GE Healthcare. Desktop Components Reference Guide. GE Centricity* Business v4.3+ Summary

GE Healthcare GE Centricity* Business v4.3+ Desktop Components Reference Guide Summary This document provides information for GE Healthcare customer staff who install, maintain, and troubleshoot the Centricity Business Web desktop components. This document applies to Centricity Business versions 4.3 and 5.0. The most upto-date version of this document is available on the Centricity Business Knowledge Center. A version of this document specific to a given desktop components kit is also available with the kit itself. Software Version 4.3+ Document Version 1 2011 General Electric Company. All Rights Reserved. * Centricity is a trademark of General Electric Company

2 Desktop Components Reference Guide Acknowledgments Prepared by Centricity Business Knowledge Services Organiztion Please send comments to KnowledgeServicesOrganization@ge.com. Confidentiality and Proprietary Rights This document is the confidential property of GE Healthcare, a division of General Electric Company ( GE Healthcare ). No part of this document may be reproduced in any form, by photostat, microfilm, xerography, or any other means, or incorporated into any information retrieval system, electronic or mechanical, without the written permission of GE Healthcare. Inquiries regarding copying and/or using the materials contained in this document outside of the limited scope described herein should be addressed to the e-mail address listed above. GE Healthcare reminds you that there may be legal, ethical, and moral obligations for medical care providers to protect sensitive patient information when dealing with vendors such as GE Healthcare. You should obtain explicit written consent from both the patient and GE Healthcare before you disclose sensitive patient information to GE Healthcare. Limitations and Conditions of Use GE Healthcare furnishes this document to you, a current GE Healthcare customer, as GE Healthcare confidential information pursuant to a non-disclosure agreement ( NDA ) or an agreement with confidentiality provisions between you and GE Healthcare. If you are not (i) a current GE Healthcare customer, and (ii) subject to an NDA or an agreement with confidentiality provisions with GE Healthcare, you are not authorized to access this document. The information contained herein is confidential and should not be used, disclosed, or duplicated for any purpose other than developing information system plans within GE Healthcare customer organizations. Duplication and/or distribution of this document beyond GE Healthcare customer organization information systems and management executives are not allowed without express written consent from GE Healthcare. Trademarks GE, the GE Monogram, Centricity, and imagination at work are trademarks of General Electric Company. All other product names and logos are trademarks or registered trademarks of their respective companies. Copyright Notice Copyright 2008 2011 General Electric Company. All rights reserved. Disclaimers Any information related to clinical functionality is intended for clinical professionals. Clinical professionals are expected to know the medical procedures, practices and terminology required to monitor patients. Operation of the product should neither circumvent nor take precedence over required patient care, nor should it impede the human intervention of attending nurses, physicians or other medical personnel in a manner that would have a negative impact on patient health. General Electric Company reserves the right to make changes in specifications and features shown herein, or discontinue the products described at any time without notice or obligation. This does not constitute a representation or warranty or documentation regarding the product or service featured. All illustrations or examples are provided for informational or reference purposes and/or as fictional examples only. Your product features and configuration may be different than those shown. Contact your GE Representative for the most current information. GE Healthcare 540 West Northwest Highway Barrington, IL 60010 U.S.A. www.gehealthcare.com

Desktop Components Reference Guide 3 Contents Document Overview... 5 Other Important Documents... 5 Desktop Specifications... 6 Minimum vs. Recommended Requirements... 6 Memory Requirements... 6 Display Requirements... 7 Required Software... 7 Microsoft Windows Internet Security... 8 Caching Web Pages... 8 Smart Client... 8 Trusted Sites Security Zone... 9 Fully Qualified Domain Names... 9 Be Aware That... 10 Notes for EDM/Teleform Web Capture Scanning... 10 Installing Internet Explorer... 11 Configuring Internet Security... 11 Managing Internet Security Settings with Group Policy Objects... 14 Microsoft.NET Common Language Runtime (CLR)... 16.NET CLR Versions... 16 Installing.NET CLR... 16 Configuring.NET CLR... 16 Resolving.NET CLR Trust issues... 17 Interaction of Internet Security and.net CLR Settings... 24 Desktop Component Kits... 25 Components... 25 Documentation... 26 Other Files... 27 Web Server Delivery of Desktop Component Kit Files... 27 Desktop Control Deployment... 28 Delivery Challenges... 28 How Desktop Components Get Deployed... 29 Automatic Download... 29 Delivery with the Desktop Component Kit... 30 Important Information for Windows 7 64-bit Client Desktops... 33 Push Technology... 35 How Push Technology Works... 35 Considerations... 35 Alternative Methods... 35 Microsoft Active Directory... 36 Installing Other Components... 38.NET Components... 38 Centricity Framework... 38 SUN Java Runtime Environment (JRE)... 39

4 Desktop Components Reference Guide Terminal Services/Citrix... 39 After the Installation... 41 Checking for Removal of Old Components... 41 Checking for Installed Components... 41 Release Management, Upgrades, and Support... 47 Backwards Compatibility... 47 Upgrades... 47 Integration... 47 Support... 47 Testing... 48 Clearing Cache in the Web... 49 Deleting Temporary Internet Files... 49 Deleting the Schema Cache... 50 Clearing the Download Assembly Cache... 51 Uninstalling ActiveX Controls... 53 Why Uninstall?... 53 "Cleaning Up" by Uninstalling... 53 Other Desktop Software that May Interact with Centricity Business55 Virus and Antispyware Scanning... 55 Spyware... 55 Google and Yahoo! Toolbars... 56 Troubleshooting... 57 Exception Errors... 57 Slowness... 57 Appendix I: Implementing Smart Client... 59 Single Centricity Framework Server... 59 Multiple Centricity Framework Servers/Access Points... 63 Appendix II: History of IDX Spyware Issues... 69 Appendix IIl: Actual Scan Summary from Spybot Search & Destroy for IDXIEController.dll... 70 Appendix IV: Actual Scan Summary from Microsoft AntiSpyware for IDXIEController.dll... 71

Desktop Components Reference Guide 5 Document Overview This document is intended to help GE Healthcare customers install, maintain, and troubleshoot the desktop components necessary for an implementation of the Centricity Business web-based solutions. It covers the following topics: Desktop specifications Desktop components Component delivery Support issues This document is intended to be used together with additional documentation provided in the desktop component kit (see page 25) associated with a customer's implementation. Other Important Documents The following documents provide additional information critical to installing, maintaining, and troubleshooting desktop components, and are referred to frequently in this document: Desktop Internet Security Settings (internet_settings.pdf) This document explains in detail the Internet Security settings required to run Centricity Business web solutions on users PCs. It is available on the Centricity Business Knowledge Center, and within the desktop component kit. System Environment Specifications This version-specific document explains the hardware and software environment requirements for Centricity Business web solutions in detail. The latest version is available on the Centricity Business Knowledge Center. Microsoft Patch Testing Status This document lists relevant Microsoft Service Packs and critical patches and the status of each regarding testing with Centricity Business. The latest version is available on the Centricity Business Knowledge Center. To access these documents on the Centricity Business Knowledge Center: 1. Choose Products and Applications. 2. Choose General and the appropriate version. 3. On the General page, choose Manuals. 4. On the General Manuals page, scroll down and locate the links to the documents under Technical Reference Guides.

6 Desktop Components Reference Guide Desktop Specifications Full listings of desktop specifications are provided in the Centricity Business System Environment Specifications document. This document outlines both the hardware and software necessary to support Centricity Business webbased solutions. It is provided to customers, and constitutes part of the customer's contract with GE Healthcare. Minimum vs. Recommended Requirements The PC configuration requirements in the System Environment Specifications document provide guidance on processor and memory requirements. The following terms are used: Minimum indicates the bare minimum system under which the application can operate without error. Desktops that do not meet these standards should not run Centricity Business applications. Recommended indicates a minimal system configuration under which Centricity Business applications can run with acceptable response time in most cases. Additional memory and/or processing power may further improve response times, and will be available to meet future needs. End-user PC requirements differ depending on whether users are accessing Advanced Web features, or Web Baseline features only. For clients who are transitioning to the web, PCs that will be used for character-based access only have considerably less stringent requirements. Additionally, administrator PCs may have different requirements, and PCs used for training have slightly different requirements. Note: The PC configurations listed in the System Environment Specifications document are for GE Healthcare-supplied software only. Customers must determine whether these configurations are adequate for their unique needs, taking into account additional products and usage for their PCs as well. For example, other recommended software, such as virus protection software, consumes some resources, which should be considered above and beyond the requirements indicated in the System Environment Specifications document. Memory Requirements GE Healthcare has increased recommended CPU and memory requirements for improved performance, as compared to past recommendations. Sufficient memory is a requirement for acceptable desktop performance. For PCs using the Microsoft Windows XP operating system, Centricity Business web solutions require 512 MB of memory. For PCs using the Windows 7 operating system, 2 GB of memory is required for Centricity Business web solutions.

Desktop Components Reference Guide 7 Additional applications will likely require additional memory. No patches are required for the installation of our desktop components, if the desktop conforms to the minimum requirements described in the System Environment Specifications document. Note: The information above is excerpted from the System Environment Specifications document. Please refer to the System Environment Specifications document for the most complete and up-to-date information. Display Requirements Centricity Business web-based solutions require the following display setup: 1024x768 or larger display area Windows Classic Theme and Windows XP Theme (Styles) are supported for Windows XP and Windows 7. 256 or more colors Note: The information above is excerpted from the System Environment Specifications document. Please refer to the System Environment Specifications document for the most complete and up-to-date information. Required Software As noted, users desktops must run either the Microsoft Windows XP Professional or the Microsoft Windows 7 operating system. Microsoft Common Language Runtime (CLR see page 16) must also be installed.

8 Desktop Components Reference Guide Microsoft Windows Internet Security Centricity Business web-based solutions require specific setup in Microsoft Internet Security. Internet Security associated with Internet Explorer (IE) versions 6.0 (SP1 or SP2), 7.0, or 8.0 can support Centricity Business solutions. IE 6.0, SP1 or SP2 is supported for all current versions of Centricity Business web-based solutions IE 7.0 is supported for Centricity Business web-based solutions versions 4.3 and 5.0 IE 8.0 is supported for Centricity Business web-based solutions version 4.3 with Centricity Business CBICW 4.0311.2174, CF 5.02.00.033, Desktop Components 4.0311.217, and IDXFC 4.0311.2213, or later, and version 5.0 Internet Security options should be set according to GE Healthcare recommendations, as explained in the Desktop Internet Security Settings document (Internet_settings.pdf), found in the desktop component kit. Caching Web Pages It is critical that desktops be allowed to cache web pages and other web objects on the local disk, and that this cache remains intact between sessions. Centricity Business web-based solutions are designed to perform optimally under these conditions. If this cache is not available, response time issues may result, because significant additional network traffic is required to accomplish the product s tasks. This needs to be considered if features such as roaming profiles are implemented. It is also important to understand the following two key concepts when you work with Internet Security: Trusted Sites Security Zone Fully Qualified Domain Names These concepts are also important to understand when you are working with the.net CLR (see page 16). Smart Client Smart client is a.net-based browser that can be used instead of the familiar Internet Explorer browser to access Centricity web-based solutions. Using this browser requires that it be deployed in addition to other required desktop software and components. Basically, you will create an MSI to wrap the smart client components, then integrate this MSI into the desktop component kit, which you then deliver in the usual fashion. Please see Appendix I: Implementing Smart Client (page 59) for these smart client-specific deployment instructions. It is important to note that, with very few exceptions, you still need to complete all of the Internet Security setup described in this section and in the Desktop Internet Security Settings (internet_settings.pdf).

