Scribd
Upload
35 views14 pages

MOSAIQ 2.62 MFS Configuration Guide

The MOSAIQ 2.62 MFS Configuration Guide provides detailed instructions on configuring the MOSAIQ File Service (MFS), a security feature that manages access to data storage locations. It outlines the configuration file structure, access permissions for processes, and logging of access attempts. The document also includes conventions for documentation, mouse, and keyboard usage to assist users in following the instructions effectively.

Uploaded by

andres.perez.veloso
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
35 views14 pages

MOSAIQ 2.62 MFS Configuration Guide

The MOSAIQ 2.62 MFS Configuration Guide provides detailed instructions on configuring the MOSAIQ File Service (MFS), a security feature that manages access to data storage locations. It outlines the configuration file structure, access permissions for processes, and logging of access attempts. The document also includes conventions for documentation, mouse, and keyboard usage to assist users in following the instructions effectively.

Uploaded by

andres.perez.veloso
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

MOSAIQ 2.

62
MFS Configuration Guide

Document ID: LRMMSQ0027


Language: English
Copyright statement
© 2015 IMPAC Medical Systems, Inc. All rights reserved. Do not make printed or electronic copies of this
document, or parts of it, without written authority from IMPAC Medical Systems, Inc.

The information contained in this document is for the sole use of IMPAC Medical Systems, Inc. personnel,
authorized users of the Equipment, and Licensees of IMPAC Medical Systems, Inc. and for no other purpose.

Use of trademarks and trade names statement


The Elekta® trademarks, service marks, logos and trade names that we use in this document are the registered and
unregistered trademarks and trade names of Elekta AB (publ.), its affiliates or a third party that has licensed its
trademarks and trade names to Elekta AB (publ.) or its affiliates. Do not make copies, show, or use trademarks or
trade names without written authority from IMPAC Medical Systems, Inc. an affiliate of Elekta AB (publ.).

Acknowledgement of other trademarks


Elekta acknowledges the registered trademarks and trade names of other manufacturer that we use in this document.

Referenced documents
Elekta does not supply all documents that we refer to in this document with the equipment. Elekta reserves the right
to make the decision on which of the documents it supplies with the equipment.

Contact information
GLOBAL ELEKTA SOFTWARE SUPPORT

Online Support: [Link]/supportplus


Contact information (phone, email, webex): [Link]/software-support
Training Calendar: [Link]/training
MFS Configuration Guide Table of Contents

Table of Contents

Documentation Conventions .....................................................................................................1


Text Conventions ....................................................................................................................................................... 1
Mouse Conventions .................................................................................................................................................... 2
Keyboard Conventions ............................................................................................................................................... 2
Introduction to MFS .................................................................................................................3

Configuring MFS .......................................................................................................................3


Virtual Storage Paths ................................................................................................................................................. 4
Filesystem Access ....................................................................................................................................................... 4
Other Options ............................................................................................................................................................ 5
MFS Access Logs ......................................................................................................................................................... 5
Host Log Example .................................................................................................................................................. 5
Host/User Log Example .......................................................................................................................................... 6
Confirming MFS Operation ........................................................................................................8

MFS Effects for MOSAIQ Users ....................................................................................................8

Copyright 2015, IMPAC Medical Systems, Inc. i


LRMMSQ0027/ 1LeLash, Derek.0 / 25-Mar-15
Table of Contents MFS Configuration Guide

ii Copyright 2015, IMPAC Medical Systems, Inc.


LRMMSQ0027/ LeLash, Derek1.0 / 25-Mar-15
MFS Configuration Guide Documentation Conventions

Documentation Conventions
This document uses conventions, or rules, in the instructions to help you do the exercises correctly. This
section shows the text, mouse, and keyboard conventions used in this document.

Text Conventions
The instructions in this guide have a format to help you do a task. These text conventions are used in the
instructions:

Bold Print Menu or list items that you select.

Example: Click File | Register New Patient….

Example: In the Select Patient window, click Lamb, Mary.

Italics Words or phrases that appear on the computer screen, references to text or a
number as itself, or new terms that are defined.

Example: Put the insertion point to the left of p in patient.

Example: Annotation is the process of adding customized notes to a Help topic.

Highlighted Text that you type as shown, such as commands or responses.


Print
Example: Type 3000.

Explanations Located directly below the step.

Menus Menu commands are in bold print. Vertical lines divide menu commands that
are done one directly after another.

Example: Click File | System Utilities | Supplies… means from the menu
bar, click File, from the File menu, point to the System Utilities
command, and from the System Utilities menu, click the Supplies…
command.

Buttons and Items to click.


Icons
Example: Click Add.

