Smart Assist Network Engineer Training Text
JA

Chapter 11 Deployment Operations Process

AUTION EYE AI-4510

Target device for Smart Assist deployment: AUTION EYE AI-4510

11.1 Pre-Deployment Interview

Purpose of the Interview

When deploying Smart Assist, the first step is to accurately understand the hospital's network environment. Insufficient information gathering directly leads to deployment issues and rework during security reviews.

Interview Item List

CategoryItem to ConfirmReason for Confirmation
Network ConfigurationAvailability of hospital network diagramUnderstanding the overall picture
Segment where the Smart Assist PC is installedNeeded for FW rule design
Smart Assist PC IP address (static/DHCP)Identifying the source
Default gatewayUnderstanding the routing path
DNSPresence and IP address of hospital DNS serverUnderstanding the DNS resolution path
Whether external FQDN resolution is possibleName resolution for Smart Assist destinations
FirewallFW device type and manufacturerConfirming FQDN-based allow rule support
Current external communication allow policyUnderstanding the request process
Change request procedure and lead timeSchedule planning
ProxyPresence of proxy serverCommunication path design
Proxy address and portPC-side configuration
Presence and type of authenticationWhether authentication configuration is needed
Presence of SSL inspectionProactive identification of certificate issues
SecurityWhether a security review is requiredPreparation for response
Review process and required durationSchedule planning
Past external connection approval historyAssessing likelihood of approval
Three Things You Must Never Miss in the Interview

There are many interview items, but there are three that you absolutely must not miss:

  1. Proxy presence and authentication method — The #1 cause of deployment issues. Don't just ask "Do you have a proxy?" — also ask "Do you have a URL filtering product?" (to address transparent proxies)
  2. Presence of SSL inspection — If you overlook this, you'll face a crisis on deployment day with "certificate errors preventing connection." It's best to verify the certificate issuer with curl -v during the interview
  3. FW change request lead time — "It takes 2 weeks from request to implementation" is common. At university hospitals, it can take 1-2 months. If you don't know this, your schedule will fall apart

Interview Sheet (Template)

Smart Assist Pre-Deployment Interview Sheet

Basic Information
Hospital Name____________________
Contact Person____________________
Interview DateYYYY-MM-DD
Network Configuration
  • Network diagram available: Yes / No
  • Smart Assist PC installation location: ________________
  • IP Address: ________ / Subnet: ________
  • Default GW: ________
DNS
  • Hospital DNS Server: Yes (IP: ________) / No
  • External FQDN Resolution: Yes / No / Unknown
Firewall
  • FW Model: ________________
  • FQDN-based allow rules supported: Yes / No / Unknown
  • Change request lead time: Approx. ____ days
Proxy
  • Proxy Server: Yes (________:____) / No
  • Authentication: Yes (Method: ________) / No
  • SSL Inspection: Yes / No / Unknown
Security Review
  • Review required: Yes / No
  • Required duration: Approx. ____ to ____ days

11.2 Security Review Response

Security Review Process

At many hospitals, a security review is required when deploying systems that involve external connectivity. In Japan, this involves consultation with the Information Security Committee; in the US, vendor risk assessments (questionnaires such as SIG/CAIQ/HECVAT) and HIPAA Security Risk Assessments; and in the EU, DPIAs (Data Protection Impact Assessments) under GDPR Article 35.

Submit preliminary documents Document review Preliminary review by IT staff Q&A session Written or interview-based Committee review As needed Approved Conditionally approved Rejected

Documents to Submit

DocumentContents
System overviewPurpose and business workflow of Smart Assist
Communication flow diagramCommunication paths, protocols, port numbers
Security design documentEncryption methods, authentication methods, access control
Data flow diagramContents of transmitted data (explicitly stating what is/is not included)
Firewall allow request formSource, destination, port, direction
Regulatory compliance statusCompliance status with medical data regulations in each country (Japan: Three-Ministry Two-Guideline Framework, US: HIPAA, EU: GDPR)
Failure impact analysisBusiness impact when Smart Assist is down

Preparing for Expected Questions

Prepare answers in advance for the questions listed in Section 3.5 of Chapter 3, ensuring consistency with the submitted documents. Inconsistencies in answers will erode trust.