Desktop Components Reference Guide 9 Trusted Sites Security Zone Internet Security offers four different levels of security (zones) within which users can access different servers. By default, in Internet Security, URLs with no domain (simple domain name, for example, http://webserver/yourweb) use Local intranet zone security. URLs with a fully qualified domain name (for example, http://webserver.school.edu/yourweb) (see page 9) use Internet zone security. GE Healthcare recommends that customers configure their systems so that Centricity Business is secured by running in the Trusted sites zone. The Trusted sites zone allows different security for Centricity Business than for Local intranet or Internet zones. Local intranet and Internet zones are thus available to customers for other campus-wide uses. Settings in the zone in which the Framework server(s) run are the ones that matter to Centricity Business, so GE Healthcare recommends that Framework server(s) be included in this zone. The Centricity Business system is designed to default settings in the Trusted sites zone. Fully Qualified Domain Names GE Healthcare also recommends that customers use fully qualified domain names, for example, ih322.hospital.university.edu, for all references, especially: Centricity Framework system connections Caché Server Pages (CSP) Gateway configuration And especially, desktop URLs Note: For ASP or Timeshare clients there are additional considerations, because some servers may be in the GE Datacenter and some may not be. For example, Electronic Document Management (EDM) servers are hosted at customer sites, while web servers are hosted at the GE Datacenter. Benefits Fully qualified domain names provide the following benefits: Avoidance of ambiguous references Elimination of desktop DNS configuration issues (simple names can be resolved with connection-specific suffixes or search lists, but these can be troublesome across an entire distributed enterprise) Support for devices, for example, load balancers, that require fully qualified domain names Most effective off-campus access by users (that is, for remote or separated locations, or work-at-home staff)

10 Desktop Components Reference Guide A small user population on a homogeneous network could function well with simple names. As the user population increases, however, and especially as remote clinics are brought on line, problems increase. Be Aware That When configuring the Internet Security Trusted sites list, be aware of the following: DNS must be working properly, and the customer should fix it if it is not. If the customer cannot fix DNS, however, they should use IP addresses rather than simple names. Note: Customer IT staffs should include someone who handles DNS tables, routing, and so forth, which are used extensively in most networks. Using either fully qualified domain names or IP addresses requires correct desktop configuration for both Internet Security and CLR. Simple and fully qualified DNS names are independent; both addresses as well as the enumerated IP address must be listed to cover all possible references. Wild cards are allowed for use with fully qualified domain names and IP addresses; for example, *://*.yourorg.yourtld and *://10.11.12.130-140 can be added to the list to allow both http and https. Wild cards cannot be used with simple domain names. For more details, see the Help topic Internet Explorer 6 Security in the Group Policy editor (gpedit.msc) Help file (Internet Explorer Maintenance/Internet Explorer Concepts/ Internet Explorer 6 Security). Note: To access gpedit.msc, click Start, then Run, the specify gpedit.msc. Only individuals thoroughly familiar with this utility should access it. Notes for EDM/Teleform Web Capture Scanning If your site uses Electronic Document Management (EDM)/Teleform web capture scanning, the Centricity Framework server and the TeleForm Web Capture server must be able to communicate. Many variables, such as network domains, workgroups, enabling trust, setting up Trusted sites in Internet Security, and so forth, impact this ability, but locating the two servers in the same domain will solve most problems. If you are using Teleform web capture, ensure that: Both the Centricity Framework server and the TeleForm Web Capture server live in the same domain, and are within the Internet Security Trusted Sites zone. This enables Centricity Framework to allow the two servers to interact as required. End users always log in to the Framework with fully qualified domain name (FQDN) references, and the server name specified in the Product IDXWCO/CBWCO is also fully qualified. If you do not specify an FQDN

Desktop Components Reference Guide 11 for the Teleform server, the Framework assumes that the Teleform server in the Local Intranet zone rather than the Trusted Sites zone, and the two servers will be unable to interact appropriately. Internet Security is set up as described in the Internet_settings.pdf document included in the desktop component kit. Not using FQDN and/or not having both servers in Trusted Sites could also cause a problem preventing the necessary ActiveX controls from downloading. In this case, you would see the message Not connected to server, and could find incomplete components downloaded to users machines. Installing Internet Explorer Customers decide whether to reinstall Internet Explorer on a desktop or desktops, and are responsible for obtaining it from Microsoft. Customers are also responsible for pushing Internet Security settings (see section following) to their user base, and may use Active Directory or other proprietary methods to do so. Configuring Internet Security This section provides an overview of Internet Security configuration as recommended by GE Healthcare. You and your customers should also review the Desktop Internet Security Settings document (Internet_settings.pdf), in the desktop component kit (see page 25) for the specific Centricity Business version that is installed. Each end-user PC must be configured correctly. You can access Internet Security either of these ways: From with Internet Explorer, via Tools/Internet Options From the PC Control Panel/Internet Options Settings on the General, Security and Advanced tabs must be checked and potentially changed, as described in the following sections.

12 Desktop Components Reference Guide General tab On the General tab, click Settings in the Browsing history (or Temporary Internet files) section. On the Settings screen: 1. Choose the Check for newer versions of stored pages option. Select Every visit to the page, if pages change frequently, especially, for example, during testing or development. Select Every time you start Internet Explorer for best performance, This setting makes the best use of locally cached pages. This setting is preferable in some situations, for example, running automatic testing scripts over a WAN against pages that will not change after the browser is started. 2. Allow at least 250 MB for Temporary Internet files, and ensure that Temporary Internet files are deleted. 3. Save the settings by clicking OK. Following is an illustration of the Settings tab:

Desktop Components Reference Guide 13 Security tab Internet Security has four security "zones," which can be set up so as to provide different levels of security for different groups of sites. Centricity Business web-based solutions are designed to default settings in Trusted sites zone. On the Security tab: 1. Set the security zone in which Centricity Business will run (usually Local intranet or Trusted sites, but this can vary by client) to the default level by selecting the zone and clicking the Default Level button. 2. Usually, the Trusted sites zone is set to Low by default because it's a trusted zone. Other, less trusted zones have higher security settings. Normally, this should not have to be changed. 3. Click Sites. On the Trusted Sites screen, enter the references for each site to be accessed in the Trusted sites zone in the Add this web site to the zone box, then click Add. Add the references (fully qualified domain

14 Desktop Components Reference Guide names and/or IP addresses) for the Centricity Framework server(s) (or the content switch) to this list. If a site is referred to in both ways, it must be listed in each way, for example: liveweb.bigu.edu, 10.18.11.155 testweb.bigu.edu, 10.18.11.165 In each of these examples, the first reference is the fully qualified domain name and the second is the IP address. Caution: You should not use simple domain names, because these are known to cause problems. 4. Click OK to save changes. Notes: Internet Security configuration interacts with.net CLR configuration the same Internet Zones should be raised to Full Trust in both Internet Security and.net CLR (see page 24). Do not confuse Trusted Sites Zone and Full Trust. Security may be fine-tuned. For more information, please consult the Desktop Internet Security Settings document (Internet_settings.pdf) included in the desktop component kit. Each site URL can only be used in one security zone. If a URL cannot be added, therefore, the sites listed for the other security zones should be checked, and the URL removed if it is present on any other site's list. Trusted site setup must be done for each profile on each desktop system. Advanced tab Please refer to Desktop Internet Security Settings for the options to select on the Advanced tab. These settings could vary depending on the version of Internet Explorer installed on the PC. Managing Internet Security Settings with Group Policy Objects Group Policy allows customers to "push" security setting changes, programs, and so forth, out to users who do not have Administrator rights on their machines, and prevents such users from making changes to, for example, their Internet Security settings. Customers can assign users to groups by username, PC identity, and/or other factors. Active Directory then uses the Group Policy settings to set and push out changes and files to the different groups of users. A user can control local policies if he is an Administrator on his PC. Unless a user's specific domain login account has privileges to edit Group Policies, however, his PC is subject to all changes that the IT department pushes to it.

Desktop Components Reference Guide 15 Policy settings for controlling URL Actions are available in both the Computer Configuration and the User Configuration nodes of the Group Policy Object Editor. The Group Policy Object Editor is available in Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page. See http://technet.microsoft.com/enus/library/bb491069.aspx for more information.

16 Desktop Components Reference Guide Microsoft.NET Common Language Runtime (CLR) The CLR is the system agent that runs and manages.net code at runtime. It must be installed on any desktop that runs Centricity Business Advanced Web, which is built on.net technology..net CLR Versions Installing.NET CLR Centricity Business web-based solutions require that.net CLR be installed as described below. Version 2.0 is the minimum level required at this time; please refer to the System Environment Specifications document for details on the versions that may be used, and to the Microsoft Patch Testing Status document for information on.net service packs that support Centricity Business. You must install.net CLR on your user desktops from the Microsoft website. It cannot be installed from the Centricity Framework server. Configuring.NET CLR When users log in to a web server that uses MS.NET technology, GE Centricity Framework immediately checks whether the PC has.net CLR, and if the Trust level has been set to Full for the Internet Security zone users are running in. These conditions are required for the system to properly run the necessary assembly code. In.NET CLR, you must be configure Trust levels programmatically. Running dotnet2.0_trust.bat, which is included in the desktop component kit (or similar code), accomplishes this. Dotnet2.0_trust.bat executes command lines (at the DOS prompt) that set the trust levels dynamically. The person responsible for configuring.net CLR should review the dotnet2.0_trust.bat code and understand what the command lines are doing before running the code. The code currently increases the trust for both Local Intranet and Trusted Sites zones. The code should be edited so that it increases trust only for zones that the Centricity Business web product will be running in. Dotnet2.0_trust.bat must be run on each desktop. Customers can automate the process of running the file, and run it over the network at the same time they push.net CLR out, thus completing both steps at the same time. Note: GE Healthcare recommends that customers use the trust.bat files provided in the desktop component kit to configure.net CLR. Microsoft also provides a Configuration Tool that allows customers to set security with much greater granularity. Customers should use this tool with caution because, while it can heighten security, it can also cause problems over time when

Desktop Components Reference Guide 17 upgrades add DLLs, or change/add new URLs. Please consult Microsoft.NET CLR documentation for more information. Running dotnet2.0_trust.bat on a Windows 7 machine When dotnet2.0_trust.bat is run on a Windows 7 machine, you should right click on the file (dotnet2.0_trust.bat) and select Run as Administrator. This is necessary to elevate user privileges sufficiently for this newer operating system, and to avoid errors such as those shown on page 32. Resolving.NET CLR Trust issues If a user logs into Centricity Framework when a.net CLR issue exists, the following error message appears: The usual suspects that cause this error message are: The PC does not have.net CLR client loaded. The Trust level setting is incorrect. Internet Security settings are incorrect. Each of these problems is discussed in the following sections.

18 Desktop Components Reference Guide The PC Does not have.net CLR client loaded Currently, Centricity Business web-based solutions are supported by version 2.0 of Microsoft.NET CLR (which is included in higher versions of.net CLR). So you should first ensure that the PC has Microsoft.NET CLR version 2.0 loaded. To do this, open up a file explorer window and navigate to the following location: Notice that this PC has three different version folders underneath the Framework folder. Each subfolder represents a different version of Microsoft.NET CLR resident on the PC. If there are no subfolders under the Microsoft.NET folder, then chances are that the PC does not have Microsoft.NET CLR installed at all. If this is the case, contact the Help Desk to get the proper version of.net CLR installed. If the folder structure is present and there is a folder for at least version 2.0.50727, then the PC has.net installed. If you are using Internet Explorer, proceed to check the Trust level of the zone that is running (next section). If you are using smart client, check your Internet Security settings; refer to the Desktop Internet Security Settings document.

