Technical Requirements

Operating System

PathcoreFlow requires a 64-bit Linux-based operating system with kernel version 3.10+.

Recommended operating systems:

• Red Hat Enterprise Linux 9+
• CentOS Stream 9+
• Ubuntu 22.04+ LTS
• Debian 11+ (Bullseye)

System Requirements

Pathcore recommends the server or virtual machine hosting the PathcoreFlow application meets the following minimum system requirements:

• Quad core CPU at 2 Ghz
• 16 GB RAM
• 1 Gbps network interface

Storage Requirements

Pathcore requires the following block devices to be attached directly to the server or virtual machine:

• A minimum 40 GB partition for the root (/) mount point
  • Recommended 100 GB partition for the root (/) mount point to store Docker volumes, containers and logs. Please see the note below for more details about the Docker files
• Images and other uploaded files can be stored on the root partition as well, but it is recommended to provision separate storage for this. Please see the note about image storage below

The default Docker installation will store the Docker volumes, containers and logs on the root partition. Docker can be configured to store these files in an alternate partition or disk if desired which will affect the minimum and recommended storage space.

Storage for images and other uploaded files can be provided as either network storage (e.g., SMB, NFS, GlusterFS, etc.) or a block device. It should be noted that the latency and throughput characteristics of the chosen storage device can have an impact on the overall system performance.

Software Distribution Servers

In order to deliver the initial installer package and future updates for the PathcoreFlow installation, Pathcore's software distribution servers will need to be accessible from the PathcoreFlow server. The following URLs should be accessible:

• https://registry.gitlab.com
• https://cdn.registry.gitlab-static.net
• https://storage.googleapis.com

HTTPS Setup

Pathcore recommends that all installations of PathcoreFlow be configured to serve data over HTTPS. This is an absolute requirement if the system will be accessible outside of a VPN. HTTPS allows clients to connect to the server using the HTTP/2 protocol, which can provide a performance benefit in supported browsers.

Externally Accessible Systems

If the PathcoreFlow server is configured for external access, Pathcore can provide a free automatically renewed TLS certificate via the Let’s Encrypt service. Alternatively, clients can purchase TLS certificates from their preferred certificate issuer and provide the necessary files to Pathcore for installation.

Internal-Only Systems

If the PathcoreFlow server is configured to only be accessible within a private network (either on-premise or via a VPN) Pathcore cannot provide certificates via the Let’s Encrypt service. Clients must configure PathcoreFlow with a certificate issued by a trusted* certificate authority.

For HTTPS setup, PathcoreFlow requires two files in the PEM format named as follows:

• The SSL/TLS certificate: fullchain.pem
• The SSL/TLS certificate key: privkey.pem

* The certificate authority only needs to be trusted by machines that will be accessing the service.

More details on configuring TLS can be found on the HTTPS page.

Mail Server

PathcoreFlow requires an SMTP server to send transactional email such as account activations, password resets, and other notifications.

Clients should provide the following prior to installation:

• SMTP hostname
• SMTP port
• SMTP SSL/TLS required
• SMTP user
• SMTP password
• From address for outgoing emails (if different from SMTP user)

More details on configuring mail delivery can be found on the [Mail Server Configuration] page.

Client Requirements

Information about the requirements for clients can be found on the Requirements page.

Security Considerations

Server Connectivity

Pathcore recommends using a firewall to filter and monitor traffic to and from the server or virtual machine on which PathcoreFlow is installed. The following summary outlines the typical inbound and outbound connections that must be permitted for PathcoreFlow to function.

Inbound Connections

• HTTP(S). Ports 80 (HTTP) and/or 443 (HTTPS) must be accessible for clients to reach PathcoreFlow’s web interface and APIs. It is strongly recommended to enable HTTPS to ensure all traffic to and from the PathcoreFlow server is encrypted in transit. When HTTPS is configured, any traffic to the unsecure port 80 will be redirected to the secure port 443.

Outbound Connections

• HTTPS. When updating PathcoreFlow, outbound HTTPS (port 443) access is required to reach Pathcore’s Docker container registries. The following URLs must be accessible:
  • https://registry.gitlab.com
  • https://cdn.registry.gitlab-static.net
  • https://storage.googleapis.com
• SMTP. PathcoreFlow requires outbound SMTP access to send transactional email. When specifying the mail server, Pathcore strongly recommends configuring PathcoreFlow to use TLS*, if it is supported by the mail server.
• LDAP(S). When PathcoreFlow’s LDAP integration is enabled, outbound access to the LDAP server is required to authenticate users and populate the user list. When configuring PathcoreFlow’s LDAP integration, Pathcore strongly recommends using LDAPS* to ensure all traffic between PathcoreFlow and the LDAP server is encrypted.
• HALO. When PathcoreFlow’s HALO integration is enabled, outbound access to HALO’s API server is required. Again, Pathcore strongly recommends enabling TLS* on the HALO API server to ensure traffic between PathcoreFlow and HALO is encrypted.

* The appropriate CA certificates must be installed on the server or virtual machine where PathcoreFlow is installed.

Storage

PathcoreFlow accesses file systems that have been mounted onto its server or virtual machine. When block devices are used, Pathcore strongly recommends using disk encryption to ensure data is encrypted at rest. When network devices are used, Pathcore recommends using protocols that support encryption in transit, such as SMBv3+, and ensuring that the backing storage devices are encrypted at rest.

Requirements for Third Party Integrations

LDAP/Active Directory

PathcoreFlow can optionally use an LDAP server for user authentication and user directory sync. Pathcore requires (at minimum) the following information to configure LDAP:

• LDAP server type (Active Directory or other)
• Server address (e.g., ldap://ad.example.com)
• Service account username and password (for directory sync)
• Base DN (e.g., dc=ad,dc=example,dc=com)
• User LDAP filter (only these users will be synced and allowed to authenticate with PathcoreFlow). e.g.:

  (&(objectCategory=Person)(memberOf=cn=PathcoreFlow,cn=Users,dc=ad,dc=example,dc=com))

HALO Image Analysis

PathcoreFlow includes an optional module for integrating with HALO. Once the module is installed, activated and configured, PathcoreFlow images can be opened in HALO. Annotations generated and saved within HALO will be visible in PathcoreFlow automatically.

In order for this integration to function, the following requirements must be met:

• The HALO API must be accessible by the PathcoreFlow server
• The PathcoreFlow images storage must be accessible by the HALO installation
• The HALO installation must be configured to save markup images in the same location that PathcoreFlow saves images

Visiopharm Image Analysis

PathcoreFlow includes an optional module for integrating with Visiopharm. Once the module is installed, activated and configured, PathcoreFlow images and annotations can be opened in Visiopharm. Annotations generated and saved within Visiopharm will be visible in PathcoreFlow after export.

In order for this integration to function, the following requirements must be met:

• The Pathcore API must be accessible by the Visiopharm client