written permission from the copyright holder.
File Transfer

What data is transferred? • See Data Collection Above

• Using IntelliMax Connect, files may be transferred off any Elekta product onto the Elekta IntelliMax
Support users’ computer.

Why is the data transferred? See Data Collection Above

Where does the transfer occur? Machine data is transferred from the Elekta product to the IntelliMax Agent computer either for
interpretation or temporary storage
• The data is then transferred to the IntelliMax Enterprise either as collected or on a schedule depending
on the intended use of the data.

Where is the data stored and for The Enterprise servers are hosted securely inside Elekta. All machine data is stored for a maximum of 30
how long? days.

How is the data transfer All communication is encrypted HTTPS using SSL 128 bit encryption, utilizing port 443
accomplished?

What elements of personal data • No patient or personal data is transferred from the hospital with the IntelliMax Agent. The IntelliMax
(Person Identifiable Information) Agent only collects data from the Elekta products in relation to operation and status of the machine,
are included in the transfer? not the patient being treated.
• IntelliMax Connect allows remote access to the graphical interface of the Elekta product therefore the
Elekta IntelliMax Support user may be exposed to personally identifiable information. However this is
no different to the Elekta IntelliMax Support user being in front of the machine and seeing the same
data during a service visit to the hospital.
• The Elekta IntelliMax Support user may also transfer files off of the Elekta product onto their computer
via the Enterprise. This possibility is seen as beneficial in a number of cases, as fault situations specific
to certain patients are relatively common and can lead to the patient not getting the treatment they
require. This is a necessary part of faultfinding, whether on the customer site or remotely.
• Remote sessions are audit logged and must be attended at the local end for the duration of the session.

Are there externally imposed limits • The sharing of personal data will only be necessary when diagnosis of a fault requires the clinical user
on the purpose for which personal to step through the clinical application. The hospital has complete control to restrict access.
data can be collected? How does • Elekta is prohibited from further using or disclosing individually identifiable health information for any
the data controller describe the purpose other than the purpose stated in the Purchasing & Licensing Agreement
limits?

Are there likely to be onward • The authorization to set-up an IntelliMax Connect session is between the hospital-based user and the
transfers of personal information to Elekta IntelliMax Support user for the purpose of investigating and resolving problems and not for any
other jurisdiction? other party.
• Local procedures prohibit the distribution of any identifiable information and explain the methods of
disposal for this data if transferred from a Elekta product for diagnostics use.

Page 11
 Security

Document no. 4513 371 0831 09:10 © 2010 Elekta. All mentioned trademarks and registered trademarks are the property of the Elekta Group. All rights reserved. No part of this document may be reproduced in any form without written permission from the copyright holder.
What requirements are there for All Elekta Employees and contractors are required to comply with the Elekta Privacy and
appropriate security measures to Security Policy which states:
protect personal data against loss, • Elekta shall adopt appropriate administrative, technical and physical safeguards
and against unauthorized access, that protect against uses and disclosures of protected patient personal data/health
use, modification, disclosure or information not permitted by applicable directives and laws.
destruction? How are they conveyed
to employees?

What, if any, specific security • The IntelliMax Enterprise requires each user to have a unique user name ID and password
techniques are required or followed to access the system. Each user is required to change their password every 90 days as a
e.g., access control, encryption, audit further security measure.
trails? • The password complexity is high, requiring the users to use eight or more characters, and
a combination of mixed case alphanumeric digits.
• The IntelliMax Enterprise automatically logs off inactive users to prevent unauthorized use
of authorized access.
• Audit trails of all remote sessions and ‘current data’ can be viewed from the IntelliMax
Enterprise and can printed out as required.

Network

Can the IntelliMax Agent computer Yes, as long as the IntelliMax Agent can communicate with the Treatment network
be integrated into the existing IP
address numbering plan?

Can the IntelliMax Agent be Yes, as long as the service can be run with the same administrator account as the LCS.
integrated into the existing hospital
network domain?

What other systems does the • The Internet and any supported Elekta products within the hospital network that will
IntelliMax Agent need to connect to? either be monitored by the IntelliMax Agent or used for IntelliMax Connect.
• A compatibility matrix is available on www.elekta.biz, the IntelliMax Agent configuration
utility and from your local Elekta representative showing the latest supported products.

What are the network port and See Firewall Rules section above.
firewall requirements?