Desktop Components Reference Guide 19 Internet Explorer running in incorrect Internet Security zone Note: Skip this step if you are using smart client. Next, if you are using Internet Explorer, check to see what Internet Security zone is running when this Web server is accessed. The snapshot below illustrates that we are running in the Trusted sites zone. The zone that is running should only ever be Local intranet or Trusted sites. Do not run Centricity Business web-based solutions in another zone you should not change the Trust level on the Internet zone.

20 Desktop Components Reference Guide If you find that the Web is running in the Internet zone on your PC, seek help from a seasoned Web engineer who can guide you in mapping your DNS name (Web server name from the URL string) to a valid Internet Security zone. Internet Security settings are incorrect If you are still having problems, check your Internet Security settings, and be sure they are the same as those described in the Desktop Internet Security Settings document.

Desktop Components Reference Guide 21 If you re still having problems If you have still not corrected the problem, run one of the following scripts at the Command prompt to increase the Trust level to Full. Note: To run one of the scripts, you need to have the Run command on your Start menu, but If you are using Windows 7, this command may not be present. Do the following: --In the Search programs and files box that appears on the Start menu, enter?. --Select Command Prompt

22 Desktop Components Reference Guide To run one of the scripts: 1. On the PC, click Start, and choose Run. The system displays a DOS command window. Enter one of the following script commands based on your current scenario, assuming the highest.net CLR version on your PC is version 2.0: Current Zone Local Intranet Trusted Sites Command %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\caspol -q -m -cg LocalIntranet_Zone FullTrust %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\caspol -q -m -cg Trusted_Zone FullTrust Note: Each command is a single-line command, but the width of this document breaks up the command into 2 lines. Make sure when you paste it into the DOS window that it is all on one line.

Desktop Components Reference Guide 23 When a PC has more than one version of.net CLR, the higher version is always the default version being used, unless you have a separate configuration file that you tweak to manipulate which version is called by resident applications (not common, but some sites have this). Following is a snapshot of what a successful command line produces for output.

24 Desktop Components Reference Guide 2. After running the necessary script(s), close all Internet Explorer and/or smart client windows, open a new window, and try to log in again. If you can log in, you should be able to access Centricity Business: You can run these commands in a batch file, or integrate them into your own proprietary push technology for dispersal and installation on your user desktops. Ensure that the command lines are run by users logged in as Administrators so that they have the proper privileges to execute the commands. Interaction of Internet Security and.net CLR Settings.NET trust at the very least expects a server's assemblies and privileges to exist in a specific Internet Security zone, that is, the zone of its login page URL. So, if a web server URL is assigned to the Trusted sites zone,.net assumes that the server's assemblies and privileges are part of the Trusted sites zone.

Desktop Components Reference Guide 25 Desktop Component Kits Desktop component kits from GE Healthcare provide all the tools customers need to install the desktop components required by Centricity Business webbased solutions. These kits include: The components, documentation, and other files mentioned in the following sections The dotnet2.0_trust.bat file referred to on page 16 The quietinstall and quietuninstall files described on pages 30 and 53 The GEHCSetup.xml file, which can be used to configure the quietinstall and quietuninstall processes See the Readme file included in the desktop component kit, for more information. Running the quietinstall file is equivalent to "running the desktop kit," and the two expressions are used interchangeably. Running the desktop kit is the GE Healthcare-preferred method for installing the desktop components. The desktop component kits may also be used with push technology (see page 35). They enable installation of all our desktop software with one touch. Customers can deploy our desktop software using these packages, or can build their own deployment kits from the ones that GE Healthcare provides. As with any Windows application, snapshots are possible. Kits include all components requiring local administrative privileges for installation, other than operating system components, that is, it includes all Centricity Framework, Web Baseline, Advanced Web, and other Centricity Business application components. GE Healthcare project teams should attempt to deliver the desktop component kit as early as possible in a project so customers have enough time to research, digest, and test it. After the desktop component kit has been delivered, GE staff should check with the customer to be sure that the appropriate customer staff has received the kit. Too often, the desktop component kit gets lost on site or does not go to the right people, and this is not discovered until a week before go-live. Components A list of all components for the release is included with the kit, in the file Desktop Components.htm. Centricity Business uses ActiveX controls on the desktop. An ActiveX control is a DLL "wrapped nicely." ActiveX controls provide Better scalability than pure server-based applications (compiled functions are deployed to the workstation for scalability) Distributed communications, from the workstation to the Caché server

26 Desktop Components Reference Guide Centricity Business desktop components are delivered by MSI files. These files contain the client-side ActiveX controls and other components required to run Centricity Business. The two main MSI files for the two major groups of components are: IDXWebFrameworkControls.msi contains all the controls needed for Centricity Framework, CCOW, and so forth FlowcastDesktopControls.msi contains all the controls needed for Centricity Business applications You will see the FlowcastDesktopControls.md5 component with later 4.3 versions (higher than 4.0315.2515) and with version 5.0. This component validates data integrity. It contains a hash number <checksum>. If you enter a DOS command window, navigate to the folder where the file lives and enter FlowcastDesktopControls.md5, a hash number is displayed. This hash number should match the hash number on the FlowcastDesktopControls.msi file. Other components, which may not be used by all customers, include: Java 2 Runtime Environment, used only if the customer is using Centricity Business Electronic Document Management (EDM) (see page 39 for more information). The version of this component changes with each release; the correct version is included in the desktop component kit. WCClientEnu_Teleform_###.xxx (Teleform Web Capture Option), used only if the customer is using EDM Web Capture (front desk scanning). Multiple versions could be included in a single kit, for different versions of Teleform; do the following: Check EDM documentation to determine the correct version of the component for the version of Teleform that you are using. Change the name of the correct component from WCClientEnu_Teleform_###.xxx to WCClientEnu.msi, so that quietinstall will recognize it. Note: If you are using EDM-related components, please contact GE Healthcare for further information. Desktop Components.htm lists the contents of all of these files. Documentation Each kit contains the following documentation specific for its release (in addition to this document, DesktopComponentsReferenceGuide.pdf): Desktop Components Readme.htm: Overall information about how to use the desktop kit, including information about deploying components using various methods. Desktop Management.ppt: High-level review describing how Flowcast interacts with the user s desktop.

Desktop Components Reference Guide 27 Internet_settings.pdf: Describes setting up IE for use with Centricity Business (Desktop Internet Security Setting document) Desktop Components.htm: Lists the files delivered to desktop, with installation paths and versions. Win2KActiveXSolution.pdf: Describes setting up an Active Directory package to deploy Flowcast components with Microsoft Active Directory. Remove? CB Communication Ports.pdf: Describes the setup for encrypted and unencrypted environments using GE Healthcare approved devices and methods. Quiet Install_Uninstall Modifications.htm: This document is intended for GE staff who need to add an MSI to the quietinstall/quietuninstall files. Other Files You will see the following additional files in the desktop component kit: Centricity Business Launch Pad Template.htm: HTML file that you can modify to create a launch pad for Centricity Business that lets users connect to Centricity Business running in a stripped browser. DesktopTestPage.htm: lists desktop components that have been properly installed on the user s PC. DotNetVersionCheck.exe: checks the current machine for the presence of software components necessary for running.net applications gehc_desktop_icons.zip: contains.jpg files of GE icons in several different colors Web Server Delivery of Desktop Component Kit Files The upgrade process that delivers code for each web product also delivers versions of all the desktop component kit MSI files to the Centricity Framework server in the \WebClientFiles directory. This web server upgrade process is totally separate from any process involving the desktop component kit. Theoretically, the contents of \WebClientFiles should match those of the desktop component kit, but this may not in fact be the case, because over time, a version of an MSI file can be compatible with multiple versions of the product. The \WebClientFiles directory contains only the MSI files that come with that version of the product, but the kit needs to have all of the MSIs to account for different product versions that can be loaded. Therefore, customers should always use the kit (or the kit s contents) to push the desktop components for locked-down desktop configurations. Components taken from the \WebClientFiles directory should not be used.

28 Desktop Components Reference Guide Desktop Control Deployment Deploying and supporting Centricity Business desktop components is challenging for a number of reasons: Customers often have desktop support groups that are separate from the group(s) responsible for the Centricity Business applications. Until Centricity Business builds solid relationships with these groups, working together may be challenging. A given customer might use many different strategies, policies, and/or tools for deploying desktop components. Customers usually need to consider other products resident on the desktop, especially those using the same non-ge Healthcare applications (for example,.net CLR), and those that use Internet Security. Customers also must consider network design. Decisions are made at the enterprise level rather than at the product level. Customers may use PC images, which make testing difficult. The Centricity Business applications themselves may be used differently in different parts of the organization. The scale of the deployment at a client may be very large. The system has many different parts (Windows, Centricity Business applications, and so forth), all of which are undergoing rapid change. The changes must be managed. Delivery Challenges Centricity Business' goal is no-touch deployment for user workstations. An end user should be able to start using Centricity Business Web Baseline and Advanced Web without doing anything outside of his or her daily routine. To address security issues, however, most of our customers require that their end-user desktops be "secure," or "locked-down." This means that end users cannot install software and thus cannot modify the desktop environment without authorization. They cannot update registered components even when the components are downloaded from the server. Windows XP and Windows 7 Professional offer robust security to prevent unauthorized modification of the desktop environment, enabling lockeddown desktop configurations. Note on Windows 7 With Windows 7, the User Account Control Settings for the Administrator account must be set to Never Modify for the desktop components to be loaded onto a locked-down desktop. To do this, 1. Click Start button, then type uac in the search box at the bottom of the Start menu s left pane. The User Account Settings screen appears. 2. Move the slider all the way to the bottom (Never modify).

Desktop Components Reference Guide 29 GE Healthcare helps customers manage end-user workstations by providing several delivery solutions. Each of these solutions is described in the sections following. How Desktop Components Get Deployed Desktop components are deployed to end users by either Automatic download, or A method involving the desktop component kit (see page 25). Automatic Download For a user who is logged into his or her desktop computer as a user with local Administrative rights, all installable components are downloaded and installed automatically from the Centricity Framework server, assuming that the Internet Security and settings are configured correctly (see page 8). The user does not need to use the desktop component kit at all. The system Downloads the controls from the web server in a.cab package that is, it pushes the files listed in Desktop Components.htm to their respective locations by exploding the contents of the.cab files on the Centricity Framework server. Note: The.cab package is simply a delivery method for the desktop component files. Uses Windows registry to manage access and control. Invokes Centricity Framework after the download. Components downloaded this way are stored in the Downloaded Program files stored in the Windows directory. This works well internally at GE Healthcare, as internal users do have local Administrative rights, but presents security and training risks that many of our customers cannot tolerate among their end user populations. The automatic download process When a user has appropriate local Administrative rights to download and install ActiveX controls, he or she is presented with a dialog box when a component must be downloaded, unless A previous component(s) signed by the same digital certificate has already been downloaded, and The check box Always trust content from IDX Systems Corporation was checked (users should check this check box when they first see this dialog, and do the same when they see the similar dialog from Microsoft).