11.3 Network Configuration Verification

What to Do During On-Site Verification

Based on the interview information, verify the actual network configuration on-site.

Verification Checklist

#Item to VerifyVerification MethodResult
1Smart Assist PC IP addressipconfig...
2Subnet maskipconfig...
3Default gatewayipconfig...
4DNS serveripconfig /all...
5Connectivity to GWping GW_IPOK / NG
6Connectivity to DNS serverping DNS_IPOK / NG
7External FQDN resolutionnslookup smartassist.example.comOK / NG
8External connectivity (ICMP)ping 8.8.8.8OK / NG
9Port 443 connectivityTest-NetConnection -Port 443OK / NG
10HTTPS connection testcurl -v https://...OK / NG

Recording Verification Results

Record all verification results as screenshots or text logs. These serve as a baseline for comparison when failures occur.

11.4 Test Communication Procedure

Purpose of Test Communication

Before sending production data, confirm that network paths are correctly configured.

Test Procedure

StepDescriptionVerification Point
1DNS resolution testConfirm that the destination FQDN can be resolved via nslookup
2Port connectivity testConfirm that connection to port 443/tcp succeeds
3HTTPS connection testConfirm that an HTTPS connection can be established via curl
4TLS certificate verificationConfirm that the certificate issuer and expiration date are correct
5Health check APIConnect to the Smart Assist health check endpoint
6Test data submissionUpload a test image and obtain a receipt confirmation
7Test result retrievalConfirm that classification results for the test data are returned
8LIS integration testConfirm that results are successfully sent to LIS
Leave "Evidence" of Test Communication

When test communication succeeds, always save screenshots and logs. Saying "it was connected during testing" won't help if there's no evidence when problems arise later.

Minimum items to save:

  • Full output of curl -v (contains TLS version, certificate information, and HTTP status all in one)
  • nslookup results (DNS resolution baseline)
  • ipconfig /all results (network configuration baseline)
  • Notes on the date and time of testing

Saving these as "deployment test results" in a folder allows you to compare "what changed since testing" when failures occur, dramatically speeding up troubleshooting.

Test Success Criteria

CriteriaDescription
RequiredAll of steps 1-7 must succeed
RequiredLIS must successfully receive results in step 8
RecommendedCommunication response times should be within acceptable range
RecommendedResults should be stable across multiple test runs

11.5 Production Cutover

Final Checks Before Cutover

Item to ConfirmDescription
Test communication successAll test items have passed
Security review approvalFormal approval has been obtained from the hospital
Stakeholder notificationNotification of cutover date/time to laboratory and IT departments
Rollback procedure confirmationProcedures for reverting to the original state in case of issues have been prepared

Cutover Procedure

StepDescriptionResponsible Party
1Temporarily halt laboratory testing operations (if necessary)Laboratory Department
2Change Smart Assist client settings to productionEngineer
3Connection test to production environmentEngineer
4Functional verification with test dataEngineer + Laboratory Technician
5Functional verification with actual specimensLaboratory Technician
6Verify result integration with LISLaboratory Technician
7Begin production operationAll parties

Rollback Criteria

If any of the following conditions are met, abort the production cutover and revert to the original state.

  • Connection test to the production environment fails
  • Test data submission or result retrieval fails
  • Result integration with LIS does not function properly
  • The laboratory department reports business impact

11.6 Incident First-Response Flow

Initial Response When an Incident Occurs

Incident report received Confirm symptoms - What is not working? (Submission failure? Result retrieval failure?) - When did the issue start? - Content of the error message Confirm impact scope - Is LIS transmission of finalized data working normally? - Is it only an issue with unfinalized data? - Is the entire laboratory operation halted? Initial triage (follow flowchart from Chapter 10) - ping -> DNS -> port connectivity -> HTTPS connection Response based on triage results Hospital network issue Escalate to hospital IT staff DNS issue Request DNS server status check FW block Request FW rule verification Proxy issue Verify proxy settings and status Certificate issue Verify certificate status Cloud-side issue Escalate to Smart Assist operations team
Check for FW Changes Before Escalating an Incident

When you receive an incident report saying "it was working yesterday but suddenly can't communicate," there's one thing you should check first: "Have there been any recent FW or proxy configuration changes?"

