BE 25 – BEinEIMRTDemo

CESGA - UVIGO - USC - CHUS - UCM

Araceli Gago Arias, Daniel A. Rodríguez Silva University of Santiago, University of Vigo

mariaarace.gago@rai.usc.es, darguez@det.uvigo.es

Business Experiments in GRID2

Outline

• General scenario overview

• Demonstration architecture

• Demonstration scenario

• Live demo

• Technical innovation

• Demonstrated use of Grid

• Validation of AC1 components

• Conclusion

Business Experiments in GRID3

- In 2000 more than 6.2 million deaths in the world- 15 million in 2020 (WHO forecast )- In Europe: 3 million new patients per year- 1.7 million deaths- BUT: Cancer can be cured in many cases

General scenario overview

Business Experiments in GRID4

ChemotherapyChemotherapySurgerySurgery

RadiotherapyRadiotherapy

How to fight cancer

>60 %

of patients

Business Experiments in GRID5

Computed Tomography (CT)

Tumor

Radiotherapy

Depth dose profile

Tumor control and complications probability

Dose deposition in patient on CT image

Business Experiments in GRID6

TREATMENT PLANNING SYSTEMS

USED TO DESIGN TREATMENTS

DOSE ALGORITHMSDOSE ALGORITHMS•FastFast•Limited accuracyLimited accuracy

Treatment Planning Systems (TPS)

Business Experiments in GRID7

VAST COMPUTATIONAL RESOURCES VIA WEBVAST COMPUTATIONAL RESOURCES VIA WEB

ACCURATE DOSE ALGORITHMSACCURATE DOSE ALGORITHMS

What can BEinEIMRT do for radiotherapy?

Monte Carlo Simulation

Business Experiments in GRID8

General scenario overview

Hospital Hospital staffstaff

Hospital Hospital staffstaff

Patient’sTreatmentInformation

Patient’sTreatmentInformation

HospitalTPS

HospitalTPS TreatmentTreatment

RadiationRadiationPlanPlan

BEinEIMRTServices

BEinEIMRTServices

PatientPatient

Verify treatment Verify treatment plansplans

Calculate optimal Calculate optimal treamentstreaments

Verify treatment Verify treatment plansplans

Calculate optimal Calculate optimal treamentstreaments

DICOM

Business Experiments in GRID9

Main features of e-IMRT platform

• Treatment verification– Very accurate dose calculation (Monte Carlo)– Grid reduces the response time– Realistic dose simulation in affordable time

• Searching of optimal treatment solutions– Prescriptions: organs to spare & regions to treat– Many possible solutions fulfilling prescriptions– Set of optimal solutions in affordable time

Business Experiments in GRID10

Architecture of the demo

• Service-Oriented Architecture (SOA)– Based on Web Services (WS)

• Client Web Portal

• User roles:– Hospital user– Hospital administrator– System administrator

• SLA Negotiation

• Services security: PEP + PDP

Hospital

TREATMENTSERVICES

(WS)

LOCAL COMPUTINGRESOURCES

3rd PARTYCOMPUTING RESOURCES

3rd PARTYCOMPUTING RESOURCES

INTERNET

GRID

WEB SERVER

SLASLA

PEPPDP

DB

Business Experiments in GRID11

Security Components: securing WS

• Secure data exchange: confidentiality, privacy, and integrity• All requests pass through the PEP/PDP security software• PEP – Policy Enforcement Point

– Vordel’s XML Gateway with BEinGRID enhancements– Protect Web Services from wide range of attacks– Intercepts and processes all incoming requests– Policy-based, centralized control – Secure service virtualization, contextualization, and exposure– Calls out to PDP for authorization request

• PDP – Policy Decision Point– Axiomatics’ Authorization Service with BEinGRID enhancements– Checks access control requests against its access control policies– Network-hosted: easy to integrate with other solutions e.g. the PEP– Constrained delegated administration of access control policies

• Validate BEinGRID’s General Security common capabilities

Business Experiments in GRID12

PEP-PDP interaction

Security GWHOSPITAL

PolicyServer

TREATMENT SERVICES

Policies

DB

PDPWeb Service

getRole

verify

optimize

commissioning

verify1

23

4

5

6

PDP

PEP

Business Experiments in GRID13

Management of Grid Resources

• GridWay Middleware– Submits jobs to Grid resources and

monitors them

– Requires specific plug-in to work with BE25

• SLA Negotiator– Automatically contracts external resources

as needed.