30 Desktop Components Reference Guide Delivery with the Desktop Component Kit The desktop component kit must be used to install and upgrade the downloadable components (ActiveX controls) of Centricity Business webbased solutions in environments where end-user machines are "locked down. Kits must be run by a user with Administrator group rights on local machines. End-users without local Administrator rights will then be able to run Centricity Business Web applications without downloading any components from the web server. Kits do not include the Microsoft.Net CLR or Service Packs. These should be deployed and configured in another effort; for more information, please see How To Deploy the.net Framework in a Group Policy Object in Active Directory on the Microsoft website. We do offer sample.bat files that configure trust (see page 16). The MSI files included in the desktop component kit (see page 25) are the files that deliver the web controls to locked-down desktops. The MSI files forcibly push the desktop control files out to a different location. Delivering MSI files to user desktops The MSI files can be delivered to user desktops in several ways: Standalone (double-click the MSI file on the PC to install the components) while this method will result in a fully functional desktop with our web applications, is not encouraged. Running MSI files standalone potentially leaves older component files on the desktop that cannot be located through the registry and cleanly removed. The cleaner method is to remove all previous controls first, then run the MSI files. With the quietinstall files (also included in the kits) this method is recommended (see section following). With push technology (see page 35) Caution: Occasionally, when MSI files are installed on the desktop, Microsoft Windows may initiate a reboot. Delivering MSI files using the quietinstall files Even though standalone delivery usually works, it is not optimal. The goal of delivery is to provide a fully functional set of ActiveX controls that match the current web environment. This means properly uninstalling previous version components. Therefore, for optimum delivery of desktop components, GE Healthcare provides the following two files, which may be run over the network or from a local copy (running these files is synonymous with "running the desktop component kit"): QuietInstall.wsf this file installs the core functionality required to run the Centricity Business desktop. It is important to note that

Desktop Components Reference Guide 31 quietinstall.wsf uninstalls older versions of the kits that are found in the registry before installing new components. This is a much cleaner method than standalone delivery, and is encouraged. QuietInstall.bat this file functions as a template to call quietinstall.wsf, plus installation programs for other functionality that may or may not be required by your systems. Please consult the documents in the particular desktop component kit associated with your release for information about these other programs. These files uninstall components back through version 3.0 of Centricity Business/Flowcast web-based solutions. The desktop component kits: Can be run non-interactively using command-line switches. See the Readme file, included with the desktop component kit documentation (see page 26), for more information. The Readme file includes information on customizing the installation process and on known issues; since it is release-specific it should be reviewed with every installation. Are designed to run without a user interface. Are coded in Windows script, which should be transparent to support teams. Some organizations write additional deployment code; the file code should provide a good basis for this. Note: The desktop component kits also contain quietuninstall.bat/.wsf files to be used if desktop components need to be uninstalled. Please see page 53 for information about these files. Running quietinstall.bat on a Windows 7 machine When quietinstall.bat is run on a Windows 7 machine, you should right click on the file (quietinstall.bat) and select Run as Administrator. This is necessary to elevate user privileges sufficiently for this newer operating system, and to avoid errors such as those shown on the following page.

32 Desktop Components Reference Guide Either of these errors could occur if you try to run quietinstall.bat on a Windows 7 machine without sufficiently elevating user privileges:

Desktop Components Reference Guide 33 Important Information for Windows 7 64-bit Client Desktops If Centricity Business ActiveX controls have been downloaded and installed, from any Centricity Framework web server, on a Windows7 64-bit desktop, in a way other than via the desktop components kit (for example, automatic download for a user with Administrative privileges), you should do the following cleanup before attempting to run the desktop component kit on the desktop. In previous operating system versions, installing the desktop component kit on top of controls always overwrote controls pulled down from the Centricity Framework web server. This is no longer true for Windows7 64-bit desktops. You must manually clear out the downloaded Centricity Business controls prior to running the desktop component kit. Not doing so causes the user to be prompted to download the controls again from the Centricity Framework web server, even though the ActiveX controls were properly installed. To perform the cleanup: 1. In Internet Explorer, navigate to Tools/Internet Options/Manage Add Ons, 2. Change the Show dropdown from Currently Loaded Add Ons to Downloaded Controls. 3. For each of the following controls that appear (not all may appear), select the control, right-click and select More Information, then click Remove to delete the control. IDXssl Class Flowcast LDAP Class IDX TermWin Control IDXcsvr Control Class Participant Class TerminalID Class BrowserObj Class <You will not be able to remove this.> Data Dynamics #Grid 2.0 (ICursor) ActiveReports Viewer2 You should be able to remove all of these controls in this way, except BrowserObj class (from Downloaded Controls ) IDXHlprObj class (from Currently Loaded Add Ons ) (you will not be able to remove the IDXHlprObj class at all) 4. Exit Manage Addons, and close any open Internet Explorer windows. 5. Open Windows Explorer (right click Start and select Open Windows Explorer) and navigate to "C:\Windows\Downloaded Program Files". 6. Delete the following files if they appear: IDXbrowser.inf IDXBrowserLink.dll

34 Desktop Components Reference Guide IDXIEController.DLL Caution: DO NOT ATTEMPT to open Internet Explorer and delete the files. The files will be locked, and you will be unable to delete them at all. 7. Access the registry editor by clicking Start and entering REGEDIT in the Search window. The search should return the regedit icon. 8. Select the regedit icon. The Windows Registry Editor appears. WARNING: The Windows Registry Editor utility can permanently damage your machine if unintended changes are made. Only experienced IT staff should be performing these steps. 9. Navigate to the following path in the registry editor: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\ CurrentVersion\SharedDLLs] 10. Delete the following entries that appear underneath the above registry key: C:\Windows\Downloaded Program Files\IDXBrowserLink.dll C:\Windows\Downloaded Program Files\IDXIEController.DLL" 11. Close the Windows Registry Editor. 12. Open Internet Explorer and navigate to Tools/Internet Options/Manage Add Ons, 13. Change the Show dropdown from Currently Loaded Add Ons to Downloaded Controls. 14. Select the BrowserObj class, right-click and select More Information, then click Remove. When you have completed these steps, only the IDXHlprObj class (from Currently Loaded Add Ons ) should remain for the Centricity Framework product. You can run the Desktop Controls Kit appropriate for your Centricity Framework/Centricity Business web server installation. If the installation is successful, the user should not be prompted again to download any ActiveX controls when accessing the Centricity Framework server.

Desktop Components Reference Guide 35 Push Technology GE Healthcare's desktop installation kits are designed to be delivered to end users by means of push technology. Push technology uses mature third-party tools to deliver components. Centricity Business is a standard, well-behaved Windows application that works well with these standard tools. Many of these tools are familiar to those who have supported other Windows applications. Among them are Novell ZENworks, LANDesk, SMS, and Altiris. Each of these tools offers varying levels of integration and control. One solution in particular, Microsoft Active Directory, is the recommended solution (see page 36), but other proprietary push technologies may also be used. How Push Technology Works Customers use "push" tools to build "snapshot" packages on a prototype desktop. Changes only can be captured, and just these changes are pushed to end users. The packages are created using primarily the desktop component kit's MSI files. The actual "push" occurs after the end user reboots his or her operating system. Installing the changes may require an additional restart. Considerations Here are a few features of push technology to consider: Push technology requires that a privileged user deploy software to a PC. The software is then activated so that anyone who accesses the PC can use the software, regardless of his or her security. Push technology works best when all end-user desktops are similar. Push technology is oriented towards files rather than settings; it is often desirable to push settings information to end users, for example, for Internet Security. Active Directory and other push technologies should be configured to uninstall previous versions of the kit prior to installing the new one, as quietinstall.wsf does. Alternative Methods Other ways of "pushing" desktop updates: Windows Login scripts: these scripts provide coarse control via domain login. To receive "pushes" via this method, ends users must have local Administrator rights so that they can install applications (or, the domain controller has been configured to run the script as a process with a different domain user who does have Administrator rights). "Sneakernet"

36 Desktop Components Reference Guide Note: It is possible for customers to remove the DLLs from Centricity Business-provided packaging code and create their own process and code for distribution and registration. GE Healthcare does not recommend this method because it requires a keen understanding of the DLLs themselves, the edits needed to register them, and so forth. The MSIs are designed to remove guesswork and to standardize what we are delivering. Pulling them apart opens the door to aberrations that are not within our control. Microsoft Active Directory GE Healthcare recommends that our customers use Microsoft Active Directory (AD) to manage deployment of desktop software, which is available and which works well with Windows XP and Windows 7. Using AD allows remote management of locked-down desktops (that is, where the end user does not have local Administrator rights and cannot install software). AD creates a controlled environment, or domain, and publishes the MSI files to the domain. How AD Works To use AD, the system manager defines Group Policies (see page 14) to determine components and settings for a machine and/or group. Customers are responsible for the bulk of this setup, since it is mostly networkdependent. When a user logs in to the network, AD login is also activated, that is, the user's PC accesses AD as part of the network login procedure. The PC looks to the AD directory, examines it for new components, downloads any missing components as MSI files, and then installs them. Thus, each computer in the domain can automatically pull new software and install it behind the scenes when a user logs in. This process ensures proper installation and upgrade of client-side ActiveX controls without manual installation or disruption to the end user. AD provides the following benefits: It is designed to support large numbers of desktops over widely distributed networks. It is robust, scalable, and fault-tolerant. It is flexible, and thus can support varied network topologies. It is Microsoft's recommended and supported solution. It provides support for.net components. One drawback to AD is that it can be used only for computer-level installations, not user-level installations.

Desktop Components Reference Guide 37 Resources A document, Using Active Directory to Install Client-Side Web Framework Components (Win2KActiveXSolution.pdf), is included in the desktop component kit, and explains how to use Active Directory with MSI files. More information on using Active Directory is included with the Active Directory product, and is also available on Microsoft's website and from third parties.

38 Desktop Components Reference Guide Installing Other Components.NET Components.NET components behave differently from Active X controls:.net component delivery takes place only via "pull." Administrator rights are not required..net components are not truly installed or registered on the machine; instead, they go into download assembly cache. What this means, in theory, is that all users simply download the.net components as needed there is no way to "lock down" desktops against the.net components. When.NET CLR is properly configured, the.net assemblies download to a folder underneath the user s profile. The only case in which this might not work is a situation in which a user does not have read and write access to all the folders under his or her user profile, which should be the case rarely, if ever. Centricity Framework Centricity Business web-based solutions require that Centricity Framework (formerly the Web Framework) components also be installed on the desktop. Therefore, these components are also installed by the Centricity Business desktop component kit. IDXWebFrameworkControls.msi reflects the current Centricity Framework version being installed by the release associated with the desktop component kit. The name of the default MSI for Centricity Framework will always reflect the version being delivered with that kit. In some cases, however, that there are other copies named using this format: IDXWebFrameworkControls_<version ###>.XXX These files exist because it is possible for a desktop component kit to contain different versions of a component for compatibility with other non-ge Healthcare applications. Customers can run such a differently versioned MSI file, if necessary, by changing the.xxx extension to.msi. QuietInstall.wsf delivers whatever has an.msi extension in the desktop component kit folder, and so can be used to install such an alternate version. Launch the Framework using a new iexplorer.exe process Note: This section does not apply if you are using smart client. A target, for example, "C:\Program Files\Internet Explorer\iexplore.exe" http://dotnet.idx.com/idxweb, should be created to define a shortcut to launch Centricity Framework. This will ensure that each time the Framework is started, a new iexplore.exe process is also started. The Framework does not support multiple browsers running under the same iexplore.exe

