You must be signed in to read the rest of this article.
Registration on CDEWorld is free. You may also login to CDEWorld with your DentalAegis.com account.
Setting up a dental office network (Figure 1) can become overwhelming, even for those who are fairly knowledgeable about computers; for those whose computer skills are only rudimentary, it may be an impossible task. Most dentists will turn to an information technology (IT) professional for advice and installation, which is the best approach for most people. However, when using an IT professional, a dentist must consider the following: 1) the professional may not be familiar with the specific aspects of a dental office, which may result in either overengineering or underengineering the system; and 2) when something goes wrong, which it inevitably will, or new equipment must be added, the dental office must rely on and wait for outsiders to complete the task. Using an IT professional is prudent, but the dentist should be involved, asking questions and learning as much about the system as possible.
Two basic goals in a dental office networking solution are speed and safety. Many people start by looking for a server and building a network around that. However, the server, although central to the network, is not necessarily the most important piece of equipment.
Speed is an ever-changing aspect of computers and networking. When the author started building a dental office network, 10 Mbps was the fastest speed available. It was sufficient at the time. As programs developed and required more data to be moved, 10 Mbps became too slow and 100 Mbps became the standard; 10/100 network cards replaced the 10 Mbps cards. Now there are gigabit network speeds. Faster networks in very limited commercial use can even achieve 1 terabit-per-second speeds. And fiber is available at up to 100 Gbps. Currently, the most widely used network devices are gigabit devices. They provide more than enough speed for a medium- to large-size office with high network demands. The devices are reasonable in cost and relatively easy to deploy. It is important to keep in mind that a network will only be as fast as the router/hub and server. If an office has 10/100 routers or servers, then the network will operate at 100 Mbps, even if the remaining devices are gigabit devices. It is advised that all computers and devices in an office should be gigabit.1
Ethernet vs Wireless
Today, wireless connections are advertised as having gigabit speeds.This speed can be measured with one device connected to a wireless router for a speed test. In a dental office, several devices will be connected to the network. All wireless devices in the office should have gigabit speed capabilities. Wireless has certain significant disadvantages. Latency is defined as the length of time it takes to make the connection. Wireless has a longer latency time than Ethernet (wired), so the data transmission time will be longer. Interference is also a factor that can affect wireless, and there is the question of security. Wireless networks can be breached. Ethernet is the fastest, most reliable, and most secure method of connecting network devices.2
Some devices, such as Chairside Economical Restoration of Esthetic Ceramics (CEREC®) Acquisition Center (AC) units (Dentsply Sirona, dentsplysirona.com), are wireless. A dental office should have a fast wireless connection on both ends and good security. Some wireless routers can be set up to accept connections only from specific devices identified by their media access control (MAC) address. The author recommends all connections be Ethernet except for very limited devices, such as CEREC AC.
Wireless routers should be of gigabit speed with a range to provide a strong signal throughout the office. Placing a router in a central location is ideal. The router will not be used as a Dynamic Host Configuration Protocol (DHCP) server because the DHCP server should come from a hardware firewall, such as a Sonicwall® (Sonicwall, sonicwall.com) or Barracuda® (Barracuda Networks, barracuda.com). The author uses a Linksys™ EA9500 (linksys.com) wireless device. Other wireless routers of high speed are Netgear® Nighthawk X10 (netgear.com) and Asus™ RT-AC5300U (asus.com).
Cables should be Category (Cat) 6. Cat 5e is of sufficient speed and provides adequate shielding from interference, but Cat 6 is not significantly more expensive and provides faster data transmission (up to 10 gigabit), with improved protection from interference. Cat 5 is somewhat outdated and should be upgraded. If the office already has Cat 5e, there is no need to replace the Ethernet cabling. However, when starting from scratch, Cat 6 should be used (Figure 2).3
A switch is a device that connects all the devices on a network together. Types of switches include managed, unmanaged, and power over Ethernet (PoE). Unmanaged switches connect every device and do not require any setup. A managed switch can be configured in various ways to further customize a network. For a typical dental office, small or large, an unmanaged switch should be used. If a managed switch is inadvertently purchased, in all likelihood, it will not be configured and will be used as unmanaged. An office should save the extra cost of a managed switch and purchase an unmanaged switch instead. There is no difference in speed, assuming both are gigabit switches. Some devices, such as security cameras, can be connected only by a single Cat 5e or Cat 6 cable getting its power from the Ethernet cable, which works only on the switch's port(s) that provide PoE. A situation where a managed switch may be used is when a security system and office data are sharing the same switch. A managed switch can be split into two (or more) separate networks isolated from each other, one for data and one for security. Alternately, two unmanaged switches can be used, one for the data network and one for the security cameras.