In fact, the most common cause of sudden communication failures is FW/proxy configuration changes made by the hospital IT department (for maintenance or policy updates). In particular:

  • FW firmware updates that reset FQDN allow rules
  • URL filtering category changes that block Smart Assist destinations
  • SSL inspection policy changes that remove exclusion settings

Simply asking this one question before starting troubleshooting can dramatically reduce the time to root cause identification.

Escalation Contact List (Template)

CategoryResponsible PartyContactHours of Operation
Hospital Network / FW / ProxyHospital Information Systems Dept. / IT Department [Contact Name][Phone Number][Hours of Operation]
Smart Assist Cloud Side[Operations Organization Name] Operations Team[Phone Number] / support@example.com24x7
Laboratory Department (Business Impact Reporting)Laboratory Dept. [Laboratory Manager Name][Extension/Phone Number]---
Regulatory / Compliance (as needed)Japan: Personal Information Manager / US: HIPAA Privacy Officer / Security Officer / EU: DPO[Fill in as applicable]---

Incident Report Items

ItemDescription
Date/time of occurrenceDate and time when the incident occurred (time of first recognition)
Date/time of resolutionDate and time when the incident was resolved
Impact scopeOperations affected and operations not affected
SymptomsSpecific error messages and description of behavior
Root causeCause identified through triage
Response actionsDetails of recovery actions performed
Preventive measuresMeasures to prevent the same incident from recurring

11.7 How to Read the Materials: First Attack Presentation Materials

Overview of the Materials

The First Attack presentation materials are the sales and deployment materials used for initial proposals to new Smart Assist customers. Understanding these materials enables you to grasp the overall service picture, pricing structure, and deployment schedule that should be explained to the hospital during the proposal stage.

Why do engineers need to understand these materials? Because engineers handle the deployment work after the sales representative's initial proposal. Accurately understanding "what sales promised" directly prevents deployment issues.

Pricing Plans

Smart Assist has two basic plans based on specimen processing volume, plus additional pricing options.

Note: The following pricing plans are for the Japanese market. The US version has a separate pricing structure.

PlanMonthly Fee (excl. tax)Monthly Specimen ProcessingTarget Scale
Assist300¥100,000300 specimens/monthSmall to medium facilities
Assist1000¥200,0001,000 specimens/monthLarge facilities
OptionPriceDescription
Charge100¥40,000/monthAdditional processing capacity for 100 specimens

Estimated Deployment Schedule

The First Attack materials show the following phases as a typical schedule from proposal to go-live.

PhaseEstimated DurationDescription
Phase A: PreparationApprox. 3-4 monthsContract procedures, security review application, network environment interview and investigation
Phase B: Deployment & VerificationApprox. 3-4 monthsEquipment installation, network configuration, test communication, production cutover, verification operation
TotalApprox. 6-8 monthsFrom proposal to full production

Note: The duration of security reviews varies greatly by hospital. At university hospitals and large hospitals, it may take several months to align with the Information Security Committee's review cycle (see Chapter 12 Case Studies).

Information to Gather at the Proposal Stage

Confirming and collecting the following information together with the sales representative at the initial proposal stage will make subsequent deployment smoother.

CategoryItem to ConfirmImpact on Deployment Work
Facility ScaleMonthly specimen processing volumePlan selection (Assist300 or Assist1000)
NetworkAvailability of internet connectionSelection of connectivity option (see Chapter 6)
SecurityWhether security review is required and its durationImpact on the overall schedule
LIS IntegrationLIS manufacturer, model, and connection methodAdvance preparation of integration settings
Installation LocationLaboratory layout, LAN environmentWiring plan, IP design
IT DepartmentAvailability of IT contact personPoint of contact for interviews and requests

Information Sharing Points with Sales Representatives

As an engineer, it is important to confirm the following points with sales representatives in advance.

  • Contract plan: Which plan was proposed (Assist300/Assist1000)
  • Promised go-live date: Is the schedule realistic considering the security review period?
  • Special conditions: Information about VPN requirements, proxy environments, SSL inspection, etc.
  • Customer concerns: Points of particular security concern (data location, PHI, regulatory compliance, etc.)

In the next chapter, case studies based on actual incidents and deployment difficulties will connect the knowledge learned to practical application.