Example: Click .

Note example:

You can also press F5 to show the eCHART Navigator window.

Copyright 2015, IMPAC Medical Systems, Inc. 1


LRMMSQ0027/ 1LeLash, Derek.0/ 25-Mar-15
Documentation Conventions MFS Configuration Guide

Caution example:

When you change the status of an order to Voided, you cannot change the status again.
CAUTION

Mouse Conventions
These terms are used to describe actions you perform with the mouse:

Click Press and release the left mouse button.

Double-click Click the left mouse button two times in rapid succession.

Right-click Press and release the right mouse button.

Drag Move the mouse while holding down the left mouse button.

Highlight Drag the mouse pointer across data, causing the information to appear in reverse
video.

Keyboard Conventions
Keys that do not type a character appear in all upper case bold print. These keys include:

Function F1, F2, F3, F4, F5, F6, F7, F8, F9, F10, F11, and F12.
Keys

Booster Keys ALT, CTRL, and SHIFT.

Pointer HOME, PAGE UP, PAGE DOWN, END, TAB, and the arrow keys.
Movement
Keys

Other Keys BACKSPACE, DELETE, INSERT, CAPS LOCK, ESC, ENTER,


SPACEBAR, PRINT SCRN, SCROLL LOCK, PAUSE, and NUM LOCK.

A plus sign divides more than one key that you press at the same time.
Example: Press CTRL+F4.
Example: Press ALT+N.

2 Copyright 2015, IMPAC Medical Systems, Inc.


LRMMSQ0027/ LeLash, Derek1.0 / 25-Mar-15
MFS Configuration Guide Introduction to MFS

Introduction to MFS
The MOSAIQ File Service (MFS) is a security feature implemented on MOSAIQ host systems. When it
is enabled, all access to specified physical data storage locations by MOSAIQ is routed by a standard
Windows service through a virtual data storage layer. MOSAIQ and other authorized processes are
permitted to access the data while all other processes are prevented, through standard Windows security
restrictions. Additionally, all file operations handled by MFS are logged to detect unauthorized access
attempts.

Figure 1: MOSAIQ File Service Architecture

Configuring MFS
The MFS configuration file ([Link]) defines the mapping between real and
virtual data storage paths and lists the processes that are allowed to access files through those paths.
Access to this file is restricted to administrators only. Generally, a MOSAIQ site installation will have
one file and the SQL Server will have its own to ensure security.
The important parameter values appear in the <appSettings> section of the file. This section must include
the username and password of the user that runs the MFS service, as specified at installation. This user

Copyright 2015, IMPAC Medical Systems, Inc. 3


LRMMSQ0027/ 1LeLash, Derek.0 / 25-Mar-15
Configuring MFS MFS Configuration Guide

must be configured to have full data access permissions. The username can include a domain name as a
prefix.
<appSettings>
<add key="Username" value="domain\user" />
<add key="Password" value="password" />

Virtual Storage Paths


The storage path mappings are stored as “Storage#” keys, with this format:
"<Network path>|<Virtual path>|<Process IDs>"

Network path The original network path of the protected data directory.

Virtual path The virtual path for that directory, which can include a drive letter
(with colon) and UNC share name separated by semicolons, such as
“M:;Elekta;OtherFiles”.

Process IDs Process IDs to be allowed access to this directory, separated by


commas. A range of IDs can be specified with a dash, as in “30-35”.A
wildcard “*”allows all IDs.

<add key="Storage1" value="\\Server\MosShare\OtherFiles|M:;Elekta;OtherFiles|*"


/>
<add key="Storage2" value="\\Server\MosShare\BDS|;Elekta2;BDS|*" />
<add key="Storage3" value="\\Server\MosShare\images|;Elekta3;images|*" />

Filesystem Access
MFS prevents access to protected data for all processes (applications) except those listed in the
configuration file. The list of allowed processes is set up by default to include all standard MOSAIQ
processes, but it can be edited. These items are stored in “Process#” keys with this format:
"<Process>|<Permissions>"

Process Full name of the executable for the process, such as “[Link]”.

Permissions Type of access granted to the process: “RW” for read/write, “RO” for
read-only, “WO” for write-only.

<add key="Process1" value="[Link]|RW" />


<add key="Process2" value="[Link]|RW" />
<add key="Process3" value="[Link]|RW" />
<add key="Process4" value="[Link]|RW" />
<add key="Process5" value="[Link]|RW" />

Clinics can add third-party applications to this section to give those applications access
to secure data, but doing this may result in unintentional data exposure. In particular,
CAUTION Elekta strongly recommends against enabling access to “[Link]”.