Page 12
Technical Safeguards

Document no. 4513 371 0831 09:10 © 2010 Elekta. All mentioned trademarks and registered trademarks are the property of the Elekta Group. All rights reserved. No part of this document may be reproduced in any form without written permission from the copyright holder.
Can software not authorized by It is the responsibility of the hospital to maintain the integrity of the IntelliMax Agent computer. The
Elekta be installed on the Elekta IntelliMax Agent software is designed to be run on a dedicated computer and is not tested with any other
product? software.

Can operating system security Yes. It is the responsibility of the hospital to update operating system security patches accordingly. While
patches or other software be the IntelliMax Enterprise software remains under the control of Elekta, the IntelliMax Agent computer is
installed remotely? managed by the local hospital administrator.

Can the IntelliMax Agent be Serviced Yes, IntelliMax Connect is installed on the IntelliMax Agent to allow for remote access should it be required.
remotely?

Does the IntelliMax Agent support The IntelliMax Enterprise requires each user to have a unique user name ID and password to access the
user/operator specific ID and system. The IntelliMax Agent computer must have an administrator account.
password?

What are the user password The password is at least eight characters long. The password contains characters from at least three of the
complexity requirements? following five categories:
• English uppercase characters (A - Z)
• English lowercase characters (a - z)
• Base 10 –digits (0 - 9)
• Non-alphanumeric (for example: !, $, #, or %)
• Unicode characters.
Additionally users will be forced to change their password every 90days. Users can have their password reset
or account disabled using the Directory Services server.

Are access sessions terminated after • Sessions to the IntelliMax Enterprise are automatically terminated after 40 minutes of inactivity.
a predetermined length of • IntelliMax Connect sessions do not time-out due to inactivity, as in many cases the Elekta IntelliMax
inactivity? Support user will need to observe the operation of the machine in order to provide assistance.

What state should the IntelliMax If the IntelliMax Agent computer is part of a workgroup, the recommendation is to leave it at the login
Agent computer be left in? screen, with no user logged on. If the IntelliMax Agent computer is part of a Domain, it is recommended
that the user is logged in and left with a locked screen. This will ensure that the service required is running
in the background. The hospital can apply local policy for screen lock time outs or inactivity.

Is there any maintenance required • The IntelliMax Agent computer should be left running 24hours a day in order to collect and upload
on the computer? machine calibration, energy and log files over night.
• Hospitals can shutdown the computer at weekends or when treatment is halted for prolonged periods
if required. It is recommended that the IntelliMax Agent computer is rebooted once a week to ensure
correct operation and installation of any outstanding windows hotfixes. The IntelliMax Agent service is
automatically restarted before midnight local time every 24 hours.

Page 13
 Application Maintenance

Can the system installed in the No, as the IntelliMax Agent only acts as a gateway to temporarily store and forward information,

Document no. 4513 371 0831 09:10 © 2010 Elekta. All mentioned trademarks and registered trademarks are the property of the Elekta Group. All rights reserved. No part of this document may be reproduced in any form without written permission from the copyright holder.
hospital be integrated into the site it is not critical to the operation of the attached machines or the hospital. In a complete failure
backup systems? scenario, the IntelliMax Agent can be reinstalled onto a new machine with minimal effort

Do you publish the collected data for All hospitals with Elekta IntelliMax installed can have user account(s) created for their own use.
the hospital to utilize and create This will allow the hospital to view all the data collected from their site and utilise any of the
their own reports? built in data export and reporting tools. User accounts can be requested via your local Elekta
Business Unit representative. Depending on the level of service contract with Elekta, some
reports may be purchasable options.

What is the average frequency of The IntelliMax Enterprise server is maintained within Elekta, and is updated periodically.
upgrades to IntelliMax? Notice is not given to end users when this occurs. IntelliMax Agent upgrades are released
approximately every six months.

How are the upgrades performed? The IntelliMax Agents shall be upgraded remotely with prior permission from the hospital. The
upgrades are designed to require no intervention at the hospital and occur out of clinical hours
unless an Engineer is present. (For the purpose of Elekta IntelliMax, clinical hours are classed as
between 06:00 to 20:00).

Remedies

What, if any, formal mechanism is The hospital-based user should understand the limitations imposed by local hospital privacy
there for individuals to complain policies prior to using IntelliMax connect. However should a complaint arise, Elekta has an
about breaches and to seek redress? established Customer Feedback Reporting (CFR) process to ensure that all complaints are
addressed.