Desktop Components Reference Guide 39 process. (It does support multiple browsers running under different iexplore.exe processes.) Note: In Windows 7 64 bit, you need to use the 32 bit Iexplore.exe "C:\Program Files (x86)\internet Explorer\iexplore.exe" http://dotnet.idx.com/idxweb. SUN Java Runtime Environment (JRE) Centricity Business and former Flowcast applications do not require any Java on the desktop (Java is used on the web server), except when the Electronic Document Management application (EDM) is used. EDM requires the Sun JRE. (Microsoft Virtual Machine is not required at all.) Installing JRE Our installation is different than Sun s default in that the browser is not set to use Sun Java by default, nor are updates automatically downloaded. GE provides a special MSI configured to deliver the Sun JRE for use with Centricity Business applications. To install the Sun JRE using the quietinstall files, change the file extension from.xxx to.msi. Old versions of JRE In general, GE Healthcare recommends that existing old versions of GE Healthcare controls be removed before new versions are installed. Desktop component kit methods are designed to do this. But we believe the JRE is so common we should not uninstall it just because it is there! Therefore, by default, the quietuninstall programs both leave any existing JRE version in place. If you want either the quietinstall or the quietuninstall program to remove the Sun JRE, change the parameter <UNINSTALLJRE>N</UNINSTALLJRE> in GEHCSetup.xml from N to Y, then run quietinstall.bat or quietuninstall.bat in the directory where components were installed on the desktop, or over the network. This will uninstall the Sun JRE no matter how it was installed. For more information on the desktop component uninstall process, see page 53. Terminal Services/Citrix Centricity Business customers can use Terminal Services for some or all their users, often with Citrix MetaFrame. This raises the concerns regarding: One version of installed applications on any server Need to reload cached content must if purged Roaming profiles across multiple Terminal Services servers

40 Desktop Components Reference Guide Reference: Microsoft Knowledge Base entry#243535 Even though Centricity Business products are certified to work properly on Citrix, GE Healthcare does not support Citrix, and does not advise customers about configuring Citrix. For more information on Terminal Services and Citrix, please see the System Environment Specifications document.

Desktop Components Reference Guide 41 After the Installation Any installation (or uninstallation) process can result in corruption of registry entries and DLL registrations, and thus can fail. After running an installation or uninstallation, therefore, customers should verify that new components are installed where they think they should be, and that old components have been properly removed. Checking for Removal of Old Components Customers should spot check when they are testing to be sure that the installation/uninstallation method they are using removes all of the old controls. Perhaps the best approach is to install new components and then search the system for files left from previous installations. Assuming the new components were installed correctly, there is nothing to clean up in the registry. Files left behind from previous installs can just be deleted, especially if the customer is concerned about space. Caution: Active files must not be deleted! If just one new component is being delivered, just the old version of the component may be uninstalled. If a new desktop is being delivered, all the previous components may be uninstalled. Even with one new component, the customer's desktop support team has to build a new complete package to build new PCs, but they may be able to use it to also update the desktops they have already deployed. Checking for Installed Components After installation is complete, validate the presence of all necessary controls on end user machines by doing one of the following: Double clicking the file DesktopTestPage.htm (included in the kit). This enables you to see if the desktop components were installed properly. Notes: DesktopTestPage.htm checks only for components delivered by the desktop component kit. Be sure that the new controls have been pushed out. You should use the DesktopTestPage.htm that came with the desktop component kit you are installing, because the ActiveX control GUIDs may have changed between releases. Examining the Windows Program List (see next section) Examining the Windows Program List When the desktop component kit methods are run on a PC either manually, or by "push" or "pull" technology the individual programs are installed on the

42 Desktop Components Reference Guide PC and appear in the Windows Program List in Windows XP Professional and Windows 7 Professional. To access the Windows Program List, and thus verify whether the desktop component kit method installed these programs, access Control Panel/ Add/Remove Programs. The following two programs should always be present: Web Framework (IDXWebFrameworkControls.msi) Flowcast Desktop Controls (FlowcastDesktopControls.msi) Additionally, If the customer has EDM, the Java 2 Runtime Environment is present. The version of this component changes with each release; please see page 26. If the customer does scanning, a scanning-related program, Teleform Web Capture Option, is present. The version of this component can differ depending on the version of Teleform in use; please see EDM documentation for the component version that should be used with a particular version of Teleform. If the relevant programs are all present, the PC should not download the controls from the web server. If one of them is missing, you may need to reinstall the web controls using one of the desktop component kit methods (see page 30). Note: Desktop Components.htm in the current desktop kit has the most upto-date list of installed components. If the desktop components are not installed on a PC using one of the desktop component kit methods, the end user downloads the controls the first time she or he visits the Centricity Framework server, if he or she has Administrator rights on the machine. The files are then stored on the PC s desktop in the Downloaded Program Files folder. As stated in the previous section, the PC should never download the components from the web server if a desktop component kit method has been run on a PC, if the correct version of the kit is properly installed.

Desktop Components Reference Guide 43 To verify that the ActiveX controls have been downloaded from the web server, do the following: 1. Access the General tab within Internet Options.

44 Desktop Components Reference Guide 2. Click on the Settings button in the Temporary Internet files section of the General tab. This brings up the following dialog: 3. Click View Objects. This brings up the Downloaded Program Files folder, as shown below.

Desktop Components Reference Guide 45 4. If the end user downloaded GE Healthcare files from the web server, they should be listed on this screen. Some of these files are circled in the preceding illustration. The files that should display are listed in Desktop Components.htm. 5. Examine the Status for each file, and consider whether the corresponding programs (listed previously) are present in Add/Remove programs. If the files are listed as Installed, they are valid. If the user first downloaded controls from the server, than ran a desktop component kit method (any version) on the same PC, the files may be listed as Unplugged (sometimes Damaged) (see Unplugged/Damaged Files, following, for suggestions on what to do about this). If the user has run a desktop component kit method, or has had the controls pushed to his or her PC, the corresponding applications mentioned previously should exist in the Add/Remove Programs list, and the files listed above should not exist here. Therefore, if the user has the programs listed in the Add/Remove Programs list and the files listed above are present in the Downloaded Program Files folder, you should delete the files from the Downloaded Program Files folder. The programs and files might both be listed if the end user accessed the web server and downloaded the controls before a desktop component kit method was run on his or her PC. If the controls exist in this list and the corresponding programs are not listed in Add/Remove Programs, verify that the controls are in the Installed status. If any control is not in the Installed status, delete it from the Downloaded Program Files folder. The user will download the control(s) again the next time she or he hits the web server, and after this takes place, the user should verify that the controls are now listed as Installed. If they are not listed as Installed, the user may either Not have the Administrator rights to install the file, or Be clicking No if they are prompted to install the control. In these cases, it may be advisable to manually run a desktop component kit method on the PC through a Windows account with Administrator rights to ensure that the files are installed successfully. Unplugged/Damaged Files Files are listed as Unplugged or Damaged in the following situations: A desktop component kit method was run intentionally after downloading the controls from the server. In this case, the controls delivered from the kit should work. The unplugged/damaged items may optionally be highlighted and deleted from the view (they will not work anymore). A desktop component kit method was run unintentionally after the controls were downloaded. In this case, if the user wants only the files downloaded from the server,

46 Desktop Components Reference Guide The uninstallation utility from the desktop component kit (see page 53) should be run to remove all the desktop controls installed. All unplugged/damaged items should be deleted from the Downloaded Program Files view. The user should log on to the web server to download the controls again.

Desktop Components Reference Guide 47 Release Management, Upgrades, and Support Backwards Compatibility Upgrades Integration Support Backwards compatibility usually refers to the ability of a desktop with new components, deployed in anticipation of go-live on a new version, to log in to a server with an older but soon-to-be-updated version. This situation normally does not present problems, but, as always, should be rigorously tested before full deployment. As much as possible, customers should maintain the same versions of controls on their desktops and servers. One frequently asked question is whether any problems are created if a desktop that has old components connects to an updated server. This cannot happen. A desktop can log in to a server only if its components match the server's. GE Healthcare's policy is to preserve backwards compatibility (as described in the first paragraph in this section) whenever possible. Occasionally, major changes to supporting components, for example, those provided by Microsoft, may interfere with compatibility. The importance of testing new versions, therefore, cannot be overemphasized. GE Healthcare recommends that customers use dedicated testing PCs until they have tested compatibility with a live version. Compatibility must also be tested when controls are pushed to the desktops before the server upgrade. Upgrades are built on new versions of enabling tools, including Centricity Framework. The upgrade process involves extensive project planning for each customer. Server and desktop upgrades should be coordinated so that one takes place as soon as possible after the other. Both upgrades should be complete before users access the system. After the upgrade, if the new components are not yet installed, users will experience issues or the web product will not work. In this case, you must uninstall the old components and install the new/updated components. GE Healthcare s Centricity product releases are coordinated to minimize impact on joint customers. Additional coordination is required during upgrade and/or installation projects. GE Healthcare Customer Support can provide customers with the latest information on using GE Healthcare products with Microsoft hotfixes. GE Healthcare product groups test Microsoft patches per our patch policy guidelines. This information is available in the Microsoft Patch Testing Status

48 Desktop Components Reference Guide document, which is updated frequently. The date of the last update appears to the right document link. Customers must decide which patches to deploy and when, based on their own security vulnerabilities. The following additional resources are available to customers: The monthly Microsoft Security Bulletins The Centricity Business Knowledge Center on the Customer Web Testing Customers must test rigorously before any large-scale deployment. They must test the installation process on images of all systems to be upgraded. If desktops are unmanaged, they should expect some not to be upgradeable. Customers must test their applications on desktops where they are testing their deployment process. If they intend to deploy desktop components to production users before upgrading the servers, customers must validate that their applications work. In some cases, custom forms not written to Centricity Business standards may not work correctly when displayed in a new version of the web-based solutions.

Desktop Components Reference Guide 49 Clearing Cache in the Web In Centricity Business web-based solutions, the Internet Security settings GE Healthcare recommends cause customers browsers to cache pages in their Temporary Internet folders as the pages are received and rendered on their PCs. This speeds up overall response time, since most items pushed out from the web server will not change on a regular basis. The data content on the pages changes constantly, but the page structure, java script files, and assemblies doing the work behind the scenes remain relatively static. From time to time, a user may have a bad page cached, or possibly an older version of a page that does not function correctly. It is usually at this time that GE Healthcare asks the customer to clear the cache. Prior to the introduction of.net-based products, this was a simple exercise of deleting temporary internet files. With Flowcast and Centricity Business.NET-based products, this becomes a more complicated process, because assembly and schema files are now also cached. A customer using a.net-based web product who needs to clear the cache on a PC should do the following: 1. Delete temporary internet files (Internet Explorer only) 2. Delete the schema cache 3. Clear the download assembler cache Instructions for each of these tasks are provided in the following sections. Deleting Temporary Internet Files Note: This section does not apply if you are using smart client. To delete temporary internet files, first close all open IE browser windows and open a new one. Then do the following: 1. Select Tools, Internet Options. 2. On the General tab, in the middle of the screen, there s a section labeled Temporary Internet Files. Select the Delete Files button, then check the Delete all offline content check box and click OK. This deletes all cached pages, java script files, and so forth. After you do this, your browser settings cause any initial hits to a website to push out a

50 Desktop Components Reference Guide new copy of the page(s) and file(s) you are accessing. These files are then again cached into your Temporary Internet Files folder for quicker rendering on subsequent hits. Deleting the Schema Cache Microsoft.NET uses schemas, which are basically.net representations of the structures of XML messages. XML messages are the main vehicles by which data is passed between Advanced Web (AW, now AW-.NET) pages and the Caché backend through the CSVR port. Schemas are also cached on users PCs, and need to be cleared out when necessary. The schema cache is usually stored under each individual user profile, so if a single PC has multiple users, you might need to delete the schema cache for each user s profile entry. To do this, delete all folders underneath the IsolatedStorage folder at the following path: <Drive>:\Documents and Settings\<network logon username>\local Settings\Application Data\IsolatedStorage (The disk drive and user s network logon name will be different on each PC.)