For a dental office network to be considered safe, it should have the ability to protect data from both malware intrusions and hardware corruption.
Computer hackers have automated their ability to gain unauthorized access to systems. They set a range of Internet Protocol (IP) addresses and see which networks they can attack. After they get into a system, they can place malware to destroy all data or encrypt data so the data can no longer be accessed without the proper decryption keys. With current encryption technology, files cannot be decrypted without the key.4,5
For a specified amount of money, usually paid in Bitcoin, the hacker will supply the decryption key (hopefully). This situation is called ransomware, and the author has been a victim of it. Fortunately, the author's backup systems allowed him to delete the encrypted (infected) files and restore them with good backup files. How did the hackers get in? The author's server was set up to allow remote access from home (remote desktop). He used the default port, 3389. The hackers got the IP address by randomly searching, and then they brute forced the user name and password (a method of trial and error) using the default port, which allowed them to access the system.
The Windows® Server operating systems (Microsoft, microsoft.com) available before Windows Server 2016 do not come with antivirus protection.6 SpyHunter® (Enigma, enigmasoftware.com) is an effective antivirus software for finding malware, as is Sophos® (Sophos, sophos.com), which is useful for daily protection. It is not free, but it is worth the expense. Hardware firewalls can prevent intrusion, but if a dentist can get into a system by having an open port through the firewall (for remote desktop), others can get in, too. If possible, the remote desktop function on a server should be disabled. A server can also be attacked from any of the desktop computers on the network. Therefore, remote desktop should be deactivated on every computer. If access to a computer from a remote location is needed, the computer being accessed should have effective, up-to-date antivirus software. A strong password should be used to access the computer. When enabling remote desktop, Network Level Authentication (NLA) should be used. Additionally, the dentist can limit users who have remote desktop access and also change the remote desktop port. Changing the remote desktop port is simply "security by obscurity," so all protections must be in place. The following are instructions for changing the port7:
|1.||Start Registry Editor.|
|2.||Locate and then click the following registry subkey:|
|3.||On the Edit menu, click Modify, and then click Decimal.|
|4.||Type the new port number, and then click OK.|
|5.||Quit Registry Editor.|
|6.||Restart the computer.|
When attempting to connect to a computer by using the remote desktop connection, the new port must be typed in. Additionally, the firewall must be set to allow the new port number before connecting to the computer by using the remote desktop connection. If a dentist does not feel comfortable performing this task, it is advisable to hire someone to do it; otherwise, the remote desktop function should not be enabled.