4 Copyright 2015, IMPAC Medical Systems, Inc.


LRMMSQ0027/ LeLash, Derek1.0 / 25-Mar-15
MFS Configuration Guide Configuring MFS

Other Options
Other configuration options in <appSettings> include the following:

MonitorOnly When set to “True,” allows all applications to access protected data.
Access is still monitored and logged to the MFS log file and Windows
Application Event log. Use this only when you need unconditional
access to data. Do not change this value when important operations are
in progress, as this causes an interruption in file access.

ConfigurationMode When set to “True,” adds checksums for defined executables into this
configuration file rather than enforcing them. Use this during the
initial period of production use after installation or upgrade, to ensure
all desired executables have access to protected data.

HideUncShares When set to “True,” hides UNC (network path) virtual shares in
Windows Explorer. The paths themselves are still accessible. Elekta
recommends this option be kept as “False.” Do not change this value
when important operations are in progress, as this causes an
interruption in file access.

<add key="MonitorOnly" value="False" />


<add key="ConfigurationMode" value="False" />
<add key="HideUncShares" value="False" />

For security purposes, you must re-enter the MFS service user name and password
(unencrypted) every time you change this file. If you do not, MFS does not load your
changes.

Changes to this file become effective IMMEDIATELY when you save it. Be especially
careful if you make changes during clinical hours, and read the configuration file
CAUTION comments to see which changes could cause particular disruptions.

MFS Access Logs


MFS data access activity is logged to “MOSAIQFileService” files, as with other system logs. The logs
are stored in folders sorted by the year, month, and day they were recorded. There are files for each
machine and for each user/machine combination.
The log information includes both successful and unsuccessful attempts to access secure data from within
MFS. The log entries look similar to these examples:

Host Log Example


2015-03-17 [Link].1389|ABCEDEFGH|Info|4|Created/updated file mappers.
2015-03-17 [Link].3183|ABCEDEFGH|Info|4|Service starting up.
2015-03-17 [Link].2231|ABCEDEFGH|Info|4|Service version: [Link]
2015-03-17 [Link].2387|ABCEDEFGH|Info|4|Service EXE path: C:\Program
Files\Elekta\MFS\[Link]
2015-03-17 [Link].2387|ABCEDEFGH|Info|4|Service EXE date/time: 2/19/2015 [Link] PM
2015-03-17 [Link].7299|ABCEDEFGH|Info|4|New configuration information:
Configuration Mode status: True
Monitor-Only Mode status: False
Hide UNC Shares status: False
2015-03-17 [Link].1355|ABCEDEFGH|Info|4|Created file mapper: FileMapper configuration:

Copyright 2015, IMPAC Medical Systems, Inc. 5


LRMMSQ0027/ 1LeLash, Derek.0 / 25-Mar-15
Configuring MFS MFS Configuration Guide

Root Path: \\mosaiq_data\DB


Mounting Point: ;Elekta;OtherFilesFolder
Process Data:
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite;
Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite;
Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require
MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require
MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite;
Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite;
Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite;
Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite;
Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite;
Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ:
False
Name: [Link]; AccessLevel: paReadWrite;
Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Name: [Link]; AccessLevel: paReadWrite; Require MOSAIQ: False
Processes requiring MOSAIQ: Monitor Only: False
Configuration Mode: True
Hide UNC Shares: False-

Host/User Log Example


2015-03-17 [Link].6254|ABCEDEFGH|Info|11|Directory opened (by:
\\mosaiq_app\[Link]) (Access types: FILE_READ_ATTRIBUTES / Read) (handle: 1396):
\\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].6394|ABCEDEFGH|Info|10|File/directory closed (by: User=johnsmith:
PID=1352: Process=\\mosaiq_app\[Link]): \\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].7584|ABCEDEFGH|Info|12|Directory opened (by:
\\mosaiq_app\[Link]) (Access types: FILE_READ_ATTRIBUTES / Read) (handle: 1396):
\\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].7584|ABCEDEFGH|Info|11|File/directory closed (by: User=johnsmith:
PID=1352: Process=\\mosaiq_app\[Link]): \\mosaiq_data\DB\MosaiqLog\ABCEDEFGH

6 Copyright 2015, IMPAC Medical Systems, Inc.


LRMMSQ0027/ LeLash, Derek1.0 / 25-Mar-15
MFS Configuration Guide Configuring MFS

2015-03-17 [Link].6594|ABCEDEFGH|Info|10|Directory opened (by:


\\mosaiq_app\[Link]) (Access types: FILE_READ_ATTRIBUTES / Read) (handle: 1396):
\\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].6664|ABCEDEFGH|Info|12|File/directory closed (by: User=johnsmith:
PID=1352: Process=\\mosaiq_app\[Link]): \\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].8244|ABCEDEFGH|Info|11|Directory opened (by:
\\mosaiq_app\[Link]) (Access types: FILE_READ_ATTRIBUTES / Read) (handle: 1396):
\\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].8334|ABCEDEFGH|Info|10|File/directory closed (by: User=johnsmith:
PID=1352: Process=\\mosaiq_app\[Link]): \\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].8160|ABCEDEFGH|Info|12|Directory opened (by:
\\mosaiq_app\[Link]) (Access types: FILE_READ_ATTRIBUTES / Read) (handle: 1436):
\\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].8160|ABCEDEFGH|Info|11|File/directory closed (by: User=johnsmith:
PID=1352: Process=\\mosaiq_app\[Link]): \\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].0060|ABCEDEFGH|Info|12|File created (by: User=johnsmith: PID=1352:
Process=\\mosaiq_app\[Link]):
\\mosaiq_data\DB\MosaiqLog\ABCEDEFGH\[Link]--2015-
[Link]
2015-03-17 [Link].5660|ABCEDEFGH|Info|13|Directory opened (by:
\\mosaiq_app\[Link]) (Access types: FILE_READ_ATTRIBUTES / Read) (handle: 1884):
\\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].5780|ABCEDEFGH|Info|11|File/directory closed (by: User=johnsmith:
PID=1352: Process=\\mosaiq_app\[Link]): \\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].9520|ABCEDEFGH|Info|10|Directory opened (by:
\\mosaiq_app\[Link]) (Access types: FILE_READ_ATTRIBUTES / Read) (handle: 1568):
\\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].9660|ABCEDEFGH|Info|12|File/directory closed (by: User=johnsmith:
PID=1352: Process=\\mosaiq_app\[Link]): \\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].2720|ABCEDEFGH|Info|11|Directory opened (by:
\\mosaiq_app\[Link]) (Access types: FILE_READ_ATTRIBUTES / Read) (handle: 2036):
\\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].3530|ABCEDEFGH|Info|13|File/directory closed (by: User=johnsmith:
PID=1352: Process=\\mosaiq_app\[Link]): \\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].4100|ABCEDEFGH|Info|10|File created (by: User=johnsmith: PID=1352:
Process=\\mosaiq_app\[Link]):
\\mosaiq_data\DB\MosaiqLog\ABCEDEFGH\[Link]
2015-03-17 [Link].5124|ABCEDEFGH|Info|13|Directory opened (by:
\\mosaiq_app\[Link]) (Access types: FILE_READ_ATTRIBUTES / Read) (handle: 1576):
\\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].5254|ABCEDEFGH|Info|11|File/directory closed (by: User=johnsmith:
PID=1352: Process=\\mosaiq_app\[Link]): \\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].5684|ABCEDEFGH|Info|12|Directory opened (by:
\\mosaiq_app\[Link]) (Access types: FILE_READ_ATTRIBUTES / Read) (handle: 1576):
\\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].5944|ABCEDEFGH|Info|13|File/directory closed (by: User=johnsmith:
PID=1352: Process=\\mosaiq_app\[Link]): \\mosaiq_data\DB\MosaiqLog\ABCEDEFGH
2015-03-17 [Link].4636|ABCEDEFGH|Info|11|Directory opened (by:
\\mosaiq_app\[Link]) (Access types: FILE_READ_ATTRIBUTES / Read) (handle: 1576):
\\mosaiq_data\DB\MosaiqLog\ABCEDEFGH

This log does not include attempts to access protected data from outside MFS. These are
handled by standard Windows security.

The MFS logging function is comprehensive, so the log files can grow to a large size in a short time.
Elekta recommends that each site using MFS develop a strategy for monitoring and archiving these files
appropriately.

Copyright 2015, IMPAC Medical Systems, Inc. 7


LRMMSQ0027/ 1LeLash, Derek.0 / 25-Mar-15
Confirming MFS Operation MFS Configuration Guide

Confirming MFS Operation


MFS runs as a standard Windows service, automatically starting at boot-up. It can be monitored by an
administrator through the Services dialog box (Control Panel | Administrative Tools | Services).