Desktop Components Reference Guide 51 Clearing the Download Assembly Cache.NET assemblies are also cached with Centricity Business web-based solutions. To clear these, you need to open a DOS command window and drill down to the highest version of Microsoft.NET CLR they are using. At this point, customers should be using.net CLR v2.0, and may have a later version installed as well. You may want to initially check to see what versions they have loaded (via Windows file folder explorer) prior to opening a command window, just so you know where to drill down. To clear cached.net assemblies: 1. Open a DOS command window by selecting Start, then Run. Note: If you are using Windows 7, you may not see Run on your Start menu. Follow the directions given on page 21 to add Run to your Start menu. 2. Enter cmd. and then press [ENTER]. The DOS command window opens.

52 Desktop Components Reference Guide 3. Change directories to drill down to the most current version of the.net Framework. 4. Once you are there, run gacutil /cdl to clear the download assembly cache. Note: Some 2.0 and later installs do not deliver the gacutil utility. If gacutil.exe does not exist in the later version folders, attempt to run the utility from the v1.1 folder, if the utility exists there. If you can t find the utility, you need to download it from the Microsoft website.

Desktop Components Reference Guide 53 Uninstalling ActiveX Controls Why Uninstall? An ActiveX control is just like any other self-registering DLL that exposes its classes described in the registry. Because the classes are the same no matter how the DLL is installed, and even if copies are in many different locations, only one is active. You can always figure out the active copy by searching the registry for the paths at which files are stored. If a new version is correctly installed, it is the new active component, whether or not any previous versions of the component are uninstalled. There are some cases, however, where "cleaning up" the desktop is necessary or desirable: If an attempt to install a new control fails, or partially succeeds, some of the new DLLs might be good (that is, registered), but others might be present but not registered, creating problems. This could happen, for example, if some of the DLLs are installed, but the disk fills up, the process crashes, and the DLLs do not get registered. Customers may have downloaded controls or deployed them to random locations on the desktop, or even to different locations on different desktops. It may be desirable to clean up and better organize the desktop. "Cleaning Up" by Uninstalling The best way to clean up is to uninstall old copies of controls. There are three ways to do this. Double clicking the appropriate icon in Add/Remove Programs Running the uninstall command msiexec at the DOS prompt command line. Uninstall (and install) activity initiated in this way can be monitored while it is in progress by tracking MSI file (msiexec) processes in the Task Manager. Please consult Microsoft documentation for more information on msiexec. Using the desktop component kit quietinstall/quietuninstall utilities. How the uninstall should be run depends on customer preference, but GE Healthcare recommends using the desktop component kit's quietinstall/quietuninstall utilities. Caution: Occasionally, when.msi files are installed on the desktop, Microsoft Windows may initiate a reboot. Uninstalling using the utilities Centricity Business has coded quietinstall.wsf to uninstall any previous versions of the desktop components it can find in the desktop s registry. If the program is run properly, desktop components from Flowcast Web version 3.0

54 Desktop Components Reference Guide and all later versions are uninstalled. After the program uninstalls the old controls, it installs the new ones. Centricity Business also provides an uninstall program, quietuninstall.wsf, which works the same way as the uninstall piece of quietinstall.wsf. There is, however, no need to run the previous version's quietuninstall program before running a new version's quietinstall program. QuietInstall.bat/.wsf and quietuninstall.bat/.wsf can be run from a command line or remote service and do the uninstallation without any prompting. Modifying the uninstall QuietUninstall.bat/wsf uses file GEHCSetup.xml (from the desktop component kit) as the source for the parameter settings that control what quietuninstall.bat/wsf does. GEHCSetup.xml can be modified to control whether all known components are removed, or just those recently installed (based on the install log). To remove just those components listed in the install log, change ALL to JustLastInstalled at parameter <UNINSTALLCOMP>ALL</UNINSTALLCOMP>. Changing this parameter also works if you are using the quietinstall programs, because as noted, they call the same code as that used by the quietuninstall programs to do the initial uninstallation of old components, and the quietuninstall code also uses GEHCSetup.xml. Therefore, if you want the uninstallation that is part of quietinstall to be limited to just those components limited in the installation log, you must also change the <UNINSTALLCOMP> parameter in GEHCSetup.xml. How the uninstall code works The uninstall code (whether called from quietinstall.wsf or quietuninstall.wsf) uninstalls any desktop components it can find. Of course, the install program goes on to install the new components after uninstalling the old, but this is the only difference. Checking for removal of old components (see page 41) is always necessary after any installation or uninstallation. For Windows 7 machines As with quietinstall.bat, when you run quietuninstall.bat on a Windows 7 machine, you need to elevate user privileges by right clicking on the file (quietuninstall.bat) and selecting Run as Administrator. For more information, please see page 31.

Desktop Components Reference Guide 55 Other Desktop Software that May Interact with Centricity Business Virus and Antispyware Scanning Any virus or antispyware scanning is likely to have a significant impact on performance. If real-time scanning is required, the desktop must be properly configured. Spyware Some Centricity Framework desktop components have in the past been identified as spyware by various anti-spyware products. GE Healthcare has replaced components that have experienced these problems. Immediate available workaround Should a component be identified as spyware, users can mark found components to be ignored in subsequent spyware scans. If a customer is concerned, you can demonstrate that the spyware finding is simply the result of registering a particular DLL, as follows: 1. On a clean machine, copy just the DLL, then scan for spyware; the scan should not identify any GE Healthcare components (else the machine was not clean!) 2. Use regsvr32 to register the DLL, and scan again. 3. The scanner should now identify the spyware that had been found previously. Tools information Spybot Search & Destroy freeware is not licensed for use in a commercial setting. The same company does have a commercial offering that provides for centralized management of exclusion lists and actions. (See Appendix IIl: Actual Scan Summary from Spybot Search & Destroy for IDXIEController.dll on page 70 for a sample scan.) Microsoft AntiSpyware Beta is not even supported by Microsoft. (See Appendix IV: Actual Scan Summary from Microsoft AntiSpyware for IDXIEController.dll on page 71 for a sample scan.) History of IDX/GE Healthcare spyware problems Please see Appendix II: History of IDX Spyware Issues on page 69. References C/NET story on Forrester study: Anti-spyware market to boom in 2005 SpywareGuide

56 Desktop Components Reference Guide Spyware Warrior Google and Yahoo! Toolbars The following two issues have been associated with Google Toolbar: Google Toolbar combined with.net Release 1 causes Internet Explorer crashes on Windows XP Professional. Google Toolbar has a pop-up blocker, and our web applications use pop-ups. For proper operation, enable ( whitelist ) pop-ups from Centricity Framework server(s). Yahoo! Toolbar can also cause issues. It may prevent the Framework login page from downloading necessary ActiveX controls. You can solve these problems by simply uninstalling the troublesome toolbar via Add/Remove Programs. GEHC recommends that you do this.

Desktop Components Reference Guide 57 Troubleshooting Exception Errors Use this checklist to alleviate some of the known conditions that cause exception errors. Check PC Ensure that the PC complies with the requirements outlined in the System Environment Specifications document. Check the Internet Security settings (refer to Internet_settings.pdf for the version in use). If the Google toolbar is installed, either remove it, or disable the pop-up blocker (.NET requirement). Verify that the operating system is Windows XP or Windows 7. Turn on the exception error logging preference in Centricity Framework. Validate the presence of all ActiveX controls, and verify that they are installed correctly and not both downloaded and in programs (see page 41) Check for adware or spyware on the PC, and remove it, if present (see page 55). Determine if there are any unneeded applications running, and remove them, if present. Verify that versions of.net CLR and Internet Explorer are appropriate: See the System Environment Specifications document for specific requirements for.net CLR. For Internet Explorer: v6.0 SP1 or SP2, for all current Centricity Business versions, or v7.0. for Centricity Business versions 4.3 and 5.0, or v8.0 is supported for Centricity Business version 4.3 with Centricity Business CBICW 4.0311.2174, CF 5.02.00.033, Desktop Components 4.0311.217, and IDXFC 4.0311.2213, or later, and version 5.0. If the error still occurs after you have verified all the above items and made any necessary corrections, recreate the error on a clean PC other than the original PC that experienced the error. Slowness Use this checklist to alleviate some of the known conditions that cause slowness.

58 Desktop Components Reference Guide Check PC Ensure that the PC complies with the requirements outlined in the System Environment Specifications document. Check Internet Security settings Internet option Check for newer versions of stored pages should be set to Every time you start IE. Cache setting should be large enough for the applications running, that is, at least 250 MB. Internet option Empty temporary internet files when browser is closed should be set to Disabled. Internet option Do not save encrypted pages to disk should be set to Disabled. Internet option Automatically check for IE updates should be set to Disabled. Verify that the operating system is Windows XP or Windows 7. Check for adware or spyware on the PC, and remove it, if present (see page 55). Check for streaming applications on the PC, and remove them, if present. Validate the presence of all ActiveX controls, and verify that they are installed correctly and not both downloaded and in programs (see page 41). Note: The presence of this issue could indicate a security problem. Check for excessive downloads of the web files by analyzing the IIS log files. Look for situations where a particular file, for example a.net DLL, is requested repeatedly by the same end user PC. Files should usually be cached, and should only be requested once. Determine if there are any unneeded applications running, and remove them, if present.

Desktop Components Reference Guide 59 Appendix I: Implementing Smart Client To implement smart client at your organization, you create an MSI ( Centricity MSI ) to wrap the smart client components, integrate this MSI into the desktop component kit, and then deliver the Kit in the usual fashion. This Appendix provides basic guidelines for creating the MSI and integrating it into the Centricity Business desktop component kit. The process differs somewhat depending on whether you have a single Centricity Framework server or multiple servers. Single Centricity Framework Server With a single Centricity Framework server, you Build an MSI comprised of a set of manifests and.net DLLs that are wrapped into the MSI package, then generate the MSI, using the CF Deployer Integrate the new MSI in the desktop component kit Building and generating the MSI--overview To build and generate the MSI 1. On the Centricity Framework web server, open Windows Explorer and navigate to the \Web\IDXWF\Components folder under the Centricity Framework install path. 2. Check the CF.exe.config file to make sure that the correct parameters are present in the <User Settings> element. Centricity Framework provides default values in this file, but you may need to alter them for your specific implementation. See Modifying CF.exe.config, below, for more information. 3. Make your edits and save CF.exe.config. 4. Navigate up a few levels (still under the same install path) to the ClickOnce folder and execute CFDeployer.exe. The CF Deployer UI appears. 5. Complete the fields In the CF Deployer UI as appropriate and generate the MSI; see Using CF Deployer, below, for more information. 6. The newly created MSI appears in the ClickOnce folder as Centricity.msi.