What do we do if support is required Contact your local Elekta support representative or the global helpdesk: support@elekta.com
for IntelliMax?

Contact

Tel: +44 (0) 1293 654 400 Fax: +44 (0) 1293 654 401
mail to: support@elekta.com.

Page 14
Appendix A – Hospital Pre-requisites

Document no. 4513 371 0831 09:10 © 2010 Elekta. All mentioned trademarks and registered trademarks are the property of the Elekta Group. All rights reserved. No part of this document may be reproduced in any form without written permission from the copyright holder.
This form contains the information that the hospital will need to provide the engineer installing Elekta IntelliMax prior to the
installation beginning.
• The IntelliMax Agent computer is provided by either the hospital or Elekta Business Unit
• The computer MUST be dedicated for the purpose of the IntelliMax Agent and not used for any other reason including web access.
• The IntelliMax Agent MUST NOT be installed on any Clinical Elekta product
• It is the responsibility of the hospital to install and maintain anti-virus software, firewalls and Microsoft hotfixes
• Full specification for the computer and required software is contained in PRT0052 available from www.elekta.biz or from your
local Elekta Support representative.

The following information will be required by the engineer performing the installation prior to the installation beginning:

Desired Hostname of the IntelliMax Agent computer:...................................................................................................................................

Static IP Address:...............................................................................................................................................................................................

Subnet Mask:....................................................................................................................................................................................................

Default Gateway:..............................................................................................................................................................................................

Workgroup (or Domain if required).................................................................................................................................................................

If an HTTP or SOCKS Proxy Server is used for access to the Internet, the Proxy address must be provided.

..........................................................................................................................................................................................................................
If authentication is required for the proxy, these credentials will need to be entered at the time of installation.

Username (if available).....................................................................................................................................................................................

Password (if available)......................................................................................................................................................................................

Antivirus software pre installed? Yes/No

Access provided out of the hospital network to :

IntelliMax Enterprise: elekta.axeda.com 209.202.157.188 TCP port 443
GAS Japan: ghjap1.axeda.com 124.40.23.210 TCP port 443
GAS USA: ghsj1.axeda.com 198.66.245.39 TCP port 443
GAS USA: ghsom1.axeda.com 209.202.157.179 TCP port 443
GAS UK: ghuk1.axeda.com 89.234.8.217 TCP port 443

Yes/No

Page 15
Page 16
Document no. 4513 371 0831 09:10 © 2010 Elekta. All mentioned trademarks and registered trademarks are the property of the Elekta Group. All rights reserved. No part of this document may be reproduced in any form without written permission from the copyright holder.
Appendix B – Feedback form

Document no. 4513 371 0831 09:10 © 2010 Elekta. All mentioned trademarks and registered trademarks are the property of the Elekta Group. All rights reserved. No part of this document may be reproduced in any form without written permission from the copyright holder.
If you have identified a reason why Elekta IntelliMax cannot be installed please detail below e.g. funding, IT security,
infrastructure etc. Please return to support@elekta.com. This will allow Elekta to address the reasons given and improve the
service provided.

.......................................................................................................

.......................................................................................................

.......................................................................................................

.......................................................................................................

.......................................................................................................

.......................................................................................................

.......................................................................................................

.......................................................................................................

Detail:
Does the hospital already have remote access or monitoring from any other equipment provider:

 Siemens  Varian  Philips  Other. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.......................................................................................................

.......................................................................................................

Hospital . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Country . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Hospital contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Elekta contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Page 17
 Document no. 4513 371 0831 09:10 © 2010 Elekta. All mentioned trademarks and registered trademarks are the property of the Elekta Group. All rights reserved. No part of this document may be reproduced in any form without written permission from the copyright holder.

www.elekta.com Human Care Makes the Future Possible

Corporate Head Office: Regional Sales, Marketing and Service:
Elekta AB (publ) North America Europe, Middle East, Africa, Asia Pacific
Box 7593, SE-103 93 Stockholm, Sweden Eastern Europe, Latin America
Tel +46 8 587 254 00 Tel +1 770 300 9725 Tel +46 8 587 254 00 Tel +852 2891 2208
Fax +46 8 587 255 00 Fax +1 770 448 6338 Fax +46 8 587 255 00 Fax +852 2575 7133
info@elekta.com info.america@elekta.com info.europe@elekta.com info.asia@elekta.com