A hardware firewall is designed to stop attackers from gaining entry into a network. Sonicwall is the hardware firewall used by the author; others include Barracuda, which may be equally effective. A network exists behind the firewall. The firewall is placed between the Internet modem and the network. All traffic to and from the Internet must go through the firewall. Everything within the network is in its own environment. A firewall can be set to block everything, nothing, or something in between. As mentioned previously, if a port is opened (such as the default remote desktop, 3389), all traffic can be allowed through that port. After the traffic is through, the dental office must rely on antivirus software for protection. Although Windows 10 has built-in antivirus software, early versions of Windows Server do not; beginning with Windows Server 2016, Microsoft Defender is included. Therefore, a separate antivirus software designed specifically for servers may need to be installed. Internet traffic to a browser is generally allowed, but selected sites can be blocked, such as pornography, gambling, the dark web, hacking, and file sharing. These sites frequently have malware waiting to be silently downloaded with the wrong click.8
Hard disk drives are generally reliable, but they can and do fail. Without a backup, data can be lost. The first line of hard drive failure data protection is setting up a good redundant array of independent disks (RAID) system. The author uses RAID 6 with eight hard disk drives. This setup allows two simultaneous hard disk drive failures without losing data. If a drive fails, the failed drive is removed and replaced with a new one. The data on the new drive are automatically rebuilt. RAID 5 is often preferred because it allows for one drive to fail without losing data. RAID 5 is faster than RAID 6, which is why it is probably more popular. With the data demands of a typical dental office, including digital imaging, the author does not feel that there is any noticeable difference in speed between RAID 5 and RAID 6. The author prefers the greater safety of data in drive failure with the RAID 6. RAID 1 is mirroring: data are written and read simultaneously to both drives. If one fails, the other still has the data. RAID drives also increase the speed of data acquisition. One can have a gigabitnetwork, but a single drive, or RAID 1, has a read speed of about 150 to 180 Mbps. A RAID 5 or RAID 6 has a read speed of about 360 to 380 Mbps. Going to a RAID system with six or more drives doubles the speed of the data going in and out of the drives and through the network.9
All hard disk drives are not created equal. Manufacturers will produce drives intended for a single drive system and drives intended for server and RAID systems. The latter have higher vibration resistance, have a low level of nonrecoverable error, and are designed to receive hardware RAID controller commands. They typically have a higher mean time between failure than other drives. Solid-state drives (SSDs) are good for notebook computers, where shock and speed of a single drive may be a factor, but for server operations, SSDs have a distinct disadvantage. In addition to the higher price tag of SSDs, these drives have a limited number of read/writes because the NAND (originally meaning Not And) flash degrades with each read/write. Typical hard disk drives have a theoretically unlimited number of read/writes because the storage medium is not damaged during operation. That being said, SSDs do have a 700 TB+ read/write before failure.10
Backup drives are essential. Using a RAID system protects against mechanical drive failure, but not from data corruption or unintentional encryption/deletion. Backups should occur daily and be automatic (unattended). Several backup software programs are available. It should be noted that data backup drives may be accessible to malware, and backup data may be attacked as well. The author has three backup systems in place. Two are automatic and one is manual and off-site. One backup is Network Attached Storage (NAS), a standalone RAID 5 set of drives not run from a computer; it was not infected when the office server was. The second backup is a RAID 5 run from a Mac mini® with Mac OS X software (Apple, apple.com), which also was not infected with ransomware. It is unlikely that a Windows virus would make it through to the Mac. Both backups run automatically during the night. When a file is encrypted with ransomware, an extension is added to the file. As the backup occurs, the encrypted files are copied to the backup drive, but the original good files remain. When setting up backup configurations, files not present on the source should not be deleted. The third backup system is a portable hard disk drive that is kept off-site and manually updated once a week. Commercial options allow off-site data storage. Although these options provide adequate backup, restoration of data can take an extremely long time with a large amount of data. The Internet is faster now than it was several years ago, but it may take an unacceptably long time to transfer 6 terabytes of information, which is not unlikely with digital 3-dimensional imaging, 2D imaging, and practice management data. Thus, with off-site data storage, a dentist is advised to also have an on-site backup solution.11
Although the server is important, in the dental office the author finds it to be the least important device to the speed of the network. Dental management software is not very processor-intensive; it is a database management tool that a processor can handle fairly easily. The software does not require many calculations to be performed, and those that are required are generally handled by the local computer, with the server acting merely as a device to get data from the network in and out of the hard disk drives. Cone-beam computed tomography (CBCT) machines, such as the Orthophos® SL 3D (Dentsply Sirona), Galileos® (Dentsply Sirona), and i-CAT™ (Kavo Imaging, kavo.com),have very intensive calculations necessary to construct the 3D image from the scan data. However, Dentsply Sirona, for example, has its own read-copy-update (RCU) server to handle them. It is a computer specifically designed to process the data. Scan data from the CBCT go to the RCU server, where all the construction calculations are performed. Then the data are sent to the main server into the data folder on the hard disk drives.12,13
Nevertheless, the dental office should not purchase a slow server; it is preferable to buy the fastest affordable server because minimum requirements for the server will become greater as further software development continues. The office should purchase a server without hard drives and then acquire a hard drive enclosure with built-in RAID hardware. It is then easier to upgrade the server itself. The requirements for the dental and imaging software used should be considered. They will have minimum and recommended configurations; it is best to implement or exceed the recommended configuration that has the most stringent requirements because using the minimum configuration may lead to a device that no longer works as intended as software upgrades take place in the future.
