Install and setup guide

This guide shows you how to install and configure HealthSuite Platform’s Edge (HS Edge) device on-premises.

Scope

This document applies to HS Edge Release 1.3.0.

Guidelines and recommendations

We recommend that customers implement the HS Edge device within their DMZ network. This ensures that customers can filter traffic and inspect it after it has been decrypted within the HS Edge device. Customers can also implement an HS Edge device behind their firewall; however, this may make it more difficult to inspect unencrypted network traffic. The HS Edge device should only be provisioned after it has been configured through the local Web User Interface (WebUI) and physically installed at the customer site.

Note

We strongly recommend you identify the preferred deployment mode and review the appropriate work instructions in this guide before you connect the HS Edge device to a customer’s production network.

Ultimately, customers should decide which of the two models is best suited for their environments based on their networking requirements.

Prerequisites

The following table lists the ports that need to allow outbound traffic from the HS Edge device to the Internet.

Source Destination Port Protocol Direction Description

Customer-assigned IP for HS Edge

193.25.48.0/20

443

TCP

Outbound

Device management and control plane

Customer-assigned IP for HS Edge

193.25.48.0/20

4500

UDP

Outbound

Secure VPN tunnel
Note
 The destination IP address can only be filtered after the HS Edge device has been fully provisioned. The firewall rule must initially allow TCP port 443 in the outbound direction to connect to any destination due to the dynamic nature of the services leveraged during the provisioning process.
Warning
 The destination IP address is not supported in the China region. Please see the FAQ for more details.

General setup

The HS Edge device has a local web-based management user interface (WebUI) for the initial configuration of the device. The HS Edge device has a management IP address of 169.254.169.254/16. A physical Network Interface Card (NIC) on the client computer should be configured with an IP address in the range 169.254.0.0/16 ( i.e., 169.254.169.252 with mask 255.255.0.0) and connected directly to either ethernet (RJ45) port of the HS Edge device. Customers can then access the WebUI from their browser at https://169.254.169.254:64210.

The username is admin and the default password is defaultedgepassword.

After provisioning, the WebUI password will be replaced with a unique auto-generated password that is only accessible to HSP Support.

Important
 The HS Edge device uses a self-signed certificate for HTTPS connections. This may cause the browser to display a warning message.
Warning
 Once the HS Edge device has been provisioned, the default password is automatically re-generated, using a strong password generator. You can only access the local WebUI by contacting HSP Support.
Edge general setup

Use the Settings tab to configure the local LAN/WAN interfaces. Once the WAN and/or LAN connections have been configured for the local network, those IPs can also be used to reach the WebUI over the network. The 169.254.169.254/16 address will still be available as a fallback address for connecting directly to HS Edge.

HS Edge deployment modes

Depending on the customer’s network topology, the HS Edge device can be configured in one of two modes as described below:

  • One-armed/single-interface deployment

  • Inline/multi-homed deployment

In most cases, the single-interface mode is deployed; it consumes fewer ports on the network.

A multi-homed topology is used when the site has a dedicated and directly-connected Internet connection for traffic that needs to traverse the HS Edge device (e.g., Cellular/DSL Modem). This would also include sites that require an outside interface connected over a Point-to-Point Protocol over Ethernet (PPPoE) link.

Warning
 If a Network Access Control (NAC) solution is leveraged on the customer’s LAN, you can retrieve the Media Access Control (MAC) addresses of the HS Edge device interfaces from the Interfaces tab on the Local WebUI.

Single-interface deployment mode

Follow the steps below to configure the HS Edge device for single-interface mode. In this mode, either of the RJ45 physical interfaces can be used to connect it to the network.

Important
 Both interfaces should not be connected to the customer’s network in this mode. This could create a bridging loop, since the HS Edge device does not participate in Spanning Tree by default.
Single-interface deployment

You can manually configure the IP address for the HS Edge device or you can leverage the DHCP option, which is enabled by default.

Single-interface static IP setup

Follow the steps below to configure the HS Edge device for a single-interface static IP setup.