60 Desktop Components Reference Guide Modifying CF.exe.config Review the following example to understand the modifications you should make in CF.exe.config. Bold items in example are informational only. They don t reflect the actual Centricity Framework default values; you should replace them with appropriate information. <usersettings> <Gehc.IT.Core.Framework.Client.WinForm.Properties.Settings> <setting name="protocol" serializeas="string"> <value>http_or_https</value> </setting> <setting name="servername" serializeas="string"> <value>fqdn_used_to_access_webserver</value> </setting> <setting name="port" serializeas="string"> <value>port_if_different_than_80<value /> </setting> <setting name="virtualdirectory" serializeas="string"> <value>virtual_directory_for_centricity_framework</value> </setting> </Gehc.IT.Core.Framework.Client.WinForm.Properties.Settings> </usersettings> Note: Be aware of the following regarding the ServerName setting: It cannot accommodate an IP address; you can use only DNS/FQDN names that resolve to an IP address. Any changes to this field (within the <user settings> element of the file) do not appear in the CF Deployer UI. You can, however, change this value via the CF Deployer UI; the system saves it to the file correctly. These issues will be fixed in a future release.

Desktop Components Reference Guide 61 Using CF Deployer The CF Deployer UI appears after when you run CFDeployer.exe. Do the following to provide needed information and generate the MSI: 1. Verify that Publish Location from (CF.exe.config) reflects the FQDN of the servername you will use in the web URL to access the web server. If the location is incorrect, change Server Name to the correct value. Publish Location reflects what is entered at Server Name. This value is also saved in the CF.exe.config ServerName setting. 2. At Start Menu Name, enter the name that should appear on the new desktop shortcut that will let users launch smart client. The default value for this field is Centricity, but GEHC strongly recommends that you change it to something more descriptive of your organization s CF server. For example, if you change the value in this field to ICW2000, the Start menu for users would look something like the following. 3. The fields under Digital Signing Certificate for Click Once are not required when you are generating an MSI (as you are doing here), Leave the fields blank, or leave any default values present; the generator ignores them.

62 Desktop Components Reference Guide 4. Select the Generate MSI button. The status appears at the bottom left of screen: The status should change from Ready to Running to Completed without errors or Completed with errors. Click Details to see additional information, including the DLLs that were incorporated into the MSI: 5. Specify Yes when prompted about CCOW components 6. When MSI creation is complete, close the CF Deployer. UI Integrating the Centricity MSI with Centricity Business desktop components To include the MSI you generate in the Centricity Business desktop component kit, do the following: 1. Copy the MSI and place it in the desktop component kit with the other MSIs. 2. Open desktop component kit file GEHCSetup.xml, which contains parameters affecting quietinstall.bat at runtime. Verify that Centricity.msi is present at the end of the content line between the <MSILIST></MSILIST> tags, under the <UNINSTALL> section. (@ is the delimiter between the MSI names.) The <MSILIST> element should look similar to the following: <MSILIST>FlowcastDesktopControls.msi@Java 2 Runtime Environment, SE v1.6.0_3.msi@wcclientenu.msi@idxwebframeworkcontrols.msi@centric ity.msi</msilist> 3. Close GEHCSetup.xml. 4. Run quietinstall.bat to deliver all MSIs, including Centricity.msi. All relocatable files for all the MSIs should appear underneath the folder path listed in GEHCSetup.xml s <INSTALLDIR></INSTALLDIR> tags. Wherever the Centricity MSI is applied, it creates a shortcut to the server under your desktop, with the name you specified at Start Menu Name in the CF Deployer UI.

Desktop Components Reference Guide 63 5. You should now be able to access Centricity Business via Start/All Programs/GE HealthCare/[Start Menu Name]. Running Centricity.msi standalone (that is, not integrated into the Centricity Business desktop component kit as explained above) causes the contents of the MSI to be placed under the default location of C:\Program Files\Centricity. Multiple Centricity Framework Servers/Access Points Customers with multiple web server farms, or simply multiple ways to access a single web server, may need more than one desktop shortcut. The basic CF MSI installation delivers a single shortcut to the web server, based on the configuration information entered when the MSI was created. For customers who need multiple access points, desktop component deployment code has been enhanced to accommodate the use of multiple Centricity MSIs. Two different methods for handling multiple access points to a CF server or CF web farm are provided. We will discuss how each method works with two different scenarios, one using non-encrypted servers and the other using encrypted servers. With either method, generate the MSIs using the instructions given in Single Centricity Framework Server, above. Scenario One: Non-encrypted servers In this scenario, we have a Web Farm of 2 CF servers that are load balanced but not encrypted: CF Server 1 FQDN = Web1 CF Server 2 FQDN = Web2 VIP of Load Balancer FQDN = VIP Note: The scenario uses short names to make reading easier. Standard FQDNs usually look more like Web1.domain.com, not Web1. Method 1: Creating multiple Centricity MSIs for single desktop component deployment, for scenario one This option uses desktop component deployment code enhancements that let a single deployment have multiple Centricity MSIs, each with a different name. The MSI names should correspond to the shortcut name used when creating the MSI. In this scenario, we create three MSIs, one for each CF server, and one for the load balancer, as follows: MSI pointing to Web1 server: 1. Using the CF Deployer UI, specify Web1 as the Server Name, and Web1_shortname as the Start Menu Name, then generate the MSI. 2. Rename the MSI from Centricity.msi to Centricity.Web1_shortname.msi.

64 Desktop Components Reference Guide MSI containing Web2: 1. Using the CF Deployer UI, specify Web2 as the Server Name, and Web2_shortname as the Start Menu Name, then generate the MSI. 2. Rename the MSI from Centricity.msi to Centricity.Web1_shortname.msi. MSI containing VIP: 1. Using the CF Deployer UI, specify VIP as the Server Name, and VIP_shortname as the Start Menu Name, then generate the MSI. 2. Rename the MSI from Centricity.msi to Centricity.VIP_shortname.msi. Once you have created the MSIs, confirm that all three have been added to your desktop component kit before you run quietinstall.bat. QuietInstall deploys each of the three new MSIs. Shortcuts for each MSI appear under the Start menu with the Start Menu Name. The shortcut itself should point to the Centricity deployer code found at \\[INSTALLPATH variable from GEHCSetup.xml file in desktop kit]\centricity\[start Menu Name]. For example, if INSTALLPATH is C:\Program Files\GEHC Web Desktop and Start Menu Name is Web1_shortname, the shortcut pointer should be to C:\Program Files\GEHC Web Desktop\Centricity\Web1_shortname, To summarize, in our scenario, you should have the following: Centricity MSIs: Centricity.Web1_shortname.msi Centricity.Web2_Shortname.msi Centricity.VIP_shortname.msi Shortcuts on user desktops: Start/All Programs/GE Healthcare/Web1_shortname Start/All Programs/GE Healthcare/Web2_shortname Start/All Programs/GE Healthcare/VIP_shortname Shortcuts point to: C:\Program Files\GEHC Web Desktop\Centricity\Web1_shortname\CF.exe C:\Program Files\GEHC Web Desktop\Centricity\Web2_shortname\CF.exe C:\Program Files\GEHC Web Desktop\Centricity\VIP_shortname\CF.exe

Desktop Components Reference Guide 65 If you are not using quietinstall.bat to deploy the MSIs, you will see the same items listed above, except that the paths that the shortcuts point to are different. Currently, standalone deployment of the Centricity MSIs (performed not by using our quietinstaller but by double-clicking the MSIs), produces paths similar to the following. C:\Program Files\Web1_shortname\CF.exe C:\Program Files\Web2_shortname\CF.exe C:\Program Files\VIP_shortname\CF.exe In a future release, we hope to fix the process so that the paths are identical no matter what method of deployment is chosen. Method 2: Creating multiple manual shortcuts from a single Centricity MSI installation, for scenario one With this option, you create a Centricity MSI, then manually build multiple shortcuts by passing in different parameters to invoke the smart client executable. Ideally, you could create these shortcuts on a dummy desktop and then simply deploy the shortcuts (via their own deployment methods) to all users who need them. Alternatively, you could create a custom script to push out any additional shortcuts other than the initial one delivered with the Centricity MSI, to reduce the manual work involved. The shortcuts exist underneath the user profile of All Users (for example, C:\Documents and Settings\All Users\Start Menu\Programs\GE Healthcare). Using the same scenario as above, we would do the following: For the shortcut for Web1: 1. Using the CF Deployer UI, specify Web1 as the Server Name, and Web1_shortname as the Start Menu Name, then generate the MSI. 2. Rename the MSI from Centricity.msi to Centricity.[Start Menu Name].msi, using the value from the Start Menu Name field in the CF Deployer UI. 3. Install the MSI to a dummy desktop, via quietinstall.bat, a custom deployment method, or by simply double clicking the MSI. Remember that the physical install path location for the smart client code differs depending on how you install the MSI. Double clicking the MSI installs code to a slightly different location than using quietinstall.bat, which allows a custom install path. 4. The shortcut menu item should appear at Start/All Programs/GE Healthcare/Web1_shortname. For the shortcut for Web2: 1. Right click on the shortcut you created when you installed Centricity.Web1_shortname.msi (located at Start/All Programs/GE Healthcare/Web1_shortname).

66 Desktop Components Reference Guide 2. Choose Create Shortcut. The system creates a copy of the shortcut and adds it to the dropdown menu. 3. Right click on the new shortcut and choose Rename, then rename the new shortcut to Web2_shortname. 4. Right click on the new, renamed shortcut, and choose Properties. 5. Change the target path to include new parameters, for example: Old Target: "<installpath>\web1_shortname \CF.exe" New Target: "<installpath>\web1_shortname \CF.exe " "ServerName=Web2" "VirtualDirectory=cfweb" For the Shortcut for VIP: 1. Right click on the shortcut that was created for Web2 (located at Start/All Programs/GE Healthcare/Web2_shortname). 2. Choose Create Shortcut. The system creates a copy of the shortcut and adds it to the dropdown menu. 3. Right click on the new shortcut and choose Rename, then rename the new shortcut to VIP_shortname. 4. Right click on the new, renamed shortcut, and choose Properties. 5. Change the target path to include new parameters, for example: Old Target: "<installpath>\web1_shortname \CF.exe" "ServerName=Web2" "VirtualDirectory=cfweb" New Target: "<installpath>\web1_shortname \CF.exe " "ServerName=VIP" "VirtualDirectory=cfweb" The parameters you can pass to CF.exe are basically the same ones in CF.exe.config: Protocol Servername Port VirtualDirectory Pass all parameters in the form of Parameter=Value, with a space in between each parameter. Notice that the manually created/edited shortcuts all use the same target path to the Web1_shortname smart client code. Since all 3 DNs/FQDNs (Web1, Web2, VIP) point to web servers using the same version of Centricity Framework, we can reuse the code from a single smart client install instance, and just pass in different parameters so that the system launches smart client against a different URL behind the scenes. Be sure to test all shortcuts to validate they access the correct server(s).