As for the server software itself, dental office server requirements are far lower than those for major corporations. Windows Server 2016 and Windows Server 2019 have built-in antivirus software. Good antivirus software is available for earlier versions of Windows Server. Some imaging or management software has not been certified to be compatible with some Windows Server versions. The office should not purchase the latest release just because it is the latest-compatibility concerns may arise. Although later server software versions may provide greater performance, with CBCT data, the server acts only to move data into and out of the hard disk drives. Because intensive reconstruction calculations are not done by the server, there will be no speed difference that can be seen.
Backup Power Supply
Backup power supplies not only provide power during a power outage, they also provide surge protection. Power surges are the single most common reason for the death of computers.14 In areas where lightning strikes are a concern, the network cabling should be protected from power surges also. The author once had a lightning strike that fried all the network cards in all the computers. All the computers had backup/surge protection, but not the network cabling. The power surge hit, travelled along the Ethernet cables, and destroyed every network card in every computer, as well as the switch and router. APC and L-com makes surge protection for Cat 6. The author has set up every Cat 6 cable to go through an APC Ethernet surge protection circuit.
With an increased number of hard drives, backup hard drives, a server, RCU server, hardware firewall, router, and modem, a significant backup power supply will be necessary. The author has two. A 3000VA/2700W backup should be used.15 With the author's system and two of these power supplies, the dental office has about 6 minutes before shutdown. That may not seem to be much time, but it is about the most that can be obtained. In the author's location, it is rare to have a power outage. When there is one, it is extremely brief. If an office is in an area with frequent power outages that last longer, a whole office generator should be.
A rack and rack-mount components provide a cleaner, more organized installation and help cut down on space. A rack should not be skimped on; the more elements added, the more durable and sturdy the rack must be. As time goes on, more components are likely to be added, such as a surveillance system or second backup server.
The Author's Network Configuration
The following is a listing of the network configuration in the author's dental office (Figure 3). It is not intended to recommend any particular manufacturer; other manufacturers may provide equal or better performance.
Total computers: 28
• 12 operatories (HP®, Hewlett-Packard, hp.com)
• 3 front desk (HP)
• 9 administrative (insurance/associates/administrators) (HP)
• 1 laboratory (Dentsply Sirona)
• 2 CEREC Primescan
• 1 CEREC Omnicam
Total tablets: 3
• 3 patient check-in (Apple iPad®)
• 4 CEREC MC XL milling units
• 1 CEREC SpeedFire
• 1 CEREC hub
|•||1 main Windows server 2012 R2 Supermicro Motherboard X10SL7-F|
|- Xeon® CPU E3-1271v3 @ 3.6 GHz 4 cores 8 logical processors 16 GB RAM (Intel, intel.com)|
|•||1 Mac mini Mac OS X backup server with 4 Western Digital® WD Red 6 TB HDD RAID 5 (Western Digital, wd.com)|
RAID 1 (connected to Windows server)
• 6 WD Red 6 TB HDD RAID 6
• 1 NAS backup RAID 4 WD Red 6 TB HDD RAID 5
• 2 Linksys EA9500 wireless routers
• 1 Apple AirPort® wireless router (with DHCP) on separate isolated network before Sonicwall for free Wi-Fi for patients
• 1 main gigabit switch (TRENDnet®, trendnet.com)
• 1 gigabit switch to connect milling machines (TRENDnet)
• 1 gigabit separate network for Omnicam AF two-operatory solution
• 1 Sonicwall, which is also the DHCP router
PoE Switch: 2