  1. Turn on the HS Edge device using the supplied power supply.

  2. Follow the steps in General setup to access the management UI.

  3. Navigate to the Settings tab.

  4. Leave Enable Multi-homing unchecked.

  5. Select the interface type → static.

  6. Fill in the IP address, netmask, and default gateway fields for the desired network and press Save.

    Topology 2

  7. Once you press the Save button, the static IP is set. Assuming you are accessing the WebUI over the IP address (169.254.169.254), the connection to the UI remains active and you can observe the static IP on the Interfaces tab (under br0 in this case).

  8. Navigate to the Details tab to obtain the serial number for the HSP Support team.

    Topology 6

  9. If the WebUI shows Status: unknown, the device has not yet been provisioned, and the HSP Support team still needs to accept it.

  10. Connect the HS Edge device to a port on the network with Internet access and notify the HSP Support team of further action.

    In the single-interface configuration, either of the ethernet ports can be used.

    Warning
    		 Please do not reboot or turn off the HS Edge device once Philips has started the provisioning process. This may take some time. The HSP Support team will remotely manage any required reboots.

  11. Once the device is provisioned, the WebUI shows Status: authorized.

    Warning
    		 The WebUI password is replaced with a unique auto-generated password that is only accessible to the HSP Support team after the provisioning process is complete. Contact the HSP Support team for the password if you need it for initial troubleshooting.
    Topology 5

Once the device is provisioned, the various tabs in the WebUI display information such as interfaces, tunnels, routes, hardware, and active connections.

Single-interface Dynamic Host Configuration Protocol (DHCP) setup

Follow the steps below to configure the HS Edge device for a single-interface Dynamic Host Configuration Protocol (DHCP) setup.

  1. Turn on the HS Edge device using the supplied power supply.

  2. Connect either of the device’s ethernet ports to a network with Internet access. The HS Edge interfaces listen for a DHCP address by default.

  3. Once the HS Edge device is assigned an IP address via the DHCP server, it should automatically register with the Philips provisioning system and will be ready to be provisioned by the HSP Support team.

  4. Follow the steps in General setup to access the management UI.

  5. Under DetailsAgent Info, locate the Serial Number.

    Topology 5

  6. If the WebUI shows Status: unknown, the device has not yet been provisioned, and the Support team still needs to accept it.

  7. Connect the HS Edge device to a port on the network with Internet access and notify the HSP Support team for further action.

    Warning
    		 Please do not reboot or turn off the HS Edge device once Philips has started the provisioning process. This may take some time. The HSP Support team will remotely manage any required reboots.

  8. Once the device is provisioned, the WebUI shows Status: authorized.

    Warning
    		 The WebUI password is replaced with a unique auto-generated password that is only accessible to the HSP Support team after the provisioning process is complete. Contact the HSP Support team for the password if you need it for initial troubleshooting.
    Topology 7

Once the device is provisioned, the various tabs in the WebUI display information such as interfaces, tunnels, routes, hardware, and active connections.

Inline/Multi-homed topology

A multi-homed topology is often used when the site has a dedicated Internet connection for traffic that needs to traverse the HS Edge device to reach HS Cloud resources. This would also include sites that require an outside interface connected over a PPPoE link.

Multi-homed deployment

When setting up a multi-homed topology, please take note of the br0 and br1 positions:

  • br0 is also known as the outside or WAN interface (also used for PPPoE connection)

  • br1 is also known as the inside or LAN interface

Multiple interface 2

Multi-homed IP setup

Follow the steps below to configure the HS Edge device for a multi-homed IP setup.

  1. Follow the steps in General setup to access the management UI.

  2. Turn on the HS Edge device using the supplied power supply.

  3. Navigate to the Settings tab and check the Enable Multi-homing option.

  4. For interface br0 (WAN), select DHCP, static, or PPPoE from the drop-down menu.

    • If you selected static, fill in the IP address, netmask, and default gateway fields for the outside/Internet-facing network.

    • If you selected PPPoE, fill in the CHAP/PAP username and password.

  5. For interface br1 (LAN), select DHCP or static from the drop-down menu.

    • If you selected static, fill in the address and netmask fields for the inside/local area network.