Desktop Components Reference Guide 67 Scenario Two: encrypted servers In this scenario, we have a Web Farm of two CF servers that are both load balanced and encrypted: CF Server 1 FQDN = Web1NoSSL CF Server 2 FQDN = Web2NoSSL VIP of Load Balancer FQDN = VIPNoSSL CF Server 1 SSL FQDN = Web1SSL CF Server 2 SSL FQDN = Web2SSL VIP of Load Balancer SSL FQDN = VIPSSL Note: The scenario uses short names to make reading easier. Standard FQDNs usually look more like Web1NoSSL.domain.com, not Web1NoSSL. Method 1: Creating multiple Centricity MSIs for single desktop component deployment, for scenario two In this situation, follow the same procedure shown above (method #1) for unencrypted MSIs (scenario one), but create three additional MSIs. At the end of the process, the following items are present: Centricity MSIs: Centricity.Web1NoSSL_shortname.msi Centricity.Web2NoSSL_shortcutname.msi Centricity.VIPNoSSL_shortname.msi Centricity.Web1SSL_shortname.msi Centricity.Web2SSL_shortname.msi Centricity.VIPSSL_shortname.msi Shortcuts on User Desktop: Start/All Programs/GE Healthcare/Web1NoSSL_shortname Start/All Programs/GE Healthcare/Web2NoSSL_shortname Start/All Programs/GE Healthcare/VIPNoSSL_shortname Start/All Programs/GE Healthcare/Web1SSL_shortname Start/All Programs/GE Healthcare/Web2SSL_shortname Start/All Programs/GE Healthcare/VIPSSL_shortname Paths inside the Shortcuts: <installpath>\web1nossl_shortname\cf.exe <installpath>\web2nossl_shortname\cf.exe <installpath>\vipnossl_shortname\cf.exe <installpath>\web1ssl_shortname\cf.exe <installpath>\web2ssl_shortname\cf.exe <installpath>\vipssl_shortname\cf.exe

68 Desktop Components Reference Guide Method 2: Creating manual shortcuts from a single Centricity MSI installation, for scenario two Again, follow the same procedure shown above (method #2) for unencrypted MSIs (scenario one), but create three additional shortcuts, each with their own unique names: Centricity MSIs: names will be identical to those shown above (method #2, scenario two) Shortcuts on User Desktop: Start/All Programs/GE Healthcare/Web1NoSSL_shortname Start/All Programs/GE Healthcare/Web2NoSSL_shortname Start/All Programs/GE Healthcare/VIPNoSSL_shortname Start/All Programs/GE Healthcare/Web1SSL_shortname Start/All Programs/GE Healthcare/Web2SSL_shortname Start/All Programs/GE Healthcare/VIPSSL_shortname Paths inside the Shortcuts: <installpath>\web1nossl_shortname\cf.exe " "ServerName=Web1NoSSL" "VirtualDirectory=cfweb" <installpath>\web1nossl_shortname\cf.exe " "ServerName= Web2NoSSL " "VirtualDirectory=cfweb" <installpath>\web1nossl_shortname\cf.exe " "ServerName=VIPNoSSL" "VirtualDirectory=cfweb" <installpath>\web1nossl_shortname\cf.exe " "ServerName= Web1SSL " "VirtualDirectory=cfweb" <installpath>\web1nossl_shortname\cf.exe " "ServerName= Web2SSL " "VirtualDirectory=cfweb" <installpath>\web1nossl_shortname\cf.exe " "ServerName=VIPSSL" "VirtualDirectory=cfweb" Notice that the manually created/edited shortcuts all use the same target path to Web1NoSSL_shortname smart client code. Since all 6 DNs/FQDNs (Web1NoSSL, Web2NoSSL, VIPNoSSL, Web1SSL, Web2SSL, VIPSSL) point to web servers using the same version of Centricity Framework, we can reuse the code from a single smart client install instance, and just pass in different parameters so that the system launches smart client against a different URL behind the scenes. Be sure to test all shortcuts to validate they access the correct server(s).

Desktop Components Reference Guide 69 Appendix II: History of IDX Spyware Issues One issue we encountered in the past was that Spybot Search and Destroy and Microsoft AntiSpyware identified the IDXIEController.dll as spyware. If recommended actions were taken, IDXIEController.dll was removed, rendering the desktop unable to log into the Framework. How did this happen? Our legal contracts specify that we will not put spyware on the desktop. And we did not we were victims of a "false positive." One method used to detect spyware is to search the registry. Certain signatures are used to identify known spyware. One of those signatures is the ClassID used to register methods in ActiveX components. The ClassID is generated by the vendor as a GUID a Globally Unique Identifier, which is expected to be unique everywhere (hence the name). The ClassID for the IDX Web Framework Tools component (delivered in the IDXIEController file) is ce7c3cf0-4b15-11d1-abed-709549c10000. It seems the Global uniqueness of our ID was not as strong as we thought the same ClassID was in Microsoft s AntiSpyware database of signatures for three applications: UrlBlaze (Software Bundler) BDHelper (Adware) DownloadWare (Adware) Spybot "finds" BDHelper, ShopNav, and WurldMedia. Every vendor has different databases of signatures, and different standards by which they determine what is allowed and what is a threat, and what actions are recommended to the user. How could our ClassID have been used by multiple spyware applications? Our developers incorporated a Microsoft sample project in our own code. This is something that is commonly done, and there are no intellectual property issues. The ClassID matched the ClassID on our control, and also the ClassID on the spyware applications. Even if source code is changed, the newly compiled code reuses the original GUID until an engineer purposely changes it. Other software providers did the same thing, hence the large number of hits on this GUID.

70 Desktop Components Reference Guide Appendix IIl: Actual Scan Summary from Spybot Search & Destroy for IDXIEController.dll --- Report generated: 2005-03-16 08:11 --- MediaPlex: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done) Alexa Related: Link (Replace file, nothing done) C:\WINDOWS\Web\related.htm Avenue A, Inc.: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done) BDHelper: Type library (Registry key, nothing done) HKEY_CLASSES_ROOT\TypeLib\{CE7C3CE2-4B15-11D1-ABED-709549C10000} BDHelper: Interface (Registry key, nothing done) HKEY_CLASSES_ROOT\Interface\{CE7C3CEF-4B15-11D1-ABED-709549C10000} BFast: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done) DoubleClick: Tracking cookie (Internet Explorer: Administrator) (Cookie, nothing done) ShopNav: Browser helper object (Registry key, nothing done) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000} ShopNav: Class ID (Registry key, nothing done) HKEY_CLASSES_ROOT\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000} WurldMedia: Interface (IIEHlprObj) (Registry key, nothing done) HKEY_LOCAL_MACHINE\Software\Classes\Interface\{CE7C3CEF-4B15-11D1-ABED-709549C10000} WurldMedia: Class ID (Registry key, nothing done) HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{CE7C3CF0-4B15-11D1-ABED-709549C10000} --- Spybot - Search && Destroy version: 1.3 --- 2004-11-29 Includes\Cookies.sbi 2005-02-16 Includes\Dialer.sbi 2005-02-16 Includes\Hijackers.sbi 2005-01-11 Includes\Keyloggers.sbi 2004-05-12 Includes\LSP.sbi 2005-02-16 Includes\Malware.sbi 2004-11-29 Includes\Revision.sbi 2005-02-09 Includes\Security.sbi 2005-02-16 Includes\Spybots.sbi 2005-02-16 Includes\Tracks.uti 2005-02-16 Includes\Trojans.sbi

Desktop Components Reference Guide 71 Appendix IV: Actual Scan Summary from Microsoft AntiSpyware for IDXIEController.dll Spyware Scan Details Start Date: 2/25/2005 8:34:21 AM End Date: 2/25/2005 8:37:17 AM Total Time: 2 mins 56 secs Detected Threats UrlBlaze Software Bundler more information... Details: UrlBlaze bundles additional spyware software including TurboDownload, 180 Solutions, CommonName, Bargain Buddy and AT-Games. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected registry keys/values detected HKEY_LOCAL_MACHINE\software\classes\clsid\{ce7c3cf0-4b15-11d1-abed-709549c10000} HKEY_LOCAL_MACHINE\software\classes\clsid\{ce7c3cf0-4b15-11d1-abed-709549c10000}\InprocServer32 D:\AntiSpyware testing\bad IDXIE\idxiecontroller.dll HKEY_LOCAL_MACHINE\software\classes\clsid\{ce7c3cf0-4b15-11d1-abed-709549c10000}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\software\classes\clsid\{ce7c3cf0-4b15-11d1-abed-709549c10000}\ProgID IDXIEControllerLib.IEHlprObj.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{ce7c3cf0-4b15-11d1-abed- 709549c10000}\VersionIndependentProgID IDXIEControllerLib.IEHlprObj HKEY_LOCAL_MACHINE\software\classes\clsid\{ce7c3cf0-4b15-11d1-abed-709549c10000} IEHlprObj Class HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ce7c3cf0-4b15-11d1-abed-709549c10000} BDHelper Adware more information... Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected registry keys/values detected HKEY_CLASSES_ROOT\interface\{ce7c3cef-4b15-11d1-abed-709549c10000} HKEY_CLASSES_ROOT\typelib\{ce7c3ce2-4b15-11d1-abed-709549c10000}\1.0\HELPDIR D:\AntiSpyware testing\bad IDXIE\ HKEY_CLASSES_ROOT\typelib\{ce7c3ce2-4b15-11d1-abed-709549c10000}\1.0 IEHelper 1.0 Type Library HKEY_CLASSES_ROOT\interface\{ce7c3cef-4b15-11d1-abed-709549c10000}\ProxyStubClsid {00020424-0000- 0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{ce7c3cef-4b15-11d1-abed-709549c10000}\ProxyStubClsid32 {00020424-0000- 0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{ce7c3cef-4b15-11d1-abed-709549c10000}\TypeLib {CE7C3CE2-4B15-11D1- ABED-709549C10000} HKEY_CLASSES_ROOT\interface\{ce7c3cef-4b15-11d1-abed-709549c10000}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{ce7c3cef-4b15-11d1-abed-709549c10000} IIEHlprObj HKEY_CLASSES_ROOT\typelib\{ce7c3ce2-4b15-11d1-abed-709549c10000} HKEY_CLASSES_ROOT\typelib\{ce7c3ce2-4b15-11d1-abed-709549c10000}\1.0\0\win32 D:\AntiSpyware testing\bad IDXIE\idxiecontroller.dll HKEY_CLASSES_ROOT\typelib\{ce7c3ce2-4b15-11d1-abed-709549c10000}\1.0\FLAGS 0 DownloadWare Adware more information... Details: DownloadWare downloads and installs software from advertisers. It runs at Windows startup, and, if a network connection is available, it connects to its servers. It can be installed through an ActiveX control. Status: Ignored

72 Desktop Components Reference Guide High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected registry keys/values detected HKEY_LOCAL_MACHINE\software\classes\interface\{ce7c3cef-4b15-11d1-abed-709549c10000} HKEY_LOCAL_MACHINE\software\classes\typelib\{ce7c3ce2-4b15-11d1-abed-709549c10000}\1.0\HELPDIR D:\AntiSpyware testing\bad IDXIE\ HKEY_LOCAL_MACHINE\software\classes\typelib\{ce7c3ce2-4b15-11d1-abed-709549c10000}\1.0 IEHelper 1.0 Type Library HKEY_LOCAL_MACHINE\software\classes\interface\{ce7c3cef-4b15-11d1-abed-709549c10000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{ce7c3cef-4b15-11d1-abed-709549c10000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{ce7c3cef-4b15-11d1-abed-709549c10000}\TypeLib {CE7C3CE2-4B15-11D1-ABED-709549C10000} HKEY_LOCAL_MACHINE\software\classes\interface\{ce7c3cef-4b15-11d1-abed-709549c10000}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{ce7c3cef-4b15-11d1-abed-709549c10000} IIEHlprObj HKEY_LOCAL_MACHINE\software\classes\typelib\{ce7c3ce2-4b15-11d1-abed-709549c10000} HKEY_LOCAL_MACHINE\software\classes\typelib\{ce7c3ce2-4b15-11d1-abed-709549c10000}\1.0\0\win32 D:\AntiSpyware testing\bad IDXIE\idxiecontroller.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{ce7c3ce2-4b15-11d1-abed-709549c10000}\1.0\FLAGS 0 Detected Spyware Cookies No spyware cookies were found during this scan.