Figure 2: MFS Service in Operation

MFS Effects for MOSAIQ Users


Since MFS works independently from MOSAIQ itself, there should be no noticeable changes to
MOSAIQ’s function from a user’s perspective when MFS is enabled. Any differences in configuration or
operation of the system are the concern of the local system administrator.
When MOSAIQ starts, it checks for access to a specific database location (the “Other Files” folder in the
installation directory). If it is unable to access the location, MFS is probably misconfigured or not
running. An error message appears, and MOSAIQ shuts down.
In this case, the administrator would need to investigate if the service and the actual storage location of
the database are available and running properly.
Under MFS, the standard “Other Files” folder from previous MOSAIQ versions is split up into an “Other
Files” folder that has its access restricted by MFS and a “Public Files” folder that does not. This allows
external programs to access particular items without going through MFS. For example, Microsoft Word
cannot access template files for eSCRIBE if they are protected by MFS, so they are placed in the “Public
Files” folder.
If a MOSAIQ user requests to edit a Word document from a secure location, the document is copied to a
working storage location on the client machine for editing, then copied back to the secure location when
the edits are done.

Allowing MFS access to the “[Link]” application (in the MFS configuration file)
is not necessary for this purpose, and Elekta strongly recommends against it.
CAUTION

8 Copyright 2015, IMPAC Medical Systems, Inc.


LRMMSQ0027/ LeLash, Derek1.0 / 25-Mar-15
100 Mathilda Place, Fifth Floor, Sunnyvale, CA 94086
Manufacturer
Elekta Business Area Software Systems
IMPAC Medical Systems, Inc.
100 Mathilda Place
5th Floor
Sunnyvale, CA 94086
USA

[Link] Human Care Makes the Future Possible

Common questions

Powered by AI

MFS enforces compliance through its configuration file by mapping network to virtual paths and listing permitted processes with specific access rights (RW, RO, WO). Only administrators can change the file, ensuring robust data protection. Unauthorized applications cannot access protected data, aligning with clinical data security strategies, thereby mitigating risks of data breaches .

The MFS logs all data access activities, including successful and unsuccessful access attempts, which helps in maintaining data integrity by detecting unauthorized access attempts. Each log entry details the action, user, process, and access level. Due to the comprehensive nature of the logs, Elekta recommends developing a strategy for monitoring and archiving these files appropriately to manage potentially large file sizes .

The MFS configuration file, MosaiqFileServiceSetup.config, maps real to virtual data storage paths and lists authorized processes. Key parameters are set in the <appSettings> section, including the username and password of the MFS service user who must have full data access permissions. The file contains entries like 'Storage#' keys for network and virtual path mappings and 'Process#' keys for process permissions, either read/write (RW), read-only (RO), or write-only (WO). Authorized process IDs are specified, and all changes take effect immediately after saving .

The 'MonitorOnly' option, when set to 'True', allows all applications access to protected data while still logging access. It's used when unconditional access is temporarily needed. 'ConfigurationMode', set to 'True', adds checksums for executables in the configuration file without enforcing them, typically used during initial setup. Both should be unset during critical operations to prevent interruptions .

The virtual storage path configuration in MFS maps network paths to virtual paths with corresponding process IDs given access. This configuration ensures that only specified processes can access data. For example, the configuration '<add key="Storage1" value="\\Server\MosShare\OtherFiles|M:;Elekta;OtherFiles|*" />' permits all processes (*) to access the directory. This effectively manages secure data access, preventing unauthorized applications from accessing critical data .

MFS operates independently of MOSAIQ, so users should notice little difference in functionality. Users might encounter access issues if MFS is misconfigured, as MOSAIQ needs to access a specific database location. Under MFS, the 'Other Files' folder is access-restricted, whereas 'Public Files' allow external programs some access. Temporary copies of files might be used for editing purposes, preserving security .

The 'HideUncShares' setting, when set to 'True', hides UNC network path shares in Windows Explorer, though the paths remain accessible. Incorrectly setting this during operations may interrupt file access, creating access issues for applications reliant on visible network paths. Elekta recommends setting 'HideUncShares' to 'False' to avoid such complications .

Elekta recommends against enabling MFS access for third-party applications because it may unintentionally expose secure data. Specifically, allowing access to 'explorer.exe' is strongly discouraged, as it could provide unrestricted access to the protected data, undermining the security controls that MFS is designed to enforce .

The MOSAIQ File Service (MFS) acts as a security feature for MOSAIQ host systems by routing all access to specified physical data storage locations through a virtual data storage layer. This service allows only MOSAIQ and other authorized processes to access the data, while preventing other processes through standard Windows security restrictions. Additionally, MFS logs all file operations to detect unauthorized access attempts .

To confirm proper MFS operation, an admin should check the service's status in the Windows Services dialog box (Control Panel | Administrative Tools | Services). Indicators of misconfiguration include error messages from MOSAIQ indicating inability to access the 'Other Files' folder or MOSAIQ shutting down. This suggests issues with MFS running or its configuration related to secure data access .

You might also like