    • Optionally, fill in the Customer Gateway field. This setting creates routes for all RFC 1918 addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to the IP address defined in the customer gateway. The customer gateway should be on the same network as the br1 (LAN) interface. RFC 1918 routes are created only after the device is fully provisioned. If this is not set, all network traffic is routed through the WAN interface, and the HS Edge device may not reply to local networks over the LAN interface.

  6. Save the settings. At this point, the configured settings will be written to the device.

    Multiple interface 3
    Note
    		 Note the following message: "You can now log in using the new IP address."
    Multiple interface 4

  7. Next, plug br1 into the inside/LAN network uplink (refer to the image above with port information).

  8. Plug br0 into the outside/WAN network uplink (refer to the image above with port information).

  9. At this point, the HS Edge device is connected to the network with Internet connectivity and can reach the Philips Registry for provisioning by HSP Support. The device should also be reachable over the LAN interface.

    Please contact HSP Support to have the HS Edge device provisioned.

    Warning
    		 Please do not reboot or turn off the HS Edge device once Philips has started the provisioning process. This may take some time. The HSP Support team will remotely manage any required reboots.

  10. Once the device is provisioned, the WebUI shows Status: authorized, and the various tabs in the WebUI display information such as interfaces, tunnels, routes, hardware, and active connections.

    Warning
    		 Contact the HSP Support team for the post-provisioned password if you need it for initial troubleshooting.
    Multiple interface 5

Below is an example PPPoE WAN interface with a static LAN interface overview:

Multiple interface 6

Appendix

Useful troubleshooting tools

The HS Edge device provides local diagnostic tools for troubleshooting connectivity issues during installation. You can locally examine ping, traceroute, DNS lookup, and log files to aid in successful installation. Access these tools by navigating to Tools in the upper right-hand corner of the local WebUI as illustrated below.

After the HS Edge device has been successfully provisioned, the default password will be updated. Please contact HSP Support for your updated credentials to access the local WebUI.

Edge tools

Sample ping result

Edge ping

Sample DNS resolution:

Edge DNS

There is also a health check feature available, if the device is in an accepted state and the agent version is 4.0.8 or above. For more information about troubleshooting, please go to Troubleshooting overview

Installing mounting brackets

The HS Edge device can be either surface-mounted or placed on a shelf in a cabinet or telco rack. The chassis includes mounting brackets that allow it to be mounted in any convenient space.

  1. Install the brackets to the chassis with two screws in each bracket.

  2. Secure the brackets to the surface where you want the device to be mounted.

Edge hardware

Product specifications

Feature Specification

Certifications

ISO 27001, ISO 13485, HITRUST, GDPR

Physical dimensions and weight

Width: 7.68" (195mm) / 11.81" (300mm) - pkg; Height: 1.73" (44mm) / 5.12" (130mm) - pkg; Depth: 5.94" (151mm) / 11" (279mm) - pkg; Weight: Net Weight: 2.65 lbs. (1.2 kg)

External power supply

Product power specifications: AC input voltage: Universal 100 to 240 VAC; Frequency: 50 to 60 Hz; Maximum output power: 60W; Output voltages: 12 VDC

Approval and compliance

Electromagnetic emissions: FCC Class B, EN 55032 Class B, EN 61000-3-2/3-3, CISPR 32/22 Class B

Electro-Magnetic Immunity: EN 55024/CISPR 24, (EN 61000-4-2, EN 61000-4-3, EN 61000-4-4, EN 61000-4-5, EN 61000-4-6, EN 61000-4-8, EN 61000-4-11)

Safety: CSA/EN/IEC/UL 60950-1 Compliant, UL or CSA Listed (USA and Canada), CE Marking (Europe), The Bureau of Standards, Metrology and Inspection (BSMI)

Environmental operating range

Operating Temperature: 0°C ~ 50°C (32°F ~ 122°F)

Non-operating Temperature: -40°C to 70°C (-40°F to 158°F)

Operating Relative Humidity: 8% to 90% (non-condensing)

Non-operating Relative Humidity: 5% to 95% (non-condensing)