– Integrated with GridWay

– Component from BEinGRID’s SLA cluster

• Other implemented features– Monitoring of SLA

– Accounting of SLA

Business Experiments in GRID14

SLA Negotiation overview

GRIDWAYGRIDWAYTREATMENTSERVICES

SLASLA

DRMAA

SLA Negotiator

client

SLA Negotiator

server

GRIDGRID

EXTERNALRESOURCES

PROVIDER

Business Experiments in GRID15

SLA components interaction

Provider List

Pre SLA

Broker Broker GW-SLAGW-SLA

GW Internal Struct

SLANegotiator

client

SLA Evaluation

SLANegotiator

server

Plugin GW-SLADB Services

GRIDWAY

Resourcesprovider

Business Experiments in GRID16

Demonstration scenario

• Web portal:– Internet browser, any operating system– Java plugin + Flash plugin required (common plugins)

• SLA negotiation– Admin configuration web page for SLA– Console to check the automatic SLA negotiation

• Security components– PEP real time monitoring to display blocked and

accepted requests– PEP administrator to show Gateway’s policies– Console to monitor the PDP traces

Business Experiments in GRID17

Live demonstration

Business Experiments in GRID18

Technical innovation

• New service for IMRT virtual verification• New service for treatment plan optimization• 3D gamma maps in minutes• Web-based front-end to facilitate the access from

hospitals• Based on Web Services easy integration with

local TPS

• Hides computing resources: GridWay+SLAs• Service-Oriented security: PEP+PDP integration

Business Experiments in GRID19

Demonstrated use of Grid

• Reduces the time to obtain results– The results can be produced on time thanks to

the aggregation of computing resources

• Reduces computing entry investments– The new company only has to buy the front-

ends. The computing resources can be provisioned on demand

• Increases the flexibility– The available computing resources can be

adapted to the demand dynamically

Business Experiments in GRID20

Validation of AC1 components

• SLA-Negotiation validation

– Successfully integrated with GridWay • Some additions were needed• Allows to add available resources on demand

– Validated benefits of using SLA Negotiation• Execution time decreases using SLA Negotiation• Verification: Execution Time < 5 hours• Optimization: Execution time < 2 hours

Business Experiments in GRID21

• Security validation

• Global security has been improved, hospital data is exchanged safely

• Anonymization and HTTPS complement Web Services security

Validation of AC1 components

PDP

Vordel XMLGateway

Custom Application

www

Web ClientWeb Portal

HTTPS

Vordel XMLGateway

GRID

DB

WSPEP

HTTPS

HTTPS

Axiomatics Policy Server

An

on

ymiz

atio

n

Business Experiments in GRID22

• PEP+PDP validation

– Policy Enforcement Point (PEP) validation• SSL: communication from hospitals to GW and from GW to

Services is encrypted• Protection against different attacks and bad-formed requests• Extensible security gateway: integration with PDP for fine-grained

access control

– Policy Decision Point (PDP) validation• Encryption and digital signatures are used between PEP and PDP • Authorization: PEP validates access control requests against PDP

policies

– Components successfully integrated increasing the security of the services

Validation of AC1 components

Business Experiments in GRID23

Conclusions

• The proof of concept has been successfully demonstrated

• Grid reduces the time to obtain results significantly

• Web portal allows easy, flexible access to services

• There is room for some improvement in the treatment optimization tool

• SLA tools provided by BEinGRID’s SLA cluster have been improved

• Distributed architecture calls for new security mechanisms Successful integration of those provided by BEinGRID’s General Security cluster

THANK YOU

Any questions?

© BEinGRID Consortium