• 1 security system (12 cameras)
• 1 phone system
Backup Power Supply: 2
• 2 3000V/3000W
RCU Server: 1
• 1 RCU server for Orthophos SL 3D (Dentsply Sirona)
Orthophos SL 3D: 1
• 1 CBCT connected to RCU server through the network
• Each device has a dedicated Cat 6 cable from the device to main switch (except milling units, which connect through a gigabit switch)
|- Windows Server 2012 R2|
|- OS X 10.14.5|
|- Windows 10 (on most desktops and Primescan)|
|- Windows 7 (on Dentsply Sirona desktop and Omnicam)|
|•||security antimalware (server)|
|•||client automatic backup (server)|
|•||backup for Mac mini OS X|
Setting up a good dental office network (Figure 4) is neither easy nor inexpensive. In the long run, however, it is worthwhile. As dentistry becomes more technology-driven and software becomes more complex, demands on the network will become greater. In current times, there is a tendency to expect immediate results. For example, the author does not like to wait for a radiograph or CBCT scan to come up on the screen, and the staff does not like to wait for the appointment schedule to repopulate. The office has a large infrastructure, and the author does not want data to get bogged down. Other dentists may have a smaller or larger network. Whether a network is small or large, speed is essential. Setting up a network correctly at the outset will save time and money by eliminating the need to redo the work a few years later.
About the Author
Clark F. Brown Jr., DDS
Diplomate, American Board of Oral Implantology
1. Sosinsky B. Network basics. In: Networking Bible. Indianapolis, IN: Wiley Publishing. 2009;16.
2. Zlatanov N. Computer security and mobile security challenges. Academia. https://www.academia.edu/24378518/Computer_Security_and_Mobile_Security_Challenges. Accessed September 9, 2019.
3. Ethernet cable identification and use. Donutey. https://web.archive.org/web/20160306195611/http://donutey.com/ethernet.php. Published July 10, 2008. Updated May 21, 2011. Accessed September 9, 2019.
4. Cheng J. New Trojans: give us $300, or the data gets it! Ars Technica. https://arstechnica.com/information-technology/2007/07/new-trojans-give-us-300-or-the-data-gets-it/. Published July 18, 2007. Accessed September 9. 2019.
5. Kassner M. Ransomware: extortion via the Internet. TechRepublic. https://www.techrepublic.com/blog/it-security/ransomware-extortion-via-the-internet/. Published January 11, 2010. Accessed September 9, 2019.
6. TechNet. Microsoft. social.technet.microsoft.com/Forums/. Accessed September 9, 2019.
7. Change the listening port for Remote Desktop on your computer. Microsoft. https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/change-listening-port. Published July 18, 2018. Accessed September 9, 2019.
8. Malware.Federal Trade Commission Consumer Information. https://www.consumer.ftc.gov/articles/0011-malware. Published November 2015. Accessed September 9, 2019.
9. Arpaci-Dusseau RH, Arpaci-Dusseau AC. Redundant arrays of inexpensive disks (RAIDs). In: Operating Systems: Three Easy Pieces. Arpaci-Dusseau Books, 2018.
10. SSD write cycle. Essential guide to desktop and laptop solid-state drives. https://searchstorage.techtarget.com/definition/write-cycle. Accessed September 9, 2019.
11. Security tip (ST19-001). US Department of Homeland Security. https://www.us-cert.gov/ncas/tips/ST19-001. Published April 11, 2019. Accessed September 9, 2019.
12. Galileos. Getting Started Guide. Bensheim, Germany: Sirona; 2007.
13. iCAT. Manuals. Kavo Imaging. https://www.i-cat.com/support/technical-support. Accessed September 9, 2019.
14. Fossum J. 13 reasons why computers fail. Hartford Steam Boiler. https://blog.hsb.com/2015/10/15/why-computers-fail/. Published 2015. Accessed September 9, 2019.
15. Choosing a UPS system 101: the fundamentals. Cyber Power. https://www.cyberpowersystems.com/blog/buying-guides/choosing-a-ups/. Accessed September 9, 2019.